Amazon SOA-C02 Practice Test - Questions Answers, Page 34
List of questions
Question 331
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator needs to configure an Amazon S3 bucket to host a web application. The SysOps administrator has created the S3 bucket and has copied the static files for the web application to the S3 bucket.
The company has a policy that all S3 buckets must not be public.
What should the SysOps administrator do to meet these requirements?
Explanation:
To host a web application in an S3 bucket while adhering to the policy that prohibits public S3 buckets:
Amazon CloudFront: Set up a CloudFront distribution and designate the S3 bucket as its origin. This allows the web application to be served via CloudFront, which can handle web traffic at scale and provide additional features such as HTTPS delivery.
Origin Access Identity (OAI): Create an OAI for the CloudFront distribution and configure the S3 bucket policy to grant the s3:GetObject permission to the OAI. This allows only CloudFront to access the content in the S3 bucket, keeping the bucket private from direct public access.
Security and Performance: This configuration ensures that the web application is only accessible through CloudFront, enhancing security and performance. It also complies with the company's policy against public S3 buckets by controlling access strictly through CloudFront.
This method leverages CloudFront's capabilities to securely serve web applications from S3, maintaining privacy and compliance with organizational policies.
Question 332
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company recently deployed an application in production. The production environment currently runs on a single Amazon EC2 instance that hosts the application's web application and a MariaDB database. Company policy states that all IT production environments must be highly available.
What should a SysOps administrator do to meet this requirement?
Explanation:
To make the production environment highly available in accordance with company policy:
Database Migration: Move the MariaDB database from a single EC2 instance to Amazon RDS for MariaDB configured for Multi-AZ. This setup ensures high availability of the database with synchronous replication to a standby instance in a different Availability Zone.
Application Scalability: Deploy the application on EC2 instances within an Auto Scaling group. Configure the Auto Scaling group to operate across multiple Availability Zones to ensure that the application remains available even if one zone becomes unavailable.
Load Balancing: Place the EC2 instances behind an Elastic Load Balancer (ELB). The load balancer will distribute incoming application traffic across the multiple, geographically dispersed EC2 instances, further enhancing the availability and fault tolerance of the application.
This solution leverages AWS managed services to increase the reliability and availability of both the application and database layers, adhering to best practices for deploying critical production environments on AWS.
Question 333
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near real time.
Which solution will meet these requirements?
Explanation:
To enforce compliance with tagging policies in real-time:
AWS Config Setup: Implement an AWS Config rule to continuously monitor and evaluate EC2 instances for compliance with the tagging requirements. The required-tags managed rule can be configured to specifically check for the presence of a 'department' tag.
Automatic Remediation: Configure AWS Config to automatically execute the AWS-TerminateEC2Instance Systems Manager Automation document as a remediation action. This runbook will terminate any EC2 instance identified as noncompliant due to missing required tags.
Operational Efficiency: This setup allows for the enforcement of company tagging policies automatically and in near real-time, reducing the manual overhead of monitoring and ensuring compliance.
This method provides an efficient and effective solution to ensure that all EC2 instances meet the company's tagging requirements and that any noncompliant instances are dealt with promptly.
Question 334
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company has deployed an application on AWS. The application runs on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is configured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.
A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying files. The solution also must ensure that the data is consistent.
Which solution will meet these requirements?
Explanation:
The requirement to share the same underlying files among EC2 instances with data consistency is best met by using Amazon Elastic File System (EFS), which supports concurrent access from multiple EC2 instances. A new launch template version should include user data scripts that mount the EFS file system on each instance launched by the Auto Scaling group. Older instances can be cycled out to ensure all instances use the new configuration. Option A is correct and provides the necessary solution while ensuring data consistency and availability. For implementation guidance, refer to the AWS documentation on integrating EFS with EC2 Amazon EFS Integration with EC2.
Question 335
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint. into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security.
Which solution meets these requirements?
Explanation:
To resolve the issue of an AWS Lambda function unable to connect to a database that has been moved to a private subnet, the Lambda function needs to be connected to the same VPC as the database. This is done by configuring the Lambda function with VPC access. This involves specifying the VPC, subnets, and security groups for the Lambda function so that it can communicate with the database using its private endpoint. Option B is correct as it directly addresses the issue without compromising security. AWS documentation on configuring VPC access for Lambda provides guidance on this setup Configuring VPC Access for Lambda.
Question 336
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is running Amazon RDS for PostgreSOL Multi-AZ DB clusters. The company uses an AWS Cloud Formation template to create the databases individually with a default size of 100 GB. The company creates the databases every Monday and deletes the databases every Friday.
Occasionally, the databases run low on disk space and initiate an Amazon CloudWatch alarm. A SysOps administrator must prevent the databases from running low on disk space in the future.
Which solution will meet these requirements with the FEWEST changes to the application?
Explanation:
To prevent Amazon RDS for PostgreSQL Multi-AZ DB instances from running low on disk space, enabling storage auto-scaling is the most straightforward solution. This feature automatically adjusts the storage capacity of the DB instance when it approaches its limit, thus preventing the database from running out of space and triggering CloudWatch alarms. Option C is the least intrusive and most effective solution as it only requires a modification to the existing CloudFormation template to enable auto-scaling on storage. For reference, see AWS documentation on managing RDS storage automatically Managing RDS Storage Automatically.
Question 337
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A SysOps administrator manages a company's Amazon S3 buckets. The SysOps administrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in the company's AWS account. The SysOps administrator needs to reduce the number of incomplete multipart upload objects in the S3 bucket.
Which solution will meet this requirement?
Question 338
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files.
A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide.
What should the SysOps administrator do to remediate this issue?
Question 339
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second.
A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone.
Which solution will meet these requirements?
Question 340
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server.
A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection.
The on-premises users are unable to connect to the EC2 instance and receive a timeout error.
What should the SysOps administrator do to troubleshoot this issue?
Question