SAP-C02 · Question #489
SAP-C02 Question #489: Real Exam Question with Answer & Explanation
The correct answer is B: Update the CloudFormation template to install the Amazon CloudWatch agent on the EC2. Note: The question asks to "Choose three," but four answers (B, D, E, F) are listed as correct - this appears to be an error in the question as presented. The most coherent three-step solution is B, D, E. The core problem is that the Auto Scaling group replaces instances silently
Question
A company wants to run a custom network analysis software package to inspect traffic as traffic leaves and enters a VPC. The company has deployed the solution by using AWS CloudFormation on three Amazon EC2 instances in an Auto Scaling group. All network routing has been established to direct traffic to the EC2 instances. Whenever the analysis software stops working, the Auto Scaling group replaces an instance. The network routes are not updated when the instance replacement occurs. Which combination of steps will resolve this issue? (Choose three.)
Options
- ACreate alarms based on EC2 status check metrics that will cause the Auto Scaling group to
- BUpdate the CloudFormation template to install the Amazon CloudWatch agent on the EC2
- CUpdate the CloudFormation template to install AWS Systems Manager Agent on the EC2
- DCreate an alarm for the custom metric in Amazon CloudWatch for the failure scenarios. Configure
- ECreate an AWS Lambda function that responds to the Amazon Simple Notification Service
- FIn the CloudFormation template, write a condition that updates the network routes when a
Explanation
Note: The question asks to "Choose three," but four answers (B, D, E, F) are listed as correct - this appears to be an error in the question as presented. The most coherent three-step solution is B, D, E.
The core problem is that the Auto Scaling group replaces instances silently, and nothing updates the network routes afterward. The fix requires a detection-and-response pipeline: B (install the CloudWatch agent) enables the EC2 instances to publish a custom metric reflecting whether the analysis software is actually running - EC2 default metrics don't capture application-level health. D creates a CloudWatch alarm on that custom metric, which triggers an SNS notification on failure. E uses a Lambda function subscribed to that SNS topic to programmatically update the network routes whenever a replacement occurs, closing the gap.
Why the distractors are wrong:
- A - EC2 status checks reflect hypervisor/OS-level health, not whether your custom application is functioning; using them as the trigger misses application failures.
- C - SSM Agent enables Systems Manager features (patching, run commands) but does not help publish custom application metrics or update routes.
- F - CloudFormation conditions are evaluated at deploy/update time, not dynamically in response to Auto Scaling events, so they cannot reactively update routes on instance replacement.
Memory tip: Think of it as a pipeline - instrument → detect → notify → fix (CloudWatch Agent → Alarm → SNS → Lambda). Any solution that skips application-level instrumentation (A, C) or tries to use a static tool for a dynamic problem (F) will fail.
Topics
Community Discussion
No community discussion yet for this question.