ExamGecko
Login
Home / Amazon / SOA-C02 / List of questions
Ask Question

Amazon SOA-C02 Practice Test - Questions Answers, Page 4

List of questions

Question 31

Report
Export
Collapse

An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.

How can this be resolved?

Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
Enable encryption on each host's local drive. Restart each host to encrypt the drive.
Enable encryption on each host's local drive. Restart each host to encrypt the drive.
Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
Suggested answer: D
asked 16/09/2024
Matthew Walsh
31 questions

Question 32

Report
Export
Collapse

A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

Amazon SOA-C02 image Question 32 8067 09162024010005000000

What should be added to the private subnet's route table in order to address this issue, given the information provided?

0.0.0.0/0 IGW
0.0.0.0/0 IGW
0.0.0.0/0 NAT
0.0.0.0/0 NAT
10.0.1.0/24 IGW
10.0.1.0/24 IGW
10.0.1.0/24 NAT
10.0.1.0/24 NAT
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

asked 16/09/2024
Anu V
34 questions

Question 33

Report
Export
Collapse

An organization finds that a high number of gp2 Amazon EBS volumes are running out of space.

Which solution will provide the LEAST disruption with MINIMAL effort?

Create a snapshot and restore it to a larger gp2 volume.
Create a snapshot and restore it to a larger gp2 volume.
Create a RAID 0 with another new gp2 volume to increase capacity.
Create a RAID 0 with another new gp2 volume to increase capacity.
Leverage the Elastic Volumes feature of EBS to increase gp2 volume size.
Leverage the Elastic Volumes feature of EBS to increase gp2 volume size.
Write a script to migrate data to a larger gp2 volume.
Write a script to migrate data to a larger gp2 volume.
Suggested answer: C

Explanation:

Reference: https://aws.amazon.com/ebs/features/

Amazon SOA-C02 image Question 33 explanation 8068 09162024010005000000

asked 16/09/2024
Hassene SAADI
30 questions

Question 34

Report
Export
Collapse


A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between 6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.

What is the MOST operationally efficient solution that meets these requirements?

Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.
Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.
Suggested answer: B
asked 16/09/2024
Todd Hekkema
42 questions

Question 35

Report
Export
Collapse

A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.

The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.

Which solution will securely share the AMI with the other AWS accounts?

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to make it public.
In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to make it public.
In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with.Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with.Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
Suggested answer: C
asked 16/09/2024
Alfred Macaraeg
44 questions

Question 36

Report
Export
Collapse

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps administrator take to meet these requirements?

Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
Suggested answer: B
asked 16/09/2024
jonathan jaramillo
31 questions

Question 37

Report
Export
Collapse

A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket. Which action will solve this problem while adhering to least privilege access?

Add a bucket policy to the S3 bucket permitting access from the IAM role.
Add a bucket policy to the S3 bucket permitting access from the IAM role.
Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
Configure the route table to allow the instances on the private subnet access through the internet gateway.
Configure the route table to allow the instances on the private subnet access through the internet gateway.
Create a NAT Gateway in a private subnet and configure the route table for the private subnets.
Create a NAT Gateway in a private subnet and configure the route table for the private subnets.
Suggested answer: C
asked 16/09/2024
safiqueahmed kazi
37 questions

Question 38

Report
Export
Collapse

A SysOps administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account, but they are not being associated with Amazon EC2 instance, and are incurring Elastic IP address charges in the monthly bill.

How can the administrator identify who is creating the Elastic IP addresses?

Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.
Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.
Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.
Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.
Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.
Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.
Suggested answer: A
asked 16/09/2024
Robert Fox
50 questions

Question 39

Report
Export
Collapse

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.

What should the SysOps administrator do to meet these requirements?

Launch the instances into a cluster placement group in a single AWS Region.
Launch the instances into a cluster placement group in a single AWS Region.
Launch the instances into a partition placement group in multiple AWS Regions.
Launch the instances into a partition placement group in multiple AWS Regions.
Launch the instances into a spread placement group in multiple AWS Regions.
Launch the instances into a spread placement group in multiple AWS Regions.
Launch the instances into a spread placement group in a single AWS Region.
Launch the instances into a spread placement group in a single AWS Region.
Suggested answer: B
asked 16/09/2024
Robert L Swafford
38 questions

Question 40

Report
Export
Collapse

A SysOps administrator is investigating issues on an Amazon RDS for MariaDB DB instance. The SysOps administrator wants to display the database load categorized by detailed wait events. How can the SysOps administrator accomplish this goal?

Create an Amazon CloudWatch dashboard.
Create an Amazon CloudWatch dashboard.
Enable Amazon RDS Performance Insights.
Enable Amazon RDS Performance Insights.
Enable and configure Enhanced Monitoring.
Enable and configure Enhanced Monitoring.
Review the database logs in Amazon CloudWatch Logs.
Review the database logs in Amazon CloudWatch Logs.
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.EnableMySQL.html

Amazon SOA-C02 image Question 40 explanation 8075 09162024010005000000

asked 16/09/2024
Marcos Davila
32 questions
Total 450 questions
Go to page: of 45
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.
After creating a presigned URL for an S3 object, users can no longer access the file after a few days.
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server. A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection. The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue?
The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.
The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names?
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2. large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes. What change should be made to alleviate the performance problem?
A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds. How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
A SysOps administrator needs EC2 instances in a VPC to resolve DNS names for hosts in an on-premises data center.