AWS Certified SysOps Administrator - Associate (SOA-C02) Question and Answers

AWS Certified SysOps Administrator - Associate (SOA-C02)

Last Update Sep 20, 2025
Total Questions : 556

We are offering FREE SOA-C02 Amazon Web Services exam questions. All you do is to just go and sign up. Give your details, prepare SOA-C02 free exam questions and then go for complete pool of AWS Certified SysOps Administrator - Associate (SOA-C02) test questions that will help you more.

SOA-C02 PDF

$36.75 ~~$104.99~~

Add to Cart

SOA-C02 Testing Engine

$43.75 ~~$124.99~~

Add to Cart

SOA-C02 PDF + Testing Engine

$57.75 ~~$164.99~~

Add to Cart

Questions 1

A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53. and wants to point its domain's zone apex to the website.

Which type of record should be used to meet these requirements?

Options:

A CNAME record for the domain's zone apex

An A record for the domain's zone apex

An AAAA record for the domain's zone apex

An alias record for the domain's zone apex

Discussion 0

Questions 2

The company needs to increase IOPS for two EC2 instances with gp2 volumes to support an upcoming promotion with higher I/O requirements.

Options:

Migrate the attached EBS volumes to Throughput Optimized HDD (st1) EBS volumes.

Configure Amazon ElastiCache integration on the EC2 instances.

Migrate the workload to two storage optimized EC2 instances.

Migrate the attached EBS volumes to General Purpose SSD (gp3) EBS volumes. Provision the appropriate IOPS.

Discussion 0

Questions 3

A company has launched a social media website that gives users the ability to upload images directly to a centralized Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3 bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed.

What should the SysOps administrator do to meet these requirements?

Options:

Create S3 access points in Regions that are closer to the users.

Create an accelerator in AWS Global Accelerator for the S3 bucket.

Enable S3 Transfer Acceleration on the S3 bucket.

Enable cross-origin resource sharing (CORS) on the S3 bucket.

Discussion 0

Questions 4

An application uses an Amazon Aurora MySQL DB cluster that Includes one Aurora Replica The application's read performance degrades when there are more than 200 user connections. The number of user connections is approximately 180 on a consistent basis Occasionally, the number of user connections increases rapidly to more than 200

A SysOps administrator must implement a solution that will scale the application automatically as user demand increases or decreases.

Which solution will meet these requirements?

Options:

Modify the DB cluster by increasing the Aurora Replica instance size.

Modify the DB cluster by changing to serverless mode whenever the number of user connections exceeds 200.

Migrate to a new Aurora DB cluster that has multiple writer instances. Modify the application's database connection string.

Create an auto scaling policy that has a target value of 195 for the DatabaseConnections metric.

Discussion 0

Questions 5

A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.

How should the SysOps administrator use AWS CloudFormation to create a solution?

Options:

Use Amazon EC2 user data in a CloudFormation template

Use nested stacks to provision resources

Use parameters in a CloudFormation template

Use stack policies to provision resources

Discussion 0

Questions 6

An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked as unhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambda function is invoked in this situation.

How should the SysOps administrator meet these requirements?

Options:

Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).

Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon Route 53.

Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).

Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53.

Discussion 0

Questions 7

A SysOps administrator creates a new source AWS account to use with a company's new application. The application will use Amazon CloudWatch for observability from a monitoring account. The company already used an AWS CloudFormation template to turn on CloudWatch cross-account observability for its other application accounts.

Which combination of steps must the SysOps administrator take to set up the new source account for cross-account observability? (Select THREE.)

Options:

Download the CloudFormation template from the new source account.

Download the CloudFormation template from the monitoring account.

Deploy the CloudFormation stack in the new source account.

Deploy the CloudFormation stack in the monitoring account.

Add the new source account ID to the monitoring account's configuration policy.

In the new source account, specify the data that the monitoring account will be able to view.

Discussion 0

Questions 8

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

Options:

Configure the file system for Provisioned Throughput.

Enable encryption in transit on the file system.

Identify any unused files in the file system, and remove the unused files.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Discussion 0

Questions 9

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

Options:

Create an AWS Serverless Application Repository and export the Lambda function recommendations.

Enable AWS Compute Optimizer and export the Lambda function recommendations

Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights.

Run AWS Trusted Advisor and export the Lambda function recommendations

Discussion 0

Questions 10

A company has a list of pre-appf oved Amazon Machine Images (AMIs) for developers lo use to launch Amazon EC2 instances However, developers are still launching EC2 instances from unapproved AMIs.

A SysOps administrator must implement a solution that automatically terminates any instances that are launched from unapproved AMIs.

Which solution will meet mis requirement?

Options:

Set up an AWS Config managed rule to check if instances are running from AMIs that are on the list of pre-approved AMIs. Configure an automatic remediation action so that an AWS Systems Manager Automation runbook terminates any instances that are noncompliant with the rule

Store the list of pre-approved AMIs in an Amazon DynamoDB global table that is replicated to all AWS Regions that the developers use. Create Regional EC2 launch templates. Configure the launch templates to check AMIs against the list and to terminate any instances that are not on the list

Select the Amazon CloudWatch metric that shows all running instances and the AMIs that the instances were launched from Create a CloudWatch alarm that terminates an instance if the metric shows the use of an unapproved AMI.

Create a custom Amazon Inspector finding to compare a running instance's AMI against the list of pre-approved AMIs Create an AWS Lambda function thatterminates instances. Configure Amazon Inspector to report findings of unapproved AMIs to an Amazon Simple Queue Service (Amazon SQS) queue to invoke the Lambda function.

Discussion 0

Questions 11

A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.

Which solution will meet this requirement?

Options:

Configure Amazon Cognito to detect any compromised 1AM credentials.

Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.

Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.

Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Discussion 0

Questions 12

To address recurring application crashes due to a memory leak, the SysOps administrator needs to implement a temporary reboot solution outside of business hours.

Options:

Create an Amazon EventBridge rule that is scheduled to run outside of business hours. Configure the rule to invoke the StartInstances operation on the EC2 instances.

Use AWS Systems Manager to create a daily maintenance window that is outside of business hours. Register the EC2 instances as a target. Assign the AWS-RestartEC2Instance runbook to the maintenance window.

Configure an additional CloudWatch alarm to monitor the StatusCheckFailed_System metric for the EC2 instances. Configure an EC2 action on the additional alarm to reboot the instances.

Configure an additional CloudWatch alarm that is triggered every time the application crashes. Configure an EC2 action on the additional alarm to restart the application on the EC2 instances.

Discussion 0

Questions 13

A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more.

Which solution will meet this requirement In the MOST operationally efficient manner?

Options:

Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown If CPU utilization is less than 10%.

Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.

Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.

Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.

Discussion 0

Questions 14

A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon

Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS.

A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B.

What should a SysOps administrator do to meet these requirements?

Options:

In Account A, create an AWS Systems Manager document that updates the /etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNS resolver for the VPC in Account B.

In Account A, create an AWS CloudFormation template that associates the private hosted zone from Account B with the private hosted zone in Account A.

In Account A, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account B to associate the VPC from Account A with the private hosted zone in Account B.

In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A.

Discussion 0

Questions 15

A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?

Options:

Create a new encrypted Amazon EBS volume and attach it to the instance

Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.

Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance

Discussion 0

Questions 16

An application is running on an Amazon EC2 instance in a VPC with the default DHCP option set. The application connects to an on-premises Microsoft SQL Server database with the DNS name mssql.example.com. The application is unable to resolve the database DNS name.

Which solution will fix this problem?

Options:

Create an Amazon Route 53 Resolver inbound endpoint. Add a forwarding rule for the domain example.com. Associate the forwarding rule with the VPC.

Create an Amazon Route 53 Resolver inbound endpoint. Add a system rule for the domain example.com. Associate the system rule with the VPC.

Create an Amazon Route 53 Resolver outbound endpoint. Add a forwarding rule for the domain example.com. Associate the forwarding rule with the VP

Create an Amazon Route 53 Resolver outbound endpoint. Add a system rule for the domain example.com. Associate the system rule with the VPC.

Discussion 0

Questions 17

A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.

Which solution will meet these requirements?

Options:

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.

Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).

Discussion 0

Questions 18

A company is preparing for a marketing campaign that will increase traffic to a new web application. The application uses Amazon API Gateway and AWS Lambda for the application logic. The application stores relevant user data in an Amazon Aurora MySQL DB cluster that has one Aurora Replica. Database queries for the application are 5% write and 95% read. What should a SysOps administrator do to scale the database when traffic increases?

Options:

Configure Aurora Auto Scaling to add or remove Aurora Replicas in the cluster based on the average CPU utilization of the Aurora Replicas.

Configure Aurora Auto Scaling to increase or decrease the size of the Aurora Replicas based on the average CPU utilization of the Aurora Replicas.

Configure AWS Auto Scaling to monitor the Aurora cluster. Configure AWS Auto Scaling to add or remove Aurora Replicas in the cluster based on the average CPU utilization of the primary instance.

Configure AWS Auto Scaling to monitor the Aurora cluster. Configure AWS Auto Scaling to add or remove Aurora Replicas in the cluster based on the average CPU utilization of the existing Aurora Replica.

Discussion 0

Questions 19

A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and

Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log sources contain the status codes? (Choose two.)

Options:

VPC Flow Logs

AWS CloudTrail logs

ALB access logs

CloudFront access logs

RDS logs

Discussion 0

Questions 20

A company deployed a new web application on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group. Users report that they are frequently being prompted to log in.

What should a SysOps administrator do to resolve this issue?

Options:

Configure an Amazon CloudFront distribution with the ALB as the origin.

Enable sticky sessions (session affinity) for the target group of EC2 instances.

Redeploy the EC2 instances in a spread placement group.

Replace the ALB with a Network Load Balancer.

Discussion 0

Questions 21

The company wants to improve the security and high availability of a two-tier web application that was rehosted to AWS, currently in a single Availability Zone.

Options (Select TWO):

Options:

Place the web-tier instances in an Auto Scaling group. Configure the Auto Scaling group to support a Multi-AZ deployment into private subnets that are behind an internet-facing Application Load Balancer.

Place the web-tier instances in an Auto Scaling group. Configure the Auto Scaling group in multiple AWS Regions. Deploy the EC2 instances into private subnets that are behind an internet-facing Application Load Balancer.

Launch an additional EC2 instance to host SQL Server. Place the new database EC2 instance in a second AWS Region. Enable replication between the two database EC2 instances.

Use AWS Database Migration Service (AWS DMS) to migrate the database EC2 instance to Amazon RDS for SQL Server with Multi-AZ Database Mirroring (DBM).

Use AWS Database Migration Service (AWS DMS) to migrate the database EC2 instance to Amazon DynamoDB.

Discussion 0

Questions 22

A company has attached the following policy to an IAM user:

Which of the following actions are allowed for the IAM user?

Options:

Amazon RDS DescribeDBInstances action in the us-east-1 Region

Amazon S3 Putobject operation in a bucket named testbucket

Amazon EC2 Describe Instances action in the us-east-1 Region

Amazon EC2 AttachNetworkinterf ace action in the eu-west-1 Region

Discussion 0

Questions 23

A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately. What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?

Options:

Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.

Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.

Create an AWS Config rule that is invoked when CloudTrail configuration changes. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.

Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.

Discussion 0

Questions 24

A SysOps administrator needs to delete an AWS CloudFormation stack that is in the DELETE_FAILED state. CloudFormation was unable to delete an Amazon EC2 security group.

What should the SysOps administrator do to delete the stack?

Options:

Turn off stack termination protection. Retry the DeleteStack operation.

Retry the DeleteStack operation with exponential backoff until the operation succeeds.

Use the DeleteStack operation with the RetainResources parameter. Specify the security group.

Modify the stack template to remove the security group. Update the stack by using the modified template.

Discussion 0

Questions 25

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)

Options:

Change to the least outstanding requests algorithm on the ALB target group.

Configure cookie forwarding in the CloudFront distribution cache behavior.

Configure header forwarding in the CloudFront distribution cache behavior.

Enable group-level stickiness on the ALB listener rule.

Enable sticky sessions on the ALB target group.

Discussion 0

Questions 26

A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold.

What should the SysOps administrator do to collect this data?

Options:

Use the ALB’s RequestCount metric. Configure a time range of 2 weeks and a period of 1 minute. Examine the chart to determine peak traffic times and volumes.

Use Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week period. Sort by a 1-minute interval.

Create Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure an EC2 event matching pattern that creates a metric that is based on EC2 requests. Display the data in a graph.

Discussion 0

Questions 27

A SysOps administrator is troubleshooting an implementation of Amazon CloudWatch Synthetics. The CloudWatch Synthetics results must be sent to an Amazon S3 bucket. The SysOps administrator has copied the configuration of an existing canary that runs on a VPC that has an internet gateway attached. However, the SysOps administrator cannot get the canary to successfully start on a private VPC that has no internet access. What should the SysOps administrator do to successfully run the canary on the private VPC?

Options:

Ensure that the DNS resolution option and the DNS hostnames option are turned on in the VPC. Add the synthetics:GetCanaryRuns permission to the VPC. On the S3 bucket, add the IgnorePublicAcls permission to the CloudWatch Synthetics role.

Ensure that the DNS resolution option and the DNS hostnames option are turned off in the VPC. Create a gateway VPC endpoint for Amazon S3. Add the permissions to allow CloudWatch Synthetics to use the S3 endpoint.

Ensure that the DNS resolution option and the DNS hostnames option are turned off in the VP

Add a security group to the canary to allow outbound traffic on the DNS port. Add the permissions to allow CloudWatch Synthetics to write to the S3 bucket.

Ensure that the DNS resolution option and the DNS hostnames option are turned on in the VPC. Create an interface VPC endpoint for CloudWatch. Create a gateway VPC endpoint for Amazon S3. Add the permissions to allow CloudWatch Synthetics to use both endpoints.

Discussion 0

Questions 28

A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected The SysOps administrator configures an Amazon EC2 Auto Scaling Lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 distances When the configuration is complete, the Lambda function calls the complete Lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambda function is not invoked when the EC2 instances auto scale.

What should the SysOps administrator do to reserve this issue?

Options:

Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.

Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout.

Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.

Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event

Discussion 0

Questions 29

A SysOps administrator has launched a large general purpose Amazon EC2 instance to regularly process large data files. The instance has an attached 1 TB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBS-optimized. To save costs, the SysOps administrator stops the instance each evening and restarts the instance each morning.

When data processing is active, Amazon CloudWatch metrics on the instance show a consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O performance while ensuring data integrity.

Which action will meet these requirements?

Options:

Change the instance type to a large, burstable, general purpose instance.

Change the instance type to an extra large general purpose instance.

Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

Move the data that resides on the EBS volume to the instance store.

Discussion 0

Questions 30

A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

Options:

Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).

Create an origin access identity and grant it permissions to read objects in the S3 bucket.

Assign an 1AM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.

Assign an 1AM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.

Discussion 0

Questions 31

A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.

What is the MOST cost-effective way to resize the cluster?

Options:

Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.

Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original duster.

Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and restore the backup in the new cluster. After the process is complete, shut down the original cluster.

Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to large nodes.

Discussion 0

Questions 32

A SysOps administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the administrator wants to use a larger instance type with more memory.

What should the administrator use to make this change?

Options:

Use the ModifycacheCluster API and specify a new cacheNodeType.

Use the createcacheciuster API and specify a new cacheNodeType.

Use the Modi fyCacheParameterGcoup API and specify a new CacheNodeType.

Use the Rebootcacheclustcr API and specify a new CacheNodeType.

Discussion 0

Questions 33

A company uploaded its website files to an Amazon S3 bucket that has S3 Versioning enabled. The company uses an Amazon CloudFront distribution with the S3 bucket as the origin. The company recently modified the tiles, but the object names remained the same. Users report that old content is still appearing on the website.

How should a SysOps administrator remediate this issue?

Options:

Create a CloudFront invalidation, and add the path of the updated files.

Create a CloudFront signed URL to update each object immediately.

Configure an S3 origin access identity (OAI) to display only the updated files to users.

Disable S3 Versioning on the S3 bucket so that the updated files can replace the old files.

Discussion 0

Questions 34

A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data

Which AWS service will mitigate this issue?

Options:

AWS Shield Standard

AWS WAF

Elastic Load Balancing

Amazon Cognito

Discussion 0

Questions 35

A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement?

Options:

Create one S3 bucket named example.com for both the domain and subdomain.

Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.

Create two S3 buckets named example.com and www.exdmpte.com. Configure the subdomain bucket to redirect requests to the domain bucket.

Create two S3 buckets named http//example.com and http//" exampte.com. Configure the wildcard (') bucket to redirect requests to the domain bucket.

Discussion 0

Questions 36

A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.

Which combination of actions will meet these requirements? (Choose two.)

Options:

Add Auto Discovery to the data store.

Create an Amazon ElastiCache for Memcached data store.

Create an Amazon ElastiCache for Redis data store.

Enable Multi-AZ for the data store.

Enable Multi-threading for the data store.

Discussion 0

Questions 37

A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error.

Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

Options:

Change the instance type that the company is using.

Configure the Auto Scaling group in different Availability Zones.

Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.

Increase the maximum size of the Auto Scaling group.

Request an increase in the instance service quota.

Discussion 0

Questions 38

Users of a company's internal web application recently experienced application performance issues for a brief period The application includes frontend web servers that run in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application also includes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.

A SysOps administrator determines that the source of the performance issues was high utilization of the DB cluster. The single writer instance experienced more than 90% utilization for 11 minutes The cause of the high utilization was an automated report that is scheduled to run one time each week

What should the SysOps administrator do to ensure that users do not experience performance Issues each week when the report runs?

Options:

Increase the size of the DB instance. Monitor the performance during the next scheduled run of the report

Add a reader instance. Change the database connection string of the report application to use the newly created reader instance.

Add another writer instance Change the database connection string of the report application to use the newly created writer instance.

Configure auto scaling for the DB cluster Set the minimum capacity units, maximum capacity units, and target utilization

Discussion 0

Questions 39

A company has an existing public web application for www.example.com. The Application Load Balancer (ALB) is configured with a single HTTP 80 listener. A SysOps administrator must ensure that all web requests to www.example.com are encrypted between the client and the ALB.

The SysOps administrator already has requested and validated a public certificate for www.example.com in AWS Certificate Manager (ACM). Existing users of the application must not be required to change the endpoint to which they are connecting.

Which additional set of steps should the SysOps administrator take to meet these requirements?

Options:

Create an additional ALB listener for HTTPS on port 443 Set the default action to forward all traffic to the target group Specify the ACM certificate that was created for www example.com as the default SSL certificate.

Create an additional ALB listener for HTTPS on port 443 Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. Delete the original HTTP listener on port 80.

Modify the ALB default rule for the HTTP port 80 listener Create a rule in the listener to forward all traffic for the host www example com to the target group Specify the ACM certificate that was created for www.example.com as the default SSL certificate.

Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.

Discussion 0

Questions 40

A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.

What should a SysOps administrator do to meet this requirement?

Options:

Perform a CloudWatch Logs Insights query that uses the stats command and count function.

Perform a CloudWatch Logs search that uses the groupby keyword and count function.

Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Discussion 0

Questions 41

A company has business-critical resources in one of its AWS accounts. The company wants to receive an email notification every time an AWS Management Console root user sign-in event occurs in the account.

Which solution will meet this requirement with the MOST operational efficiency?

Options:

Create an Amazon CloudWatch alarm that detects AWS Management Console root user sign-in events Configure the alarm to send email notifications directly through AWS Trusted Advisor.

Launch an Amazon EC2 instance Schedule a script to run every hour to analyze AWS CloudTrail events. Configure the script to publish email notifications to an Amazon Simple Notification Service (Amazon SNS) topic when AWS Management Console root user sign-in events occur.

Create an Amazon EventBndge rule that reacts to AWS Management Console root user sign-in events. Configure the rule to send email notifications to an Amazon Simple Queue Service (Amazon SQS) queue

Create an Amazon EventBndge rule that reacts to AWS Management Console root user sign-in events. Configure the rule to publish email notifications to an Amazon Simple Notification Service (Amazon SNS) topic.

Discussion 0

Questions 42

A company has a new requirement stating that all resources In AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

Options:

AWS CloudTrail

Amazon Inspector

AWS Config

AWS Systems Manager

Discussion 0

Questions 43

A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com.

What should the SysOps administrator do to resolve this issue?

Options:

Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.

Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.

Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.

Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.

Discussion 0

Questions 44

A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically

Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.)

Create a Systems Manager Distributor package for the third-party agent.

Options:

Make sure that Systems Manager Inventory Is configured. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows.

Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

Create a Systems Manager State Manager- association to run the AWS-ConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsitem. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day.

Discussion 0

Questions 45

A company's architeclure team must receive immediate email notification whenever new Amazon EC2 Instances are launched In the company's main AWS production account

What should a SysOps administrator do to meet this requirement?

Options:

Create a user data script that sends an email message through a smarx host connector Include the architecture team's email address in the user data script as the recipient. Ensure that all new EC2 instances include the user data script as part of a standardized build process.

Create an Amazon Simple Notification Service (Amazon SNS) topic and a subscription that uses the email protocol. Enter (he architecture team's email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched Specify the SNS topic as the rule's target

Create an Amazon Simple Queue Service (Amazon SOS) queue and a subscription that uses the email protocol Enter the architecture team's email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched Specify the SOS queue as the rule's target

Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure AWS Systems Manager to publish EC2 events to the SNS topic. Create an AWS Lambda function to poll the SNS topic. Configure the Lambda function to send any messages to the architecture team's email address.

Discussion 0

Questions 46

A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out.

Which action should the SysOps administrator take to meet these requirements?

Options:

Enable instance scale-in protection.

Place the instance into the Standby stale.

Remove the listener from the ALB

Suspend the Launch and Terminate process types.

Discussion 0

Questions 47

A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS records.

Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

Options:

Geolocation routing policy

Geoproximity routing policy

Latency routing policy

Multivalue answer routing policy

Discussion 0

Questions 48

A compliance learn requites all administrator passwords for Amazon RDS DB instances to be changed at least annually.

Which solution meets this requirement in the MOST operationally efficient manner?

Options:

Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.

Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.

Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Discussion 0

Questions 49

A SysOps administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%.

Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select TWO.)

Options:

Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings.

Change the Viewer Protocol Policy to use HTTPS only.

Configure the distribution to use presigned cookies and URLs to restrict access to the distribution.

Enable automatic compression of objects in the Cache Behavior Settings.

Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Discussion 0

Questions 50

A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhe company now needs to centruito Scaling group is configured with two similar scaling policies dP) to centrally manage access to One scaling policy adds 5 instances when CPU utilization reaches 80%. The other sctrator can connect to the extemahen CPU utilization leaches 80%.

What will happen when CPU utilization reaches the 80% threshold?

Options:

Amazon EC2 Auto Scaling will add 5 instances

Amazon EC2 Auto Scaling will add 10 instances

Amazon EC2 Auto Scaling will add 15 instances.

The Auto Scaling group will not scale because of conflicting policies

Discussion 0

Questions 51

A company needs to implement a managed file system to host Windows file shares for users on premises. Resources in the AWS Cloud also need access to the data on these file shares. A SysOps administrator needs to present the user file shares on premises and make the user file shares available on AWS with minimum latency.

What should the SysOps administrator do to meet these requirements?

Options:

Set up an Amazon S3 File Gateway.

Set up an AWS Direct Connect connection.

Use AWS DataSync to automate data transfers between the existing file servers and AWS.

Set up an Amazon FSx File Gateway.

Discussion 0

Questions 52

A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.

A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.

Which action will ensure that the CloudWatch alarms function correctly?

Options:

Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.

Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

Discussion 0

Questions 53

A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.

What is the MOST operationally efficient solution that meets these requirements?

Options:

Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.

Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.

Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.

Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags.

Discussion 0

Questions 54

A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). Web traffic increases significantly during the same 9-hour period every day and causes a decrease in the application's performance. A SysOps administrator must scale the application ahead of the changes in demand to accommodate the increased traffic.

Which solution will meet these requirements?

Options:

Create an Amazon CloudWatch alarm to monitor application latency. Configure an alarm action to increase the size of each EC2 instance if the latency threshold is reached.

Create an Amazon EventBridge rule to monitor application latency. Configure the rule to add an EC2 instance to the ALB if the latency threshold is reached

Deploy the application to an EC2 Auto Scaling group that uses a target tracking scaling policy. Attach the ALB to the Auto Scaling group.

Deploy the application to an EC2 Auto Scaling group that uses a scheduled scaling policy. Attach the ALB to the Auto Scaling group.

Discussion 0

Questions 55

A company has an Amazon EC2 instance that supports a production system. The EC2 instance is backed by an Amazon Elastic Block Store (Amazon EBS) volume. The EBS volume's drive has filled to 100% capacity, which is causing the application on the EC2 instance to experience errors.

Which solution will remediate these errors in the LEAST amount of time?

Options:

Modify the EBS volume by adding additional drive space. Log on to the EC2 instance. Use the file system-specific commands to extend the file system.

Create a snapshot of the existing EBS volume. When the snapshot is complete, create an EBS volume of a larger size from the snapshot in the same Availability Zone as the EC2 instance. Attach the new EBS volume to the EC2 instance. Mount the file system.

Create a new EBS volume of a larger size in the same Availability Zone as the EC2 instance. Attach the EBS volume to the EC2 instance. Copy the data from the existing EBS volume to the new EBS volume.

Stop the EC2 instance. Change the EC2 instance to a larger instance size that includes additional drive space. Start the EC2 instance.

Discussion 0

Questions 56

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified.

Which solution will meet this requirement?

Options:

Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance.

Use VPC flow logs with Amazon Athena to block traffic to the external IP address.

Create a network ACL. Add an outbound deny rule for traffic to the external IP address.

Create a new security group to block traffic to the external IP address. Assign the new security group to the entire VPC.

Discussion 0

Questions 57

The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Options (Select TWO):

Options:

Increase the EC2 instance size.

Increase the EBS volume capacity.

Increase the EBS volume IOPS.

Increase the EBS volume throughput.

Change the instance type to an instance that is not Nitro-based.

Discussion 0

Questions 58

A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The company uses Amazon Route 53 for its website's DNS solution.

Which configuration will meet these requirements?

Options:

Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.

Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.

Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.

Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.

Discussion 0

Questions 59

A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.

The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.

Which solution will securely share the AMI with the other AWS accounts?

Options:

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms ReEncrypf, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*. kms:CreateGrant, and kms;Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI. and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescrlbeKey, kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI. and specify the CMK. Modify the permissions on the copied AMI to make it public.

In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescnbeKey. kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Discussion 0

Questions 60

A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console

What must the SysOps administrator do to resolve this issue?

Options:

Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up

Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications

Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory

Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy

Discussion 0

Questions 61

A company is running an application on a group of Amazon EC2 instances behind an Application Load Balancer The EC2 instances run across three Availability Zones The company needs to provide the customers with a maximum of two static IP addresses for their applications

How should a SysOps administrator meet these requirement?

Options:

Add AWS Global Accelerator in front of the Application Load Balancer

Add an internal Network Load Balancer behind the Application Load Balancer

Configure the Application Load Balancer in only two Availability Zones.

Create two Elastic IP addresses and assign them to the Application Load Balancer.

Discussion 0

Questions 62

A company hosts an application on Amazon EC2 instances. The application periodically causes a surge in CPU utilization on the EC2 instances.

A SysOps administrator needs to implement a solution to detect when these surges occur. The solution also must send an email alert to the company's development team.

Which solution will meet these requirements?

Options:

Create an Amazon Simple Email Service (Amazon SES) email. Verify the development team's email address. Create an Amazon CloudWatch alarm for the EC2 instances Use the sum of the CPU utilization metric, an upper threshold of 80%. and a period of 15 minutes for the alarm. Link the alarm to the SES email.

Create an Amazon Simple Email Service (Amazon SES) email. Verify the development team's email address. Create an Amazon CloudWatch alarm for the EC2 instances Use the average of the CPU utilization metric, an upper threshold of 80%. and a period of 5 minutes for the alarm. Link the alarm to the SES email.

Create an Amazon Simple Notification Service (Amazon SNS) topic Subscribe the development team's email address to the SNS topic. Create an Amazon CloudWatch alarm for the EC2 instances. Use the sum of the CPU utilization metric, an upper threshold of 80%. and a period of 15 minutes for the alarm. Link the alarm to the SNS topic.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the development team's email address to the SNS topic. Create an Amazon CloudWatch alarm for the EC2 instances. Use the average of the CPU utilization metric, an upper threshold of 80%. and a period of 5 minutes for the alarm. Link the alarm to the SNS topic

Discussion 0

Questions 63

A company is running production workloads that use a Multi-AZ deployment of an Amazon RDS for MySQL db.m6g.xlarge (general purpose) standard DB instance. Users report that they are frequently encountering a "too many connections" error. A SysOps administrator observes that the number of connections on the database is high.

The SysOps administrator needs to resolve this issue while keeping code changes to a minimum.

Which solution will meet these requirements MOST cost-effectively?

Options:

Modify the RDS for MySQL DB instance to a larger instance size.

Migrate the RDS for MySQL DB instance to Amazon DynamoD

Configure RDS Proxy. Modify the application configuration file to use the RDS Proxy endpoint.

Modify the RDS for MySQL DB instance to a memory optimized DB instance.

Discussion 0

Questions 64

A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.

Which configuration will meet these requirements?

Options:

Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.

Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.

Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.

Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Discussion 0

Questions 65

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon FC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified

Which solution will meet this requirement?

Options:

Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance

Use VPC flow logs with Amazon Athena to block traffic to the external IP address

Create a network ACL Add an outbound deny rule tor traffic to the external IP address

Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC

Discussion 0

Questions 66

A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that some requests are going directly to the S3 bucket by using the website hosting endpoint. A SysOps administrator must secure the S3 bucket to allow requests only from CloudFront.

What should the SysOps administrator do to meet this requirement?

Options:

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Remove access to and from other principals in the S3 bucket policy. Update the S3 bucket policy to allow access only from the OAI.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

Update the S3 bucket policy to allow access only from the CloudFront distribution. Remove access to and from other principals in the S3 bucket policy. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

Discussion 0

Questions 67

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.

Which next step should be taken to configure Route 53?

Options:

Create an A record for each server. Associate the records with the Route 53 HTTP health check.

Create an A record for each server. Associate the records with the Route 53 TCP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

Discussion 0

Questions 68

A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization.

The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether they comply with this requirement.

Which combination of steps should the SysOps administrator take to collect this data? {Select TWO).

Options:

Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.

Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket

Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the s3-bucket-public-read-prohibited rule for the entire organization.

Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.

Use the AWS Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.

Discussion 0

Questions 69

A company has an application that is deployed 10 two AWS Regions in an active-passive configuration. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling group in each Region. The application uses an Amazon Route 53 hosted zone (or DNS. A SysOps administrator needs to configure automatic failover to the secondary Region.

What should the SysOps administrator do to meet these requirements?

Options:

Configure Route 53 alias records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.

Configure CNAME records that point to each AL

Choose a failover routing policy. Set Evaluate Target Health to Yes.

Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region astargets.

Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as targets.

Discussion 0

Questions 70

A company uses AWS Organizations to manage multiple AWS accounts. The company's SysOps team has been using a manual process to create and manage 1AM roles. The team requires an automated solution to create and manage the necessary 1AM roles for multiple AWS accounts.

What is the MOST operationally efficient solution that meets these requirements?

Options:

Create AWS CloudFormation templates. Reuse the templates to create the necessary 1AM roles in each of the AWS accounts.

Use AWS Directory Service with AWS Organizations to automatically associate the necessary 1AM roles with Microsoft Active Directory users.

Use AWS Resource Access Manager with AWS Organizations to deploy and manage shared resources across the AWS accounts.

Use AWS CloudFormation StackSets with AWS Organizations to deploy and manage 1AM roles for the AWS accounts.

Discussion 0

Questions 71

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors.

The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.

Based on these requirements what should be added to the template?

Options:

Conditions with a timeout set to 4 hours.

CreationPolicy with timeout set to 4 hours.

DependsOn a timeout set to 4 hours.

Metadata with a timeout set to 4 hours

Discussion 0

Questions 72

A SysOps administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The administrator has set up AWS Organizations and enabled Consolidated Billing.

Which additional steps must the administrator perform to set up the billing alerts?

Options:

In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers.

In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers.

In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

Discussion 0

Questions 73

A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources and Amazon RDS resources. The backup strategy must meet the following retention requirements:

• Daily backups: must be kept for 6 days

• Weekly backups: must be kept for 4 weeks:

• Monthly backups: must be kept for 11 months

• Yearly backups: must be kept for 7 years

Which backup strategy will meet these requirements with the LEAST administrative effort?

Options:

Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period.

Use AWS Backup to create a new backup plan for each retention requirement with a backup frequency of daily, weekly, monthly, or yearly. Set the retention period to match the requirement. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags.

Create an AWS Lambda function. Program the Lambda function to use native tooling to take backups of file systems in Amazon EC2 and to make copies of databases in Amazon RDS. Create an Amazon EventBridge rule to invoke the Lambda function.

Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period. In Amazon RDS, activate automated backups on the required DB instances.

Discussion 0

Questions 74

A SysOps administrator deployed a three-tier web application to a OA environment and is now evaluating the high availability of the application. The SysOps administrator notices that, when they simulate an unavailable Availability Zone, the application fails to respond. The application stores data in Amazon RDS and Amazon DynamoDB.

How should the SysOps administrator resolve this issue?

Options:

Add addilional subnets lo the RDS instance subnet group.

Add an Elastic Load Balancer in front of the RDS instance.

Distribute the data in DynamoDB across Availability Zones.

Enable Multi-AZ for the RDS instance.

Discussion 0

Questions 75

A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket

Which of the following does this feature replicate to the destination S3 bucket by default?

Options:

Objects in the source S3 bucket for which the bucket owner does not have permissions

Objects that are stored in S3 Glacier

Objects that existed before replication was configured

Object metadata

Discussion 0

Questions 76

A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region

Which solution will solve this problem?

Options:

Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket.

Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80.

Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.

Update the S3 bucket policy to allow s3 PurObject access from the private subnet CIDR block.

Discussion 0

Questions 77

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes for this problem? (Choose two.)

Options:

CloudFront does not have the ALB configured as the origin access identity.

The DNS is still pointing to the ALB instead of the CloudFront distribution.

The ALB security group is not permitting inbound traffic from CloudFront.

The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

The target groups associated with the ALB are configured for sticky sessions.

Discussion 0

Questions 78

A SysOps administrator needs to track workload costs across all accounts in an organization in AWS Organizations. All components of each workload have a workload tag. However, the SysOps administrator is unable to view the costs that are associated with the tag.

Which action should the SysOps administrator take to be able to view the costs of each workload?

Options:

Create a cost category for the tag.

Create a cost monitor for the tag.

Enable split cost allocation data in the AWS Cost Management console.

Activate the tag as a user-defined cost allocation tag.

Discussion 0

Questions 79

A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations.

Which approach should the SysOps administrator use to optimize this workload?

Options:

Purchase Compute Savings Plans based on the usage during the past 30 days

Purchase Convertible Reserved Instances by calculating the usage baseline.

Purchase EC2 Instance Savings Plane based on the usage during the past 30 days

Purchase Standard Reserved Instances by calculating the usage baseline.

Discussion 0

Questions 80

A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements?

Options:

Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.

Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.

Purchase Reserved Instances through the Amazon EC2 console.

Use AWS Compute Optimizer and take action on the provided recommendations.

Discussion 0

Questions 81

A company uses AWS Organizations to manage its AWS accounts. A SysOps administrator must create a backup strategy for all Amazon EC2 instances across all the company's AWS accounts.

Which solution will meet these requirements In the MOST operationally efficient way?

Options:

Deploy an AWS Lambda function to each account to run EC2 instance snapshots on a scheduled basis.

Create an AWS CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance

Use AWS Backup In the management account to deploy policies for all accounts and resources.

Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account.

Discussion 0

Questions 82

A company's SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots are deleted.

Which solution will provide this functionality?

Options:

Turn on deletion protection on individual EBS snapshots that need to be kept.

Create an 1AM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age Apply the policy to all users

Create a Recycle Bin retention rule for EBS snapshots for the desired retention period.

Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.

Discussion 0

Questions 83

A SysOps administrator manages policies for many AWS member accounts in an AWS Organizations structure. Administrators on other teams have access to the account root user credentials of the member accounts. The SysOps administrator must prevent all teams, including their administrators, from using Amazon DynamoDB. The solution must not affect the ability of the teams to access other AWS services.

Which solution will meet these requirements?

Options:

In all member accounts, configure 1AM policies that deny access to all DynamoDB resources for all users, including the root user.

Create a service control policy (SCP) in the management account to deny all DynamoDB actions. Apply the SCP to the root of the organization

In all member accounts, configure 1AM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.

Remove the default service control policy (SCP) in the management account. Create a replacement SCP that includes a single statement that denies all DynamoDB actions.

Discussion 0

Questions 84

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Discussion 0

Questions 85

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Discussion 0

Answer:

See the Explanation for solution.

Explanation:

Here are the steps to configure an Amazon S3 bucket to serve a static error page in the event of a failure at the primary site:

Find the existing S3 bucket named lab-751906329398-26023898.com and click on it.

In the "Properties" tab, click on "Static website hosting" and select "Use this bucket to host a website".

In "Index Document" field, enter the name of the object that you want to use as the index document, in this case, "index.html"

In the "Permissions" tab, click on "Block Public Access", and make sure that "Block all public access" is turned OFF.

Click on "Bucket Policy" and add the following policy to allow public read access:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "PublicReadGetObject",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::lab-751906329398-26023898.com/*"

}

]

}

Now navigate to the Amazon Route 53 service, and find the existing hosted zone named lab-751906329398-26023898.com.

Click on the "A record" and update the routing policy to "Primary - Failover" and add the existing ALB as the primary record.

Click on "Create Record" button and create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing S3 bucket.

Now, when the primary site (ALB) goes down, traffic will be automatically routed to the S3 bucket serving the static error page.

Note:

You can use CloudWatch to monitor the health of your ALB.

You can use Amazon S3 to host a static website.

You can use Amazon Route 53 for routing traffic to different resources based on health checks.

You can refer to the AWS documentation for more information on how to configure and use these services:

https://aws.amazon.com/s3/

https://aws.amazon.com/route53/

https://aws.amazon.com/cloudwatch/

Graphical user interface, application, Teams Description automatically generated

Questions 86

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Options:

Discussion 0

Weekend Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

examsbrite logo

Navigation:

AWS Certified SysOps Administrator - Associate (SOA-C02) SOA-C02 Exam Questions with Experts Answers Updated Recently

AWS Certified SysOps Administrator - Associate (SOA-C02) Question and Answers

SOA-C02 PDF

SOA-C02 Testing Engine

SOA-C02 PDF + Testing Engine

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Options:

Options:

Options:

Options: