ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
A company is running a serverless application on AWS Lambda. The application stores data in an Amazon RDS for MySQL DB instance. Usage has steadily increased, and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database. The company already has configured the database to use the maximum max_connections value that is possible. What should a SysOps administrator do to resolve these errors?

Question 121

Report
Export
Collapse

An environment consists of 100 Amazon EC2 Window* instances The Amazon CloudWatch agent Is deployed and running on at EC2 instances with a baseline configuration file to capture log files There is a new requirement to capture the DHCP tog tiles that exist on 50 of the instances What is the MOST operational efficient way to meet this new requirement?

A.
Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file
A.
Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file
Answers
B.
Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch
B.
Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch
Answers
C.
Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process
C.
Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process
Answers
D.
Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level. This wifi capture the operating system log files.
D.
Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level. This wifi capture the operating system log files.
Answers
Suggested answer: A

Question 122

Report
Export
Collapse

A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC.

While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.

What should the SysOps administrator do to ensure that all traffic is logged?

A.
Create a new flow tog that has a titter setting to capture all traffic
A.
Create a new flow tog that has a titter setting to capture all traffic
Answers
B.
Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog
B.
Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog
Answers
C.
Edit the existing flow log Change the fitter setting to capture all traffic
C.
Edit the existing flow log Change the fitter setting to capture all traffic
Answers
D.
Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog
D.
Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog
Answers
Suggested answer: A

Question 123

Report
Export
Collapse

A company uses an Amazon CloudFront distribution to deliver its website Traffic togs for the website must be centrally stored and all data must be encrypted at rest Which solution will meet these requirements?

A.
Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
A.
Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
Answers
B.
Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
B.
Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
Answers
C.
Create an Amazon S3 bucket that is configured with default server side encryption that uses AES- 256 Configure CloudFront to use the S3 bucket as a log destination
C.
Create an Amazon S3 bucket that is configured with default server side encryption that uses AES- 256 Configure CloudFront to use the S3 bucket as a log destination
Answers
D.
Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log destination
D.
Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log destination
Answers
Suggested answer: C

Question 124

Report
Export
Collapse

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors. The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back. Based on these requirements what should be added to the template?

A.
Conditions with a timeout set to 4 hours.
A.
Conditions with a timeout set to 4 hours.
Answers
B.
CreationPolicy with timeout set to 4 hours.
B.
CreationPolicy with timeout set to 4 hours.
Answers
C.
DependsOn a timeout set to 4 hours.
C.
DependsOn a timeout set to 4 hours.
Answers
D.
Metadata with a timeout set to 4 hours
D.
Metadata with a timeout set to 4 hours
Answers
Suggested answer: B

Question 125

Report
Export
Collapse

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies The company decides to switch to an SQS FIFO queue What must the company do to migrate to an SQS FIFO queue?

A.
Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages
A.
Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages
Answers
B.
Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages
B.
Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages
Answers
C.
Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages
C.
Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages
Answers
D.
Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages
D.
Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages
Answers
Suggested answer: A

Question 126

Report
Export
Collapse

A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?

A.
Log in to the RDS console and select the encryption box to encrypt the database
A.
Log in to the RDS console and select the encryption box to encrypt the database
Answers
B.
Create a new encrypted Amazon EBS volume and attach it to the instance
B.
Create a new encrypted Amazon EBS volume and attach it to the instance
Answers
C.
Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
C.
Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
Answers
D.
Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance
D.
Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance
Answers
Suggested answer: D

Question 127

Report
Export
Collapse

A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments. How should the SysOps administrator use AWS CloudFormation to create a solution?

A.
Use Amazon EC2 user data in a CloudFormation template
A.
Use Amazon EC2 user data in a CloudFormation template
Answers
B.
Use nested stacks to provision resources
B.
Use nested stacks to provision resources
Answers
C.
Use parameters in a CloudFormation template
C.
Use parameters in a CloudFormation template
Answers
D.
Use stack policies to provision resources
D.
Use stack policies to provision resources
Answers
Suggested answer: C

Explanation:

Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment, but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse

Question 128

Report
Export
Collapse

A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code Which solution will meet these requirements?

A.
Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name
A.
Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name
Answers
B.
Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution.
B.
Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution.
Answers
C.
Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.
C.
Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.
Answers
D.
Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a ruleto forward requests that contain the matching custom header and the header's value Add a defaultrule to return a fixed response code of 403.
D.
Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a ruleto forward requests that contain the matching custom header and the header's value Add a defaultrule to return a fixed response code of 403.
Answers
Suggested answer: D

Explanation:

To make the application accessible only through the CloudFront distribution and not directly through the Application Load Balancer (ALB), you can add a custom HTTP header to the origin settings for the CloudFront distribution. You can then create a rule in the ALB listener to forward requests that contain the matching custom header and its value to the origin. You can also add a default rule to the ALB listener to return a fixed response code of 403 for requests that do not contain the matching custom header. This will allow you to redirect all requests to the CloudFront distribution and block direct access to the application through the ALB.https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/restrict-access-to-load- balancer.html

Question 129

Report
Export
Collapse

A compliance team requires all administrator passwords tor Amazon RDS DB instances to be changed at toast annually Which solution meets this requirement in the MOST operationally efficient manned

A.
Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days
A.
Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days
Answers
B.
Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days
B.
Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days
Answers
C.
Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days
C.
Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days
Answers
D.
Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days
D.
Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days
Answers
Suggested answer: A

Question 130

Report
Export
Collapse

A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance. Which option would provide this information with the LEAST administrative overhead?

A.
Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring
A.
Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring
Answers
B.
List any instances with failed system status checks using the AWS Management Console
B.
List any instances with failed system status checks using the AWS Management Console
Answers
C.
Monitor AWS CloudTrail for Stopinstances API calls
C.
Monitor AWS CloudTrail for Stopinstances API calls
Answers
D.
Review the AWS Personal Health Dashboard
D.
Review the AWS Personal Health Dashboard
Answers
Suggested answer: D
Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms