ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 40

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 391

Report
Export
Collapse

After creating a presigned URL for an S3 object, users can no longer access the file after a few days.

A.

The presigned URL's expiration date and time have passed.

A.

The presigned URL's expiration date and time have passed.

Answers
B.

The SysOps administrator's access key is no longer valid.

B.

The SysOps administrator's access key is no longer valid.

Answers
C.

The S3 bucket's Block Public Access settings are enabled.

C.

The S3 bucket's Block Public Access settings are enabled.

Answers
D.

The S3 object's ACL does not include READ access for the All Users group.

D.

The S3 object's ACL does not include READ access for the All Users group.

Answers
E.

The S3 object's ACL does not include READ_ACP access for the All Users group.

E.

The S3 object's ACL does not include READ_ACP access for the All Users group.

Answers
Suggested answer: A, B

Explanation:

The presigned URL expiration is the most common reason for access issues after some time. Additionally, if the SysOps administrator's access key (used to generate the presigned URL) is invalid, the URL will no longer be usable. Block Public Access or ACL settings are irrelevant to presigned URLs.

Question 392

Report
Export
Collapse

The company needs to increase IOPS for two EC2 instances with gp2 volumes to support an upcoming promotion with higher I/O requirements.

A.

Migrate the attached EBS volumes to Throughput Optimized HDD (st1) EBS volumes.

A.

Migrate the attached EBS volumes to Throughput Optimized HDD (st1) EBS volumes.

Answers
B.

Configure Amazon ElastiCache integration on the EC2 instances.

B.

Configure Amazon ElastiCache integration on the EC2 instances.

Answers
C.

Migrate the workload to two storage optimized EC2 instances.

C.

Migrate the workload to two storage optimized EC2 instances.

Answers
D.

Migrate the attached EBS volumes to General Purpose SSD (gp3) EBS volumes. Provision the appropriate IOPS.

D.

Migrate the attached EBS volumes to General Purpose SSD (gp3) EBS volumes. Provision the appropriate IOPS.

Answers
Suggested answer: D

Explanation:

Migrating to gp3 volumes allows for customizable IOPS at a lower cost than gp2, meeting the requirement for higher IOPS during the promotion. Throughput Optimized HDD (st1) volumes do not support high IOPS, and ElastiCache does not address I/O for EBS volumes.

Question 393

Report
Export
Collapse

The SysOps administrator needs to create a key policy that grants data engineers least privilege access to decrypt and read data from an S3 bucket encrypted with KMS.

A.

'kms:ReEncrypt*', 'kms:GenerateDataKey*', 'kms:Encrypt', 'kms:DescribeKey'

A.

'kms:ReEncrypt*', 'kms:GenerateDataKey*', 'kms:Encrypt', 'kms:DescribeKey'

Answers
B.

'kms:ListAliases', 'kms:GetKeyPolicy', 'kms:Describe*', 'kms:Decrypt'

B.

'kms:ListAliases', 'kms:GetKeyPolicy', 'kms:Describe*', 'kms:Decrypt'

Answers
C.

'kms:ListAliases', 'kms:DescribeKey', 'kms:Decrypt'

C.

'kms:ListAliases', 'kms:DescribeKey', 'kms:Decrypt'

Answers
D.

'kms:Update*', 'kms:TagResource', 'kms:Revoke*', 'kms:Put*', 'kms:List*', 'kms:Get*', 'kms:Enable*', 'kms:Disable*', 'kms:Describe*', 'kms:Delete*', 'kms:Create*', kms:CancelKeyDeletion

D.

'kms:Update*', 'kms:TagResource', 'kms:Revoke*', 'kms:Put*', 'kms:List*', 'kms:Get*', 'kms:Enable*', 'kms:Disable*', 'kms:Describe*', 'kms:Delete*', 'kms:Create*', kms:CancelKeyDeletion

Answers
Suggested answer: C

Explanation:

The least privilege required for reading encrypted data involves kms:Decrypt to decrypt, kms:DescribeKey to understand key properties, and kms:ListAliases if needed to identify the key alias.

Question 394

Report
Export
Collapse

The SysOps administrator must restart the web server if specific errors are detected in logs on EC2 instances behind a load balancer.

A.

Install the Amazon CloudWatch agent on the EC2 instances.

A.

Install the Amazon CloudWatch agent on the EC2 instances.

Answers
B.

Create an AWS CloudTrail metric filter for the web logs. Configure an alarm for the specific errors.

B.

Create an AWS CloudTrail metric filter for the web logs. Configure an alarm for the specific errors.

Answers
C.

Create an Amazon CloudWatch metric filter for the web logs. Configure an alarm for the specific errors.

C.

Create an Amazon CloudWatch metric filter for the web logs. Configure an alarm for the specific errors.

Answers
D.

Publish alarm findings to Amazon Simple Email Service (Amazon SES). Invoke an AWS Lambda function to restart the web server software.

D.

Publish alarm findings to Amazon Simple Email Service (Amazon SES). Invoke an AWS Lambda function to restart the web server software.

Answers
E.

Create an Amazon EventBridge rule that responds to the alarm. Configure the rule to invoke an AWS Systems Manager Automation runbook to restart the web server software.

E.

Create an Amazon EventBridge rule that responds to the alarm. Configure the rule to invoke an AWS Systems Manager Automation runbook to restart the web server software.

Answers
F.

Create an Amazon Simple Notification Service (Amazon SNS) notification that responds to the alarm. Configure the notification to invoke an AWS Systems Manager Automation runbook to restart the web server software.

F.

Create an Amazon Simple Notification Service (Amazon SNS) notification that responds to the alarm. Configure the notification to invoke an AWS Systems Manager Automation runbook to restart the web server software.

Answers
Suggested answer: A, C, E

Explanation:

Installing the CloudWatch agent enables log monitoring, and a CloudWatch metric filter allows alerting on specific errors. Using EventBridge to trigger a Systems Manager Automation runbook automates the restart of the web server, creating an efficient and automated solution.

Question 395

Report
Export
Collapse

The company requires a disaster recovery solution for an Aurora PostgreSQL database with a 20-second RPO.

A.

Reconfigure the database to be an Aurora global database. Set the RPO to 20 seconds.

A.

Reconfigure the database to be an Aurora global database. Set the RPO to 20 seconds.

Answers
B.

Reconfigure the database to be an Aurora Serverless v2 database with an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.

B.

Reconfigure the database to be an Aurora Serverless v2 database with an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.

Answers
C.

Modify the database to use a Multi-AZ cluster that has two readable standby instances in separate Availability Zones. Add an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.

C.

Modify the database to use a Multi-AZ cluster that has two readable standby instances in separate Availability Zones. Add an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.

Answers
Suggested answer: A

Explanation:

Aurora Global Databases are designed for cross-Region disaster recovery with very low RPO, meeting the 20-second requirement. Setting up Aurora as a global database with the correct configuration ensures low-latency replication and rapid failover, making it ideal for compliance with strict disaster recovery requirements.


Question 396

Report
Export
Collapse

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.

A.

Create an Amazon FSx for Windows File Server Multi-AZ file system. Map file shares on the instances by using the file system's DNS name.

A.

Create an Amazon FSx for Windows File Server Multi-AZ file system. Map file shares on the instances by using the file system's DNS name.

Answers
B.

Grant the instances access to a shared Amazon S3 bucket. Use Windows Task Scheduler to synchronize the contents of the S3 bucket locally to each instance periodically.

B.

Grant the instances access to a shared Amazon S3 bucket. Use Windows Task Scheduler to synchronize the contents of the S3 bucket locally to each instance periodically.

Answers
C.

Create an Amazon Elastic File System (Amazon EFS) file system that uses the EFS Standard storage class. Mount the file system to the instances by using the file system's DNS name and the EFS mount helper.

C.

Create an Amazon Elastic File System (Amazon EFS) file system that uses the EFS Standard storage class. Mount the file system to the instances by using the file system's DNS name and the EFS mount helper.

Answers
D.

Create a new Amazon Elastic Block Store (Amazon EBS) Multi-Attach volume. Attach the EBS volume as an additional drive to each instance.

D.

Create a new Amazon Elastic Block Store (Amazon EBS) Multi-Attach volume. Attach the EBS volume as an additional drive to each instance.

Answers
Suggested answer: A

Explanation:

Amazon FSx for Windows File Server provides a fully managed, highly available, and native Windows file system compatible with the SMB protocol, ideal for Windows workloads requiring shared access.

Multi-AZ File System: Ensures high availability across multiple Availability Zones.

Native Windows Capabilities: Allows instances to map file shares and access files using Windows storage features, offering strong consistency and performance for shared files.

Other options, like Amazon S3 and Amazon EFS, either lack native Windows integration or do not offer the desired consistency and high availability for shared file systems in a Windows environment.

Question 397

Report
Export
Collapse

To automatically reboot an EC2 instance when disk usage reaches 100%, a solution with minimal operational overhead is needed.

A.

Create a CloudWatch alarm for the EC2 instance. Create an Amazon EventBridge event rule that reacts to the CloudWatch alarm and reboots the EC2 instance.

A.

Create a CloudWatch alarm for the EC2 instance. Create an Amazon EventBridge event rule that reacts to the CloudWatch alarm and reboots the EC2 instance.

Answers
B.

Create a CloudWatch alarm for the EC2 instance. Create an Amazon Simple Email Service (Amazon SES) notification that reacts to the CloudWatch alarm and reboots the EC2 instance.

B.

Create a CloudWatch alarm for the EC2 instance. Create an Amazon Simple Email Service (Amazon SES) notification that reacts to the CloudWatch alarm and reboots the EC2 instance.

Answers
C.

Create an AWS Lambda function to reboot the EC2 instance. Create a CloudWatch alarm that uses Amazon EventBridge to invoke the Lambda function.

C.

Create an AWS Lambda function to reboot the EC2 instance. Create a CloudWatch alarm that uses Amazon EventBridge to invoke the Lambda function.

Answers
D.

Create an AWS Lambda function to reboot the EC2 instance. Use EC2 health checks to invoke the Lambda function.

D.

Create an AWS Lambda function to reboot the EC2 instance. Use EC2 health checks to invoke the Lambda function.

Answers
Suggested answer: A

Explanation:

Using a CloudWatch alarm with an EventBridge rule provides an automated, direct way to reboot the EC2 instance without extra components like SES or Lambda. This is a straightforward approach with low operational overhead.

Question 398

Report
Export
Collapse

The SysOps administrator needs to prevent launching EC2 instances without a specific tag in the application OU.

A.

Create an IAM group that has a policy allowing ec2:RunInstances when the CostCenter-Project tag is present. Place all IAM users in this group.

A.

Create an IAM group that has a policy allowing ec2:RunInstances when the CostCenter-Project tag is present. Place all IAM users in this group.

Answers
B.

Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the application OU.

B.

Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the application OU.

Answers
C.

Create an IAM role with a policy that allows ec2:RunInstances when the CostCenter-Project tag is present. Attach the IAM role to users in the application OU accounts.

C.

Create an IAM role with a policy that allows ec2:RunInstances when the CostCenter-Project tag is present. Attach the IAM role to users in the application OU accounts.

Answers
D.

Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the root OU.

D.

Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the root OU.

Answers
Suggested answer: B

Explanation:

An SCP applied to the application OU that denies ec2:RunInstances when the CostCenter-Project tag is missing ensures that all accounts in the OU adhere to the tagging policy. This approach is centralized and applies only to the intended OU.

Question 399

Report
Export
Collapse

A company has an AWS Config rule that identifies open SSH ports in security groups. The rule has an automatic remediation action to delete the SSH inbound rule for noncompliant security groups. However, business units require SSH access and can provide a list of trusted IPs to restrict access.

A.

Create a new AWS Systems Manager Automation runbook that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

A.

Create a new AWS Systems Manager Automation runbook that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

Answers
B.

Create a new AWS Systems Manager Automation runbook that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

B.

Create a new AWS Systems Manager Automation runbook that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

Answers
C.

Create an AWS Lambda function that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

C.

Create an AWS Lambda function that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

Answers
D.

Create an AWS Lambda function that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

D.

Create an AWS Lambda function that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

Answers
Suggested answer: B

Explanation:

The problem requires modifying the inbound SSH rule to restrict access to a list of trusted IPs instead of deleting it entirely. AWS Config rules can be configured with automatic remediation actions using either Systems Manager Automation runbooks or Lambda functions. However, AWS Systems Manager Automation runbooks are often more appropriate for managing infrastructure changes like security group modifications because they are reusable, parameterized, and easier to audit.

Create a Systems Manager Automation runbook: This runbook will contain steps to add or modify the existing security group rule, allowing SSH access only from the specified IP addresses.

Update the AWS Config rule: Modify the Config rule to call this new runbook for its automatic remediation. This will prevent deletion of the SSH rule and instead update it based on the IP list.

Question 400

Report
Export
Collapse

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.

A.

Modify the DB instance to be a Multi-AZ DB instance deployment.

A.

Modify the DB instance to be a Multi-AZ DB instance deployment.

Answers
B.

Add a read replica in the same Availability Zone where the DB instance is deployed.

B.

Add a read replica in the same Availability Zone where the DB instance is deployed.

Answers
C.

Add the DB instance to an Auto Scaling group that has a minimum capacity of 2 and a desired capacity of 2.

C.

Add the DB instance to an Auto Scaling group that has a minimum capacity of 2 and a desired capacity of 2.

Answers
D.

Use RDS Proxy to configure a proxy in front of the DB instance.

D.

Use RDS Proxy to configure a proxy in front of the DB instance.

Answers
Suggested answer: A

Explanation:

To ensure high availability and failover for RDS, converting the instance to a Multi-AZ deployment is the best practice. Multi-AZ configurations provide automated standby in a different Availability Zone, automatically failing over to the standby in case of instance or Availability Zone issues.

Modify DB instance: AWS allows for seamless conversion of an existing Single-AZ RDS instance to a Multi-AZ deployment, making it more resilient to outages without requiring significant application changes.

Failover mechanism: In Multi-AZ, failover is managed automatically by AWS, minimizing application downtime.

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms