Pass4itsure > Amazon > AWS Certified Associate > SOA-C02 > SOA-C02 Online Practice Questions and Answers

SOA-C02 Online Practice Questions and Answers

Questions 4

A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The administrator must be alerted to potential issues.

What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications

B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.

C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.

D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space

Buy Now
Questions 5

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A. a dedicated VPC.

B. a single subnet inside the VPC.

C. a placement group.

D. a single Availability Zone.

Buy Now
Questions 6

An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership

What is the BEST method to allow access using current LDAP credentials?

A. Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD

B. Create a Lambda function to read LDAP groups and automate the creation of IAM users

C. Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server

D. Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions

Buy Now
Questions 7

A SysOps administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The administrator has set up AWS Organizations and enabled Consolidated Billing. Which additional steps must the administrator perform to set up the billing alerts?

A. In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers.

B. In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

C. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers.

D. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

Buy Now
Questions 8

A company uses AWS Organizations to manage its AWS accounts. A SysOps administrator must create a backup strategy for all Amazon EC2 instances across all the company's AWS accounts.

Which solution will meet these requirements In the MOST operationally efficient way?

A. Deploy an AWS Lambda function to each account to run EC2 instance snapshots on a scheduled basis.

B. Create an AWS CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance

C. Use AWS Backup In the management account to deploy policies for all accounts and resources.

D. Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account.

Buy Now
Questions 9

A company has a private Amazon S3 bucket that contains sensitive information. A SysOps administrator needs to keep logs of the IP addresses from authentication failures that result from attempts to access objects in the bucket. The logs

must be stored so that they cannot be overwritten or deleted for 90 days.

Which solution will meet these requirements?

A. Create an AWS CloudTrail trail. Configure the log files to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.

B. Create an AWS CloudTrail trail. Configure the log files to be saved to a different S3 bucket. Turn on CloudTrail log file integrity validation for 90 days.

C. Turn on access logging for the S3 bucket. Configure the access logs to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.

D. Turn on access logging for the S3 bucket. Configure the access logs to be saved in a second S3 bucket. Turn on S3 Object Lock on the second S3 bucket, and configure a default retention period of 90 days.

Buy Now
Questions 10

A SysOps administrator must manage the security of an AWS account. Recently, an IAM user's access key was mistakenly uploaded to a public code repository.

The SysOps administrator must identify anything that was changed by using this access key.

How should the SysOps administrator meet these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events to an AWS Lambda function for analysis.

B. Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe.

C. Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.

D. Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe.

Buy Now
Questions 11

A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2

instances in eu-central-1 are unable to connect to the database in us-east-1.

What is the MOST operationally efficient solution that will resolve this connectivity issue?

A. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.

B. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.

C. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.

D. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.

Buy Now
Questions 12

A SysOps administrator wants to provide access to AWS services by attaching an IAM policy to multiple IAM users. The SysOps administrator also wants to be able to change the policy and create new versions. Which combination of actions will meet these requirements? (Choose two.)

A. Add the users to an IAM service-linked role. Attach the policy to the role.

B. Add the users to an IAM user group. Attach the policy to the group.

C. Create an AWS managed policy.

D. Create a customer managed policy.

E. Create an inline policy.

Buy Now
Questions 13

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes for this problem? (Choose two.)

A. CloudFront does not have the ALB configured as the origin access identity.

B. The DNS is still pointing to the ALB instead of the CloudFront distribution.

C. The ALB security group is not permitting inbound traffic from CloudFront.

D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

E. The target groups associated with the ALB are configured for sticky sessions.

Buy Now
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Mar 25, 2024
Questions: 507
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$45.99

VCE

$49.99

PDF + VCE

$59.99