Amazon Web Services Real Dumps Practice Exam Questions by Dumpswarp

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question 1

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Question 2

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Options:

Question 3

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Answer:

See the Explanation for solution.

Explanation:

Here are the steps to configure an Amazon S3 bucket to serve a static error page in the event of a failure at the primary site:

Log in to the AWS Management Console and navigate to the S3 service in the us-east-2 Region.
Find the existing S3 bucket named lab-751906329398-26023898.com and click on it.
In the "Properties" tab, click on "Static website hosting" and select "Use this bucket to host a website".
In "Index Document" field, enter the name of the object that you want to use as the index document, in this case, "index.html"
In the "Permissions" tab, click on "Block Public Access", and make sure that "Block all public access" is turned OFF.
Click on "Bucket Policy" and add the following policy to allow public read access:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "PublicReadGetObject",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::lab-751906329398-26023898.com/*"

}

]

}

Now navigate to the Amazon Route 53 service, and find the existing hosted zone named lab-751906329398-26023898.com.
Click on the "A record" and update the routing policy to "Primary - Failover" and add the existing ALB as the primary record.
Click on "Create Record" button and create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing S3 bucket.
Now, when the primary site (ALB) goes down, traffic will be automatically routed to the S3 bucket serving the static error page.

Note:

You can use CloudWatch to monitor the health of your ALB.
You can use Amazon S3 to host a static website.
You can use Amazon Route 53 for routing traffic to different resources based on health checks.
You can refer to the AWS documentation for more information on how to configure and use these services:

Graphical user interface, text, application Description automatically generated

Graphical user interface, application, Teams Description automatically generated

Graphical user interface, text, application Description automatically generated

Graphical user interface, text, application, email Description automatically generated

Graphical user interface, text, application Description automatically generated

Question 4

A company must ensure that any objects uploaded to an S3 bucket are encrypted.

Which of the following actions will meet this requirement? (Choose two.)

Options:

Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.

Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.

Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.

Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Question 5

A company's SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company's web application. The web application does not use any Elastic IP addresses. Users must access the web application by using the company's domain name. The SysOps administrator needs to configure Amazon Route 53 to route traffic to the NLB.

Which solution will meet these requirements MOST cost-effectively?

Options:

Create a Route 53 AAAA record for the NLB.

Create a Route 53 alias record for the NLB.

Create a Route 53 CAA record for the NLB.

Create a Route 53 CNAME record for the NLB.

Question 6

A SysOps administrator has launched a large general purpose Amazon EC2 instance to regularly process large data files. The instance has an attached 1 TB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBS-optimized. To save costs, the SysOps administrator stops the instance each evening and restarts the instance each morning.

When data processing is active, Amazon CloudWatch metrics on the instance show a consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O performance while ensuring data integrity.

Which action will meet these requirements?

Options:

Change the instance type to a large, burstable, general purpose instance.

Change the instance type to an extra large general purpose instance.

Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

Move the data that resides on the EBS volume to the instance store.

Question 7

A company needs to view a list of security groups that are open to the internet on port 3389.

What should a SysOps administrator do to meet this requirement?

Options:

Configure Amazon GuardDuly to scan security groups and report unrestricted access on port 3389.

Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389

Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.

Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.

Question 8

A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement?

Options:

Configure S3 bucket metrics to record object access logs

Create an AWS CloudTrail trail to log data events tor all S3 objects

Enable S3 server access logging for each S3 bucket

Use AWS IAM Access Analyzer for Amazon S3 to store object access logs.

Question 9

While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it

What address should be used to create the customer gateway resource?

Options:

The private IP address of the customer gateway device

The MAC address of the NAT device in front of the customer gateway device

The public IP address of the customer gateway device

The public IP address of the NAT device in front of the customer gateway device

Question 10

A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.

A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.

Which action will ensure that the CloudWatch alarms function correctly?

Options:

Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.

Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

Question 11

A Sysops administrator launches an Amazon EC2 instance from a Windows Amazon Machine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store (Amazon EBS) volumes. When the instance is launched, none of the additional Amazon Elastic Block Store (Amazon EBS) volumes are initialized and ready for use through a drive letter. The SysOps administrator needs to automate the EBS volume initialization.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

Create an Amazon EventBridge rule. Configure an AWS Systems Manager Automation runbook as a target of the EventBridge rule to initialize the disks after an EC2 instance launch event.

Create an AmazolkventBridge rule. Configure an AWS Lambda function as a target of the EventBridge rule to initialize the drives after the AMI is launched.

Create an AWS Config rule to automatically initialize the EBS volumes on Windows EC2 instances.

Add the secondary volume configuration to the DriveLetterMappingConfig.json file. Configure the InitializeDisks.ps1 Windows PowerShell script to run at launch. Create a new AMI from the running EC2 instance.

Question 12

A company runs a website from Sydney, Australia. Users in the United States (US) and Europe are reporting that images and videos are taking a long time to load. However, local testing in Australia indicates no performance issues. The website has a large amount of static content in the form of images and videos that are stored m Amazon S3.

Which solution will result In the MOST Improvement In the user experience for users In the US and Europe?

Options:

Configure AWS PrivateLink for Amazon S3.

Configure S3 Transfer Acceleration.

Create an Amazon CloudFront distribution. Distribute the static content to the CloudFront edge locations

Create an Amazon API Gateway API in each AWS Region. Cache the content locally.

Question 13

A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.

Which solution will meet these requirements?

Options:

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.

Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).

Question 14

A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.

What should a SysOps administrator do to resolve this issue?

Options:

In the CPU launch options for the Lambda function, activate hyperthreading.

Turn off the AWS managed encryption.

Increase the amount of memory for the Lambda function.

Load the required code into a custom layer.

Question 15

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors.

The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.

Based on these requirements what should be added to the template?

Options:

Conditions with a timeout set to 4 hours.

CreationPolicy with timeout set to 4 hours.

DependsOn a timeout set to 4 hours.

Metadata with a timeout set to 4 hours

Question 16

A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console

What must the SysOps administrator do to resolve this issue?

Options:

Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up

Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications

Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory

Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy

Question 17

A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched

What should the SysOps administrator do to meet this requirement?

Options:

Add a wait condition to the template Update the EC2 instance user data script to send a signal after the EC2 instance is started

Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource

Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource

Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created

Question 18

A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second.

A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone.

Which solution will meet these requirements?

Options:

Amazon Simple Queue Service (Amazon SQS) queue

Application Load Balancer

AWS Global Accelerator

Network Load Balancer

Question 19

A company applies user-defined tags to resources that are associated with me company's AWS workloads Twenty days after applying the tags, the company notices that it cannot use re tags to filter views in the AWS Cost Explorer console.

What is the reason for this issue?

Options:

It lakes at least 30 days to be able to use tags to filter views in Cost Explorer.

The company has not activated the user-defined tags for cost allocation.

The company has not created an AWS Cost and Usage Report

The company has not created a usage budget in AWS Budgets

Question 20

A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service

Which of the following is the cause of this issue?

Options:

The IAM password is incorrect

The server certificate is missing

The SSH key pair is incorrect

There is no access key

Question 21

A SysOps administrator needs to configure the Amazon Route 53 hosted zone for example.com and to point to an Application Load Balancer (ALB). Which combination of actions should the SysOps administrator take to meet these requirements? (Select TWO.)

Options:

Configure anArecordforexample.com to point to the IP address of the ALB.

Configure an A record for www.example.com to point to the IP address of the ALB.

Configure an alias record for example.com to point to the CNAME of the ALB.

Configure an alias record for www.example.com to point to the Route 53 example.com record.

Configure a CNAME record for example com to point to the CNAME of the ALB.

Question 22

A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement?

Options:

Create one S3 bucket named example.com for both the domain and subdomain.

Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.

Create two S3 buckets named example.com and www.exdmpte.com. Configure the subdomain bucket to redirect requests to the domain bucket.

Create two S3 buckets named http//example.com and http//" exampte.com. Configure the wildcard (') bucket to redirect requests to the domain bucket.

Question 23

A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.

According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the company’s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.

Which action should the SysOps administrator take to meet these requirements?

Options:

Increase the size of the 1 GiB EBS volumes.

Add two additional elastic network interfaces on each EC2 instance.

Turn on Transfer Acceleration on the EBS volumes in the Region.

Add all the EC2 instances to a cluster placement group.

Question 24

A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families.

During initial testing, a SysOps administrator identifies performance issues on selected EC2 instances. The company has a strict budget allocation policy, so the

SysOps administrator must use the right resource types with the performance characteristics to match the workload.

What should the SysOps administrator do to meet this requirement?

Options:

Purchase regional Reserved Instances (RIs) for immediate cost savings. Review and take action on the EC2 rightsizing recommendations in Cost Explorer. Exchange the RIs for the optimal instance family after rightsizing.

Purchase zonal Reserved Instances (RIs) for the existing instances. Monitor the RI utilization in the AWS Billing and Cost Management console. Make adjustments to instance sizes to optimize utilization.

Review and take action on AWS Compute Optimizer recommendations. Purchase Compute Savings Plans to reduce the cost that is required to run the compute resources. Most Voted

Review resource utilization metrics in the AWS Cost and Usage Report. Rightsize the EC2 instances. Create On-Demand Capacity Reservations for the rightsized resources.

Question 25

A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.

Which parameters should be specified to accomplish this in the MOST efficient manner?

Options:

Specify "' as the principal and PrincipalOrgld as a condition.

Specify all account numbers as the principal.

Specify PrincipalOrgld as the principal.

Specify the organization's management account as the principal.

Question 26

A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.

The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.

Which solution will securely share the AMI with the other AWS accounts?

Options:

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms ReEncrypf, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*. kms:CreateGrant, and kms;Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI. and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescrlbeKey, kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI. and specify the CMK. Modify the permissions on the copied AMI to make it public.

In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescnbeKey. kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Question 27

A compliance team requires all administrator passwords tor Amazon RDS DB instances to be changed at toast annually

Which solution meets this requirement in the MOST operationally efficient manned

Options:

Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days

Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days

Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days

Question 28

A company is planning to host its stateful web-based applications on AWS A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances The web applications will run 24 hours a day 7 days a week throughout the year The company must be able to change the instance type within the same instance family later in the year based on the traffic and usage patterns

Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

Options:

Convertible Reserved Instances

On-Demand instances

Spot instances

Standard Reserved instances

Question 29

A SysOps administrator needs to monitor a process that runs on Linux Amazon EC2 instances. If the process stops, the process must restart automatically. The Amazon CloudWatch agent is already installed on all the EC2 Instances.

Which solution will meet these requirements?

Options:

Add a procstat monitoring configuration to the CloudWatch agent for the process. Create an Amazon EventBridge event rule that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

Add a StatsD monitoring configuration to the CloudWatch agent for the process. Create a CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

Add a StatsD monitoring configuration to the CloudWatch agent for the process. Create an Amazon EventBridge event rule that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

Add a procstat monitoring configuration to the CloudWatch agent for the process. Create a CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

Question 30

A SysOps administrator is helping a development team deploy an application to AWS Trie AWS CloudFormat on temp ate includes an Amazon Linux EC2 Instance an Amazon Aurora DB cluster and a hard coded database password that must be rotated every 90 days

What is the MOST secure way to manage the database password?

Options:

Use the AWS SecretsManager Secret resource with the GenerateSecretString property to automatically generate a password Use the AWS SecretsManager RotationSchedule resource lo define a rotation schedule lor the password Configure the application to retrieve the secret from AWS Secrets Manager access the database

Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a password as a CloudFormation parameter Use the AllowedPatteen property of the CloudFormaton parameter to require e minimum length, uppercase and lowercase letters and special characters Configure me application to retrieve the secret from AWS Secrets Manager to access the database

Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to store the parameter as a secure sting Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database

Use the AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to store the parameter as a string Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database

Question 31

A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.

Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO.)

Options:

Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.

Add an AWS Config rule to detect the security groups that allow SSH.

Add an assessment template to Amazon Inspector to detect the security groups that allow SSH

Call an AWS Systems Manager Automation runbook to close the port.

Call AWS Systems Manager Run Command to close the port.

Question 32

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.

Which next step should be taken to configure Route 53?

Options:

Create an A record for each server. Associate the records with the Route 53 HTTP health check.

Create an A record for each server. Associate the records with the Route 53 TCP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

Question 33

A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance's public IP address from the remote IP address 203.0.113.12, the response is "request timed out." The flow logs contain the following information:

What is one cause of the problem?

Options:

Inbound security group deny rule

Outbound security group deny rule

Network ACL inbound rules

Network ACL outbound rules

Question 34

A data storage company provides a service that gives users the ability to upload and download files as needed. The files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently during the first 30 days after the files are stored. Users rarely access files after 30 days.

The company's SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object availability and minimizes cost.

Which solution will meet these requirements?

Options:

Move objects to S3 Glacier after 30 days.

Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.

Question 35

A company runs an application on an Amazon EC2 instance A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand However, the EC2 instances are failing tie health check.

What should the SysOps administrator do to troubleshoot this issue?

Options:

Verity that the Auto Scaling group is configured to use all AWS Regions.

Verily that the application is running on the protocol and the port that the listens is expecting.

Verify the listener priority in the ALB Change the priority if necessary.

Verify the maximum number of instances in the Auto Scaling group Change the number if necessary

Question 36

A company's IT department noticed an increase in the spend of their developer AWS account. There are over 50 developers using the account, and the finance team wants to determine the service costs incurred by each developer.

What should a SysOps administrator do to collect this information? (Select TWO.)

Options:

Activate the createdBy tag in the account.

Analyze the usage with Amazon CloudWatch dashboards.

Analyze the usage with Cost Explorer.

Configure AWS Trusted Advisor to track resource usage.

Create a billing alarm in AWS Budgets.

Question 37

A company hosts an internet web application on Amazon EC2 instances. The company is replacing the application with a new AWS Lambda function. During a transition period, the company must route some traffic to the legacy application and some traffic to the new Lambda function. The company needs to use the URL path of request to determine the routing.

Which solution will meet these requirements?

Options:

Configure a Gateway Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.

Configure a Network Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.

Configure a Network Load Balancer to use a regular expression to match the URL path to direct traffic to the new Lambda function.

Configure an Application Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.

Question 38

A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.

What is the default behavior of CloudFormation in this scenario?

Options:

CloudFormation will roll back the stack and delete the stack.

CloudFormation will roll back the stack but will not delete the stack.

CloudFormation will prompt the user to roll back the stack or continue.

CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

Question 39

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes for this problem? (Choose two.)

Options:

CloudFront does not have the ALB configured as the origin access identity.

The DNS is still pointing to the ALB instead of the CloudFront distribution.

The ALB security group is not permitting inbound traffic from CloudFront.

The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

The target groups associated with the ALB are configured for sticky sessions.

Question 40

A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.

How should the SysOps administrator use AWS CloudFormation to create a solution?

Options:

Use Amazon EC2 user data in a CloudFormation template

Use nested stacks to provision resources

Use parameters in a CloudFormation template

Use stack policies to provision resources

Question 41

A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account.

What should a SysOps administrator do to meet these requirements?

Options:

Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters.

In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.

Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks.

Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.

Question 42

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

Options:

Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Question 43

A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS records.

Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

Options:

Geolocation routing policy

Geoproximity routing policy

Latency routing policy

Multivalue answer routing policy

Question 44

A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database.

What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?

Options:

Enter the DB instance connection string into the VPC1 route table.

Configure VPC peering between the two VPCs.

Add the same IPv4 CIDR range for both VPCs.

Connect to the DB instance by using the DB instance’s public IP address.

Question 45

A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted.

What should a SysOps administrator do to meet this requirement?

Options:

Allow SSL connections to the database by using an inbound security group rule.

Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.

Enforce SSL connections to the database by using a custom parameter group.

Patch the database with SSL/TLS by using a custom PostgreSQL extension.

Question 46

A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.

How should the SysOps administrator implement this solution?

Options:

Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days Run an AWS Lambda function when a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users

Configure an AWS Config rule to identify IAM users that have not been active for 90 days Set up an automatic weekly batch process on an Amazon EC2 instance to disable the AWS access keys and passwords for these IAM users

Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days Automatically delete these 1AM users

Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days Set up an AWS Systems Manager automation runbook to disable the AWS access keys for these IAM users

Question 47

A company has an on-premises DNS solution and wants to resolve DNS records in an Amazon Route 53 private hosted zone for example.com. The company has set up an AWS Direct Connect connection for network connectivity between the on-premises network and the VPC. A SysOps administrator must ensure that an on-premises server can query records in the example.com domain.

What should the SysOps administrator do to meet these requirements?

Options:

Create a Route 53 Resolver inbound endpoint Attach a security group to the endpoint to allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.

Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint to allow outbound traffic on TCP/UDP port 53 to the on-premises DNS

servers.

Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpoint to allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.

Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpoint to allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.

Question 48

A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the

CloudFront distribution.

How should a SysOps administrator create a new record for the subdomain in Route 53?

Options:

Create a CNAME record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's public IP address as the value.

Create a CNAME record. Enter static.example.com as the record name. Enter the CloudFront distribution's private IP address as the value.

Create an A record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's ID as an alias target.

Create an A record. Enter static.example.com as the record name. Enter the CloudFront distribution's domain name as an alias target.

Question 49

A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysops administrator needs to manage the cluster by using the kubect1 command line tool.

Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?

Options:

The kubeconfig file

The kube-proxy Amazon EKS add-on

The Fargate profile

The eks-connector.yaml file

Question 50

Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.

To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:

What is the reason for the rejected traffic?

Options:

The security group of the EC2 instances has no Allow rule for the traffic from the NLB.

The security group of the NLB has no Allow rule for the traffic from the on-premises environment.

The ACL of the on-premises environment does not allow traffic to the AWS environment.

The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.

Question 51

A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the internet.

Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

Options:

Add a NAT gateway to a public subnet.

Attach a private address to the elastic network interface on the EC2 instance.

Attach an Elastic IP address to the internet gateway.

Add an entry to the route table for the subnet that points to an internet gateway.

Create an internet gateway and attach it to a VPC.

Question 52

A company plans to migrate several of its high performance computing (MPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.

Which strategy should the SysOps administrator choose to meet these requirements?

Options:

Deploy the instances in a cluster placement group in one Availability Zone.

Deploy the instances in a partition placement group in two Availability Zones

Deploy the instances in a partition placement group in one Availability Zone

Deploy the instances in a spread placement group in two Availably Zones

Question 53

A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.

What is the MOST operationally efficient solution that will improve the application's responsiveness?

Options:

Configure CloudWatch logging on the EC2 instance. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.

Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency.

Create an Auto Scaling group, and assign it to an Application Load Balancer. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group.

Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%. Configure the alarm to invoke an AWS Lambda function that vertically scales the instance.

Question 54

A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.

What is the MOST operationally efficient solution that meets these requirements?

Options:

Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.

Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.

Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.

Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags.

Question 55

A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.

Which solution should the SysOps administrator implement to meet these requirements?

Options:

Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.

Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.

Migrate the database to an Amazon Aurora multi-master DB cluster.

Migrate the database to an Amazon RDS for MySQL DB instance.

Question 56

A company has developed a service that is deployed on a fleet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving the underlying cause of the service failure could take several weeks.

A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances.

Which solutions will meet this requirement? (Select TWO.)

Options:

Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails.

Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes.

Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunSheIIScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes.

Update the EC2 user data that is specified in the Auto Scaling group's launch template to include a script that runs on a cron schedule every 5 minutes.

Update the EC2 user data that is specified in the Auto Scaling group's launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template.

Answer:

A, C

Explanation:

The requirement is to automate recovery if the service crashes on any of the EC2 instances.

Option A: Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails . This is a valid solution because the CloudWatch agent can be configured to monitor the service and take action (restart the service) if the health check fails .

Option C: Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes678. This is a valid solution because AWS Systems Manager State Manager can be used to maintain a consistent state of the EC2 instances. It can run a script to check if the service is running and start the service if it’s not running678.

Option B: Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes . This is not a valid solution because AWS Lambda functions are not designed to log in to EC2 instances and restart services. They are used for running serverless applications.

Option D: Update the EC2 user data that is specified in the Auto Scaling group’s launch template to include a script that runs on a cron schedule every 5 minutes131415. This is not a valid solution because user data scripts are run only during the launch of an EC2 instance. They are not designed to run on a schedule.

Option E: Update the EC2 user data that is specified in the Auto Scaling group’s launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template131416. This is not a valid solution because while user data can be used to ensure that the service runs during startup, it does not provide a solution for when the service crashes after the EC2 instance has started.

Question 57

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)

Options:

Change to the least outstanding requests algorithm on the ALB target group.

Configure cookie forwarding in the CloudFront distribution cache behavior.

Configure header forwarding in the CloudFront distribution cache behavior.

Enable group-level stickiness on the ALB listener rule.

Enable sticky sessions on the ALB target group.

Question 58

A software development company has multiple developers who work on the same product. Each developer must have their own development environment, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.

What is the MOST operationally efficient solution that meets these requirements?

Options:

Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.

Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.

Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance.

Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment resources.

Question 59

A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.

A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservations.

Which purchasing option will meet these requirements?

Options:

Compute Savings Plans for 1 year with the No Upfront payment option

Compute Savings Plans for 1 year with the Partial Upfront payment option

EC2 Instance Savings Plans for 1 year with the All Upfront payment option

EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Load More SOA-C02 Questions

Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

Dumpswrap Top Menu

breadcrumb

Amazon Web Services SOA-C02 Dumps

SOA-C02 Free PDF Questions

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation: