ExamGecko
Login
Home / Amazon / SOA-C02 / List of questions
Ask Question

Amazon SOA-C02 Practice Test - Questions Answers, Page 34

List of questions

Question 331

Report
Export
Collapse

A SysOps administrator needs to configure an Amazon S3 bucket to host a web application. The SysOps administrator has created the S3 bucket and has copied the static files for the web application to the S3 bucket.

The company has a policy that all S3 buckets must not be public.

What should the SysOps administrator do to meet these requirements?

Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with an origin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucket policy.
Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with an origin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucket policy.
Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create a DNS CNAME to point to the S3 website endpomt.
Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create a DNS CNAME to point to the S3 website endpomt.
Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALB listener configuration. Forward the traffic to the S3 bucket.
Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALB listener configuration. Forward the traffic to the S3 bucket.
Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port 443. Set the endpoint type to forward the traffic to the S3 bucket.
Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port 443. Set the endpoint type to forward the traffic to the S3 bucket.
Suggested answer: A

Explanation:

To host a web application in an S3 bucket while adhering to the policy that prohibits public S3 buckets:

Amazon CloudFront: Set up a CloudFront distribution and designate the S3 bucket as its origin. This allows the web application to be served via CloudFront, which can handle web traffic at scale and provide additional features such as HTTPS delivery.

Origin Access Identity (OAI): Create an OAI for the CloudFront distribution and configure the S3 bucket policy to grant the s3:GetObject permission to the OAI. This allows only CloudFront to access the content in the S3 bucket, keeping the bucket private from direct public access.

Security and Performance: This configuration ensures that the web application is only accessible through CloudFront, enhancing security and performance. It also complies with the company's policy against public S3 buckets by controlling access strictly through CloudFront.

This method leverages CloudFront's capabilities to securely serve web applications from S3, maintaining privacy and compliance with organizational policies.

asked 16/09/2024
Nicola Pinotti
52 questions

Question 332

Report
Export
Collapse

A company recently deployed an application in production. The production environment currently runs on a single Amazon EC2 instance that hosts the application's web application and a MariaDB database. Company policy states that all IT production environments must be highly available.

What should a SysOps administrator do to meet this requirement?

Migrale the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Run the application on EC2 instances that are in an Auto Scaling group that extends across multiple Availability Zones. Place the EC2 instances behind a load balancer.
Migrale the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Run the application on EC2 instances that are in an Auto Scaling group that extends across multiple Availability Zones. Place the EC2 instances behind a load balancer.
Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Use AWS Application Migration Service to convert the application into an AWS Lambda function. Specify the Multi-AZ option for the Lambda function.
Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Use AWS Application Migration Service to convert the application into an AWS Lambda function. Specify the Multi-AZ option for the Lambda function.
Copy the database to a different EC2 instance in a different Availability Zone. Use AWS Backup to create Amazon Machine Images (AMIs) of the application EC2 instance and the database EC2 instance. Create an AWS Lambda function that performs health checks every minute. In case of failure, configure the Lambda function to launch a new EC2 instance from the AMIs that AWS Backup created.
Copy the database to a different EC2 instance in a different Availability Zone. Use AWS Backup to create Amazon Machine Images (AMIs) of the application EC2 instance and the database EC2 instance. Create an AWS Lambda function that performs health checks every minute. In case of failure, configure the Lambda function to launch a new EC2 instance from the AMIs that AWS Backup created.
Migrate the database to a different EC2 instance. Place the application EC2 instance in an Auto Scaling group that extends across multiple Availability Zones. Create an Amazon Machine Image (AMI) from the database EC2 instance. Use the AMI to launch a second database EC2 instance in a different Availability Zone. Put the second database EC2 instance in the stopped state. Use the second database EC2 instance as a standby.
Migrate the database to a different EC2 instance. Place the application EC2 instance in an Auto Scaling group that extends across multiple Availability Zones. Create an Amazon Machine Image (AMI) from the database EC2 instance. Use the AMI to launch a second database EC2 instance in a different Availability Zone. Put the second database EC2 instance in the stopped state. Use the second database EC2 instance as a standby.
Suggested answer: A

Explanation:

To make the production environment highly available in accordance with company policy:

Database Migration: Move the MariaDB database from a single EC2 instance to Amazon RDS for MariaDB configured for Multi-AZ. This setup ensures high availability of the database with synchronous replication to a standby instance in a different Availability Zone.

Application Scalability: Deploy the application on EC2 instances within an Auto Scaling group. Configure the Auto Scaling group to operate across multiple Availability Zones to ensure that the application remains available even if one zone becomes unavailable.

Load Balancing: Place the EC2 instances behind an Elastic Load Balancer (ELB). The load balancer will distribute incoming application traffic across the multiple, geographically dispersed EC2 instances, further enhancing the availability and fault tolerance of the application.

This solution leverages AWS managed services to increase the reliability and availability of both the application and database layers, adhering to best practices for deploying critical production environments on AWS.

asked 16/09/2024
Timothy Smith
38 questions

Question 333

Report
Export
Collapse

A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near real time.

Which solution will meet these requirements?

Create an AWS Config rule with the required-tags managed rule to identify noncompliant resources. Configure automatic remediation to run the AWS-TerminateEC2lnstance automation runbook to terminate noncompliant resources.
Create an AWS Config rule with the required-tags managed rule to identify noncompliant resources. Configure automatic remediation to run the AWS-TerminateEC2lnstance automation runbook to terminate noncompliant resources.
Create a new Amazon EventBridge rule to monitor when new EC2 instances are created. Send the event to an Simple Notification Service (Amazon SNS) topic for automatic remediation.
Create a new Amazon EventBridge rule to monitor when new EC2 instances are created. Send the event to an Simple Notification Service (Amazon SNS) topic for automatic remediation.
Ensure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behavior to terminate.
Ensure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behavior to terminate.
Ensure AWS Systems Manager Compliance is configured to manage the EC2 instances. Call the AWS-StopEC2lnstances automation runbook to stop noncompliant resources.
Ensure AWS Systems Manager Compliance is configured to manage the EC2 instances. Call the AWS-StopEC2lnstances automation runbook to stop noncompliant resources.
Suggested answer: A

Explanation:

To enforce compliance with tagging policies in real-time:

AWS Config Setup: Implement an AWS Config rule to continuously monitor and evaluate EC2 instances for compliance with the tagging requirements. The required-tags managed rule can be configured to specifically check for the presence of a 'department' tag.

Automatic Remediation: Configure AWS Config to automatically execute the AWS-TerminateEC2Instance Systems Manager Automation document as a remediation action. This runbook will terminate any EC2 instance identified as noncompliant due to missing required tags.

Operational Efficiency: This setup allows for the enforcement of company tagging policies automatically and in near real-time, reducing the manual overhead of monitoring and ensuring compliance.

This method provides an efficient and effective solution to ensure that all EC2 instances meet the company's tagging requirements and that any noncompliant instances are dealt with promptly.

asked 16/09/2024
Terence Coates
33 questions

Question 334

Report
Export
Collapse

A company has deployed an application on AWS. The application runs on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is configured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.

A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying files. The solution also must ensure that the data is consistent.

Which solution will meet these requirements?

Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a lifecycle hook during instance launch to configure the cron job on all the EC2 instances. Rotate out the older EC2 instances.
Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a lifecycle hook during instance launch to configure the cron job on all the EC2 instances. Rotate out the older EC2 instances.
Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) file system. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) file system. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
Suggested answer: A

Explanation:

The requirement to share the same underlying files among EC2 instances with data consistency is best met by using Amazon Elastic File System (EFS), which supports concurrent access from multiple EC2 instances. A new launch template version should include user data scripts that mount the EFS file system on each instance launched by the Auto Scaling group. Older instances can be cycled out to ensure all instances use the new configuration. Option A is correct and provides the necessary solution while ensuring data consistency and availability. For implementation guidance, refer to the AWS documentation on integrating EFS with EC2 Amazon EFS Integration with EC2.

asked 16/09/2024
Jahcorey Howze
34 questions

Question 335

Report
Export
Collapse

A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint. into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security.

Which solution meets these requirements?

Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint.
Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint.
Connect the Lambda function to the database VPC. Connect to the database using its private endpoint.
Connect the Lambda function to the database VPC. Connect to the database using its private endpoint.
Attach an 1AM role to the Lambda function with read permissions to the database.
Attach an 1AM role to the Lambda function with read permissions to the database.
Move the database to a public subnet. Use security groups for secure access.
Move the database to a public subnet. Use security groups for secure access.
Suggested answer: B

Explanation:

To resolve the issue of an AWS Lambda function unable to connect to a database that has been moved to a private subnet, the Lambda function needs to be connected to the same VPC as the database. This is done by configuring the Lambda function with VPC access. This involves specifying the VPC, subnets, and security groups for the Lambda function so that it can communicate with the database using its private endpoint. Option B is correct as it directly addresses the issue without compromising security. AWS documentation on configuring VPC access for Lambda provides guidance on this setup Configuring VPC Access for Lambda.

asked 16/09/2024
DATA 7 DATA7
41 questions

Question 336

Report
Export
Collapse

A company is running Amazon RDS for PostgreSOL Multi-AZ DB clusters. The company uses an AWS Cloud Formation template to create the databases individually with a default size of 100 GB. The company creates the databases every Monday and deletes the databases every Friday.

Occasionally, the databases run low on disk space and initiate an Amazon CloudWatch alarm. A SysOps administrator must prevent the databases from running low on disk space in the future.

Which solution will meet these requirements with the FEWEST changes to the application?

Modify the CloudFormation template to use Amazon Aurora PostgreSOL as the DB engine.
Modify the CloudFormation template to use Amazon Aurora PostgreSOL as the DB engine.
Modify the CloudFormation template to use Amazon DynamoDB as the database. Activate storage auto scaling during creation of the tables
Modify the CloudFormation template to use Amazon DynamoDB as the database. Activate storage auto scaling during creation of the tables
Modify the Cloud Formation template to activate storage auto scaling on the existing DB instances.
Modify the Cloud Formation template to activate storage auto scaling on the existing DB instances.
Create a CloudWatch alarm to monitor DB instance storage space. Configure the alarm to invoke the VACUUM command.
Create a CloudWatch alarm to monitor DB instance storage space. Configure the alarm to invoke the VACUUM command.
Suggested answer: C

Explanation:

To prevent Amazon RDS for PostgreSQL Multi-AZ DB instances from running low on disk space, enabling storage auto-scaling is the most straightforward solution. This feature automatically adjusts the storage capacity of the DB instance when it approaches its limit, thus preventing the database from running out of space and triggering CloudWatch alarms. Option C is the least intrusive and most effective solution as it only requires a modification to the existing CloudFormation template to enable auto-scaling on storage. For reference, see AWS documentation on managing RDS storage automatically Managing RDS Storage Automatically.

asked 16/09/2024
Loyiso Gawula
35 questions

Question 337

Report
Export
Collapse

A SysOps administrator manages a company's Amazon S3 buckets. The SysOps administrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in the company's AWS account. The SysOps administrator needs to reduce the number of incomplete multipart upload objects in the S3 bucket.

Which solution will meet this requirement?

Become a Premium Member for full access
  Unlock Premium Member

Question 338

Report
Export
Collapse

A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files.

A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide.

What should the SysOps administrator do to remediate this issue?

Become a Premium Member for full access
  Unlock Premium Member

Question 339

Report
Export
Collapse

A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second.

A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone.

Which solution will meet these requirements?

Become a Premium Member for full access
  Unlock Premium Member

Question 340

Report
Export
Collapse

A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server.

A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection.

The on-premises users are unable to connect to the EC2 instance and receive a timeout error.

What should the SysOps administrator do to troubleshoot this issue?

Become a Premium Member for full access
  Unlock Premium Member
Total 450 questions
Go to page: of 45
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.
After creating a presigned URL for an S3 object, users can no longer access the file after a few days.
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server. A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection. The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue?
The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.
The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names?
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2. large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes. What change should be made to alleviate the performance problem?
A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds. How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
A SysOps administrator needs EC2 instances in a VPC to resolve DNS names for hosts in an on-premises data center.