Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Questions 4

A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.

Which solution will meet these requirements?

Options:

A.

Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints to each subnet inside the VPC.

B.

Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC endpoints to each subnet inside the VPC.

C.

Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC endpoint to the VPC route table.

D.

Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.

Buy Now
Questions 5

A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation.

Which solution will meet these requirements?

Options:

A.

Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.

B.

Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.

C.

Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.

D.

Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.

Buy Now
Questions 6

A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error.

Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

Options:

A.

Change the instance type that the company is using.

B.

Configure the Auto Scaling group in different Availability Zones.

C.

Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.

D.

Increase the maximum size of the Auto Scaling group.

E.

Request an increase in the instance service quota.

Buy Now
Questions 7

A development team recently deployed a new version of a web application to production. After the release penetration testing revealed a cross-site scripting vulnerability that could expose user data.

Which AWS service will mitigate this issue?

Options:

A.

AWS Shield Standard

B.

AWS WAF

C.

Elastic Load Balancing

D.

Amazon Cognito

Buy Now
Questions 8

A company uses AWS Organizations to manage its AWS accounts. A SysOps administrator must create a backup strategy for all Amazon EC2 instances across all the company's AWS accounts.

Which solution will meet these requirements In the MOST operationally efficient way?

Options:

A.

Deploy an AWS Lambda function to each account to run EC2 instance snapshots on a scheduled basis.

B.

Create an AWS CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance

C.

Use AWS Backup In the management account to deploy policies for all accounts and resources.

D.

Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account.

Buy Now
Questions 9

A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an

EC2 Auto Scaling group behind an Application Load Balancer (ALB).

A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability

Zones. There are no errors in the Auto Scaling group's activity history.

What is the MOST likely reason for the unexpected placement of EC2 instances?

Options:

A.

One Availability Zone did not have sufficient capacity for the requested EC2 instance type.

B.

The ALB was configured for only two Availability Zones.

C.

The Auto Scaling group was configured for only two Availability Zones.

D.

Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Buy Now
Questions 10

A company has a new requirement stating that all resources In AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

Options:

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWS Config

D.

AWS Systems Manager

Buy Now
Questions 11

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement?

Options:

A.

Turn on S3 Block Public Access from the account level.

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.

C.

Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.

D.

Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.

Buy Now
Questions 12

A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.

Which solution will meet these requirements?

Options:

A.

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.

B.

Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.

C.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.

D.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).

Buy Now
Questions 13

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an

EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

Options:

A.

AWS/ApplicationELB HealthyHostCount <= 0

B.

AWS/ApplicationELB UnhealthyHostCount >= 1

C.

AWS/EC2 StatusCheckFailed <= 0

D.

AWS/EC2 StatusCheckFailed >= 1

Questions 14

A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement?

Options:

A.

Configure S3 bucket metrics to record object access logs

B.

Create an AWS CloudTrail trail to log data events tor all S3 objects

C.

Enable S3 server access logging for each S3 bucket

D.

Use AWS IAM Access Analyzer for Amazon S3 to store object access logs.

Buy Now
Questions 15

A global gaming company is preparing to launch a new game on AWS. The game runs in multiple AWS Regions on a fleet of Amazon EC2 instances. The instances are in an Auto Scaling group behind an Application Load Balancer (ALB) in each Region. The company plans to use Amazon Route 53 tor DNS services. The DNS configuration must direct users to the Region that is closest to mem and must provide automated failover.

Which combination of steps should a SysOps administrator take to configure Route 53 to meet these requirements9 {Select TWO.)

Options:

A.

Create Amazon CloudWatch alarms that monitor the health of the ALB m each Region Configure Route 53 DNS failover by using a health check that monitors the alarms.

B.

Create Amazon CloudWatch alarms that monitor the hearth of the EC2 instances in each Region. Configure Route 53 DNS failover by using a health check that monitors the alarms.

C.

Configure Route 53 DNS failover by using a health check that monitors the private

address of an EC2 instance in each Region.

D.

Configure Route 53 geoproximity routing Specify the Regions that are used for the infrastructure

E.

Configure Route 53 simple routing Specify the continent, country, and state or province that are used for the infrastructure.

Buy Now
Questions 16

A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.

B.

Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.

C.

Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

D.

Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

Buy Now
Questions 17

A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC. the administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the administrator add to the route tables?

Options:

A.

Route ;:/0 traffic to a NAT gateway

B.

Route ::/0 traffic to an internet gateway

C.

Route 0.0.0.0/0 traffic to an egress-only internet gateway

D.

Route ::/0 traffic to an egress-only internet gateway

Questions 18

A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working In us-east-1. but it is failing In us-west-2 with the error code:

How should the administrator ensure that the AWS Cloud Formation template is working in every region?

Options:

A.

Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.

B.

Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID.

C.

Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control.

D.

Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings" section. Refer to the proper mapping within the template for the proper AMI ID.

Buy Now
Questions 19

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

Options:

A.

Configure the file system for Provisioned Throughput.

B.

Enable encryption in transit on the file system.

C.

Identify any unused files in the file system, and remove the unused files.

D.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Buy Now
Questions 20

A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.

How should the SysOps administrator implement this solution?

Options:

A.

Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days Run an AWS Lambda function when a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users

B.

Configure an AWS Config rule to identify IAM users that have not been active for 90 days Set up an automatic weekly batch process on an Amazon EC2 instance to disable the AWS access keys and passwords for these IAM users

C.

Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days Automatically delete these 1AM users

D.

Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days Set up an AWS Systems Manager automation runbook to disable the AWS access keys for these IAM users

Buy Now
Questions 21

A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application's performance. A SysOps administrator must scale the application to meet the increased traffic.

Which solution meets these requirements?

Options:

A.

Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached.

C.

Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the ALB to the Auto Scaling group.

D.

Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the ALB to the Auto Scaling group.

Buy Now
Questions 22

A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53. and wants to point its domain's zone apex to the website.

Which type of record should be used to meet these requirements?

Options:

A.

A CNAME record for the domain's zone apex

B.

An A record for the domain's zone apex

C.

An AAAA record for the domain's zone apex

D.

An alias record for the domain's zone apex

Questions 23

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies The company decides to switch to an SQS FIFO queue

What must the company do to migrate to an SQS FIFO queue?

Options:

A.

Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages

B.

Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages

C.

Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages

D.

Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages

Buy Now
Questions 24

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Buy Now
Questions 25

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Buy Now
Questions 26

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

See the Explanation for solution.

Options:

Buy Now
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Jan 30, 2023
Questions: 305

PDF + Testing Engine

$130

Testing Engine

$95

PDF (Q&A)

$80