ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 37

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 361

Report
Export
Collapse

A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhe company now needs to centruito Scaling group is configured with two similar scaling policies dP) to centrally manage access to One scaling policy adds 5 instances when CPU utilization reaches 80%. The other sctrator can connect to the extemahen CPU utilization leaches 80%.

What will happen when CPU utilization reaches the 80% threshold?

A.
Amazon EC2 Auto Scaling will add 5 instances
A.
Amazon EC2 Auto Scaling will add 5 instances
Answers
B.
Amazon EC2 Auto Scaling will add 10 instances
B.
Amazon EC2 Auto Scaling will add 10 instances
Answers
C.
Amazon EC2 Auto Scaling will add 15 instances.
C.
Amazon EC2 Auto Scaling will add 15 instances.
Answers
D.
The Auto Scaling group will not scale because of conflicting policies
D.
The Auto Scaling group will not scale because of conflicting policies
Answers
Suggested answer: B

Explanation:

Scaling Policies in Auto Scaling:

When multiple scaling policies trigger at the same time, each policy is executed independently.

If both policies are set to add 5 instances when CPU utilization reaches 80%, they will both be executed when the threshold is met.

Therefore, the total number of instances added will be the sum of the instances specified in both policies.

In this case, 5 instances from one policy and 5 instances from the other policy will result in a total of 10 instances being added.

Steps to Configure and Verify Scaling Policies:

Go to the AWS Management Console.

Navigate to EC2 and select 'Auto Scaling Groups.'

Select your Auto Scaling group and review the scaling policies.

Ensure that both scaling policies are configured to trigger at 80% CPU utilization.

Monitor the Auto Scaling group's activity to verify the addition of instances when the CPU utilization threshold is reached.


Question 362

Report
Export
Collapse

A company hosts an application on Amazon EC2 instances The instances are in an Amazon EC2 Auto Scaling group that uses a launch template The amount of application traffic changes throughout the day. Scaling events happen frequently.

A SysOps administrator needs to help developers troubleshoot the application. When a scaling event removes an instance. EC2 Auto Scaling terminates the instance before the developers can log in to the instance to diagnose issues.

Which solution will prevent termination of the instance so that the developers can log in to the instance?

A.
Ensure that the Delete on termination setting is turned off in the UserData section of the launch template
A.
Ensure that the Delete on termination setting is turned off in the UserData section of the launch template
Answers
B.
Update the Auto Scaling group by enabling instance scale-in protection for newly launched instances.
B.
Update the Auto Scaling group by enabling instance scale-in protection for newly launched instances.
Answers
C.
Use Amazon Inspector to configure a rules package to protect the instances from termination.
C.
Use Amazon Inspector to configure a rules package to protect the instances from termination.
Answers
D.
Use Amazon GuardDuty to configure rules to protect the instances from termination.
D.
Use Amazon GuardDuty to configure rules to protect the instances from termination.
Answers
Suggested answer: B

Explanation:

Enabling Instance Scale-In Protection:

Instance scale-in protection prevents Auto Scaling from terminating specific instances.

Steps:

Go to the AWS Management Console.

Navigate to EC2 and select 'Auto Scaling Groups.'

Select your Auto Scaling group.

Go to the 'Instance management' tab.

Select the instances you want to protect and click 'Actions.'

Choose 'Enable scale-in protection.'

This ensures that instances are not terminated during troubleshooting.

Question 363

Report
Export
Collapse

A company has many accounts in an organization in AWS Organizations The company must automate resource provisioning from the organization's management account to the member accounts.

Which solution will meet this requirement?

A.
Create an AWS CkHJdFormation change set Deploy the change set to all member accounts
A.
Create an AWS CkHJdFormation change set Deploy the change set to all member accounts
Answers
B.
Create an AWS CtoudFormation nested stack Deploy the nested stack to all member accounts.
B.
Create an AWS CtoudFormation nested stack Deploy the nested stack to all member accounts.
Answers
C.
Create an AWS CtoudFormation stack set Deploy the stack set to all member accounts.
C.
Create an AWS CtoudFormation stack set Deploy the stack set to all member accounts.
Answers
D.
Create an AWS Serverless Application Model (AWS SAM) template. Deploy the template to all member accounts.
D.
Create an AWS Serverless Application Model (AWS SAM) template. Deploy the template to all member accounts.
Answers
Suggested answer: C

Explanation:

Using CloudFormation Stack Sets:

CloudFormation stack sets allow you to deploy CloudFormation stacks across multiple AWS accounts and regions.

Steps:

Go to the AWS Management Console.

Navigate to CloudFormation and select 'StackSets.'

Click on 'Create StackSet.'

Provide the template URL or upload a template file.

Configure the stack set options and specify the accounts and regions.

Deploy the stack set to the specified accounts and regions.

Question 364

Report
Export
Collapse

An AWS Cloud Formation template creates an Amazon RDS instance This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use. even after the Cloud Format ton stack is deleted

How can this be achieved in a reliable and efficient way?

A.
Write a script to continue backing up the RDS instance every live minutes.
A.
Write a script to continue backing up the RDS instance every live minutes.
Answers
B.
Create an AWS Lambda function to take a snapshot of the RDS instance, and manually invoke the function before deleting the stack.
B.
Create an AWS Lambda function to take a snapshot of the RDS instance, and manually invoke the function before deleting the stack.
Answers
C.
Use the Snapshot Deletion Policy in the Cloud Formation template definition of the RDS instance.
C.
Use the Snapshot Deletion Policy in the Cloud Formation template definition of the RDS instance.
Answers
D.
Create a new CloudFormallon template to perform backups of the RDS instance, and run this template before deleting the stack.
D.
Create a new CloudFormallon template to perform backups of the RDS instance, and run this template before deleting the stack.
Answers
Suggested answer: C

Explanation:

Snapshot Deletion Policy:

The Snapshot Deletion Policy ensures that a snapshot is created when an RDS instance is deleted as part of a CloudFormation stack deletion.

Steps:

Update your CloudFormation template to include the DeletionPolicy attribute for the RDS instance resource.

Example template snippet:

Resources:

MyDBInstance:

Type: AWS::RDS::DBInstance

Properties:

# DB instance properties

DeletionPolicy: Snapshot

This configuration retains a snapshot of the RDS instance data when the stack is deleted.

Reference: AWS CloudFormation DeletionPolicy

Question 365

Report
Export
Collapse

A company wants to prohibit its developers from using a particular family of Amazon EC2 instances The company uses AWS Organizations and wants to apply the restriction across multiple accounts

What is the MOST operationally efficient way for the company lo apply service control policies (SCPs) to meet these requirements?

A.
Add the accounts to an organizational unit (OUf Apply the SCPs to the OU.
A.
Add the accounts to an organizational unit (OUf Apply the SCPs to the OU.
Answers
B.
Add the accounts to resource groups in AWS Resource Groups. Apply the SCPs to the resource groups.
B.
Add the accounts to resource groups in AWS Resource Groups. Apply the SCPs to the resource groups.
Answers
C.
Apply the SCPs to each developer account.
C.
Apply the SCPs to each developer account.
Answers
D.
Enroll the accounts with AWS Control Tower. Apply the SCPs to the AWS Control Tower management account.
D.
Enroll the accounts with AWS Control Tower. Apply the SCPs to the AWS Control Tower management account.
Answers
Suggested answer: A

Explanation:

Applying SCPs to an Organizational Unit:

Service Control Policies (SCPs) allow you to manage permissions for multiple AWS accounts within an organization.

Steps:

Go to the AWS Management Console.

Navigate to AWS Organizations.

Create an Organizational Unit (OU) if not already created.

Move the target accounts into the OU.

Create an SCP that denies the use of the specific EC2 instance family.

Attach the SCP to the OU.

This approach ensures that the policy is applied consistently across all accounts in the OU.

Question 366

Report
Export
Collapse

A company has an application that uses Amazon DynamoDB tables The tables are spread across AWS accounts and AWS Regions. The company uses AWS CloudFormation to deploy AWS resources.

A new team at the company is deleting unused AWS resources. The team accidentally deletes several production DynamoDB tables by running an AWS Lambda function that makes a DynamoDB DeleteTable API call. The table deletions cause an application outage

A SysOps administrator must implement a solution that minimizes the chance of accidental deletions of tables. The solution also must minimize data loss that results from accidental deletions.

Which combination of steps will meet these requirements? (Select TWO.)

A.
Enable termination protection for the CloudFormation stacks that deploy the DynamoDB tables.
A.
Enable termination protection for the CloudFormation stacks that deploy the DynamoDB tables.
Answers
B.
Enable deletion protection for the DynamoDB tables
B.
Enable deletion protection for the DynamoDB tables
Answers
C.
Enable point-in-time recovery for (he DynamoDB tables. Restore the tables if they are accidentally deleted.
C.
Enable point-in-time recovery for (he DynamoDB tables. Restore the tables if they are accidentally deleted.
Answers
D.
Schedule daily backups of the DynamoDB tables. Restore the tables if they are accidentally deleted.
D.
Schedule daily backups of the DynamoDB tables. Restore the tables if they are accidentally deleted.
Answers
E.
Export the DynamoDB tables to Amazon S3 every day. Use Import from Amazon S3 to restore data for tables that are accidentally deleted
E.
Export the DynamoDB tables to Amazon S3 every day. Use Import from Amazon S3 to restore data for tables that are accidentally deleted
Answers
Suggested answer: B, C

Explanation:

Enable deletion protection for the DynamoDB tables:

Deletion protection is a feature that prevents accidental deletion of DynamoDB tables. When enabled, it requires an additional step to disable this protection before the table can be deleted.

Steps:

Go to the AWS Management Console.

Navigate to DynamoDB.

Select the table you want to protect.

Choose the 'Overview' tab.

Under 'Deletion protection,' click 'Enable deletion protection.'

Enable point-in-time recovery (PITR) for the DynamoDB tables:

PITR provides continuous backups of your DynamoDB tables. You can restore the table to any point in time within the last 35 days.

Steps:

Go to the AWS Management Console.

Navigate to DynamoDB.

Select the table you want to enable PITR for.

Choose the 'Backups' tab.

Click on 'Enable Point-in-Time Recovery.'

If a table is accidentally deleted, you can restore it using PITR.

Go to the DynamoDB console.

Select 'Backups' from the navigation pane.

Find the table backup and choose 'Restore.'

Question 367

Report
Export
Collapse

A company is running an application on a group of Amazon EC2 instances behind an Application Load Balancer The EC2 instances run across three Availability Zones The company needs to provide the customers with a maximum of two static IP addresses for their applications

How should a SysOps administrator meet these requirement?

A.
Add AWS Global Accelerator in front of the Application Load Balancer
A.
Add AWS Global Accelerator in front of the Application Load Balancer
Answers
B.
Add an internal Network Load Balancer behind the Application Load Balancer
B.
Add an internal Network Load Balancer behind the Application Load Balancer
Answers
C.
Configure the Application Load Balancer in only two Availability Zones.
C.
Configure the Application Load Balancer in only two Availability Zones.
Answers
D.
Create two Elastic IP addresses and assign them to the Application Load Balancer.
D.
Create two Elastic IP addresses and assign them to the Application Load Balancer.
Answers
Suggested answer: A

Explanation:

AWS Global Accelerator:

AWS Global Accelerator is a service that improves the availability and performance of your applications with a global user base. It provides static IP addresses that act as a fixed entry point to your application endpoints (such as ALBs).

Steps:

Go to the AWS Management Console.

Navigate to Global Accelerator.

Click on 'Create accelerator.'

Configure the accelerator by providing a name and adding listeners.

Add your Application Load Balancer as an endpoint.

Allocate two static IP addresses.

This setup ensures that your application is accessible via two static IP addresses, fulfilling the requirement.

Question 368

Report
Export
Collapse

A company currently runs its infrastructure within a VPC in a single Availability Zone The VPC is connected to the company's on-premises data center through an AWS Site-to-SIte VPN connection attached to a virtual pnvate gateway. The on-premises route tables route all VPC networks to the VPN connection Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.

Which steps should the SysOps administrator take to resolve the issue?

A.
Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
A.
Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
Answers
B.
Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
B.
Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
Answers
C.
Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center
C.
Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center
Answers
D.
Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.
D.
Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.
Answers
Suggested answer: A

Explanation:

Adding a Route to the Route Tables:

When new subnets are created, they need appropriate routing to ensure communication with on-premises networks.

Steps:

Go to the AWS Management Console.

Navigate to VPC.

Select the route table associated with the new subnets.

Choose 'Edit routes.'

Add a new route with the destination CIDR block of the on-premises network.

For the target, select the virtual private gateway (VGW).

This ensures that traffic destined for the on-premises network is routed correctly through the VPN connection.

Question 369

Report
Export
Collapse

A company deploys a new application on three Amazon EC2 instances across three Availability Zones The company uses a Network Load Balancer (NLB) to route traffic lo the EC2 instances. A SysOps administrator must implement a solution so that the EC2 instances allow traffic from only the NLB.

What should the SysOps administrator do to meet these requirements with the LEAST operational overhead?

A.
Configure the security group that is associated with the EC2 instances to allow traffic from only the security group that is associated with the NLB.
A.
Configure the security group that is associated with the EC2 instances to allow traffic from only the security group that is associated with the NLB.
Answers
B.
Configure the security group that is associated with the EC2 instances to allow traffic from only the elastic network interfaces that are associated with the NLB.
B.
Configure the security group that is associated with the EC2 instances to allow traffic from only the elastic network interfaces that are associated with the NLB.
Answers
C.
Create a network ACL. Associate the network ACL with the application subnets. Configure the network ACL to allow inbound traffic from only the CIDR ranges of the NLB.
C.
Create a network ACL. Associate the network ACL with the application subnets. Configure the network ACL to allow inbound traffic from only the CIDR ranges of the NLB.
Answers
D.
Use a third-party firewall solution that is installed on a separate EC2 instance. Configure a firewall rule that allows traffic to the application's EC2 instances from only the subnets where the NLB is deployed
D.
Use a third-party firewall solution that is installed on a separate EC2 instance. Configure a firewall rule that allows traffic to the application's EC2 instances from only the subnets where the NLB is deployed
Answers
Suggested answer: A

Explanation:

Configuring Security Groups:

Security groups act as virtual firewalls for your instances to control inbound and outbound traffic.

Steps:

Go to the AWS Management Console.

Navigate to EC2.

Select 'Security Groups' from the left-hand menu.

Find and select the security group associated with your EC2 instances.

Choose the 'Inbound rules' tab and click 'Edit inbound rules.'

Add a rule to allow traffic from the security group associated with the NLB.

Type: Custom TCP (or the specific port your application uses)

Source: Select 'Custom' and enter the ID of the NLB's security group.

This setup ensures that the EC2 instances accept traffic only from the NLB, enhancing security with minimal operational overhead.

Question 370

Report
Export
Collapse

A company has created an AWS CloudFormation template that consists of the AWS: EC2 Instance resource and a custom Cloud Formation resource The custom CloudFormation resource is an AWS Lambda function that attempts to run automation on the Amazon EC2 instance.

During testing, the Lambda function fails because the Lambda function tries to run before the EC2 instance is launched

Which solution will resolve this issue?

A.
Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.
A.
Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.
Answers
B.
Update the custom resource's service token to point to a valid Lambda function
B.
Update the custom resource's service token to point to a valid Lambda function
Answers
C.
Update the Lambda function to use the cfn-response module to send a response to the custom resource.
C.
Update the Lambda function to use the cfn-response module to send a response to the custom resource.
Answers
D.
Use the Fn::lf intrinsic function to check for the EC2 instance before the custom resource runs.
D.
Use the Fn::lf intrinsic function to check for the EC2 instance before the custom resource runs.
Answers
Suggested answer: A

Explanation:

DependsOn Attribute in CloudFormation:

The DependsOn attribute in AWS CloudFormation ensures that one resource is created only after another resource has been successfully created. In this case, it ensures that the EC2 instance is fully launched before the custom resource (the Lambda function) is executed.

Steps:

Update the CloudFormation template to include the DependsOn attribute for the custom resource.

Ensure that the custom resource references the EC2 instance.

Resources:

MyEC2Instance:

Type: AWS::EC2::Instance

Properties:

# EC2 properties

MyCustomResource:

Type: Custom::MyCustomResource

DependsOn: MyEC2Instance

Properties:

ServiceToken: !GetAtt MyLambdaFunction.Arn

# Other properties

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms