ExamGecko
Login
Home / Amazon / SOA-C02 / List of questions
Ask Question

Amazon SOA-C02 Practice Test - Questions Answers, Page 5

List of questions

Question 41

Report
Export
Collapse

A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an AWS Site-to-Site VPN connection between the on-premises network and AWS. The company must monitor the application for changes that allow network access outside of the corporate network. Any change that exposes the application externally must be restricted automatically. Which solution meets these requirements in the MOST operationally efficient manner?

Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR ranges. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Logs. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a target.
Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR ranges. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Logs. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a target.
Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public IP addresses on the EC2 instances. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public IP addresses on the EC2 instances. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from noncorporate CIDR ranges. Create an AWS Systems Manager Automation document to remove any noncorporate CIDR ranges from the application security groups.
Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from noncorporate CIDR ranges. Create an AWS Systems Manager Automation document to remove any noncorporate CIDR ranges from the application security groups.
Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag. Tag the EC2 instances with an identifier. Create an AWS Systems Manager Automation document to remove the public IP association from the EC2 instances.
Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag. Tag the EC2 instances with an identifier. Create an AWS Systems Manager Automation document to remove the public IP association from the EC2 instances.
Suggested answer: A
asked 16/09/2024
Wilfried Bret
30 questions

Question 42

Report
Export
Collapse

A SysOps administrator has successfully deployed a VPC with an AWS CloudFormation template. The SysOps administrator wants to deploy the same template across multiple accounts that are managed through AWS Organizations. Which solution will meet this requirement with the LEAST operational overhead?

Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.
Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.
Suggested answer: D

Explanation:

Reference: https://aws.amazon.com/blogs/aws/new-use-aws-cloudformation-stacksets-for-multiple-accounts-in-an-awsorganization/

asked 16/09/2024
Christophe RUIZ
36 questions

Question 43

Report
Export
Collapse

A SysOps administrator is notified that an Amazon EC2 instance has stopped responding. The AWS Management Console indicates that the system checks are failing. What should the administrator do first to resolve this issue?

Reboot the EC2 instance so it can be launched on a new host.
Reboot the EC2 instance so it can be launched on a new host.
Stop and then start the EC2 instance so that it can be launched on a new host.
Stop and then start the EC2 instance so that it can be launched on a new host.
Terminate the EC2 instance and relaunch it.
Terminate the EC2 instance and relaunch it.
View the AWS CloudTrail log to investigate what changed on the EC2 instance.
View the AWS CloudTrail log to investigate what changed on the EC2 instance.
Suggested answer: B
asked 16/09/2024
Stefano Humphries
40 questions

Question 44

Report
Export
Collapse

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic.

Which solution will provide the EC2 instances in the private subnet with access to the internet?

Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.
Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.
Suggested answer: A

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

Amazon SOA-C02 image Question 44 explanation 8079 09162024010005000000

asked 16/09/2024
NAKAYAMA HIROYUKI
33 questions

Question 45

Report
Export
Collapse

A recent audit found that most resources belonging to the development team were in violation of patch compliance standards. The resources were properly tagged. Which service should be used to quickly remediate the issue and bring the resources back into compliance?

AWS Config
AWS Config
Amazon Inspector
Amazon Inspector
AWS Trusted Advisor
AWS Trusted Advisor
AWS Systems Manager
AWS Systems Manager
Suggested answer: D

Explanation:

Reference: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-about.html

asked 16/09/2024
Olugbenga Fagbohun
40 questions

Question 46

Report
Export
Collapse

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy. What is likely to be the problem?

The Amazon Machine image used is not available in that region.
The Amazon Machine image used is not available in that region.
The AWS CloudFormation template needs to be updated to the latest version.
The AWS CloudFormation template needs to be updated to the latest version.
The VPC configuration parameters have changed and must be updated in the template.
The VPC configuration parameters have changed and must be updated in the template.
The account has reached the default limit for VPCs allowed.
The account has reached the default limit for VPCs allowed.
Suggested answer: D

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html

Amazon SOA-C02 image Question 46 explanation 8081 09162024010005000000

asked 16/09/2024
John Hart
47 questions

Question 47

Report
Export
Collapse

A company runs its infrastructure on Amazon EC2 instances that run in an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2 fleet. This faulty code caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved.

What should a SysOps administrator do to retain the application logs after instances are terminated?

Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.
Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.
Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrail. Update the launch template to use the new AMI.
Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrail. Update the launch template to use the new AMI.
Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch template. Configure the CloudWatch agent to back up the logs to ephemeral storage.
Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch template. Configure the CloudWatch agent to back up the logs to ephemeral storage.
Suggested answer: C
asked 16/09/2024
Hany Mohammed
35 questions

Question 48

Report
Export
Collapse

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal. Which actions should a SysOps administrator take to improve the performance of the file system?

Configure the file system for Provisioned Throughput.
Configure the file system for Provisioned Throughput.
Enable encryption in transit on the file system.
Enable encryption in transit on the file system.
Identify any unused files in the file system, and remove the unused files.
Identify any unused files in the file system, and remove the unused files.
Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
Suggested answer: A

Explanation:

Reference: https://docs.aws.amazon.com/efs/latest/ug/performance.html

asked 16/09/2024
Sana Mehak
26 questions

Question 49

Report
Export
Collapse

A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Create an origin access identity and grant it permissions to read objects in the S3 bucket.
Create an origin access identity and grant it permissions to read objects in the S3 bucket.
Assign an IAM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
Assign an IAM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
Assign an IAM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.
Assign an IAM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.
Suggested answer: B
asked 16/09/2024
Koen Poos
40 questions

Question 50

Report
Export
Collapse

A SysOps administrator must create a solution to automatically shuts down any Amazon EC2 instances that have less than 10% average CPU to monitor average CPU utilization for 60 minutes or more. Which solution meets these requirements in the MOST operationally efficient manner?

Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown if CPU utilization is less than 10%.
Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown if CPU utilization is less than 10%.
Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.
Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_AlarmAtThresholdEC2.html

asked 16/09/2024
Sandesh Somaiah
39 questions
Total 450 questions
Go to page: of 45
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.
After creating a presigned URL for an S3 object, users can no longer access the file after a few days.
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server. A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection. The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue?
The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.
The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names?
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2. large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes. What change should be made to alleviate the performance problem?
A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds. How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
A SysOps administrator needs EC2 instances in a VPC to resolve DNS names for hosts in an on-premises data center.