ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 36

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 351

Report
Export
Collapse

A company has an AWS Lambda function in Account

A.
The Lambda function needs to read the objects in an Amazon S3 bucket in Account B. A SysOps administrator must create corresponding 1AM roles in both accounts. Which solution will meet these requirements?
A.
The Lambda function needs to read the objects in an Amazon S3 bucket in Account B. A SysOps administrator must create corresponding 1AM roles in both accounts. Which solution will meet these requirements?
Answers
B.
In Account A, create a Lambda execution role to assume the role in Account B. In Account B. create a role that the function can assume to gain access to the S3 bucket.
B.
In Account A, create a Lambda execution role to assume the role in Account B. In Account B. create a role that the function can assume to gain access to the S3 bucket.
Answers
C.
In Account A, create a Lambda execution role that provides access to the S3 bucket. In Account B. create a role that the function can assume.
C.
In Account A, create a Lambda execution role that provides access to the S3 bucket. In Account B. create a role that the function can assume.
Answers
D.
In Account A. create a role that the function can assume. In Account B, create a Lambda execution role that provides access to the S3 bucket.
D.
In Account A. create a role that the function can assume. In Account B, create a Lambda execution role that provides access to the S3 bucket.
Answers
E.
In Account A. create a role that the function can assume to gain access to the S3 bucket. In Account B. create a Lambda execution role to assume the role in Account A.
E.
In Account A. create a role that the function can assume to gain access to the S3 bucket. In Account B. create a Lambda execution role to assume the role in Account A.
Answers
Suggested answer: A

Explanation:

For a Lambda function in Account A to access an S3 bucket in Account B, the correct IAM roles setup includes:

A: In Account A, create a Lambda execution role that has permissions to assume another role in Account B. In Account B, create a role with permissions to access the S3 bucket and trust the Lambda execution role from Account A to assume it. This configuration allows the Lambda function to assume the cross-account role and access the S3 bucket as needed, maintaining security and proper access control. AWS documentation provides more details on setting up cross-account roles for Lambda access AWS Lambda Permissions.

Question 352

Report
Export
Collapse

A company's SysOps administrator maintains a highly available environment. The environment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.

Recently, the company conducted a failover test. The SysOps administrator needs to decrease the failover time of the RDS database by at least 10%.

Which solution will meet this requirement?

A.
Increase the RDS instance size.
A.
Increase the RDS instance size.
Answers
B.
Modify the RDS cluster to run in a single Availability Zone.
B.
Modify the RDS cluster to run in a single Availability Zone.
Answers
C.
Create a read replica in another AWS Region. Promote the read replica in case of failure.
C.
Create a read replica in another AWS Region. Promote the read replica in case of failure.
Answers
D.
Create an RDS proxy. Point the application to the proxy endpoint.
D.
Create an RDS proxy. Point the application to the proxy endpoint.
Answers
Suggested answer: A

Explanation:

https://aws.amazon.com/blogs/database/improving-application-availability-with-amazon-rds-proxy/

Question 353

Report
Export
Collapse

A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status.

All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications.

Which solution will meet these requirements?

A.
Adjust the Auto Scaling group to scale faster when a high number of messages is in the queue.
A.
Adjust the Auto Scaling group to scale faster when a high number of messages is in the queue.
Answers
B.
Use the Amazon Simple Notification Service (Amazon SNS) fanout feature with Amazon SQS to send the notifications in parallel to all the EC2 instances.
B.
Use the Amazon Simple Notification Service (Amazon SNS) fanout feature with Amazon SQS to send the notifications in parallel to all the EC2 instances.
Answers
C.
Add an Amazon DynamoDB stream to accelerate the message processing.
C.
Add an Amazon DynamoDB stream to accelerate the message processing.
Answers
D.
Create a queue for alarm notifications and a queue for information notifications. Update the application to collect messages from the alarm notifications queue first.
D.
Create a queue for alarm notifications and a queue for information notifications. Update the application to collect messages from the alarm notifications queue first.
Answers
Suggested answer: D

Explanation:

To prioritize alarm notifications over information notifications in an Amazon SQS environment, creating separate queues for each type of notification is the best approach. This allows the application processing the queues to prioritize fetching messages from the alarm notifications queue first. Option D directly addresses the need for prioritization without complicating the existing infrastructure. This setup is supported by best practices for using Amazon SQS, where using multiple queues to segregate message types is a recommended strategy Amazon SQS Best Practices.

Question 354

Report
Export
Collapse

A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack.

Which solution will meet these requirements?

A.
Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in the CloudFormation template.
A.
Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in the CloudFormation template.
Answers
B.
Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
B.
Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
Answers
C.
Create a backup plan in AWS Backup.
C.
Create a backup plan in AWS Backup.
Answers
D.
Set the DeletionPolicy attribute to Retain for the EC2 instance resource in the CloudFormation template.
D.
Set the DeletionPolicy attribute to Retain for the EC2 instance resource in the CloudFormation template.
Answers
Suggested answer: D

Explanation:

To prevent the EC2 instances and their data from being deleted when a CloudFormation stack is deleted:

DeletionPolicy Attribute: In the CloudFormation template that defines the EC2 instances, set the DeletionPolicy attribute to Retain for each EC2 instance resource. This setting ensures that when the CloudFormation stack is deleted, the EC2 instances are not terminated.

Impact of the Retain Policy: With this policy, all data on the instance, such as data on its attached EBS volumes, remains intact even after the stack deletion. The resources will remain in your AWS account and will need to be managed or deleted manually thereafter.

This approach is directly supported by AWS CloudFormation and provides a simple and effective way to protect EC2 instances and their data during stack deletions.

Question 355

Report
Export
Collapse

A company has an application that runs behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon Route 53 record set contains an alias record for app.anycompany.com that references the ALB in us-west-2 and uses a simple routing policy. The application is experiencing an increase in users from other locations in the world. These users are experiencing high latency.

Most of the new users are close to the ap-southeast-2 Region. The company deploys a copy of the application to ap-southeast-2. A SysOps administrator must implement a solution that automatically routes requests to the lowest latency endpoint for users without changing the URL.

Which solution will meet these requirements?

A.
Add a new value to the existing alias record for app.anycompany.com with the DNS name of the new ALB in ap-southeast-2.
A.
Add a new value to the existing alias record for app.anycompany.com with the DNS name of the new ALB in ap-southeast-2.
Answers
B.
Change the existing alias record to use a geolocation routing policy. Create two geolocation records, one record that references each ALSelect the location that is closest to each Region.
B.
Change the existing alias record to use a geolocation routing policy. Create two geolocation records, one record that references each ALSelect the location that is closest to each Region.
Answers
C.
Change the existing alias record to use a latency routing policy. Create two latency records, one record that references each ALB.
C.
Change the existing alias record to use a latency routing policy. Create two latency records, one record that references each ALB.
Answers
D.
Change the existing alias record to use a multivalue routing policy Add the DNS name of each ALB to the record.
D.
Change the existing alias record to use a multivalue routing policy Add the DNS name of each ALB to the record.
Answers
Suggested answer: C

Explanation:

To optimize the routing of requests to the application for users in different geographic locations, use Amazon Route 53's latency-based routing:

Latency Routing Policy: Modify the Route 53 DNS settings for app.anycompany.com by changing the routing policy to latency. This policy routes user requests to the server that has the lowest latency relative to the user's location.

Configure Latency Records: Create latency records for each ALB---one for the ALB in us-west-2 and another for the new ALB in ap-southeast-2. Route 53 will automatically direct traffic to the endpoint that provides the lowest latency connection to the user.

Seamless User Experience: By using latency routing, the URL remains the same (app.anycompany.com), but the backend service location varies based on which endpoint is likely to respond the fastest. This setup provides a seamless experience for users, reducing latency without requiring any changes to how they access the application.

This method leverages Route 53's advanced DNS capabilities to ensure optimal performance and user experience by dynamically routing traffic based on geographic latency considerations.

Question 356

Report
Export
Collapse

A company has applications that process transaction requests multiple times each minute. The applications write transaction data to a single Amazon RDS DB instance. As the company begins to process more transactions, the company becomes concerned that it has no failover solution in place for disaster recovery (DR). The company needs the DB instance to fail over automatically without losing any committed transactions.

Which solution will meet these requirements?

A.
Create an RDS read replica in the same AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
A.
Create an RDS read replica in the same AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
Answers
B.
Create an RDS read replica in a different AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
B.
Create an RDS read replica in a different AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
Answers
C.
Modify the DB instance to be a Multi-AZ deployment.
C.
Modify the DB instance to be a Multi-AZ deployment.
Answers
D.
Setup an Amazon CloudWatch alarm that monitors the DB instance memory utilization with a threshold greater than 90%. Invoke an AWS Lambda function to restart the DB instance.
D.
Setup an Amazon CloudWatch alarm that monitors the DB instance memory utilization with a threshold greater than 90%. Invoke an AWS Lambda function to restart the DB instance.
Answers
Suggested answer: C

Explanation:

For an RDS instance that needs high availability and automatic failover capabilities, setting it up as a Multi-AZ deployment is the most effective solution:

Multi-AZ Deployment: This feature allows Amazon RDS to automatically provision and manage a synchronous standby replica of your database in a different Availability Zone (AZ). The primary DB instance and the standby replica contain the same data, providing data redundancy and fail-safe mechanism.

Automatic Failover: In the event of a planned or unplanned outage of your primary DB instance (including DB instance failure, AZ failure, or network failure), RDS automatically fails over to the standby so that database operations can resume quickly without administrative intervention.

Data Integrity: This setup ensures no data loss for committed transactions, as the standby replica is always in sync with the primary.

By enabling Multi-AZ deployment, you ensure that your database environment has high availability and robustness, addressing both disaster recovery and operational continuity without losing any committed transactions.

Question 357

Report
Export
Collapse

A company is using AWS Certificate Manager (ACM) to manage public SSL/TLS certificates. A SysOps administrator needs to send an email notification when a certificate has less than 14 days until expiration.

Which solution will meet this requirement with the LEAST operational overhead?

A.
Create an Amazon CloudWatch custom metric to monitor certificate expiration for all ACM certificates. Create an Amazon EventBridge rule that has an event source of a ws. cloud watch Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe the appropriate email addresses to the SNS topic.
A.
Create an Amazon CloudWatch custom metric to monitor certificate expiration for all ACM certificates. Create an Amazon EventBridge rule that has an event source of a ws. cloud watch Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe the appropriate email addresses to the SNS topic.
Answers
B.
Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry melric for all ACM certificates. Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic.
B.
Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry melric for all ACM certificates. Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic.
Answers
C.
Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for all ACM certificates. If DaysToExpiry is less than 14, send an email message to the appropriate email addresses. Send the email message by running a predefined CLI command to publish to an Amazon Simple Notification Service (Amazon SNS) topic.
C.
Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for all ACM certificates. If DaysToExpiry is less than 14, send an email message to the appropriate email addresses. Send the email message by running a predefined CLI command to publish to an Amazon Simple Notification Service (Amazon SNS) topic.
Answers
D.
Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMS identity that uses a predefined email template. Configure the rule to send an event to the target SMS identity if DaysToExpiry is less than 14.
D.
Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMS identity that uses a predefined email template. Configure the rule to send an event to the target SMS identity if DaysToExpiry is less than 14.
Answers
Suggested answer: B

Explanation:

To send an email notification when an ACM certificate has less than 14 days until expiration, the most operationally efficient solution is to create an Amazon EventBridge rule that directly monitors AWS ACM for certificate expiry details. EventBridge can capture aws.acm events related to certificate expiration and evaluate the DaysToExpiry metric directly. Configure the rule to send notifications to an Amazon SNS topic when DaysToExpiry is less than 14, and subscribe the necessary email addresses to this SNS topic. This approach avoids the need for custom metrics or manual monitoring, providing a streamlined and automatic notification system. Option B is the correct answer as it leverages native integration between ACM, EventBridge, and SNS for minimal operational overhead. More details on EventBridge rules can be found in AWS documentation EventBridge Rules.

Question 358

Report
Export
Collapse

A company wants to store sensitive financial data within Amazon S3 buckets. The company has a corporate policy that does not allow public read or write access to the buckets. A SysOps administrator must create a solution to automatically remove S3 permissions that allow public read or write access.

Which AWS service should the SysOps administrator use to meet these requirements in the MOST operationally efficient manner?

A.
AWSConfig
A.
AWSConfig
Answers
B.
AWS Security Hub
B.
AWS Security Hub
Answers
C.
AWS Trusted Advisor
C.
AWS Trusted Advisor
Answers
D.
Amazon Inspector
D.
Amazon Inspector
Answers
Suggested answer: A

Explanation:

AWS Config is the best service to automatically manage and remediate S3 bucket permissions that violate corporate policies against public access. AWS Config continuously monitors and records AWS resource configurations and allows you to create rules that trigger automatic responses when public access configurations are detected. This approach is highly operationally efficient as it automates compliance and enforcement of security policies without manual intervention. Option A is correct. AWS Config can be used to assess, audit, and evaluate the configurations of AWS resources, including S3 buckets. Reference AWS Config.

Question 359

Report
Export
Collapse

A company is running a development application on an Amazon EC2 instance. The application uploads 500.000 files that are 1 GB in size into a large! Amazon S3 bucket that has default encryption enabled The EC2 instance is in the same AWS Region where the S3 bucket is deployed.

The company uses performance logging that is built into the application software. The logs show that the application is constantly waiting for the files to be written to the S3 bucket. A SysOps administrator needs to improve the application's throughput performance. The SysOps administrator validates that the networking on the EC2 instance is not constrained.

What should the SysOps administrator do to improve the S3 upload performance''

A.
Enable S3 Transfer Acceleration on the S3 bucket.
A.
Enable S3 Transfer Acceleration on the S3 bucket.
Answers
B.
Split the S3 write operations to use multiple bucket prefixes to write items in parallel.
B.
Split the S3 write operations to use multiple bucket prefixes to write items in parallel.
Answers
C.
Configure AWS PrivateLink for Amazon S3 Turn off encryption on the S3 bucket
C.
Configure AWS PrivateLink for Amazon S3 Turn off encryption on the S3 bucket
Answers
D.
Configure AWS Global Accelerator in the Region. Turn off encryption on the S3 bucket.
D.
Configure AWS Global Accelerator in the Region. Turn off encryption on the S3 bucket.
Answers
Suggested answer: B

Explanation:

Improve S3 Upload Performance:

Using multiple bucket prefixes can improve throughput by allowing parallel upload streams.

Steps:

Modify the application to write files to different prefixes in the S3 bucket.

Example: Instead of writing all files to s3://bucket-name/, write to s3://bucket-name/prefix1/, s3://bucket-name/prefix2/, etc.

Question 360

Report
Export
Collapse

A company that uses AWS Organizations recently implemented AWS Control Tower The company now needs to centralize identity management A SysOps administrator must federate AWS 1AM Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all the company's accounts and cloud applications

Which prerequisites must the SysOps administrator have so that the SysOps administrator can connect to the external IdP? (Select TWO.)

A.
A copy of the 1AM Identity Center SAML metadata
A.
A copy of the 1AM Identity Center SAML metadata
Answers
B.
The IdP metadata, including the public X.509 certificate
B.
The IdP metadata, including the public X.509 certificate
Answers
C.
The IP address of the IdP
C.
The IP address of the IdP
Answers
D.
Root access to the management account
D.
Root access to the management account
Answers
E.
Administrative permissions to the member accounts of the organization
E.
Administrative permissions to the member accounts of the organization
Answers
Suggested answer: A, B

Explanation:

IAM Identity Center SAML Metadata:

This metadata is required to establish the trust relationship between AWS IAM Identity Center and the external SAML 2.0 identity provider.

Steps:

Download the IAM Identity Center SAML metadata from the AWS Management Console.

Provide this metadata to the external IdP.

IdP Metadata:

The metadata from the IdP, including the public X.509 certificate, is needed to configure the trust relationship.

Steps:

Obtain the IdP metadata, which includes the entity ID, endpoints, and X.509 certificate.

Configure the IAM Identity Center with this information.

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms