ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
The SysOps administrator needs to prevent launching EC2 instances without a specific tag in the application OU.
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?

Question 181

Report
Export
Collapse

A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC. the administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the administrator add to the route tables?

A.
Route ;:/0 traffic to a NAT gateway
A.
Route ;:/0 traffic to a NAT gateway
Answers
B.
Route ::/0 traffic to an internet gateway
B.
Route ::/0 traffic to an internet gateway
Answers
C.
Route 0.0.0.0/0 traffic to an egress-only internet gateway
C.
Route 0.0.0.0/0 traffic to an egress-only internet gateway
Answers
D.
Route ::/0 traffic to an egress-only internet gateway
D.
Route ::/0 traffic to an egress-only internet gateway
Answers
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html

Question 182

Report
Export
Collapse

A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The company uses Amazon Route 53 for its website's DNS solution. Which configuration will meet these requirements?

A.
Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.
A.
Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.
Answers
B.
Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.
B.
Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.
Answers
C.
Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.
C.
Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.
Answers
D.
Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.
D.
Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.
Answers
Suggested answer: C

Question 183

Report
Export
Collapse

A company needs to view a list of security groups that are open to the internet on port 3389.

What should a SysOps administrator do to meet this requirement?

A.
Configure Amazon GuardDuly to scan security groups and report unrestricted access on port 3389.
A.
Configure Amazon GuardDuly to scan security groups and report unrestricted access on port 3389.
Answers
B.
Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389
B.
Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389
Answers
C.
Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
C.
Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
Answers
D.
Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.
D.
Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.
Answers
Suggested answer: D

Question 184

Report
Export
Collapse

A company has a simple web application that runs on a set of Amazon EC2 instances behind an Elastic Load Balancer in the eu-west-2 Region. Amazon Route 53 holds a DNS record for the application with a simple touting policy. Users from all over the world access the application through their web browsers.

The company needs to create additional copies of the application in the us-east-1 Region and in the ap-south-1 Region. The company must direct users to the Region that provides the fastest response times when the users load the application.

What should a SysOps administrator do to meet these requirements?

A.
In each new Region, create a new Elastic Load Balancer and a new set of EC2 Instances to run a copy of the application. Transition to a geolocation routing policy.
A.
In each new Region, create a new Elastic Load Balancer and a new set of EC2 Instances to run a copy of the application. Transition to a geolocation routing policy.
Answers
B.
In each new Region, create a copy of the application on new EC2 instances. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2. Transition to a latency routing policy.
B.
In each new Region, create a copy of the application on new EC2 instances. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2. Transition to a latency routing policy.
Answers
C.
In each new Region, create a copy of the application on new EC2 instances. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2. Transition to a multivalue routing policy.
C.
In each new Region, create a copy of the application on new EC2 instances. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2. Transition to a multivalue routing policy.
Answers
D.
In each new Region, create a new Elastic Load Balancer and a new set of EC2 instances to run a copy of the application. Transition to a latency routing policy.
D.
In each new Region, create a new Elastic Load Balancer and a new set of EC2 instances to run a copy of the application. Transition to a latency routing policy.
Answers
Suggested answer: B

Question 185

Report
Export
Collapse

A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions.

What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?

A.
Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.
A.
Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.
Answers
B.
Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.
B.
Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.
Answers
C.
Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.
C.
Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.
Answers
D.
Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization's management account.
D.
Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization's management account.
Answers
Suggested answer: C

Question 186

Report
Export
Collapse

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement?

A.
Turn on S3 Block Public Access from the account level.
A.
Turn on S3 Block Public Access from the account level.
Answers
B.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
B.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
Answers
C.
Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
C.
Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
Answers
D.
Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.
D.
Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.
Answers
Suggested answer: A

Explanation:

Using Amazon S3 Block Public Access as a centralized way to limit public access. Block Public Access settings override bucket policies and object permissions. Be sure to enable Block Public Access for all accounts and buckets that you don't want publicly accessible.

https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3resources/#:~:text=Using%20Amazon%20S3%20Block%20Public,don't%20want%20publicly%20acces sible.

Question 187

Report
Export
Collapse

A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation. Which solution will meet these requirements?

A.
Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
A.
Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
Answers
B.
Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
B.
Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
Answers
C.
Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
C.
Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
Answers
D.
Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.
D.
Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.
Answers
Suggested answer: A

Question 188

Report
Export
Collapse

A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named pcx-12345 between both VPCs.

Which rules should appear in the route table of VPC A after configuration? (Select TWO.)

A.
Destination: 10.0.0.0/16, Target: Local
A.
Destination: 10.0.0.0/16, Target: Local
Answers
B.
Destination: 172.31.0.0/16, Target: Local
B.
Destination: 172.31.0.0/16, Target: Local
Answers
C.
Destination: 10.0.0.0/16, Target: pcx-12345
C.
Destination: 10.0.0.0/16, Target: pcx-12345
Answers
D.
Destination: 172.31.0.0/16, Target: pcx-12345
D.
Destination: 172.31.0.0/16, Target: pcx-12345
Answers
E.
Destination: 10.0.0.0/16. Target: 172.31.0.0/16
E.
Destination: 10.0.0.0/16. Target: 172.31.0.0/16
Answers
Suggested answer: A, D

Explanation:

https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html

Question 189

Report
Export
Collapse

A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues.

The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible. Which solution will meet these requirements with the LEAST operational overhead?

A.
Rewrite the application to surface a custom error to the application log when issues occur.Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.
A.
Rewrite the application to surface a custom error to the application log when issues occur.Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.
Answers
B.
Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected.
B.
Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected.
Answers
C.
Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected.
C.
Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected.
Answers
Suggested answer: A

Question 190

Report
Export
Collapse

A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted.

The company's new security policy requires all AWS resources to be encrypted at rest and in transit. What should a SysOps administrator do to encrypt the database?

A.
Configure encryption on the existing DB instance.
A.
Configure encryption on the existing DB instance.
Answers
B.
Take a snapshot of the DB instance. Encrypt the snapshot. Restore the snapshot to the same DB instance.
B.
Take a snapshot of the DB instance. Encrypt the snapshot. Restore the snapshot to the same DB instance.
Answers
C.
Encrypt the standby replica in a secondary Availability Zone. Promote the standby replica to the primary DB instance.
C.
Encrypt the standby replica in a secondary Availability Zone. Promote the standby replica to the primary DB instance.
Answers
D.
Take a snapshot of the DB instance. Copy and encrypt the snapshot. Create a new DB instance by restoring the encrypted copy.
D.
Take a snapshot of the DB instance. Copy and encrypt the snapshot. Create a new DB instance by restoring the encrypted copy.
Answers
Suggested answer: B
Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms