ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 31

Report
Export
Collapse

An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.

How can this be resolved?

A.
Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
A.
Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
Answers
B.
Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
B.
Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
Answers
C.
Enable encryption on each host's local drive. Restart each host to encrypt the drive.
C.
Enable encryption on each host's local drive. Restart each host to encrypt the drive.
Answers
D.
Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
D.
Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
Answers
Suggested answer: D

Question 32

Report
Export
Collapse

A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

What should be added to the private subnet's route table in order to address this issue, given the information provided?

A.
0.0.0.0/0 IGW
A.
0.0.0.0/0 IGW
Answers
B.
0.0.0.0/0 NAT
B.
0.0.0.0/0 NAT
Answers
C.
10.0.1.0/24 IGW
C.
10.0.1.0/24 IGW
Answers
D.
10.0.1.0/24 NAT
D.
10.0.1.0/24 NAT
Answers
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

Question 33

Report
Export
Collapse

An organization finds that a high number of gp2 Amazon EBS volumes are running out of space.

Which solution will provide the LEAST disruption with MINIMAL effort?

A.
Create a snapshot and restore it to a larger gp2 volume.
A.
Create a snapshot and restore it to a larger gp2 volume.
Answers
B.
Create a RAID 0 with another new gp2 volume to increase capacity.
B.
Create a RAID 0 with another new gp2 volume to increase capacity.
Answers
C.
Leverage the Elastic Volumes feature of EBS to increase gp2 volume size.
C.
Leverage the Elastic Volumes feature of EBS to increase gp2 volume size.
Answers
D.
Write a script to migrate data to a larger gp2 volume.
D.
Write a script to migrate data to a larger gp2 volume.
Answers
Suggested answer: C

Explanation:

Reference: https://aws.amazon.com/ebs/features/

Question 34

Report
Export
Collapse


A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between 6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.

What is the MOST operationally efficient solution that meets these requirements?

A.
Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
A.
Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
Answers
B.
Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
B.
Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
Answers
C.
Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
C.
Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
Answers
D.
Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.
D.
Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.
Answers
Suggested answer: B

Question 35

Report
Export
Collapse

A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.

The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.

Which solution will securely share the AMI with the other AWS accounts?

A.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
A.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
Answers
B.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
B.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
Answers
C.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to make it public.
C.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to make it public.
Answers
D.
In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with.Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
D.
In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with.Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
Answers
Suggested answer: C

Question 36

Report
Export
Collapse

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps administrator take to meet these requirements?

A.
Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
A.
Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
Answers
B.
Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
B.
Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
Answers
C.
Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
C.
Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
Answers
D.
Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
D.
Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
Answers
Suggested answer: B

Question 37

Report
Export
Collapse

A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket. Which action will solve this problem while adhering to least privilege access?

A.
Add a bucket policy to the S3 bucket permitting access from the IAM role.
A.
Add a bucket policy to the S3 bucket permitting access from the IAM role.
Answers
B.
Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
B.
Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
Answers
C.
Configure the route table to allow the instances on the private subnet access through the internet gateway.
C.
Configure the route table to allow the instances on the private subnet access through the internet gateway.
Answers
D.
Create a NAT Gateway in a private subnet and configure the route table for the private subnets.
D.
Create a NAT Gateway in a private subnet and configure the route table for the private subnets.
Answers
Suggested answer: C

Question 38

Report
Export
Collapse

A SysOps administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account, but they are not being associated with Amazon EC2 instance, and are incurring Elastic IP address charges in the monthly bill.

How can the administrator identify who is creating the Elastic IP addresses?

A.
Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.
A.
Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.
Answers
B.
Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
B.
Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
Answers
C.
Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.
C.
Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.
Answers
D.
Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.
D.
Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.
Answers
Suggested answer: A

Question 39

Report
Export
Collapse

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.

What should the SysOps administrator do to meet these requirements?

A.
Launch the instances into a cluster placement group in a single AWS Region.
A.
Launch the instances into a cluster placement group in a single AWS Region.
Answers
B.
Launch the instances into a partition placement group in multiple AWS Regions.
B.
Launch the instances into a partition placement group in multiple AWS Regions.
Answers
C.
Launch the instances into a spread placement group in multiple AWS Regions.
C.
Launch the instances into a spread placement group in multiple AWS Regions.
Answers
D.
Launch the instances into a spread placement group in a single AWS Region.
D.
Launch the instances into a spread placement group in a single AWS Region.
Answers
Suggested answer: B

Question 40

Report
Export
Collapse

A SysOps administrator is investigating issues on an Amazon RDS for MariaDB DB instance. The SysOps administrator wants to display the database load categorized by detailed wait events. How can the SysOps administrator accomplish this goal?

A.
Create an Amazon CloudWatch dashboard.
A.
Create an Amazon CloudWatch dashboard.
Answers
B.
Enable Amazon RDS Performance Insights.
B.
Enable Amazon RDS Performance Insights.
Answers
C.
Enable and configure Enhanced Monitoring.
C.
Enable and configure Enhanced Monitoring.
Answers
D.
Review the database logs in Amazon CloudWatch Logs.
D.
Review the database logs in Amazon CloudWatch Logs.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.EnableMySQL.html

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms