Amazon SOA-C02 Practice Test - Questions Answers, Page 30
List of questions
Question 291
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account.
What should a SysOps administrator do to meet these requirements?
Explanation:
AWS CloudFormation StackSets extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation. Using a stack set, the SysOps administrator can manage deployments across different regions and accounts within AWS Organizations efficiently.
Setting up StackSets: First, define your CloudFormation template that describes all the resources that need to be deployed across the regions. Store this template in an S3 bucket accessible by the central administration account.
Service-Managed Permissions: When creating a stack set, select the option for service-managed permissions if you are using AWS Organizations. This allows AWS CloudFormation to automatically set up the necessary permissions in the target accounts.
Deploying the Stack Set: From the central administration account, create the stack set and specify the target accounts and regions. CloudFormation will then ensure that the resources defined in the template are instantiated in each of the specified regions and accounts.
This method simplifies management and ensures consistency of infrastructure across multiple regions and accounts, leveraging the organizational units in AWS Organizations for centralized governance.
Question 292
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company decides to stop non-production Amazon EC2 instances during the EC2 instances. The company's IT manager must receive notification in near real time whenever an EC2 instance that has an environment type tag value of non-production is started during the night.
Which solution will meet this requirement with the MOST operational efficiency?
Explanation:
The requirement is to monitor and notify whenever a non-production EC2 instance is started during the night. Amazon EventBridge offers a robust solution by triggering workflows in response to events.
Setting up Amazon EventBridge: Create an EventBridge rule that listens for the 'EC2 Instance State-change Notification' event. Configure the rule to trigger only when instances transition to the 'running' state.
Lambda Function: Attach a Lambda function as the target of the EventBridge rule. This function will execute when an EC2 instance starts. Inside the Lambda function, implement logic to check the current time and confirm it is during the night hours. Additionally, the function will check the instance's tags to verify if it's labeled as 'non-production'.
Notification via Amazon SNS: If the conditions are met (non-production and nighttime), the Lambda function publishes a message to an Amazon SNS topic specifically set up for this alert. The IT manager is subscribed to this topic, enabling them to receive an email notification almost instantaneously when the event occurs.
This solution is operationally efficient as it leverages serverless components that are inherently scalable and cost-effective, providing real-time monitoring and notifications without the need for continuous polling or complex infrastructure.
Question 293
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator must configure Amazon S3 to host a simple nonproduction webpage. The SysOps administrator has created an empty S3 bucket from the AWS Management Console. The S3 bucket has the default configuration in place.
Which combination of actions should the SysOps administrator take to complete this process? (Choose two.)
Explanation:
To host a static website on Amazon S3, the SysOps administrator needs to configure the bucket for public access and set up the static website hosting. Here's how to complete this process:
Turn off 'Block all public access': Amazon S3 buckets have 'Block all public access' settings enabled by default for security. Since the webpage needs to be accessible publicly, this setting must be disabled. This step is crucial to allow public read access to the web content.
Set a bucket policy: After disabling 'Block all public access,' set a bucket policy that explicitly allows public read access to the S3 bucket. This policy should allow the s3:GetObject action for everyone, which can be set by specifying 'Principal': '*'. This policy ensures that anyone can view the webpage but does not grant permissions to modify or delete the content.
Create an index.html document and configure static website hosting: The next step is to create an index.html file, which will serve as the entry point of the website. After creating this file, upload it to the bucket. Then, configure the bucket for static website hosting through the S3 management console. This setting enables the S3 bucket to serve the webpage directly from the index.html file.
Combining these actions, the S3 bucket will be properly configured to host and serve the static website with minimal operational overhead and maximum accessibility.
Question 294
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is experiencing issues with legacy software running on Amazon EC2 instances. Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A short-term solution is required while the software is being rewritten. A SysOps administrator is tasked with creating a solution to restart the instances when the CPU utilization rises above 80%.
Which solution meets these requirements with the LEAST operational overhead?
Explanation:
The simplest and most efficient solution to ensure that EC2 instances are restarted when CPU utilization exceeds 80% is to use Amazon CloudWatch alarms:
Create a CloudWatch Alarm: Navigate to the CloudWatch dashboard in the AWS Management Console and create a new alarm. Set the alarm to monitor the CPU utilization metric of the EC2 instances.
Set the Alarm Condition: Configure the alarm to trigger when the CPU utilization exceeds 80%. You can specify this threshold in the alarm settings.
Configure Alarm Actions: In the actions settings of the alarm, select the option to reboot the instance. This action ensures that the instance is automatically restarted whenever the alarm condition is met, without the need for manual intervention or additional scripts.
This method leverages AWS's native capabilities, minimizing operational overhead and eliminating the need for external tools or custom scripts.
Question 295
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds.
How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
Explanation:
When using the RequestCountPerTarget metric for scaling in an Auto Scaling group, the behavior of instance scaling follows specific rules set by Auto Scaling policies and cooldown periods:
Scaling Trigger: The Auto Scaling group triggers a scaling action whenever the RequestCountPerTarget exceeds the predefined limit set in the scaling policy.
Cooldown Period: After launching an EC2 instance due to a scaling action, the Auto Scaling group enters a cooldown period. During this period, despite further breaches of the threshold, no additional instances will be launched. This is designed to give the newly launched instance time to start and begin handling traffic, preventing the Auto Scaling group from launching too many instances too quickly.
This mechanism helps maintain efficient use of resources by adapting to changes in load while avoiding rapid, unnecessary scaling actions.
Question 296
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic.
The company also has a static website that is configured in an Amazon S3 bucket.
A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated.
Which combination of actions will meet these requirements? (Choose two.)
Question 297
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company has an application that uses a scheduled AWS Lambda function to retrieve datasets from external sources over the internet. The function is not associated with a VPC. The company is modifying the application to store the information that the Lambda function retrieves on an Amazon RDS DB instance in a private subnet. The VPC has two public subnets and two private subnets.
A SysOps administrator must deploy a solution that allows the Lambda function to access the new database and continue to access the internet.
Which solution meets these requirements?
Question 298
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is running distributed computing software to manage a fleet of 20 Amazon EC2 instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run the calculations. Control nodes can automatically start the task nodes.
Currently, all the nodes run on demand. The control nodes must be available 24 hours a day, 7 days a week. The task nodes run for 4 hours each day. A SysOps administrator needs to optimize the cost of this solution.
Which combination of actions will meet these requirements? (Choose two.)
Explanation:
To optimize the cost of a computing environment consisting of control nodes that are always on and task nodes that operate for a limited number of hours each day, consider the following strategies:
Purchase EC2 Instance Savings Plans for the Control Nodes: Since the control nodes are required to be operational 24/7, purchasing EC2 Instance Savings Plans is a cost-effective choice. These plans provide a lower price compared to on-demand instances, in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a one or three-year period.
Use Spot Instances for the Task Nodes: Given that task nodes are used for a shorter duration (4 hours a day) and presumably can tolerate interruptions, using Spot Instances can significantly reduce costs. Spot Instances offer unused EC2 capacity at a fraction of the regular price, which can lead to substantial cost savings. Additionally, configure the system to fall back to On-Demand Instances during periods when Spot Instances are not available to ensure availability.
This combination leverages cost savings for continuous use and flexible, lower-cost options for intermittent use, optimizing overall operational costs efficiently.
Question 299
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company has a secure website running on Amazon EC2 instances behind an Application Load Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used on the ALB. Users with legacy web browsers are experiencing issues with the website.
How should the SysOps administrator resolve these issues in the MOST operationally efficient manner?
Explanation:
The issues experienced by users with legacy browsers typically stem from the SSL/TLS ciphers that are supported or enforced by the ALB. Modern security policies may exclude older ciphers that are necessary for compatibility with older browsers. Here's how to resolve it:
Access the ALB Settings: Go to the AWS Management Console, navigate to the ALB settings, and locate the SSL negotiation configurations.
Modify Security Policy: Update the SSL/TLS security policy on the ALB to include ciphers that are compatible with legacy browsers. AWS provides predefined security policies, and some of these policies are designed to support older ciphers while still maintaining a level of security that complies with general best practices.
Apply Changes: Once the security policy is updated, the ALB will start using this new configuration, which should resolve compatibility issues with legacy browsers without needing to replace the SSL certificate or alter the infrastructure.
This solution maintains the operational efficiency of the setup and avoids the need for additional resources like a second ALB or new certificates.
Question 300
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A Sysops administrator launches an Amazon EC2 instance from a Windows Amazon Machine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store (Amazon EBS) volumes. When the instance is launched, none of the additional Amazon Elastic Block Store (Amazon EBS) volumes are initialized and ready for use through a drive letter. The SysOps administrator needs to automate the EBS volume initialization.
Which solution will meet these requirements in the MOST operationally efficient way?
Explanation:
To automate the initialization of additional EBS volumes on Windows EC2 instances, the most effective approach is to integrate initialization scripts within the instance so that they execute upon startup:
Configure Initialization Script: Use a Windows PowerShell script (InitializeDisks.ps1) to initialize and format the additional EBS volumes. The script can assign drive letters based on configurations specified in DriveLetterMappingConfig.json.
Automate at Launch: Ensure that the PowerShell script runs automatically upon instance startup. This can be configured through Windows Task Scheduler or by setting it up in the startup folder.
Create a Custom AMI: Once the instance is configured with the script and successfully initializes the disks on startup, create a new AMI from this setup. This AMI can then be used to launch new instances that will automatically initialize their additional EBS volumes with no manual intervention required.
This method leverages native Windows tools and AWS capabilities to automate EBS volume initialization, enhancing operational efficiency without additional external dependencies.
Question