Labour Day Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Amazon Web Services
  3. AWS Certified Associate
  4. SOA-C02 - AWS Certified SysOps Administrator - Associate (SOA-C02)

Amazon Web Services SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Exam Practice Test

Page: 1 / 31
Total 305 questions
Get SOA-C02 Full Access Download SOA-C02 PDF

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question 1

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:

2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK

What is a possible cause of these failed connections?

Options:

A.

A security group is denying traffic on port 443.

B.

The EC2 instance is shut down.

C.

The network ACL is blocking HTTPS traffic.

D.

The VPC has no internet gateway attached.

Question 2

A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.

Which of the following is a cause of this?

Options:

A.

The S3 bucket must be configured with Amazon CloudFront first.

B.

The Route 53 record set must have an IAM role that allows access to the S3 bucket.

C.

The Route 53 record set must be in the same region as the S3 bucket.

D.

The S3 bucket name must match the record set name in Route 53.

Question 3

A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.

What is the MOST operationally efficient solution that will improve the application's responsiveness?

Options:

A.

Configure CloudWatch logging on the EC2 instance. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.

B.

Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency.

C.

Create an Auto Scaling group, and assign it to an Application Load Balancer. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group.

D.

Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%. Configure the alarm to invoke an AWS Lambda function that vertically scales the instance.

Question 4

A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application.

Which solution will meet these requirements?

Options:

A.

Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.

B.

Create a scaling policy that will scale the application based on the mem used Amazon CloudWatch metric that is generated from the ELB.

C.

Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections.

D.

Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metric. Create a scaling policy that uses the metric.

Question 5

A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

Question # 5

Which actions does this policy allow? (Select TWO.)

Options:

A.

Create an AWS Storage Gateway.

B.

Create an IAM role for an AWS Lambda function.

C.

Delete an Amazon Simple Queue Service (Amazon SQS) queue.

D.

Describe AWS load balancers.

E.

Invoke an AWS Lambda function.

Question 6

A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.

What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

Options:

A.

Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.

B.

Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.

C.

Modify the existing EFS file system and activate Max I/O performance mode.

D.

Modify the existing EFS file system and activate Provisioned Throughput mode.

Question 7

An application runs on multiple Amazon EC2 instances in an Auto Scaling group The Auto Scaling group is configured to use the latest version of a launch template A SysOps administrator must devise a solution that centrally manages the application logs and retains the logs for no more than 90 days

Which solution will meet these requirements?

Options:

A.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to an Amazon S3 bucket Apply a 90-day S3 Lifecycle policy on the S3 bucket to expire the application logs

B.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to a log group Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to perform an instance refresh every 90 days

C.

Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Configure the retention period on the log group to be 90 days

D.

Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Set the log rotation configuration of the EC2 instances to 90 days

Question 8

A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement?

Options:

A.

Create one S3 bucket named example.com for both the domain and subdomain.

B.

Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.

C.

Create two S3 buckets named example.com and www.exdmpte.com. Configure the subdomain bucket to redirect requests to the domain bucket.

D.

Create two S3 buckets named http//example.com and http//" exampte.com. Configure the wildcard (') bucket to redirect requests to the domain bucket.

Question 9

A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance. The administrator has been tasked with reconfiguring the infrastructure to support this approach.

How can the administrator accomplish this with the LEAST administrative overhead?

Options:

A.

Use Amazon CloudFront to log the URL and forward the request.

B.

Use Amazon CloudFront to rewrite the header based on the microservice and forward the request.

C.

Use an Application Load Balancer (ALB) and do path-based routing.

D.

Use a Network Load Balancer (NLB) and do path-based routing.

Question 10

A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.

What should a SysOps administrator do to resolve this issue?

Options:

A.

In the CPU launch options for the Lambda function, activate hyperthreading.

B.

Turn off the AWS managed encryption.

C.

Increase the amount of memory for the Lambda function.

D.

Load the required code into a custom layer.

Question 11

A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS resources to be encrypted at rest and in transit.

What should a SysOps administrator do to encrypt the database?

Options:

A.

Configure encryption on the existing DB instance.

B.

Take a snapshot of the DB instance. Encrypt the snapshot. Restore the snapshot to the same DB instance.

C.

Encrypt the standby replica in a secondary Availability Zone. Promote the standby replica to the primary DB instance.

D.

Take a snapshot of the DB instance. Copy and encrypt the snapshot. Create a new DB instance by restoring the encrypted copy.

Question 12

A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console

What must the SysOps administrator do to resolve this issue?

Options:

A.

Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up

B.

Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications

C.

Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory

D.

Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy

Question 13

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

Options:

A.

Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.

B.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

C.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

D.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Question 14

A company uses AWS Organizations to manage multiple AWS accounts. The company's SysOps team has been using a manual process to create and manage 1AM roles. The team requires an automated solution to create and manage the necessary 1AM roles for multiple AWS accounts.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create AWS CloudFormation templates. Reuse the templates to create the necessary 1AM roles in each of the AWS accounts.

B.

Use AWS Directory Service with AWS Organizations to automatically associate the necessary 1AM roles with Microsoft Active Directory users.

C.

Use AWS Resource Access Manager with AWS Organizations to deploy and manage shared resources across the AWS accounts.

D.

Use AWS CloudFormation StackSets with AWS Organizations to deploy and manage 1AM roles for the AWS accounts.

Question 15

An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted These objects must be encrypted, and all future objects must be encrypted at the time they are written

Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO )

Options:

A.

Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place

B.

Edit the properties of the S3 bucket to enable default server-side encryption

C.

Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with en

cryption enabled

D.

Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS"

E.

Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found

Question 16

A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.

What additional step must be taken to ensure that API calls are authenticated using MFA?

Options:

A.

Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.

B.

Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.

C.

Restrict the IAM users to use of the console, as MFA is not supported for CLI use.

D.

Require users to use temporary credentials from the get-session token command to sign API calls.

Question 17

A compliance team requires all administrator passwords tor Amazon RDS DB instances to be changed at toast annually

Which solution meets this requirement in the MOST operationally efficient manned

Options:

A.

Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days

B.

Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days

C.

Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days

D.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days

Question 18

A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and

Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log sources contain the status codes? (Choose two.)

Options:

A.

VPC Flow Logs

B.

AWS CloudTrail logs

C.

ALB access logs

D.

CloudFront access logs

E.

RDS logs

Question 19

A company stores files on 50 Amazon S3 buckets in the same AWS Region The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances The company needs a solution that produces no additional cost

Which solution will meet these requirements?

Options:

A.

Create a gateway VPC endpoint lor each S3 bucket Attach the gateway VPC endpoints to each subnet inside the VPC

B.

Create an interface VPC endpoint (or each S3 bucket Attach the interface VPC endpoints to each subnet inside the VPC

C.

Create one gateway VPC endpoint for all the S3 buckets Add the gateway VPC endpoint to the VPC route table

D.

Create one interface VPC endpoint for all the S3 buckets Add the interface VPC endpoint to the VPC route table

Question 20

A company is planning to host its stateful web-based applications on AWS A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances The web applications will run 24 hours a day 7 days a week throughout the year The company must be able to change the instance type within the same instance family later in the year based on the traffic and usage patterns

Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

Options:

A.

Convertible Reserved Instances

B.

On-Demand instances

C.

Spot instances

D.

Standard Reserved instances

Question 21

A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions.

What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?

Options:

A.

Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.

B.

Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.

C.

Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.

D.

Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization's management account.

Question 22

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

Options:

A.

Create an AWS Serverless Application Repository and export the Lambda function recommendations.

B.

Enable AWS Compute Optimizer and export the Lambda function recommendations

C.

Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights.

D.

Run AWS Trusted Advisor and export the Lambda function recommendations

Question 23

A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.

A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservations.

Which purchasing option will meet these requirements?

Options:

A.

Compute Savings Plans for 1 year with the No Upfront payment option

B.

Compute Savings Plans for 1 year with the Partial Upfront payment option

C.

EC2 Instance Savings Plans for 1 year with the All Upfront payment option

D.

EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Question 24

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Question 25

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Question # 25

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Question 26

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Question # 26

See the Explanation for solution.

Options:

Load More SOA-C02 Questions 
Page: 1 / 31
Total 305 questions
Get SOA-C02 Full Access Download SOA-C02 PDF