SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) sample Question + Exam 2024 Practice Exam Dumps

Question # 4

A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.

How should the SysOps administrator implement this solution?

Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days Run an AWS Lambda function when a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users

Configure an AWS Config rule to identify IAM users that have not been active for 90 days Set up an automatic weekly batch process on an Amazon EC2 instance to disable the AWS access keys and passwords for these IAM users

Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days Automatically delete these 1AM users

Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days Set up an AWS Systems Manager automation runbook to disable the AWS access keys for these IAM users

Full Access

Question # 5

A company uses AWS Organizations to manage its multi-account environment. The organization contains a dedicated account for security and a dedicated account for logging. A SysOps administrator needs to implement a centralized solution that provides alerts when a resource metric in any account crosses a standard defined threshold.

Which solution will meet these requirements?

Deploy an AWS CloudFormation stack set to the accounts in the organization. Use a template that creates the required Amazon CloudWatch alarms and references an Amazon Simple Notification Service (Amazon SNS) topic in the logging account with publish permissions for all the accounts.

Deploy an AWS CloudFormation stack in each account. Use the stack to deploy the required Amazon CloudWalch alarms and the required Amazon Simple Notification Service (Amazon SNS) topic.

Deploy an AWS Lambda function on a cron job in each account. Configure the Lambda function to read resources that are in the account and to invoke an Amazon Simple Notification Service (Amazon SNS) topic if any metrics cross the defined threshold.

Deploy an AWS CloudFormation change set to the organization. Use a template to create the required Amazon CloudWatch alarms and to send alerts to a verified Amazon Simple Email Service (Amazon SES) identity.

Full Access

Question # 6

A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above 70%.

A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of instances.

The SysOps administrator must restore the website's functionality without making changes to the network infrastructure.

Which solution will meet these requirements?

Activate unlimited mode for the instances in the Auto Scaling group.

Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.

Move the website to a different AWS Region that is closer to the users.

Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.

Full Access

Question # 7

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:

2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK

What is a possible cause of these failed connections?

A security group is denying traffic on port 443.

The EC2 instance is shut down.

The network ACL is blocking HTTPS traffic.

The VPC has no internet gateway attached.

Full Access

Question # 8

A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service

Which of the following is the cause of this issue?

The IAM password is incorrect

The server certificate is missing

The SSH key pair is incorrect

There is no access key

Full Access

Question # 9

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{â€œinstanceâ€ : â€œ$.detail.instance-idâ€}

Input template:

â€œ The EC2 Spot Instance has been on account.

Full Access

Question # 10

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Full Access

Question # 11

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Full Access

Answer:

See the Explanation for solution.

Explanation:

Here are the steps to configure an Amazon S3 bucket to serve a static error page in the event of a failure at the primary site:

Log in to the AWS Management Console and navigate to the S3 service in the us-east-2 Region.
Find the existing S3 bucket named lab-751906329398-26023898.com and click on it.
In the "Properties" tab, click on "Static website hosting" and select "Use this bucket to host a website".
In "Index Document" field, enter the name of the object that you want to use as the index document, in this case, "index.html"
In the "Permissions" tab, click on "Block Public Access", and make sure that "Block all public access" is turned OFF.
Click on "Bucket Policy" and add the following policy to allow public read access:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "PublicReadGetObject",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::lab-751906329398-26023898.com/*"

}

]

}

Now navigate to the Amazon Route 53 service, and find the existing hosted zone named lab-751906329398-26023898.com.
Click on the "A record" and update the routing policy to "Primary - Failover" and add the existing ALB as the primary record.
Click on "Create Record" button and create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing S3 bucket.
Now, when the primary site (ALB) goes down, traffic will be automatically routed to the S3 bucket serving the static error page.

Note:

You can use CloudWatch to monitor the health of your ALB.
You can use Amazon S3 to host a static website.
You can use Amazon Route 53 for routing traffic to different resources based on health checks.
You can refer to the AWS documentation for more information on how to configure and use these services:

Graphical user interface, text, application Description automatically generated

Graphical user interface, application, Teams Description automatically generated

Graphical user interface, text, application Description automatically generated

Graphical user interface, text, application, email Description automatically generated

Graphical user interface, text, application Description automatically generated

Question # 12

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.

What should a SysOps administrator do to implement this requirement?

Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.

Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.

Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.

Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Full Access

Question # 13

A SysOps administrator is unable to launch Amazon EC2 instances into a VPC because there are no available private IPv4 addresses in the VPC. Which combination of actions must the SysOps administrator take to launch the instances? (Select TWO.)

Associate a secondary IPv4 CIDR block with the VPC

Associate a primary IPv6 CIDR block with the VPC

Create a new subnet for the VPC

Modify the CIDR block of the VPC

Modify the CIDR block of the subnet that is associated with the instances

Full Access

Question # 14

A company needs to view a list of security groups that are open to the internet on port 3389.

What should a SysOps administrator do to meet this requirement?

Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.

Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.

Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.

Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389

Full Access

Question # 15

A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately What should the SysOps administrator do to meet these requirements WITHOUT writing custom code''

Add the AWS account to AWS Organizations Enable CloudTrail in the management account

Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action

Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail

Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail

Full Access

Question # 16

A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status.

All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications.

Which solution will meet these requirements?

Adjust the Auto Scaling group to scale faster when a high number of messages is in the queue.

Use the Amazon Simple Notification Service (Amazon SNS) fanout feature with Amazon SQS to send the notifications in parallel to all the EC2 instances.

Add an Amazon DynamoDB stream to accelerate the message processing.

Create a queue for alarm notifications and a queue for information notifications. Update the application to collect messages from the alarm notifications queue first.

Full Access

Question # 17

A SysOos administrator s tasked with analyzing database performance. The database runs on a single Amazon RDS D6 instance. The SysOps administrator finds that, during times of peak traffic, resources on the database are over utilized due to the amount of read traffic.

Which actions should the SysOps administrator take to improve RDS performance? (Select TWO.)

Add a read replica.

Modify the application to use Amazon ElastiCache for Memcached.

Migrate the database from RDS to Amazon DynamoDB.

Migrate the database to Amazon EC2 with enhanced networking enabled

Upgrade the database to a Multi-AZ deployment.

Full Access

Question # 18

A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response.

What is the MOST operationally efficient solution that meets these requirements?

Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.

Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.

Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

Full Access

Question # 19

The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.

Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

AWS Trusted Advisor

Amazon Inspector

AWS Config

AWS Organizations

Full Access

Question # 20

A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resource Name (ARN) to the company for this integration.

What should a SysOps administrator do to configure this integration?

Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.

Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.

Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.

Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

Full Access

Question # 21

A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com.

What should the SysOps administrator do to resolve this issue?

Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.

Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.

Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.

Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.

Full Access

Question # 22

A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application's availability or design.

Which solution will meet these requirements?

Reduce the number of application servers.

Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.

Provision an Application Load Balancer in front of the instances.

Scale up the instance size of the application servers.

Full Access

Question # 23

A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com.

A SysOps administrator reviews the VPC configuration and learns the following information:

â€¢ The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0

â€¢ The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0

â€¢ The inbound security group for the EC2 instance allows ports 22 and 443 from the user's IP address.

â€¢ The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0

Which action will allow the user to complete the curl request successfully?

Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.

Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.

Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.

Add an additional outbound security group rule for port 80 to the user's IP address.

Full Access

Question # 24

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an

EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

AWS/ApplicationELB HealthyHostCount <= 0

AWS/ApplicationELB UnhealthyHostCount >= 1

AWS/EC2 StatusCheckFailed <= 0

AWS/EC2 StatusCheckFailed >= 1

Full Access

Question # 25

An application is deployed in a VPC in both the us-east-2 and eu-west-1 Regions. A significant amount of data needs to be transferred between the two Regions. What is the MOST cost-effective way to set up the data transfer?

Establish a VPN connection between the Regions using third-party VPN products from AWS Marketplace.

Establish Amazon CloudFront distributions tor the Amazon EC2 instances from both Regions.

Establish an inter-Region VPC peering connection between the VPCs.

Establish an AWS PrivateLinK connection between the two Regions.

Full Access

Question # 26

A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users across the globe.

Which solution will meet these requirements?

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the request originates.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon Route 53 to create an alias record that points to the CloudFront distribution.

Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create an alias record that points to the ALB.

Create an Application Load Balancer (ALB) and a target group in two Regions. Create an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in each target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct ALB based on where the request originates.

Full Access

Question # 27

A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.

What is the default behavior of CloudFormation in this scenario?

CloudFormation will roll back the stack and delete the stack.

CloudFormation will roll back the stack but will not delete the stack.

CloudFormation will prompt the user to roll back the stack or continue.

CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

Full Access

Question # 28

A SysOps administrator has launched a large general purpose Amazon EC2 instance to regularly process large data files. The instance has an attached 1 TB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBS-optimized. To save costs, the SysOps administrator stops the instance each evening and restarts the instance each morning.

When data processing is active, Amazon CloudWatch metrics on the instance show a consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O performance while ensuring data integrity.

Which action will meet these requirements?

Change the instance type to a large, burstable, general purpose instance.

Change the instance type to an extra large general purpose instance.

Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

Move the data that resides on the EBS volume to the instance store.

Full Access

Question # 29

A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future.

What is the MOST operationally efficient solution that meets these requirements?

Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.

Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.

Full Access

Question # 30

A companyâ€™s reporting job that used to run in 15 minutes is now taking an hour to run. An application generates the reports. The application runs on Amazon EC2 instances and extracts data from an Amazon RDS for MySQL database.

A SysOps administrator checks the Amazon CloudWatch dashboard for the RDS instance and notices that the Read IOPS metrics are high, even when the reports are not running. The SysOps administrator needs to improve the performance and the availability of the RDS instance.

Which solution will meet these requirements?

Configure an Amazon ElastiCache cluster in front of the RDS instance. Update the reporting job to query the ElastiCache cluster.

Deploy an RDS read replica. Update the reporting job to query the reader endpoint.

Create an Amazon CloudFront distribution. Set the RDS instance as the origin. Update the reporting job to query the CloudFront distribution.

Increase the size of the RDS instance.

Full Access

Question # 31

A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server.

A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection.

The on-premises users are unable to connect to the EC2 instance and receive a timeout error.

What should the SysOps administrator do to troubleshoot this issue?

Create Amazon CloudWatch logs for the EC2 instance to check for blocked traffic.

Create Amazon CloudWatch logs for the Site-to-Site VPN connection to check for blocked traffic.

Create VPC flow logs for the EC2 instance's elastic network interface to check for rejected traffic.

Instruct users to use EC2 Instance Connect as a connection method.

Full Access

Question # 32

An application runs on multiple Amazon EC2 instances in an Auto Scaling group The Auto Scaling group is configured to use the latest version of a launch template A SysOps administrator must devise a solution that centrally manages the application logs and retains the logs for no more than 90 days

Which solution will meet these requirements?

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to an Amazon S3 bucket Apply a 90-day S3 Lifecycle policy on the S3 bucket to expire the application logs

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to a log group Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to perform an instance refresh every 90 days

Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Configure the retention period on the log group to be 90 days

Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Set the log rotation configuration of the EC2 instances to 90 days

Full Access

Question # 33

A company's SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company's web application. The web application does not use any Elastic IP addresses. Users must access the web application by using the company's domain name. The SysOps administrator needs to configure Amazon Route 53 to route traffic to the NLB.

Which solution will meet these requirements MOST cost-effectively?

Create a Route 53 AAAA record for the NLB.

Create a Route 53 alias record for the NLB.

Create a Route 53 CAA record for the NLB.

Create a Route 53 CNAME record for the NLB.

Full Access

Question # 34

A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic.

The company also has a static website that is configured in an Amazon S3 bucket.

A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated.

Which combination of actions will meet these requirements? (Choose two.)

Create a primary failover routing policy record. Configure the value to be the ALB.

Create an AWS Lambda function to switch from the primary website to the secondary website when the health check fails.

Create a primary failover routing policy record. Configure the value to be the ALB. Associate the record with a Route 53 health check.

Create a secondary failover routing policy record. Configure the value to be the static website. Associate the record with a Route 53 health check.

Create a secondary failover routing policy record. Configure the value to be the static website.

Full Access

Question # 35

ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds.

How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?

The Auto Scaling group will launch an additional EC2 instance every time the RequestCountPerTarget metric exceeds the predefined limit.

The Auto Scaling group will launch one EC2 instance and will wait for the default cooldown period before launching another instance.

The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not add new EC2 instances until the load is normalized.

The Auto Scaling group will try to distribute the traffic among all EC2 instances before launching another instance.

Full Access

Question # 36

A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement?

Configure S3 bucket metrics to record object access logs

Create an AWS CloudTrail trail to log data events tor all S3 objects

Enable S3 server access logging for each S3 bucket

Use AWS IAM Access Analyzer for Amazon S3 to store object access logs.

Full Access

Question # 37

A SysOps administrator needs to configure the Amazon Route 53 hosted zone for example.com and www.example.com to point to an Application Load Balancer (ALB). Which combination of actions should the SysOps administrator take to meet these requirements? (Select TWO.)

Configure anArecordforexample.com to point to the IP address of the ALB.

Configure an A record for www.example.com to point to the IP address of the ALB.

Configure an alias record for example.com to point to the CNAME of the ALB.

Configure an alias record for www.example.com to point to the Route 53 example.com record.

Configure a CNAME record for example com to point to the CNAME of the ALB.

Full Access

Question # 38

A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of hostl .onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of hostl.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS.

The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.

Which solution allows the on-premises application to resolve the EC2 instance hostname?

Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.

Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.

Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.

Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.

Full Access

Question # 39

An environment consists of 100 Amazon EC2 Windows instances The Amazon CloudWatch agent Is deployed and running on at EC2 instances with a baseline configuration file to capture log files There is a new requirement to capture the DHCP tog tiles that exist on 50 of the instances

What is the MOST operational efficient way to meet this new requirement?

Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file

Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch

Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process

Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level. This wifi capture the operating system log files.

Full Access

Question # 40

A company is using AWS Certificate Manager (ACM) to manage public SSL/TLS certificates. A SysOps administrator needs to send an email notification when a certificate has less than 14 days until expiration.

Which solution will meet this requirement with the LEAST operational overhead?

Create an Amazon CloudWatch custom metric to monitor certificate expiration for all ACM certificates. Create an Amazon EventBridge rule that has an event source of a ws. cloud watch Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe the appropriate email addresses to the SNS topic.

Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry melric for all ACM certificates.

Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic.

Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for all ACM certificates. If DaysToExpiry is less than 14, send an email

message to the appropriate email addresses. Send the email message by running a predefined CLI command to publish to an Amazon Simple Notification Service (Amazon SNS) topic.

Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMS identity that uses a predefined email template. Configure the rule to send an event to the target SMS identity if DaysToExpiry is less than 14.

Full Access

Question # 41

A company runs workloads on 90 Amazon EC2 instances in the eu-west-1 Region in an AWS account. In 2 months, the company will migrate the workloads from eu-west-1 to the eu-west-3 Region.

The company needs to reduce the cost of the EC2 instances. The company is willing to make a 1-year commitment that will begin next week. The company must choose an EC2 Instance purchasing option that will provide discounts for the 90 EC2 Instances regardless of Region during the 1-year period.

Which solution will meet these requirements?

Purchase EC2 Standard Reserved Instances.

Purchase an EC2 Instance Savings Plan.

Purchase EC2 Convertible Reserved Instances.

Purchase a Compute Savings Plan.

Full Access

Question # 42

A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.

Which parameters should be specified to accomplish this in the MOST efficient manner?

Specify '*' as the principal and PrincipalOrgld as a condition.

Specify all account numbers as the principal.

Specify PrincipalOrgld as the principal.

Specify the organization's management account as the principal.

Full Access

Question # 43

A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address.

How should the SysOps administrator deploy the application to meet this requirement?

Behind an Amazon API Gateway API

Behind an Application Load Balancer

Behind an internet-facing Network Load Balancer

In an Amazon CloudFront distribution

Full Access

Question # 44

A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.

Which of the following is a cause of this?

The S3 bucket must be configured with Amazon CloudFront first.

The Route 53 record set must have an IAM role that allows access to the S3 bucket.

The Route 53 record set must be in the same region as the S3 bucket.

The S3 bucket name must match the record set name in Route 53.

Full Access

Question # 45

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.

What actions should the SysOps administrator take to meet these requirements?

Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.

Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.

Full Access

Question # 46

A company plans to migrate several of its high performance computing (MPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.

Which strategy should the SysOps administrator choose to meet these requirements?

Deploy the instances in a cluster placement group in one Availability Zone.

Deploy the instances in a partition placement group in two Availability Zones

Deploy the instances in a partition placement group in one Availability Zone

Deploy the instances in a spread placement group in two Availably Zones

Full Access

Question # 47

A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions.

The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard.

How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?

Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.

Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource's DashboardBody property.

Update the CloudFormation template to define an resource. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.

Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing

dashboard in the DashboardName property.

Full Access

Question # 48

A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket.

What is the MOST operationally efficient solution that meets these requirements?

Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.

Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.

Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

Full Access

Question # 49

A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect the website by using AWS Certificate Manager (ACM) certificates The ELB must automatically redirect any HTTP requests to HTTPS

Which solution will meet these requirements?

Create an Application Load Balancer that has one HTTPS listener on port 80 Attach an SSLTLS certificate to listener port 80 Create a rule to redirect requests from HTTP to HTTPS

Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443 Attach an SSL TLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443

Create an Application Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443

Create a Network Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443

Full Access

Question # 50

A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out.

Which action should the SysOps administrator take to meet these requirements?

Enable instance scale-in protection.

Place the instance into the Standby stale.

Remove the listener from the ALB

Suspend the Launch and Terminate process types.

Full Access

Question # 51

A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

Add a product from the imported portfolio to a local portfolio.

Add new products to the imported portfolio.

Change the launch role for the products contained in the imported portfolio.

Customize the products in the imported portfolio.

Full Access

Question # 52

A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.

According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the companyâ€™s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.

Which action should the SysOps administrator take to meet these requirements?

Increase the size of the 1 GiB EBS volumes.

Add two additional elastic network interfaces on each EC2 instance.

Turn on Transfer Acceleration on the EBS volumes in the Region.

Add all the EC2 instances to a cluster placement group.

Full Access

Question # 53

A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance. Which option would provide this information with the LEAST administrative overhead?

Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring

List any instances with failed system status checks using the AWS Management Console

Monitor AWS CloudTrail for Stopinstances API calls

Review the AWS Personal Health Dashboard

Full Access

Question # 54

A company's social media application has strict data residency requirements. The company wants to use Amazon Route 53 to provide the application with DNS services. A SysOps administrator must implement a solution that routes requests to a defined list of AWS Regions. The routing must be based on the user's location. Which solution will meet these requirements?

Configure a Route 53 latency routing policy.

Configure a Route 53 multivalue answer routing policy.

Configure a Route 53 geolocation routing policy.

Configure a Route 53 IP-based routing policy.

Full Access

Question # 55

A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the

member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers

are unable to configure a billing alarm. The IAM permissions for all users are correct.

What could be the cause of this issue?

The management/payer account does not have billing alerts turned on.

The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account.

Amazon GuardDuty is turned on for all the accounts.

The company has not configured an AWS Config rule to monitor billing.

Full Access

Question # 56

A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones The application uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests tor dynamic content to the load balancer and requests for static content to an Amazon S3 bucket Site visitors are reporting extremely long loading times.

Which actions should be taken to improve the performance of the website? (Select TWO )

Add Amazon CloudFront caching for static content

Change the load balancer listener from HTTPS to TCP

Enable Amazon Route 53 latency-based routing

Implement Amazon EC2 Auto Scaling for the web servers

Move the static content from Amazon S3 to the web servers

Full Access

Question # 57

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

Configure the file system for Provisioned Throughput.

Enable encryption in transit on the file system.

Identify any unused files in the file system, and remove the unused files.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Full Access

Question # 58

A development team recently deployed a new version of a web application to production. After the release penetration testing revealed a cross-site scripting vulnerability that could expose user data.

Which AWS service will mitigate this issue?

AWS Shield Standard

AWS WAF

Elastic Load Balancing

Amazon Cognito

Full Access

Question # 59

A company is using an Amazon DynamoDB table for data. A SysOps administrator must configure replication of the table to another AWS Region for disaster recovery.

What should the SysOps administrator do to meet this requirement?

Enable DynamoDB Accelerator (DAX).

Enable DynamoDB Streams, and add a global secondary index (GSI).

Enable DynamoDB Streams, and-add a global table Region.

Enable point-in-time recovery.

Full Access

Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Question and Answers

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer: