Amazon Web Services SOA-C02 Exam Practice Questions Answers

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question 1

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Question 2

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

See the Explanation for solution.

Options:

Question 3

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Answer:

See the Explanation for solution.

Explanation:

Here are the steps to configure an Amazon S3 bucket to serve a static error page in the event of a failure at the primary site:

Log in to the AWS Management Console and navigate to the S3 service in the us-east-2 Region.
Find the existing S3 bucket named lab-751906329398-26023898.com and click on it.
In the "Properties" tab, click on "Static website hosting" and select "Use this bucket to host a website".
In "Index Document" field, enter the name of the object that you want to use as the index document, in this case, "index.html"
In the "Permissions" tab, click on "Block Public Access", and make sure that "Block all public access" is turned OFF.
Click on "Bucket Policy" and add the following policy to allow public read access:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "PublicReadGetObject",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::lab-751906329398-26023898.com/*"

}

]

}

Now navigate to the Amazon Route 53 service, and find the existing hosted zone named lab-751906329398-26023898.com.
Click on the "A record" and update the routing policy to "Primary - Failover" and add the existing ALB as the primary record.
Click on "Create Record" button and create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing S3 bucket.
Now, when the primary site (ALB) goes down, traffic will be automatically routed to the S3 bucket serving the static error page.

Note:

You can use CloudWatch to monitor the health of your ALB.
You can use Amazon S3 to host a static website.
You can use Amazon Route 53 for routing traffic to different resources based on health checks.
You can refer to the AWS documentation for more information on how to configure and use these services:

Graphical user interface, text, application Description automatically generated

Graphical user interface, application, Teams Description automatically generated

Graphical user interface, text, application Description automatically generated

Graphical user interface, text, application, email Description automatically generated

Graphical user interface, text, application Description automatically generated

Question 4

A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the management account.

What could be the reason for this issue?

Options:

All features have not been enabled in the organization.

Consolidated billing has not been enabled.

The member accounts do not have tags enabled for cost allocation.

The member accounts have not manually enabled trusted access for Compute Optimizer.

Question 5

A SysOps administrator needs to develop a solution that provides email notification and inserts a record into a database every time a file is put into an Amazon S3 bucket.

What is the MOST operationally efficient solution that meets these requirements?

Options:

Set up an S3 event notification that targets an Amazon Simple Notification Service (Amazon SNS) topic Create two subscriptions for the SNS topic Use one subscription to send the email notification Use the other subscription to invoke an AWS Lambda function that inserts the record into the database

Set up an Amazon CloudWatch alarm that enters ALARM state whenever an object is created in the S3 bucket Configure the alarm to invoke an AWS Lambda (unction that sends the email notification and inserts the record into the database

Create an AWS Lambda function to send the email notification and insert the record into the database whenever a new object is detected in the S3 bucket invoke the function every minute with an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule.

Set up two S3 event notifications Target a separate AWS Lambda function with each notification Configure one function to send the email notification Configure the other function to insert the record into the database

Question 6

A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched

What should the SysOps administrator do to meet this requirement?

Options:

Add a wait condition to the template Update the EC2 instance user data script to send a signal after the EC2 instance is started

Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource

Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource

Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created

Question 7

A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted.

What is the MOST operationally efficient solution that meets these requirements?

Options:

Create a script that runs against the S3 bucket and outputs the status of each object.

Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.

Provide the security team with an IAM user that has read access to the S3 bucket.

Use the AWS CLI to output a list of all objects in the S3 bucket.

Question 8

A company is undergoing an external audit of its systems, which run wholly on AWS. A SysOps administrator must supply documentation of Payment Card Industry Data Security Standard (PCI DSS) compliance for the infrastructure managed by AWS.

Which set of action should the SysOps administrator take to meet this requirement?

Options:

Download the applicable reports from the AWS Artifact portal and supply these to the auditors.

Download complete copies of the AWS CloudTrail log files and supply these to the auditors.

Download complete copies of the AWS CloudWatch logs and supply these to the auditors.

Provide the auditors with administrative access to the production AWS account so that the auditors can determine compliance.

Question 9

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

Options:

Configure the file system for Provisioned Throughput.

Enable encryption in transit on the file system.

Identify any unused files in the file system, and remove the unused files.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Question 10

A company wants to build a solution for its business-critical Amazon RDS for MySQL database. The database requires high availability across different geographic locations. A SysOps administrator must build a solution to handle a disaster recovery (DR) scenario with the lowest recovery time objective (RTO) and recovery point objective (RPO).

Which solution meets these requirements?

Options:

Create automated snapshots of the database on a schedule. Copy the snapshots to the DR Region.

Create a cross-Region read replica for the database.

Create a Multi-AZ read replica for the database.

Schedule AWS Lambda functions to create snapshots of the source database and to copy the snapshots to a DR Region.

Question 11

A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at that times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00,7 days a week

How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?

Options:

Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%

Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is available at 09:00 Create a second scheduled scaling policy that scales in the fleet at 17:00

Set the Auto Scaling group to start with 2 instances by setting the desired instances maximum instances, and minimum instances to 2 Create a scheduled scaling policy that ensures that the fleet is available at 09:00

Create a scheduled scaling policy that ensures that the fleet is available at 09.00. Create a second scheduled scaling policy that scales in the fleet at 17:00

Question 12

A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.

Which action should the SysOps administrator take to meet this requirement?

Options:

Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.

Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

Question 13

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

Options:

a dedicated VPC.

a single subnet inside the VPC.

a placement group.

a single Availability Zone.

Question 14

A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more.

Which solution will meet this requirement In the MOST operationally efficient manner?

Options:

Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown If CPU utilization is less than 10%.

Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.

Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.

Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.

Question 15

A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization.

The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether they comply with this requirement.

Which combination of steps should the SysOps administrator take to collect this data? {Select TWO).

Options:

Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.

Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket

Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the s3-bucket-public-read-prohibited rule for the entire organization.

Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.

Use the AWS Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.

Question 16

A SysOps administrator receives notification that an application that is running on Amazon EC2 instances has failed to authenticate to an Amazon RDS database To troubleshoot, the SysOps administrator needs to investigate AWS Secrets Manager password rotation

Which Amazon CloudWatch log will provide insight into the password rotation?

Options:

AWS CloudTrail logs

EC2 instance application logs

AWS Lambda function logs

RDS database logs

Question 17

A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.

Which solution should the SysOps administrator implement to meet these requirements?

Options:

Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.

Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.

Migrate the database to an Amazon Aurora multi-master DB cluster.

Migrate the database to an Amazon RDS for MySQL DB instance.

Question 18

A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.

Which solution will meet these requirements?

Options:

Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the CloudFront distribution.

Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3 bucket.

Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.

Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.

Question 19

A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The company does not want to pay for additional unneeded capacity to achieve this performance.

Which solution will meet these requirements with the LEAST cost?

Options:

Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS

Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS.

Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode.

Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS

Question 20

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.

Which next step should be taken to configure Route 53?

Options:

Create an A record for each server. Associate the records with the Route 53 HTTP health check.

Create an A record for each server. Associate the records with the Route 53 TCP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

Question 21

A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files.

Which solution will meet these requirements?

Options:

Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.

Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Recognition.

Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.

Enable Amazon Macie. Create a discovery job that uses the managed data identifier.

Question 22

An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted

How can this be resolved?

Options:

Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect

Enable encryption on the existing EFS volume by using the AWS Command Line Interface

Enable encryption on each host's local drive Restart each host to encrypt the drive

Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume

Question 23

A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must integrate with Amazon RDS.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

Store the credentials in AWS Systems Manager Parameter Store as a secure string. Configure automatic rotation with a rotation interval of 30 days.

Store the credentials in AWS Secrets Manager. Configure automatic rotation with a rotation interval of 30 days.

Store the credentials in a file in an Amazon S3 bucket. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Store the credentials in AWS Secrets Manager. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Amazon Web Services SOA-C02 Dumps

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation: