ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
A company is running a serverless application on AWS Lambda. The application stores data in an Amazon RDS for MySQL DB instance. Usage has steadily increased, and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database. The company already has configured the database to use the maximum max_connections value that is possible. What should a SysOps administrator do to resolve these errors?

Question 111

Report
Export
Collapse

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket. Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

A.
Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
A.
Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
Answers
B.
Enable log file integrity validation and use digest files to verify the hash value of the log file.
B.
Enable log file integrity validation and use digest files to verify the hash value of the log file.
Answers
C.
Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
C.
Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
Answers
D.
Enable S3 server access logging to track requests made to the log bucket for security audits.
D.
Enable S3 server access logging to track requests made to the log bucket for security audits.
Answers
Suggested answer: B

Explanation:

When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that Reference the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS regionhttps://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation- intro.html

Question 112

Report
Export
Collapse

A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of host1.onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of host1.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS. The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between onpremises and AWS resources. Which solution allows the on-premises application to resolve the EC2 instance hostname?

A.
Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
A.
Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
Answers
B.
Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
B.
Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
Answers
C.
Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the onpremises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
C.
Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the onpremises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
Answers
D.
Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.
D.
Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.
Answers
Suggested answer: B

Explanation:

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/route53-resolve-with-inbound-endpoint/

Question 113

Report
Export
Collapse

A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.

Which solution will meet these requirements?

A.
Purchase RIs in individual member accounts. Disable RI discount sharing in the management account.
A.
Purchase RIs in individual member accounts. Disable RI discount sharing in the management account.
Answers
B.
Purchase RIs in individual member accounts. Disable RI discount sharing in the member accounts.
B.
Purchase RIs in individual member accounts. Disable RI discount sharing in the member accounts.
Answers
C.
Purchase RIs in the management account. Disable RI discount sharing in the management account.
C.
Purchase RIs in the management account. Disable RI discount sharing in the management account.
Answers
D.
Purchase RIs in the management account. Disable RI discount sharing in the member accounts.
D.
Purchase RIs in the management account. Disable RI discount sharing in the member accounts.
Answers
Suggested answer: B

Question 114

Report
Export
Collapse

An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

Which entry must a SysOps administrator add to the route table to meet this requirement?

A.
A route for 0.0.0.0/0 that points to a NAT gateway
A.
A route for 0.0.0.0/0 that points to a NAT gateway
Answers
B.
A route for 0.0.0.0/0 that points to an egress-only internet gateway
B.
A route for 0.0.0.0/0 that points to an egress-only internet gateway
Answers
C.
A route for 0.0.0.0/0 that points to an internet gateway
C.
A route for 0.0.0.0/0 that points to an internet gateway
Answers
D.
A route for 0.0.0.0/0 that points to an elastic network interface
D.
A route for 0.0.0.0/0 that points to an elastic network interface
Answers
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html

Question 115

Report
Export
Collapse

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances. The instances all exist in the same VPC across multiple Availability

Zones. There are two instances in each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency.

Which solution will meet these requirements?

A.
Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances.
A.
Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances.
Answers
B.
Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.
B.
Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.
Answers
C.
Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.
C.
Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.
Answers
D.
Create a mount target in each Availability Zone of the VPC. Use the mount target to mount the EFS file system on the instances in the respective Availability Zone.
D.
Create a mount target in each Availability Zone of the VPC. Use the mount target to mount the EFS file system on the instances in the respective Availability Zone.
Answers
Suggested answer: D

Explanation:

Reference: https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html

Question 116

Report
Export
Collapse

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance. Which of the following are possible causes of this issue? (Choose two.)

A.
A network ACL associated with the bastion's subnet is blocking the network traffic.
A.
A network ACL associated with the bastion's subnet is blocking the network traffic.
Answers
B.
The instance does not have a private IP address.
B.
The instance does not have a private IP address.
Answers
C.
The route table associated with the bastion's subnet does not have a route to the internet gateway.
C.
The route table associated with the bastion's subnet does not have a route to the internet gateway.
Answers
D.
The security group for the instance does not have an inbound rule on port 22.
D.
The security group for the instance does not have an inbound rule on port 22.
Answers
E.
The security group for the instance does not have an outbound rule on port 3389.
E.
The security group for the instance does not have an outbound rule on port 3389.
Answers
Suggested answer: A, C

Question 117

Report
Export
Collapse

A company's customers are reporting increased latency while accessing static web content from Amazon S3 A SysOps administrator observed a very high rate of read operations on a particular S3 bucket What will minimize latency by reducing load on the S3 bucket?

A.
Migrate the S3 bucket to a region that is closer to end users' geographic locations
A.
Migrate the S3 bucket to a region that is closer to end users' geographic locations
Answers
B.
Use cross-region replication to replicate all of the data to another region
B.
Use cross-region replication to replicate all of the data to another region
Answers
C.
Create an Amazon CloudFront distribution with the S3 bucket as the origin.
C.
Create an Amazon CloudFront distribution with the S3 bucket as the origin.
Answers
D.
Use Amazon ElastiCache to cache data being served from Amazon S3
D.
Use Amazon ElastiCache to cache data being served from Amazon S3
Answers
Suggested answer: C

Question 118

Report
Export
Collapse

A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console What must the SysOps administrator do to resolve this issue?

A.
Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up
A.
Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up
Answers
B.
Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications
B.
Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications
Answers
C.
Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory
C.
Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory
Answers
D.
Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy
D.
Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy
Answers
Suggested answer: D

Question 119

Report
Export
Collapse

A SysOps administrator uses AWS Systems Manager Session Manager to connect to instances After the SysOps administrator launches a new Amazon EC2 instance the EC2 instance does not appear in the Session Manager list of systems that are available for connection. The SysOps administrator verities that Systems Manager Agent is installed updated and running on the EC2 instance What is the reason for this issue?

A.
The SysOps administrator does not have access to the key pair that is required for connection
A.
The SysOps administrator does not have access to the key pair that is required for connection
Answers
B.
The SysOps administrator has not attached a security group to the EC2 instance to allow SSH on port 22.
B.
The SysOps administrator has not attached a security group to the EC2 instance to allow SSH on port 22.
Answers
C.
The EC2 instance does not have an attached IAM role that allows Session Manager to connect to the EC2 instance.
C.
The EC2 instance does not have an attached IAM role that allows Session Manager to connect to the EC2 instance.
Answers
D.
The EC2 instance ID has not been entered into the Session Manager configuration
D.
The EC2 instance ID has not been entered into the Session Manager configuration
Answers
Suggested answer: C

Question 120

Report
Export
Collapse

A company has an organization in AWS Organizations. The company uses shared VPCs to provide networking resources across accounts A SysOps administrator has been able to successfully launch and manage Amazon EC2 instances in a participant account However the SysOps administrator is now receiving an InstanceLimitExceeded error when the SysOps administrator tries to launch a new EC2 instance What should the SysOps administrator do to resolve this error')

A.
Request an instance quota increase from the account that owns the VPC
A.
Request an instance quota increase from the account that owns the VPC
Answers
B.
Launch additional EC2 instances in a different AWS Region
B.
Launch additional EC2 instances in a different AWS Region
Answers
C.
Request an instance quota increase from the parte pant account
C.
Request an instance quota increase from the parte pant account
Answers
D.
Launch additional EC2 instances by using a different Amazon Machine image (AMI)
D.
Launch additional EC2 instances by using a different Amazon Machine image (AMI)
Answers
Suggested answer: A
Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms