Amazon SOA-C02 Practice Test - Questions Answers, Page 28
List of questions
Question 271
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the administrator wants to use a larger instance type with more memory.
What should the administrator use to make this change?
Explanation:
To upgrade the instance type of a Memcached cluster in Amazon ElastiCache due to increased usage and the need for more memory:
ModifyCacheCluster API: Utilize the ModifyCacheCluster API call. This API allows you to change various settings of an existing cache cluster, including the instance type, which is referred to as cacheNodeType.
Instance Upgrade: Specify a new, larger cacheNodeType that provides more memory. This upgrade will involve a brief interruption as nodes are replaced with the larger type, but it is necessary to accommodate the increased load and memory requirements.
Cluster Availability: Ensure that the Memcached cluster is configured for minimal downtime during this change. The upgrade process is handled by ElastiCache, and the new nodes will join the cluster with more memory capacity.
This approach enables you to effectively scale up the resources available to your Memcached cluster, enhancing its performance and capacity to handle larger workloads.
Question 272
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator is examining the following AWS CloudFormation template:
Why will the stack creation fail?
Explanation:
In AWS CloudFormation, the PrivateDnsName property of an EC2 instance cannot be directly set within the template. This property is automatically assigned by AWS when the instance is launched within a VPC and is associated with the private IP address of the instance. The attempt to explicitly set PrivateDnsName in a CloudFormation template will result in an error, causing the stack creation to fail. Therefore, option C is correct. For reference, the AWS documentation on EC2 instances in CloudFormation does not list PrivateDnsName as a configurable property AWS CloudFormation User Guide.
Question 273
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS account. What is the MOST operationally efficient solution that will meet this requirement?
Explanation:
The most operationally efficient and secure method to share an object from a private Amazon S3 bucket with users who do not have an AWS account is by generating a presigned URL. This URL grants temporary access to the object and can be limited by time, ensuring that users can only access the S3 object during a specified window. This does not require managing network configurations or sharing credentials, making it a secure and simple solution. Option D is therefore the correct answer. Reference to this method can be found in the AWS S3 documentation on presigned URLs Amazon S3 Presigned URLs.
Question 274
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company's social media application has strict data residency requirements. The company wants to use Amazon Route 53 to provide the application with DNS services. A SysOps administrator must implement a solution that routes requests to a defined list of AWS Regions. The routing must be based on the user's location. Which solution will meet these requirements?
Explanation:
For routing based on the user's geographic location to comply with data residency requirements, the best solution is to use Amazon Route 53 geolocation routing policy. This policy allows you to configure DNS responses based on the geographic location of the user, ensuring that requests are directed to specific AWS Regions that align with the company's data residency requirements. Option C is correct. The AWS Route 53 documentation provides details on implementing geolocation routing policies Amazon Route 53 Geolocation Routing.
Question 275
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company runs its applications on a large number of Amazon EC2 instances. A SysOps administrator must implement a solution to notify the operations team whenever an EC2 instance slate changes.
What is the MOST operationally efficient solution that meets these requirements?
Explanation:
The most operationally efficient way to monitor state changes in EC2 instances and notify the operations team is by using Amazon EventBridge. EventBridge can be configured with a rule that listens for state change events from EC2 instances. These events can then be directed to an Amazon Simple Notification Service (Amazon SNS) topic, which will distribute the notification to the relevant parties. This solution does not require deploying additional scripts or functions, thereby enhancing operational efficiency. Option B is correct. For more details, see the Amazon EventBridge documentation Amazon EventBridge.
Question 276
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue. The Auto Scaling group is set to scale based on the number of messages in the queue. Messages can take up to 12 hours to process completely. A SysOps administrator must ensure that instances are not interrupted during message processing.
What should the SysOps administrator do to meet these requirements?
Explanation:
# Enable instance scale-in protection for specific instance.
aws autoscaling set-instance-protection --instance-ids i-5f2e8a0d --auto-scaling-group-name my-asg --protected-from-scale-in
# Disable instance scale-in protection for the specified instance.
aws autoscaling set-instance-protection --instance-ids i-5f2e8a0d --auto-scaling-group-name my-asg --no-protected-from-scale-in
https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html
To ensure that EC2 instances in an Auto Scaling group are not interrupted during message processing, the most effective method is to implement scale-in protection for the instances while they are actively processing messages. This can be done programmatically by modifying the Auto Scaling group's settings using the Amazon EC2 Auto Scaling API.
Starting Message Processing: When an instance begins processing a message, your application should make an API call to enable scale-in protection. This is done using the SetInstanceProtection action, setting the ProtectedFromScaleIn parameter to true for that specific instance.
Completing Message Processing: Once the message has been processed, another API call should be made to disable scale-in protection. This is done by calling the SetInstanceProtection action again, but this time setting the ProtectedFromScaleIn parameter to false.
This method ensures that while messages are being processed, the instances are not terminated by the Auto Scaling group regardless of any scale-in activities that might be triggered by other parameters like CPU utilization or a decrease in the number of messages in the queue.
AWS Documentation
Reference: You can refer to the AWS documentation on managing instance scale-in protection in Auto Scaling groups for more details: Instance Scale-In Protection.
Question 277
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.
What are possible causes for this problem? (Choose two.)
Explanation:
To effectively use Amazon CloudFront as a content delivery network for an application using an Application Load Balancer as the origin, several configuration steps need to be correctly implemented:
DNS Configuration: Ensure that the DNS records for the domain serving the content point to the CloudFront distribution's DNS name rather than directly to the ALB. If the DNS still points to the ALB, users' requests will bypass CloudFront, leading directly to the ALB and maintaining the existing load on your web servers.
TTL Settings: The Time to Live (TTL) settings in the CloudFront distribution dictate how long the content is cached in CloudFront edge locations before CloudFront fetches a fresh copy from the origin. If the TTL values are set to 0, it means that CloudFront does not cache the content at all, resulting in each user request being forwarded to the ALB, which does not reduce the load.
AWS Documentation
Reference: For more information on DNS and TTL configurations for CloudFront, you can refer to the following AWS documentation:
Configuring DNS
CloudFront TTL Settings.
Question 278
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families.
During initial testing, a SysOps administrator identifies performance issues on selected EC2 instances. The company has a strict budget allocation policy, so the
SysOps administrator must use the right resource types with the performance characteristics to match the workload.
What should the SysOps administrator do to meet this requirement?
Explanation:
When managing performance and cost for EC2 instances across different families, the following steps are recommended:
Utilize AWS Compute Optimizer: This service provides recommendations for EC2 instances based on historical usage patterns and existing configurations. It helps identify optimal EC2 instance types and sizes that could deliver better performance and cost savings for your specific workload.
Implement Compute Savings Plans: After determining the most suitable instance types and sizes through Compute Optimizer, purchasing Compute Savings Plans can offer significant cost savings. These savings plans apply to any instance family across any region, providing flexibility and cost efficiency without upfront commitment to specific instance types.
AWS Documentation
Reference: Further details can be found in the AWS documentation on Compute Optimizer and Compute Savings Plans:
AWS Compute Optimizer
AWS Compute Savings Plans.
Question 279
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A Sysops administrator wants to share a copy of a production database with a migration account. The production database is hosted on an Amazon RDS DB instance and is encrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias of
What must the Sysops administrator do to meet these requirements with the LEAST administrative overhead?
Explanation:
To share an encrypted Amazon RDS DB instance snapshot across accounts, the least administrative overhead involves directly managing permissions on the AWS KMS key and sharing the snapshot. Here's how to do it:
Take a Snapshot: Initiate a snapshot of your Amazon RDS DB instance in the production account. This captures the current state of the database.
Modify KMS Key Policy: Adjust the policy of the KMS key used for encryption (identified by the alias 'production-rds-key') to grant the kms:Decrypt permission to the migration account's root user. This step is crucial as it allows the migration account to use the same encryption key to decrypt the snapshot.
Share the Snapshot: Share the newly created snapshot with the migration account using the RDS console or AWS CLI. The migration account will now be able to see and use this snapshot to create a new RDS instance.
AWS Documentation
Reference: You can refer to the AWS documentation on sharing encrypted snapshots: Sharing Encrypted Snapshots.
Question 280
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon
Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS.
A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B.
What should a SysOps administrator do to meet these requirements?
Explanation:
To resolve DNS across VPCs in different accounts, you should:
Authorization: In Account B, initiate a VPC association authorization for the private hosted zone. This action allows another AWS account to associate a VPC with this hosted zone.
Association: In Account A, after receiving the authorization from Account B, associate its VPC with the private hosted zone that exists in Account B. This step will enable EC2 instances within the VPC in Account A to resolve DNS records hosted in Account B.
AWS Documentation
Reference: AWS provides detailed guidance on associating VPCs with private hosted zones across accounts in their documentation: Associating VPCs and Private Hosted Zones Across Accounts.
Question