ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 71

Report
Export
Collapse

A SysOps administrator is using AWS Compute Optimizer to get recommendations for a fleet of Amazon EC2 instances. After the analysis is complete, some of the EC2 instances are missing from the Compute Optimizer dashboard. What is the cause of this issue?

A.
The missing instances do not have the Amazon CloudWatch agent installed.
A.
The missing instances do not have the Amazon CloudWatch agent installed.
Answers
B.
Compute Optimizer does not support the instance types of the missing instances.
B.
Compute Optimizer does not support the instance types of the missing instances.
Answers
C.
Compute Optimizer already considers the missing instances to be optimized.
C.
Compute Optimizer already considers the missing instances to be optimized.
Answers
D.
The missing instances are running a Windows operating system.
D.
The missing instances are running a Windows operating system.
Answers
Suggested answer: A

Question 72

Report
Export
Collapse

A company website contains a web tier and a database tier on AWS. The web tier consists of Amazon EC2 instances that run in an Auto Scaling group across two Availability Zones. The database tier runs on an Amazon RDS for MySQL Multi-AZ DB instance. The database subnet network ACLs are restricted to only the web subnets that need access to the database. The web subnets use the default network ACL with the default rules.

The company's operations team has added a third subnet to the Auto Scaling group configuration. After an Auto Scaling event occurs, some users report that they intermittently receive an error message. The error messages states that the server cannot connect to the database. The operations team has confirmed that the route tables are correct and that the required ports are open on all security groups. Which combination of actions should a SysOps administrator take so that the web servers can communicate with the DB instance? (Choose two.)

A.
On the default ACL, create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.
A.
On the default ACL, create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.
Answers
B.
On the default ACL. Create outbound Allow rules of type MySQL/Aurora (3306). Specify the destinations as the database subnets.
B.
On the default ACL. Create outbound Allow rules of type MySQL/Aurora (3306). Specify the destinations as the database subnets.
Answers
C.
On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.
C.
On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.
Answers
D.
On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet.
D.
On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet.
Answers
E.
On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.
E.
On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.
Answers
Suggested answer: B, D

Question 73

Report
Export
Collapse

An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted. These objects must be encrypted, and all future objects must be encrypted at the time they are written. Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)

A.
Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket. When an unencrypted object is found, run an AWS Systems Manager Automation document to encrypt the object in place.
A.
Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket. When an unencrypted object is found, run an AWS Systems Manager Automation document to encrypt the object in place.
Answers
B.
Edit the properties of the S3 bucket to enable default server-side encryption.
B.
Edit the properties of the S3 bucket to enable default server-side encryption.
Answers
C.
Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted. Create an S3 Batch Operations job to copy each object in place with encryption enabled.
C.
Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted. Create an S3 Batch Operations job to copy each object in place with encryption enabled.
Answers
D.
Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted. Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue. Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS".
D.
Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted. Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue. Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS".
Answers
E.
Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket. Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found.
E.
Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket. Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found.
Answers
Suggested answer: B, E

Question 74

Report
Export
Collapse

A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53, and wants to point its domain's zone apex to the website. Which type of record should be used to meet these requirements?

A.
An AAAA record for the domain's zone apex
A.
An AAAA record for the domain's zone apex
Answers
B.
An A record for the domain's zone apex
B.
An A record for the domain's zone apex
Answers
C.
A CNAME record for the domain's zone apex
C.
A CNAME record for the domain's zone apex
Answers
D.
An alias record for the domain's zone apex
D.
An alias record for the domain's zone apex
Answers
Suggested answer: D

Explanation:

Reference: https://aws.amazon.com/route53/faqs/

Question 75

Report
Export
Collapse

A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.

What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

A.
Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.
A.
Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.
Answers
B.
Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.
B.
Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.
Answers
C.
Modify the existing EFS file system and activate Max I/O performance mode.
C.
Modify the existing EFS file system and activate Max I/O performance mode.
Answers
D.
Modify the existing EFS file system and activate Provisioned Throughput mode.
D.
Modify the existing EFS file system and activate Provisioned Throughput mode.
Answers
Suggested answer: A

Question 76

Report
Export
Collapse

A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs. Which solution will net these requirements?

A.
Create a single AWS Storage Gateway file gateway.
A.
Create a single AWS Storage Gateway file gateway.
Answers
B.
Create an Amazon FSx for Windows File Server Multi-AZ file system.
B.
Create an Amazon FSx for Windows File Server Multi-AZ file system.
Answers
C.
Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.
C.
Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.
Answers
D.
Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).
D.
Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).
Answers
Suggested answer: B

Explanation:

Reference: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html

Question 77

Report
Export
Collapse

A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template should refer to the resources created by the first template. How can this be accomplished with the LEAST amount of administrative effort?

A.
Add an export field to the outputs of the first template and import the values in the second template.
A.
Add an export field to the outputs of the first template and import the values in the second template.
Answers
B.
Create a custom resource that queries the stack created by the first template and retrieves the required values.
B.
Create a custom resource that queries the stack created by the first template and retrieves the required values.
Answers
C.
Create a mapping in the first template that is referenced by the second template.
C.
Create a mapping in the first template that is referenced by the second template.
Answers
D.
Input the names of resources in the first template and refer to those names in the second template as a parameter.
D.
Input the names of resources in the first template and refer to those names in the second template as a parameter.
Answers
Suggested answer: C

Question 78

Report
Export
Collapse

A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration. What should a SysOps administrator do to configure this integration?

A.
Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
A.
Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
Answers
B.
Create a new KMS key. Create a new IAM key. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
B.
Create a new KMS key. Create a new IAM key. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
Answers
C.
Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS key policy. Provide the KMS managed S3 key ARN to the vendor.
C.
Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS key policy. Provide the KMS managed S3 key ARN to the vendor.
Answers
D.
Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.
D.
Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.
Answers
Suggested answer: D

Explanation:

Reference: https://bookdown.org/bingweiliu11/aws-tutorial-book/use-case.html

Question 79

Report
Export
Collapse

A company has an infernal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.

Which action should the SysOps administrator take to meet this requirement?

A.
Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
A.
Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
Answers
B.
Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
B.
Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
Answers
C.
Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
C.
Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
Answers
D.
Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
D.
Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
Answers
Suggested answer: C

Question 80

Report
Export
Collapse

A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the application across the AWS accounts. A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS Single Sign-On (AWS SSO) and has set up an AWS Direct Connect connection. What is the MOST operationally efficient solution that meets these requirements?

A.
Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for AWS SSO. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
A.
Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for AWS SSO. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
Answers
B.
Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for AWS SSO. Create the required rolebased permission sets. Assign each group of users to the AWS accounts that the group will manage.
B.
Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for AWS SSO. Create the required rolebased permission sets. Assign each group of users to the AWS accounts that the group will manage.
Answers
C.
Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for AWS SSO. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
C.
Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for AWS SSO. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
Answers
D.
Use the built-in SSO directory as the identity source for AWS SSO. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
D.
Use the built-in SSO directory as the identity source for AWS SSO. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
Answers
Suggested answer: C

Explanation:

Reference: https://docs.aws.amazon.com/singlesignon/latest/userguide/connectonpremad.html

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms