ExamGecko
Login
Home / Amazon / SOA-C02 / List of questions
Ask Question

Amazon SOA-C02 Practice Test - Questions Answers, Page 12

List of questions

Question 111

Report
Export
Collapse

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket. Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
Enable log file integrity validation and use digest files to verify the hash value of the log file.
Enable log file integrity validation and use digest files to verify the hash value of the log file.
Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
Enable S3 server access logging to track requests made to the log bucket for security audits.
Enable S3 server access logging to track requests made to the log bucket for security audits.
Suggested answer: B

Explanation:

When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that Reference the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS regionhttps://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation- intro.html

asked 16/09/2024
Daniel Melendez
49 questions

Question 112

Report
Export
Collapse

A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of host1.onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of host1.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS. The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between onpremises and AWS resources. Which solution allows the on-premises application to resolve the EC2 instance hostname?

Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the onpremises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the onpremises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.
Suggested answer: B

Explanation:

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/route53-resolve-with-inbound-endpoint/

Amazon SOA-C02 image Question 112 explanation 8147 09162024010005000000

asked 16/09/2024
Claudia Arrais
49 questions

Question 113

Report
Export
Collapse

A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.

Which solution will meet these requirements?

Purchase RIs in individual member accounts. Disable RI discount sharing in the management account.
Purchase RIs in individual member accounts. Disable RI discount sharing in the management account.
Purchase RIs in individual member accounts. Disable RI discount sharing in the member accounts.
Purchase RIs in individual member accounts. Disable RI discount sharing in the member accounts.
Purchase RIs in the management account. Disable RI discount sharing in the management account.
Purchase RIs in the management account. Disable RI discount sharing in the management account.
Purchase RIs in the management account. Disable RI discount sharing in the member accounts.
Purchase RIs in the management account. Disable RI discount sharing in the member accounts.
Suggested answer: B
asked 16/09/2024
Karabo Mabeba
29 questions

Question 114

Report
Export
Collapse

An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

Amazon SOA-C02 image Question 114 8149 09162024010005000000

Which entry must a SysOps administrator add to the route table to meet this requirement?

A route for 0.0.0.0/0 that points to a NAT gateway
A route for 0.0.0.0/0 that points to a NAT gateway
A route for 0.0.0.0/0 that points to an egress-only internet gateway
A route for 0.0.0.0/0 that points to an egress-only internet gateway
A route for 0.0.0.0/0 that points to an internet gateway
A route for 0.0.0.0/0 that points to an internet gateway
A route for 0.0.0.0/0 that points to an elastic network interface
A route for 0.0.0.0/0 that points to an elastic network interface
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html

asked 16/09/2024
long tran
33 questions

Question 115

Report
Export
Collapse

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances. The instances all exist in the same VPC across multiple Availability

Zones. There are two instances in each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency.

Which solution will meet these requirements?

Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances.
Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances.
Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.
Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.
Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.
Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.
Create a mount target in each Availability Zone of the VPC. Use the mount target to mount the EFS file system on the instances in the respective Availability Zone.
Create a mount target in each Availability Zone of the VPC. Use the mount target to mount the EFS file system on the instances in the respective Availability Zone.
Suggested answer: D

Explanation:

Reference: https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html

Amazon SOA-C02 image Question 115 explanation 8150 09162024010005000000

asked 16/09/2024
Mustafa BeÅŸparmak
36 questions

Question 116

Report
Export
Collapse

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance. Which of the following are possible causes of this issue? (Choose two.)

A network ACL associated with the bastion's subnet is blocking the network traffic.
A network ACL associated with the bastion's subnet is blocking the network traffic.
The instance does not have a private IP address.
The instance does not have a private IP address.
The route table associated with the bastion's subnet does not have a route to the internet gateway.
The route table associated with the bastion's subnet does not have a route to the internet gateway.
The security group for the instance does not have an inbound rule on port 22.
The security group for the instance does not have an inbound rule on port 22.
The security group for the instance does not have an outbound rule on port 3389.
The security group for the instance does not have an outbound rule on port 3389.
Suggested answer: A, C
asked 16/09/2024
Felix Bourdier
47 questions

Question 117

Report
Export
Collapse

A company's customers are reporting increased latency while accessing static web content from Amazon S3 A SysOps administrator observed a very high rate of read operations on a particular S3 bucket What will minimize latency by reducing load on the S3 bucket?

Migrate the S3 bucket to a region that is closer to end users' geographic locations
Migrate the S3 bucket to a region that is closer to end users' geographic locations
Use cross-region replication to replicate all of the data to another region
Use cross-region replication to replicate all of the data to another region
Create an Amazon CloudFront distribution with the S3 bucket as the origin.
Create an Amazon CloudFront distribution with the S3 bucket as the origin.
Use Amazon ElastiCache to cache data being served from Amazon S3
Use Amazon ElastiCache to cache data being served from Amazon S3
Suggested answer: C
asked 16/09/2024
Luis Campoy
41 questions

Question 118

Report
Export
Collapse

A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console What must the SysOps administrator do to resolve this issue?

Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up
Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up
Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications
Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications
Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory
Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory
Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy
Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy
Suggested answer: D
asked 16/09/2024
Yan Wei
35 questions

Question 119

Report
Export
Collapse

A SysOps administrator uses AWS Systems Manager Session Manager to connect to instances After the SysOps administrator launches a new Amazon EC2 instance the EC2 instance does not appear in the Session Manager list of systems that are available for connection. The SysOps administrator verities that Systems Manager Agent is installed updated and running on the EC2 instance What is the reason for this issue?

The SysOps administrator does not have access to the key pair that is required for connection
The SysOps administrator does not have access to the key pair that is required for connection
The SysOps administrator has not attached a security group to the EC2 instance to allow SSH on port 22.
The SysOps administrator has not attached a security group to the EC2 instance to allow SSH on port 22.
The EC2 instance does not have an attached IAM role that allows Session Manager to connect to the EC2 instance.
The EC2 instance does not have an attached IAM role that allows Session Manager to connect to the EC2 instance.
The EC2 instance ID has not been entered into the Session Manager configuration
The EC2 instance ID has not been entered into the Session Manager configuration
Suggested answer: C
asked 16/09/2024
Roman Flores
33 questions

Question 120

Report
Export
Collapse

A company has an organization in AWS Organizations. The company uses shared VPCs to provide networking resources across accounts A SysOps administrator has been able to successfully launch and manage Amazon EC2 instances in a participant account However the SysOps administrator is now receiving an InstanceLimitExceeded error when the SysOps administrator tries to launch a new EC2 instance What should the SysOps administrator do to resolve this error')

Request an instance quota increase from the account that owns the VPC
Request an instance quota increase from the account that owns the VPC
Launch additional EC2 instances in a different AWS Region
Launch additional EC2 instances in a different AWS Region
Request an instance quota increase from the parte pant account
Request an instance quota increase from the parte pant account
Launch additional EC2 instances by using a different Amazon Machine image (AMI)
Launch additional EC2 instances by using a different Amazon Machine image (AMI)
Suggested answer: A
asked 16/09/2024
Laura G
57 questions
Total 450 questions
Go to page: of 45
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.
After creating a presigned URL for an S3 object, users can no longer access the file after a few days.
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server. A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection. The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue?
The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.
The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names?
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2. large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes. What change should be made to alleviate the performance problem?
A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds. How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
A SysOps administrator needs EC2 instances in a VPC to resolve DNS names for hosts in an on-premises data center.