ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 41

Report
Export
Collapse

A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an AWS Site-to-Site VPN connection between the on-premises network and AWS. The company must monitor the application for changes that allow network access outside of the corporate network. Any change that exposes the application externally must be restricted automatically. Which solution meets these requirements in the MOST operationally efficient manner?

A.
Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR ranges. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Logs. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a target.
A.
Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR ranges. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Logs. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a target.
Answers
B.
Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public IP addresses on the EC2 instances. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
B.
Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public IP addresses on the EC2 instances. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
Answers
C.
Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from noncorporate CIDR ranges. Create an AWS Systems Manager Automation document to remove any noncorporate CIDR ranges from the application security groups.
C.
Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from noncorporate CIDR ranges. Create an AWS Systems Manager Automation document to remove any noncorporate CIDR ranges from the application security groups.
Answers
D.
Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag. Tag the EC2 instances with an identifier. Create an AWS Systems Manager Automation document to remove the public IP association from the EC2 instances.
D.
Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag. Tag the EC2 instances with an identifier. Create an AWS Systems Manager Automation document to remove the public IP association from the EC2 instances.
Answers
Suggested answer: A

Question 42

Report
Export
Collapse

A SysOps administrator has successfully deployed a VPC with an AWS CloudFormation template. The SysOps administrator wants to deploy the same template across multiple accounts that are managed through AWS Organizations. Which solution will meet this requirement with the LEAST operational overhead?

A.
Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
A.
Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
Answers
B.
Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
B.
Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
Answers
C.
Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
C.
Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
Answers
D.
Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.
D.
Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.
Answers
Suggested answer: D

Explanation:

Reference: https://aws.amazon.com/blogs/aws/new-use-aws-cloudformation-stacksets-for-multiple-accounts-in-an-awsorganization/

Question 43

Report
Export
Collapse

A SysOps administrator is notified that an Amazon EC2 instance has stopped responding. The AWS Management Console indicates that the system checks are failing. What should the administrator do first to resolve this issue?

A.
Reboot the EC2 instance so it can be launched on a new host.
A.
Reboot the EC2 instance so it can be launched on a new host.
Answers
B.
Stop and then start the EC2 instance so that it can be launched on a new host.
B.
Stop and then start the EC2 instance so that it can be launched on a new host.
Answers
C.
Terminate the EC2 instance and relaunch it.
C.
Terminate the EC2 instance and relaunch it.
Answers
D.
View the AWS CloudTrail log to investigate what changed on the EC2 instance.
D.
View the AWS CloudTrail log to investigate what changed on the EC2 instance.
Answers
Suggested answer: B

Question 44

Report
Export
Collapse

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic.

Which solution will provide the EC2 instances in the private subnet with access to the internet?

A.
Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
A.
Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
Answers
B.
Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
B.
Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
Answers
C.
Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
C.
Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
Answers
D.
Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.
D.
Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.
Answers
Suggested answer: A

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

Question 45

Report
Export
Collapse

A recent audit found that most resources belonging to the development team were in violation of patch compliance standards. The resources were properly tagged. Which service should be used to quickly remediate the issue and bring the resources back into compliance?

A.
AWS Config
A.
AWS Config
Answers
B.
Amazon Inspector
B.
Amazon Inspector
Answers
C.
AWS Trusted Advisor
C.
AWS Trusted Advisor
Answers
D.
AWS Systems Manager
D.
AWS Systems Manager
Answers
Suggested answer: D

Explanation:

Reference: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-about.html

Question 46

Report
Export
Collapse

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy. What is likely to be the problem?

A.
The Amazon Machine image used is not available in that region.
A.
The Amazon Machine image used is not available in that region.
Answers
B.
The AWS CloudFormation template needs to be updated to the latest version.
B.
The AWS CloudFormation template needs to be updated to the latest version.
Answers
C.
The VPC configuration parameters have changed and must be updated in the template.
C.
The VPC configuration parameters have changed and must be updated in the template.
Answers
D.
The account has reached the default limit for VPCs allowed.
D.
The account has reached the default limit for VPCs allowed.
Answers
Suggested answer: D

Explanation:

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html

Question 47

Report
Export
Collapse

A company runs its infrastructure on Amazon EC2 instances that run in an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2 fleet. This faulty code caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved.

What should a SysOps administrator do to retain the application logs after instances are terminated?

A.
Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
A.
Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
Answers
B.
Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.
B.
Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.
Answers
C.
Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrail. Update the launch template to use the new AMI.
C.
Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrail. Update the launch template to use the new AMI.
Answers
D.
Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch template. Configure the CloudWatch agent to back up the logs to ephemeral storage.
D.
Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch template. Configure the CloudWatch agent to back up the logs to ephemeral storage.
Answers
Suggested answer: C

Question 48

Report
Export
Collapse

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal. Which actions should a SysOps administrator take to improve the performance of the file system?

A.
Configure the file system for Provisioned Throughput.
A.
Configure the file system for Provisioned Throughput.
Answers
B.
Enable encryption in transit on the file system.
B.
Enable encryption in transit on the file system.
Answers
C.
Identify any unused files in the file system, and remove the unused files.
C.
Identify any unused files in the file system, and remove the unused files.
Answers
D.
Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
D.
Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
Answers
Suggested answer: A

Explanation:

Reference: https://docs.aws.amazon.com/efs/latest/ug/performance.html

Question 49

Report
Export
Collapse

A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

A.
Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
A.
Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Answers
B.
Create an origin access identity and grant it permissions to read objects in the S3 bucket.
B.
Create an origin access identity and grant it permissions to read objects in the S3 bucket.
Answers
C.
Assign an IAM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
C.
Assign an IAM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
Answers
D.
Assign an IAM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.
D.
Assign an IAM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.
Answers
Suggested answer: B

Question 50

Report
Export
Collapse

A SysOps administrator must create a solution to automatically shuts down any Amazon EC2 instances that have less than 10% average CPU to monitor average CPU utilization for 60 minutes or more. Which solution meets these requirements in the MOST operationally efficient manner?

A.
Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown if CPU utilization is less than 10%.
A.
Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown if CPU utilization is less than 10%.
Answers
B.
Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
B.
Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
Answers
C.
Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
C.
Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
Answers
D.
Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.
D.
Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_AlarmAtThresholdEC2.html

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms