ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
A company is running a serverless application on AWS Lambda. The application stores data in an Amazon RDS for MySQL DB instance. Usage has steadily increased, and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database. The company already has configured the database to use the maximum max_connections value that is possible. What should a SysOps administrator do to resolve these errors?

Question 141

Report
Export
Collapse

A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at that times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00,7 days a week How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?

A.
Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%
A.
Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%
Answers
B.
Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%.Create a scheduled scaling policy that ensures that the fleet is available at 09:00 Create a second scheduled scaling policy that scales in the fleet at 17:00
B.
Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%.Create a scheduled scaling policy that ensures that the fleet is available at 09:00 Create a second scheduled scaling policy that scales in the fleet at 17:00
Answers
C.
Set the Auto Scaling group to start with 2 instances by setting the desired instances maximum instances, and minimum instances to 2 Create a scheduled scaling policy that ensures that the fleet is available at 09:00
C.
Set the Auto Scaling group to start with 2 instances by setting the desired instances maximum instances, and minimum instances to 2 Create a scheduled scaling policy that ensures that the fleet is available at 09:00
Answers
D.
Create a scheduled scaling policy that ensures that the fleet is available at 09.00. Create a second scheduled scaling policy that scales in the fleet at 17:00
D.
Create a scheduled scaling policy that ensures that the fleet is available at 09.00. Create a second scheduled scaling policy that scales in the fleet at 17:00
Answers
Suggested answer: B

Question 142

Report
Export
Collapse

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon FC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified Which solution will meet this requirement?

A.
Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance
A.
Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance
Answers
B.
Use VPC flow logs with Amazon Athena to block traffic to the external IP address
B.
Use VPC flow logs with Amazon Athena to block traffic to the external IP address
Answers
C.
Create a network ACL Add an outbound deny rule tor traffic to the external IP address
C.
Create a network ACL Add an outbound deny rule tor traffic to the external IP address
Answers
D.
Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC
D.
Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC
Answers
Suggested answer: A

Question 143

Report
Export
Collapse

A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance.

Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time. Which solution should a SysOps administrator choose to meet these requirements?

A.
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
A.
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
Answers
B.
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
B.
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
Answers
C.
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
C.
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
Answers
D.
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
D.
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
Answers
Suggested answer: A

Question 144

Report
Export
Collapse

An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the SysOps administrator notices a large number of evictions.

Which of the following actions will reduce these evictions? (Choose two.)

A.
Add an additional node to the ElastiCache cluster.
A.
Add an additional node to the ElastiCache cluster.
Answers
B.
Increase the ElastiCache time to live (TTL).
B.
Increase the ElastiCache time to live (TTL).
Answers
C.
Increase the individual node size inside the ElastiCache cluster.
C.
Increase the individual node size inside the ElastiCache cluster.
Answers
D.
Put an Elastic Load Balancer in front of the ElastiCache cluster.
D.
Put an Elastic Load Balancer in front of the ElastiCache cluster.
Answers
E.
Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.
E.
Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.
Answers
Suggested answer: A, C

Explanation:

https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS-Certified-SysOps- Administrator-Associate_Sample-Questions_C02.pdf

Question 145

Report
Export
Collapse

A company is deploying a third-party unit testing solution that is delivered as an Amazon EC2 Amazon Machine Image (AMI). All system configuration data is stored in Amazon DynamoDB. The testing results are stored in Amazon S3. A minimum of three EC2 instances are required to operate the product. The company's testing team wants to use an additional three EC2 Instances when the Spot Instance prices are at a certain threshold. A SysOps administrator must Implement a highly available solution that provides this functionality.

Which solution will meet these requirements with the LEAST operational overhead?

A.
Define an Amazon EC2 Auto Scaling group by using a launch configuration. Use the provided AMI In the launch configuration. Configure three On-Demand Instances and three Spot Instances. Configure a maximum Spot Instance price In the launch configuration.
A.
Define an Amazon EC2 Auto Scaling group by using a launch configuration. Use the provided AMI In the launch configuration. Configure three On-Demand Instances and three Spot Instances. Configure a maximum Spot Instance price In the launch configuration.
Answers
B.
Define an Amazon EC2 Auto Scaling group by using a launch template. Use the provided AMI in the launch template. Configure three On-Demand Instances and three Spot Instances. Configure a maximum Spot Instance price In the launch template.
B.
Define an Amazon EC2 Auto Scaling group by using a launch template. Use the provided AMI in the launch template. Configure three On-Demand Instances and three Spot Instances. Configure a maximum Spot Instance price In the launch template.
Answers
C.
Define two Amazon EC2 Auto Scaling groups by using launch configurations. Use the provided AMI in the launch configurations. Configure three On-Demand Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch configuration for the Auto Scaling group that has Spot Instances.
C.
Define two Amazon EC2 Auto Scaling groups by using launch configurations. Use the provided AMI in the launch configurations. Configure three On-Demand Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch configuration for the Auto Scaling group that has Spot Instances.
Answers
D.
Define two Amazon EC2 Auto Scaling groups by using launch templates. Use the provided AMI in the launch templates. Configure three On-Demand Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch template for the Auto Scaling group that has Spot Instances.
D.
Define two Amazon EC2 Auto Scaling groups by using launch templates. Use the provided AMI in the launch templates. Configure three On-Demand Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch template for the Auto Scaling group that has Spot Instances.
Answers
Suggested answer: A

Explanation:

https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchTemplates.html https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html

Question 146

Report
Export
Collapse

A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket. The company's risk team must receive immediate notification about any delete events. Which solution will meet these requirements?

A.
Enable S3 server access logging for audit logs. Set up an Amazon Simple Notification Service(Amazon SNSJ notification for the S3 bucket. Select DeleteObject tor the event type for the alert system.
A.
Enable S3 server access logging for audit logs. Set up an Amazon Simple Notification Service(Amazon SNSJ notification for the S3 bucket. Select DeleteObject tor the event type for the alert system.
Answers
B.
Enable S3 server access logging for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.
B.
Enable S3 server access logging for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.
Answers
C.
Use Amazon CloudWatch Logs for audit logs. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.
C.
Use Amazon CloudWatch Logs for audit logs. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.
Answers
D.
Use Amazon CloudWatch Logs for audit logs. Launch an Amazon EC2 instance for The alert system.Run a cron job on the EC2 Instance each day to compare the list of the items with the list from the previous day. Configure the cron job to send a notification if an item is missing.
D.
Use Amazon CloudWatch Logs for audit logs. Launch an Amazon EC2 instance for The alert system.Run a cron job on the EC2 Instance each day to compare the list of the items with the list from the previous day. Configure the cron job to send a notification if an item is missing.
Answers
Suggested answer: A

Explanation:

To meet the requirements of logging all access attempts to the S3 bucket and receiving immediate notification about any delete events, the company can enable S3 server access logging and set up an Amazon Simple Notification Service (Amazon SNS) notification for the S3 bucket. The S3 server access logs will record all access attempts to the bucket, including delete events, and the SNS notification can be configured to send an alert when a DeleteObject event occurs.

Question 147

Report
Export
Collapse

A compliance learn requites all administrator passwords for Amazon RDS DB instances to be changed at least annually. Which solution meets this requirement in the MOST operationally efficient manner?

A.
Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.
A.
Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.
Answers
B.
Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.
B.
Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.
Answers
C.
Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.
C.
Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.
Answers
D.
Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.
D.
Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.
Answers
Suggested answer: A

Question 148

Report
Export
Collapse

A company runs workloads on 90 Amazon EC2 instances in the eu-west-1 Region in an AWS account.

In 2 months, the company will migrate the workloads from eu-west-1 to the eu-west-3 Region.

The company needs to reduce the cost of the EC2 instances. The company is willing to make a 1-year commitment that will begin next week. The company must choose an EC2 Instance purchasing option that will provide discounts for the 90 EC2 Instances regardless of Region during the 1-year period.

Which solution will meet these requirements?

A.
Purchase EC2 Standard Reserved Instances.
A.
Purchase EC2 Standard Reserved Instances.
Answers
B.
Purchase an EC2 Instance Savings Plan.
B.
Purchase an EC2 Instance Savings Plan.
Answers
C.
Purchase EC2 Convertible Reserved Instances.
C.
Purchase EC2 Convertible Reserved Instances.
Answers
D.
Purchase a Compute Savings Plan.
D.
Purchase a Compute Savings Plan.
Answers
Suggested answer: B

Question 149

Report
Export
Collapse

A company wants to archive sensitive data on Amazon S3 Glacier. The company's regulatory and compliance requirements do not allow any modifications to the data by any account. Which solution meets these requirements?

A.
Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.
A.
Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.
Answers
B.
Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
B.
Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
Answers
C.
Configure S3 Object Lock in governance mode. Upload all files after 24 hours.
C.
Configure S3 Object Lock in governance mode. Upload all files after 24 hours.
Answers
D.
Configure S3 Object Lock in governance mode. Upload all files within 24 hours.
D.
Configure S3 Object Lock in governance mode. Upload all files within 24 hours.
Answers
Suggested answer: B

Question 150

Report
Export
Collapse

A global company handles a large amount of personally identifiable information (Pll) through an internal web portal. The company's application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the Pll in Amazon S3.

According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet. What should a SysOps administrator do to meet the compliance requirement?

A.
Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
A.
Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
Answers
B.
Configure AWS Network Firewall to redirect traffic to the internal S3 address.
B.
Configure AWS Network Firewall to redirect traffic to the internal S3 address.
Answers
C.
Modify the application to use the S3 path-style endpoint.
C.
Modify the application to use the S3 path-style endpoint.
Answers
D.
Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.
D.
Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.
Answers
Suggested answer: A

Explanation:

Using the interface endpoint, applications in your on-premises data center can easily query S3buckets over AWS Direct Connect or Site-to-Site VPN.https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms