ExamGecko
Login
Home / Amazon / SOA-C02 / List of questions
Ask Question

Amazon SOA-C02 Practice Test - Questions Answers, Page 18

List of questions

Question 171

Report
Export
Collapse

A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.

Which solution should the SysOps administrator implement to meet these requirements?

Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.
Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.
Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.
Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.
Migrate the database to an Amazon Aurora multi-master DB cluster.
Migrate the database to an Amazon Aurora multi-master DB cluster.
Migrate the database to an Amazon RDS for MySQL DB instance.
Migrate the database to an Amazon RDS for MySQL DB instance.
Suggested answer: C
asked 16/09/2024
Michael Crowson
46 questions

Question 172

Report
Export
Collapse

A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.

What is the default behavior of CloudFormation in this scenario?

CloudFormation will roll back the stack and delete the stack.
CloudFormation will roll back the stack and delete the stack.
CloudFormation will roll back the stack but will not delete the stack.
CloudFormation will roll back the stack but will not delete the stack.
CloudFormation will prompt the user to roll back the stack or continue.
CloudFormation will prompt the user to roll back the stack or continue.
CloudFormation will successfully complete the stack but will report a failed status for the DB instance.
CloudFormation will successfully complete the stack but will report a failed status for the DB instance.
Suggested answer: C
asked 16/09/2024
RALPH KOH
28 questions

Question 173

Report
Export
Collapse

A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi- AZ database for data storage. Which configuration approach will meet these requirements?

Enable Transparent Data Encryption (TDE) in the MySQL configuration file. Manually rotate the key every 12 months.
Enable Transparent Data Encryption (TDE) in the MySQL configuration file. Manually rotate the key every 12 months.
Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS.
Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS.
Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable RDS encryption on the database at creation time by using the KMS key.
Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable RDS encryption on the database at creation time by using the KMS key.
Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the RDS DB instance.
Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the RDS DB instance.
Suggested answer: C

Explanation:

This configuration approach will meet the requirement of encrypting all data at rest and rotating the encryption keys once each year. By creating a new AWS KMS customer managed key and enabling automatic key rotation, the encryption keys will be rotated automatically every year. By enabling RDS encryption on the database at creation time using the KMS key, all data stored in the RDS for MySQL Multi-AZ database will be encrypted at rest. This approach provide more control over key management and rotation and provide additional security benefits

asked 16/09/2024
Aurelie Touraille Colombo
32 questions

Question 174

Report
Export
Collapse

A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket. What is the MOST operationally efficient solution that meets these requirements?

Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.
Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.
Suggested answer: C
asked 16/09/2024
Dave Stacey
31 questions

Question 175

Report
Export
Collapse

A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost. What should the SysOps administrator do to sign in?

Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.
Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.
Sign in as an 1AM user with administrator permissions. Resynchronize the MFA token by using the 1AM console.
Sign in as an 1AM user with administrator permissions. Resynchronize the MFA token by using the 1AM console.
Sign in as an 1AM user with administrator permissions. Reset the MFA device for the root user by adding a new device.
Sign in as an 1AM user with administrator permissions. Reset the MFA device for the root user by adding a new device.
Use the forgot-password process to verify the email address. Set up a new password and MFA device.
Use the forgot-password process to verify the email address. Set up a new password and MFA device.
Suggested answer: A
asked 16/09/2024
shafinaaz hossenny
39 questions

Question 176

Report
Export
Collapse

A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator. Which action will the administrator of the second account be able to perform?

Add a product from the imported portfolio to a local portfolio.
Add a product from the imported portfolio to a local portfolio.
Add new products to the imported portfolio.
Add new products to the imported portfolio.
Change the launch role for the products contained in the imported portfolio.
Change the launch role for the products contained in the imported portfolio.
Customize the products in the imported portfolio.
Customize the products in the imported portfolio.
Suggested answer: A
asked 16/09/2024
Kevin Margan
45 questions

Question 177

Report
Export
Collapse

A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times. Which deployment policies satisfy this requirement? (Select TWO.)

All at once
All at once
Immutable
Immutable
Rebuild
Rebuild
Rolling
Rolling
Rolling with additional batch
Rolling with additional batch
Suggested answer: B, E

Explanation:

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

asked 16/09/2024
A R
39 questions

Question 178

Report
Export
Collapse

A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated. What is the MOST operationally efficient solution that meets these requirements?

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is compliant. Terminate any noncompliant instances.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is compliant. Terminate any noncompliant instances.
Create an 1AM policy that enforces all EC2 instance tag requirements. If the required tags are not in place for an instance, the policy will terminate noncompliant instance.
Create an 1AM policy that enforces all EC2 instance tag requirements. If the required tags are not in place for an instance, the policy will terminate noncompliant instance.
Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5 minutes.
Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5 minutes.
Create an AWS Config rule to check if the required tags are present. If an EC2 instance is noncompliant, invoke an AWS Systems Manager Automation document to terminate the instance.
Create an AWS Config rule to check if the required tags are present. If an EC2 instance is noncompliant, invoke an AWS Systems Manager Automation document to terminate the instance.
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager- automation.html

asked 16/09/2024
Lea Kohl
46 questions

Question 179

Report
Export
Collapse

A SysOps administrator wants to upload a file that is 1 TB in size from on-premises to an Amazon S3 bucket using multipart uploads. What should the SysOps administrator do to meet this requirement?

Upload the file using the S3 console.
Upload the file using the S3 console.
Use the s3api copy-object command.
Use the s3api copy-object command.
Use the s3api put-object command.
Use the s3api put-object command.
Use the s3 cp command.
Use the s3 cp command.
Suggested answer: D

Explanation:

It's a best practice to use aws s3 commands (such as aws s3 cp) for multipart uploads and downloads, because these aws s3 commands automatically perform multipart uploading and downloading based on the file size. By comparison, aws s3api commands, such as aws s3api create-multipart-upload, should be used only when aws s3 commands don't support a specific upload need, such as when the multipart upload involves multiple servers, a multipart upload is manually stopped and resumed later, or when the aws s3 command doesn't support a required request parameter.https://aws.amazon.com/premiumsupport/knowledge-center/s3-multipart-upload-cli/

asked 16/09/2024
Narmada Balaji
30 questions

Question 180

Report
Export
Collapse

A SysOps administrator is responsible for a company's security groups. The company wants to maintain a documented trail of any changes that are made to the security groups. The SysOps administrator must receive notification whenever the security groups change.

Which solution will meet these requirements?

Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SOS) queue for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SQS queue.
Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SOS) queue for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SQS queue.
Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.
Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.
Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.
Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.
Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.
Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.
Suggested answer: D
asked 16/09/2024
Jonny McKitrick
40 questions
Total 450 questions
Go to page: of 45
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.
After creating a presigned URL for an S3 object, users can no longer access the file after a few days.
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server. A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection. The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue?
The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.
The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names?
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2. large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes. What change should be made to alleviate the performance problem?
A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds. How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
A SysOps administrator needs EC2 instances in a VPC to resolve DNS names for hosts in an on-premises data center.