ExamGecko
Login
Home / Amazon / SOA-C02 / List of questions
Ask Question

Amazon SOA-C02 Practice Test - Questions Answers, Page 13

List of questions

Question 121

Report
Export
Collapse

An environment consists of 100 Amazon EC2 Window* instances The Amazon CloudWatch agent Is deployed and running on at EC2 instances with a baseline configuration file to capture log files There is a new requirement to capture the DHCP tog tiles that exist on 50 of the instances What is the MOST operational efficient way to meet this new requirement?

Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file
Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file
Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch
Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch
Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process
Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process
Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level. This wifi capture the operating system log files.
Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level. This wifi capture the operating system log files.
Suggested answer: A
asked 16/09/2024
Sarah Pachowsky
33 questions

Question 122

Report
Export
Collapse

A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC.

While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.

What should the SysOps administrator do to ensure that all traffic is logged?

Create a new flow tog that has a titter setting to capture all traffic
Create a new flow tog that has a titter setting to capture all traffic
Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog
Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog
Edit the existing flow log Change the fitter setting to capture all traffic
Edit the existing flow log Change the fitter setting to capture all traffic
Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog
Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog
Suggested answer: A
asked 16/09/2024
C/1094 WOLOGUEDE COTONOU – BENIN STEVE
32 questions

Question 123

Report
Export
Collapse

A company uses an Amazon CloudFront distribution to deliver its website Traffic togs for the website must be centrally stored and all data must be encrypted at rest Which solution will meet these requirements?

Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
Create an Amazon S3 bucket that is configured with default server side encryption that uses AES- 256 Configure CloudFront to use the S3 bucket as a log destination
Create an Amazon S3 bucket that is configured with default server side encryption that uses AES- 256 Configure CloudFront to use the S3 bucket as a log destination
Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log destination
Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log destination
Suggested answer: C
asked 16/09/2024
Helmut Steingraber
33 questions

Question 124

Report
Export
Collapse

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors. The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back. Based on these requirements what should be added to the template?

Conditions with a timeout set to 4 hours.
Conditions with a timeout set to 4 hours.
CreationPolicy with timeout set to 4 hours.
CreationPolicy with timeout set to 4 hours.
DependsOn a timeout set to 4 hours.
DependsOn a timeout set to 4 hours.
Metadata with a timeout set to 4 hours
Metadata with a timeout set to 4 hours
Suggested answer: B
asked 16/09/2024
P. Kriek
40 questions

Question 125

Report
Export
Collapse

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies The company decides to switch to an SQS FIFO queue What must the company do to migrate to an SQS FIFO queue?

Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages
Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages
Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages
Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages
Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages
Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages
Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages
Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages
Suggested answer: A
asked 16/09/2024
Judith Persons
31 questions

Question 126

Report
Export
Collapse

A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?

Log in to the RDS console and select the encryption box to encrypt the database
Log in to the RDS console and select the encryption box to encrypt the database
Create a new encrypted Amazon EBS volume and attach it to the instance
Create a new encrypted Amazon EBS volume and attach it to the instance
Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance
Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance
Suggested answer: D
asked 16/09/2024
Ankit Singh
35 questions

Question 127

Report
Export
Collapse

A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments. How should the SysOps administrator use AWS CloudFormation to create a solution?

Use Amazon EC2 user data in a CloudFormation template
Use Amazon EC2 user data in a CloudFormation template
Use nested stacks to provision resources
Use nested stacks to provision resources
Use parameters in a CloudFormation template
Use parameters in a CloudFormation template
Use stack policies to provision resources
Use stack policies to provision resources
Suggested answer: C

Explanation:

Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment, but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse

asked 16/09/2024
Wojciech Oleksiak
37 questions

Question 128

Report
Export
Collapse

A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code Which solution will meet these requirements?

Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name
Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name
Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution.
Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution.
Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.
Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.
Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a ruleto forward requests that contain the matching custom header and the header's value Add a defaultrule to return a fixed response code of 403.
Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a ruleto forward requests that contain the matching custom header and the header's value Add a defaultrule to return a fixed response code of 403.
Suggested answer: D

Explanation:

To make the application accessible only through the CloudFront distribution and not directly through the Application Load Balancer (ALB), you can add a custom HTTP header to the origin settings for the CloudFront distribution. You can then create a rule in the ALB listener to forward requests that contain the matching custom header and its value to the origin. You can also add a default rule to the ALB listener to return a fixed response code of 403 for requests that do not contain the matching custom header. This will allow you to redirect all requests to the CloudFront distribution and block direct access to the application through the ALB.https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/restrict-access-to-load- balancer.html

asked 16/09/2024
Billy Mitchell
29 questions

Question 129

Report
Export
Collapse

A compliance team requires all administrator passwords tor Amazon RDS DB instances to be changed at toast annually Which solution meets this requirement in the MOST operationally efficient manned

Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days
Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days
Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days
Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days
Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days
Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days
Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days
Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days
Suggested answer: A
asked 16/09/2024
inigo abeledo
39 questions

Question 130

Report
Export
Collapse

A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance. Which option would provide this information with the LEAST administrative overhead?

Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring
Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring
List any instances with failed system status checks using the AWS Management Console
List any instances with failed system status checks using the AWS Management Console
Monitor AWS CloudTrail for Stopinstances API calls
Monitor AWS CloudTrail for Stopinstances API calls
Review the AWS Personal Health Dashboard
Review the AWS Personal Health Dashboard
Suggested answer: D
asked 16/09/2024
Wojciech Oleksiak
37 questions
Total 450 questions
Go to page: of 45
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.
After creating a presigned URL for an S3 object, users can no longer access the file after a few days.
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server. A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection. The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue?
The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.
The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names?
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2. large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes. What change should be made to alleviate the performance problem?
A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds. How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
A SysOps administrator needs EC2 instances in a VPC to resolve DNS names for hosts in an on-premises data center.