ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 101

Report
Export
Collapse

A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The administrator must be alerted to potential issues. What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

A.
Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications.
A.
Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications.
Answers
B.
Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.
B.
Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.
Answers
C.
Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.
C.
Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.
Answers
D.
Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space.
D.
Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space.
Answers
Suggested answer: C

Question 102

Report
Export
Collapse

An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes. How can this be accomplished?

A.
Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring. Enable an action to restart the instance.
A.
Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring. Enable an action to restart the instance.
Answers
B.
Create a CloudWatch alarm for the EC2 instance with detailed monitoring. Enable an action to restart the instance.
B.
Create a CloudWatch alarm for the EC2 instance with detailed monitoring. Enable an action to restart the instance.
Answers
C.
Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes.
C.
Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes.
Answers
D.
Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks.
D.
Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html

Question 103

Report
Export
Collapse

A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users across the globe. Which solution will meet these requirements?

A.
Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the request originates.
A.
Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the request originates.
Answers
B.
Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon Route 53 to create an alias record that points to the CloudFront distribution.
B.
Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon Route 53 to create an alias record that points to the CloudFront distribution.
Answers
C.
Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create an alias record that points to the ALB.
C.
Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create an alias record that points to the ALB.
Answers
D.
Create an Application Load Balancer (ALB) and a target group in two Regions. Create an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in each target group. Store the website content on the EC2 instances.Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct ALB based on where the request originates.
D.
Create an Application Load Balancer (ALB) and a target group in two Regions. Create an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in each target group. Store the website content on the EC2 instances.Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct ALB based on where the request originates.
Answers
Suggested answer: A

Question 104

Report
Export
Collapse

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues. Which solution will meet these requirements in the MOST secure manner?

A.
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user's credentials in the application's configuration.
A.
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user's credentials in the application's configuration.
Answers
B.
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
B.
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
Answers
C.
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
C.
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
Answers
D.
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
D.
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
Answers
Suggested answer: D

Question 105

Report
Export
Collapse

A company must ensure that any objects uploaded to an S3 bucket are encrypted.

Which of the following actions will meet this requirement? (Choose two.)

A.
Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
A.
Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
Answers
B.
Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
B.
Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
Answers
C.
Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
C.
Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
Answers
D.
Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
D.
Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
Answers
E.
Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
E.
Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
Answers
Suggested answer: C, E

Explanation:

Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#sample-acl

Question 106

Report
Export
Collapse

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:

2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK

What is a possible cause of these failed connections?

A.
A security group is denying traffic on port 443.
A.
A security group is denying traffic on port 443.
Answers
B.
The EC2 instance is shut down.
B.
The EC2 instance is shut down.
Answers
C.
The network ACL is blocking HTTPS traffic.
C.
The network ACL is blocking HTTPS traffic.
Answers
D.
The VPC has no internet gateway attached.
D.
The VPC has no internet gateway attached.
Answers
Suggested answer: A

Question 107

Report
Export
Collapse

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file. What is the MOST operationally efficient solution that meets these requirements?

A.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
A.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
Answers
B.
Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
B.
Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
Answers
C.
Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
C.
Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
Answers
D.
Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
D.
Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
Answers
Suggested answer: C

Question 108

Report
Export
Collapse

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template. It installs and configures necessary software through AWS OpsWorks, and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours, but at times, the process stalls due to installation errors. The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back. Based on these requirements, what should be added to the template?

A.
Conditions with a timeout set to 4 hours.
A.
Conditions with a timeout set to 4 hours.
Answers
B.
CreationPolicy with a timeout set to 4 hours.
B.
CreationPolicy with a timeout set to 4 hours.
Answers
C.
DependsOn with a timeout set to 4 hours.
C.
DependsOn with a timeout set to 4 hours.
Answers
D.
Metadata with a timeout set to 4 hours.
D.
Metadata with a timeout set to 4 hours.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html

Question 109

Report
Export
Collapse

A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization. The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether they comply with this requirement. Which combination of steps should the SysOps administrator take to collect this data? (Choose two.)

A.
Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.
A.
Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.
Answers
B.
Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket.
B.
Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket.
Answers
C.
Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the S3-bucketpublic- read-prohibited rule for the entire organization.
C.
Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the S3-bucketpublic- read-prohibited rule for the entire organization.
Answers
D.
Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.
D.
Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.
Answers
E.
Use the Aws Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.
E.
Use the Aws Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.
Answers
Suggested answer: B, D

Explanation:

Reference: https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html

https://docs.aws.amazon.com/config/latest/developerguide/looking-up-discovered-resources.html

Question 110

Report
Export
Collapse

A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

Which actions does this policy allow? (Choose two.)

A.
Create an AWS Storage Gateway.
A.
Create an AWS Storage Gateway.
Answers
B.
Create an IAM role for an AWS Lambda function.
B.
Create an IAM role for an AWS Lambda function.
Answers
C.
Delete an Amazon Simple Queue Service (Amazon SQS) queue.
C.
Delete an Amazon Simple Queue Service (Amazon SQS) queue.
Answers
D.
Describe AWS load balancers.
D.
Describe AWS load balancers.
Answers
E.
Invoke an AWS Lambda function.
E.
Invoke an AWS Lambda function.
Answers
Suggested answer: A, E
Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms