Amazon SOA-C02 Practice Test - Questions Answers, Page 13
List of questions
Question 121
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
An environment consists of 100 Amazon EC2 Window* instances The Amazon CloudWatch agent Is deployed and running on at EC2 instances with a baseline configuration file to capture log files There is a new requirement to capture the DHCP tog tiles that exist on 50 of the instances What is the MOST operational efficient way to meet this new requirement?
Question 122
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC.
While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.
What should the SysOps administrator do to ensure that all traffic is logged?
Question 123
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company uses an Amazon CloudFront distribution to deliver its website Traffic togs for the website must be centrally stored and all data must be encrypted at rest Which solution will meet these requirements?
Question 124
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors. The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back. Based on these requirements what should be added to the template?
Question 125
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies The company decides to switch to an SQS FIFO queue What must the company do to migrate to an SQS FIFO queue?
Question 126
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?
Question 127
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments. How should the SysOps administrator use AWS CloudFormation to create a solution?
Explanation:
Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment, but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse
Question 128
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code Which solution will meet these requirements?
Explanation:
To make the application accessible only through the CloudFront distribution and not directly through the Application Load Balancer (ALB), you can add a custom HTTP header to the origin settings for the CloudFront distribution. You can then create a rule in the ALB listener to forward requests that contain the matching custom header and its value to the origin. You can also add a default rule to the ALB listener to return a fixed response code of 403 for requests that do not contain the matching custom header. This will allow you to redirect all requests to the CloudFront distribution and block direct access to the application through the ALB.https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/restrict-access-to-load- balancer.html
Question 129
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A compliance team requires all administrator passwords tor Amazon RDS DB instances to be changed at toast annually Which solution meets this requirement in the MOST operationally efficient manned
Question 130
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance. Which option would provide this information with the LEAST administrative overhead?
Question