SOA-C02 Dumps 2022 - New Amazon SOA-C02 Exam Questions [Q72-Q94]

SOA-C02 Dumps 2022 - New Amazon SOA-C02 Exam Questions

Free SOA-C02 Braindumps Download Updated on Jan 17, 2022 with 146 Questions

AWS SOA-C02 Exam Certification Details:

Sample Questions	AWS SOA-C02 Sample Questions
Exam Name	AWS SysOps Administrator Associate (AWS-SysOps)
Passing Score	720 / 1000
Recommended Training / Books	Systems Operations on AWS
Exam Price	$150 USD
Duration	180 minutes
Schedule Exam	AWS Certification
Exam Code	SOA-C02
Number of Questions	65

AWS-SysOps Exam Syllabus Topics:

Section	Objectives	Weight
Monitoring, Logging, and Remediation	- Implement metrics, alarms, and filters by using AWS monitoring and logging services Identify, collect, analyze, and export logs (for example, Amazon CloudWatch Logs, CloudWatch Logs Insights, AWS CloudTrail logs) Collect metrics and logs using the CloudWatch agent Create CloudWatch alarms Create metric filters Create CloudWatch dashboards Configure notifications (for example, Amazon Simple Notification Service [Amazon SNS], Service Quotas, CloudWatch alarms, AWS Health events) - Remediate issues based on monitoring and availability metrics Troubleshoot or take corrective actions based on notifications and alarms Configure Amazon EventBridge rules to trigger actions Use AWS Systems Manager Automation documents to take action based on AWS Config rules	20%
Cost and Performance Optimization	- Implement cost optimization strategies Implement cost allocation tags Identify and remediate underutilized or unused resources by using AWS services and tools (for example, Trusted Advisor, AWS Compute Optimizer, Cost Explorer) Configure AWS Budgets and billing alarms Assess resource usage patterns to qualify workloads for EC2 Spot Instances Identify opportunities to use managed services (for example, Amazon RDS, AWS Fargate, EFS) - Implement performance optimization strategies Recommend compute resources based on performance metrics Monitor Amazon EBS metrics and modify configuration to increase performance efficiency Implement S3 performance features (for example, S3 Transfer Acceleration, multipart uploads) Monitor RDS metrics and modify the configuration to increase performance efficiency (for example, Performance Insights, RDS Proxy) Enable enhanced EC2 capabilities (for example, enhanced network adapter, instance store, placement groups)	12%
Networking and Content Delivery	- Implement networking features and connectivity Configure a VPC (for example, subnets, route tables, network ACLs, security groups, NAT gateway, internet gateway) Configure private connectivity (for example, Systems Manager Session Manager, VPC endpoints, VPC peering, VPN) Configure AWS network protection services (for example, AWS WAF, AWS Shield) - Configure domains, DNS services, and content delivery Configure Route 53 hosted zones and records Implement Route 53 routing policies (for example, geolocation, geoproximity) Configure DNS (for example, Route 53 Resolver) Configure Amazon CloudFront and S3 origin access identity (OAI) Configure S3 static website hosting - Troubleshoot network connectivity issues Interpret VPC configurations (for example, subnets, route tables, network ACLs, security groups) Collect and interpret logs (for example, VPC Flow Logs, Elastic Load Balancer access logs, AWS WAF web ACL logs, CloudFront logs) Identify and remediate CloudFront caching issues Troubleshoot hybrid and private connectivity issues	18%
Deployment, Provisioning, and Automation	- Provision and maintain cloud resources Create and manage AMIs (for example, EC2 Image Builder) Create, manage, and troubleshoot AWS CloudFormation Provision resources across multiple AWS Regions and accounts (for example, AWS Resource Access Manager, CloudFormation StackSets, IAM cross-account roles) Select deployment scenarios and services (for example, blue/green, rolling, canary) Identify and remediate deployment issues (for example, service quotas, subnet sizing, CloudFormation and AWS OpsWorks errors, permissions) - Automate manual or repeatable processes Use AWS services (for example, OpsWorks, Systems Manager, CloudFormation) to automate deployment processes Implement automated patch management Schedule automated tasks by using AWS services (for example, EventBridge, AWS Config)	18%
Reliability and Business Continuity	- Implement scalability and elasticity Create and maintain AWS Auto Scaling plans Implement caching Implement Amazon RDS replicas and Amazon Aurora Replicas Implement loosely coupled architectures Differentiate between horizontal scaling and vertical scaling - Implement high availability and resilient environments Configure Elastic Load Balancer and Amazon Route 53 health checks Differentiate between the use of a single Availability Zone and Multi-AZ deployments (for example, Amazon EC2 Auto Scaling groups, Elastic Load Balancing, Amazon FSx, Amazon RDS) Implement fault-tolerant workloads (for example, Amazon Elastic File System [Amazon EFS], Elastic IP addresses) Implement Route 53 routing policies (for example, failover, weighted, latency based) - Implement backup and restore strategies Automate snapshots and backups based on use cases (for example, RDS snapshots, AWS Backup, RTO and RPO, Amazon Data Lifecycle Manager, retention policy) Restore databases (for example, point-in-time restore, promote read replica) Implement versioning and lifecycle rules Configure Amazon S3 Cross-Region Replication Execute disaster recovery procedures	16%
Security and Compliance	- Implement and manage security and compliance policies Implement IAM features (for example, password policies, MFA, roles, SAML, federated identity, resource policies, policy conditions) Troubleshoot and audit access issues by using AWS services (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator) Validate service control policies and permissions boundaries Review AWS Trusted Advisor security checks Validate AWS Region and service selections based on compliance requirements Implement secure multi-account strategies (for example, AWS Control Tower, AWS Organizations) - Implement data and infrastructure protection strategies Enforce a data classification scheme Create, manage, and protect encryption keys Implement encryption at rest (for example, AWS Key Management Service [AWS KMS]) Implement encryption in transit (for example, AWS Certificate Manager, VPN) Securely store secrets by using AWS services (for example, AWS Secrets Manager, Systems Manager Parameter Store) Review reports or findings (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)	16%

 

NEW QUESTION 72
A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket.
Which action will solve this problem while adhering to least privilege access?

• A. Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
• B. Create a NAT gateway in a private subnet and configure the route table for the private subnets.
• C. Configure the route table to allow the instances on the private subnet access through the internet gateway.
• D. Add a bucket policy to the S3 bucket permitting access from the IAM role.

Answer: A

 

NEW QUESTION 73
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?

• A. Deny Post. Put. and Delete on the bucket.
• B. Enable snapshots on the bucket.
• C. Enable server-side encryption on the bucket.
• D. Enable Amazon S3 versioning on the bucket.

Answer: C

 

NEW QUESTION 74
A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?

• A. Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.
• B. Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.
• C. Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.
• D. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Answer: D

 

NEW QUESTION 75
A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances The instances all exist in the same VPC across multiple Availability Zones. There are two instances In each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency.
Which solution will meet these requirements?

• A. Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective
• B. Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.
• C. Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.
• D. Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances

Answer: A

Explanation:
Availability Zone.

 

NEW QUESTION 76
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted How can this be resolved?

• A. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume
• B. Enable encryption on each host's local drive Restart each host to encrypt the drive
• C. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
• D. Enable encryption on the existing EFS volume by using the AWS Command Line Interface

Answer: A

Explanation:
Reference:
https://docs.aws.amazon.com/efs/latest/ug/encryption.html
Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. You can enable encryption of data at rest when creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system.

 

NEW QUESTION 77
A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available Which action should the SysOps administrator take to meet this requirement?

• A. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group
• B. Reduce the scaling thresholds so that instances are added before traffic increases
• C. Update the Auto Scaling group to launch instances that have a storage optimized instance type
• D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software

Answer: C

 

NEW QUESTION 78
A software development company has multiple developers who work on the same product. Each developer must have their own development environment, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?

• A. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.
• B. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment resources.
• C. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.
• D. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance.

Answer: A

 

NEW QUESTION 79
A SysOps administrator must create a solution that immediately notifies software developers if an AWS Lambda function experiences an error.
Which solution will meet this requirement?

• A. Create an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer. Create an Amazon CloudWatch alarm by using the Errors metric and the Lambda function name as a dimension. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
• B. Verify each developer mobile phone in Amazon Simple Email Service {Amazon SES). Create an Amazon EventBridge (Amazon CloudWatch Events) rule by using Errors as the event pattern and the Lambda function name as a resource. Configure the rule to send a push notification through Amazon SES when the rule state reaches ALARM.
• C. Verify each developer email address in Amazon Simple Email Service (Amazon SES). Create an Amazon CloudWatch rule by using the LambdaError metric and developer email addresses as dimensions. Configure the rule to send an email through Amazon SES when the rule state reaches ALARM.
• D. Create an Amazon Simple Notification Service (Amazon SNS) topic with a mobile subscription for each developer. Create an Amazon EventBridge (Amazon CloudWatch Events) alarm by using LambdaError as the event pattern and the SNS topic name as a resource. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.

Answer: A

 

NEW QUESTION 80
A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the internet.
Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

• A. Attach an Elastic IP address to the internet gateway.
• B. Add an entry to the route table for the subnet that points to an internet gateway.
• C. Create an internet gateway and attach it to a VPC.
• D. Attach a private address to the elastic network interface on the EC2 instance.
• E. Add a NAT gateway to a public subnet.

Answer: B,C

Explanation:
Reference:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

 

NEW QUESTION 81
A company has multiple AWS Site-to-Site VPN connections between a VPC and its branch offices. The company manages an Amazon Elasticsearch Service (Amazon ES) domain that is configured with public access. The Amazon ES domain has an open domain access policy. A SysOps administrator needs to ensure that Amazon ES can be accessed only from the branch offices while preserving existing data.
Which solution will meet these requirements?

• A. Deploy a new Amazon ES domain in private subnets in a VPC, and import a snapshot from the old domain. Create a security group that allows inbound traffic from the branch office CIDR blocks.
• B. Configure an IP-based domain access policy on Amazon ES. Add an allow statement to the policy that includes the private IP CIDR blocks from each branch office network.
• C. Configure an identity-based access policy on Amazon ES. Add an allow statement to the policy that includes the Amazon Resource Name (ARN) for each branch office VPN connection.

Answer: B

Explanation:
D.
Reconfigure the Amazon ES domain in private subnets in a VPC. Create a security group that allows inbound traffic from the branch office CIDR blocks.

 

NEW QUESTION 82
An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues.
Which solution will meet these requirements in the MOST secure manner?

• A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
  Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
• B. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
• C. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
• D. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
  Embed the IAM user's credentials in the application's configuration.

Answer: C

 

NEW QUESTION 83
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

• A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
• B. Enable S3 server access logging to track requests made to the log bucket for security audits.
• C. Enable log file integrity validation and use digest files to verify the hash value of the log file.
• D. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

Answer: C

 

NEW QUESTION 84
A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?

• A. Store the database password as an environment variable for each Lambda function. Create a new Lambda function that is named PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update the environment variable for each Lambda function.
• B. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each Lambda function. Grant each Lambda function access to the KMS key so that the database password can be decrypted when required. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.
• C. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the database. Create a new Lambda function called PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to update the secret within Parameter Store. Update each Lambda function to access the database password from Parameter Store.
• D. Use AWS Secrets Manager to store credentials for the database. Create a Secrets Manager secret and select the database so that Secrets Manager will use a Lambda function to update the database password automatically. Specify an automatic rotation schedule of 30 days. Update each Lambda function to access the database password from Secrets Manager.

Answer: D

 

NEW QUESTION 85
A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

• A. Remove the default bucket policy that denies read access to the bucket.
• B. Add a bucket policy that grants everyone read access to the bucket.
• C. Configure cross-origin resource sharing (CORS) on the bucket.
• D. Add a bucket policy that grants everyone read access to the bucket objects.

Answer: D

 

NEW QUESTION 86
A company is running a website on Amazon EC2 instances that are in an Auto Scaling group. When the website traffic increases, additional instances take several minutes to become available because of a longrunning user data script that installs software. A SysOps administrator must decrease the time that is required for new instances to become available.
Which action should the SysOps administrator take to meet this requirement?

• A. Reduce the scaling thresholds so that instances are added before traffic increases.
• B. Update the Auto Scaling group to launch instances that have a storage optimized instance type.
• C. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software.
• D. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group.

Answer: B

 

NEW QUESTION 87
A company must ensure that any objects uploaded to an S3 bucket are encrypted.
Which of the following actions will meet this requirement? (Choose two.)

• A. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
• B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
• C. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
• D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
• E. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

Answer: A,C

Explanation:
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html You can set the default encryption behavior on an Amazon S3 bucket so that all objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) customer master keys (CMKs).
https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/ How to Prevent Uploads of Unencrypted Objects to Amazon S3# By using an S3 bucket policy, you can enforce the encryption requirement when users upload objects, instead of assigning a restrictive IAM policy to all users.

 

NEW QUESTION 88
A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?

• A. The instances have not been attached to the Auto Scaling group
• B. The instances are still in the boot process
• C. The warm-up period has not expired
• D. The instances are included in a different set of metrics

Answer: B

 

NEW QUESTION 89
A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that some requests are going directly to the S3 bucket by using the website hosting endpoint. A SysOps administrator must secure the S3 bucket to allow requests only from CloudFront.
What should the SysOps administrator do to meet this requirement?

• A. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.
• B. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Remove access to and from other principals in the S3 bucket policy. Update the S3 bucket policy to allow access only from the OAI.
• C. Update the S3 bucket policy to allow access only from the CloudFront distribution. Remove access to and from other principals in the S3 bucket policy. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.
• D. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

Answer: B

 

NEW QUESTION 90
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests Where can the administrator find this information?

• A. Elastic Load Balancer access logs
• B. EC2 instance logs
• C. Auto Scaling logs
• D. AWS CloudTrail logs

Answer: A

Explanation:
Reference:
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html

 

NEW QUESTION 91
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests Where can the administrator find this information?

• A. Auto Scaling logs
• B. EC2 instance logs
• C. AWS CloudTrail logs
• D. Elastic Load Balancer access logs

Answer: A

 

NEW QUESTION 92
A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

What should be added to the private subnet's route table in order to address this issue, given the information provided?

• A. 10.0.1.0/24 IGW
• B. 0.0.0.0/0 NAT
• C. 0.0.0.0/0 IGW
• D. 10.0.1.0/24 NAT

Answer: B

 

NEW QUESTION 93
An application accesses data through a file system interface. The application runs on Amazon EC2 instances in multiple Availability Zones, all of which must share the same dat a. While the amount of data is currently small, the company anticipates that it will grow to tens of terabytes over the lifetime of the application.
What is the MOST scalable storage solution to fulfill this requirement?

• A. Launch an EC2 instance and share data using SMB/CIFS or NFS.
• B. Connect a large Amazon EBS volume to multiple instances and schedule snapshots.
• C. Deploy an AWS Storage Gateway cached volume on Amazon EC2.
• D. Deploy Amazon EFS in the VPC and create mount targets in multiple subnets.

Answer: D

 

NEW QUESTION 94
......

Amazon SOA-C02 Exam Practice Test Questions: https://www.prep4sureguide.com/SOA-C02-prep4sure-exam-guide.html

Updated Certification Exam SOA-C02 Dumps - Practice Test Questions: https://drive.google.com/open?id=17WcAf0kaHei5mc6vjpPYLIJzOHAB3u38