Winter Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

AWS Certified SysOps Administrator - Associate (SOA-C02) Question and Answers

AWS Certified SysOps Administrator - Associate (SOA-C02)

Last Update Jan 30, 2023
Total Questions : 305

We are offering FREE SOA-C02 Amazon Web Services exam questions. All you do is to just go and sign up. Give your details, prepare SOA-C02 free exam questions and then go for complete pool of AWS Certified SysOps Administrator - Associate (SOA-C02) test questions that will help you more.

SOA-C02 pdf

SOA-C02 PDF

$40  $99.99
SOA-C02 Engine

SOA-C02 Testing Engine

$48  $119.99
SOA-C02 PDF + Engine

SOA-C02 PDF + Testing Engine

$64  $159.99
Questions 1

A SysOps administrator has Nocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future.

What is the MOST operationally efficient way to meet this requirement?

Options:

A.  

Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.

B.  

Create a cron script that uses the S3 API to check the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications

C.  

Enable S3 Event notified tons for each S3 bucket. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic.

D.  

Enable the s3-bucket-public-read-prohibited managed rule in AWS Config. Subscribe the AWS Config rule to an Amazon Simple Notification Service (Amazon SNS) topic.

Discussion 0
Questions 2

A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.

According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the company’s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.

Which action should the SysOps administrator take to meet these requirements?

Options:

A.  

Increase the size of the 1 GiB EBS volumes.

B.  

Add two additional elastic network interfaces on each EC2 instance.

C.  

Turn on Transfer Acceleration on the EBS volumes in the Region.

D.  

Add all the EC2 instances to a cluster placement group.

Discussion 0
Questions 3

A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account

Which combination of steps must the SysOps administrator take to meet this requirement? (Select TWO.)

Options:

A.  

Sign in to the new account by using 1AM credentials. Change the support plan.

B.  

Sign in to the new account by using root user credentials. Change the support plan.

C.  

Use the AWS Support API to change the support plan.

D.  

Reset the password of the account root user.

E.  

Create an IAM user that has administrator privileges in the new account.

Discussion 0
Questions 4

A company is managing multiple AWS accounts in AWS Organizations The company is reviewing internal security of Its AWS environment The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts

Which solution will meet these requirements in the MOST secure manner?

Options:

A.  

Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user Share the user credentials with the security administrator

B.  

Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions Assign the policy to an IAM user Share the user credentials with the security administrator

C.  

Create an IAM policy in each developer account that has administrator access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account

D.  

Create an IAM policy m each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account

Discussion 0
Questions 5

A SysOps administrator is unable to launch Amazon EC2 instances into a VPC because there are no available private IPv4 addresses in the VPC. Which combination of actions must the SysOps administrator take to launch the instances? (Select TWO.)

Options:

A.  

Associate a secondary IPv4 CIDR block with the VPC

B.  

Associate a primary IPv6 CIDR block with the VPC

C.  

Create a new subnet for the VPC

D.  

Modify the CIDR block of the VPC

E.  

Modify the CIDR block of the subnet that is associated with the instances

Discussion 0
Questions 6

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors.

The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.

Based on these requirements what should be added to the template?

Options:

A.  

Conditions with a timeout set to 4 hours.

B.  

CreationPolicy with timeout set to 4 hours.

C.  

DependsOn a timeout set to 4 hours.

D.  

Metadata with a timeout set to 4 hours

Discussion 0
Questions 7

A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above 70%.

A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of instances.

The SysOps administrator must restore the website's functionality without making changes to the network infrastructure.

Which solution will meet these requirements?

Options:

A.  

Activate unlimited mode for the instances in the Auto Scaling group.

B.  

Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.

C.  

Move the website to a different AWS Region that is closer to the users.

D.  

Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.

Discussion 0
Questions 8

A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address.

How should the SysOps administrator deploy the application to meet this requirement?

Options:

A.  

Behind an Amazon API Gateway API

B.  

Behind an Application Load Balancer

C.  

Behind an internet-facing Network Load Balancer

D.  

In an Amazon CloudFront distribution

Discussion 0
Questions 9

A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.

What should a SysOps administrator do to meet this requirement?

Options:

A.  

Perform a CloudWatch Logs Insights query that uses the stats command and count function.

B.  

Perform a CloudWatch Logs search that uses the groupby keyword and count function.

C.  

Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

D.  

Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Discussion 0
Questions 10

A company's backend infrastructure contains an Amazon EC2 instance in a private subnet. The private subnet has a route to the internet through a NAT gateway in a public subnet. The instance must allow connectivity to a secure web server on the internet to retrieve data at regular intervals.

The client software times out with an error message that indicates that the client software could not establish the TCP connection.

What should a SysOps administrator do to resolve this error?

Options:

A.  

Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0.0.0.0/0.

B.  

Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0.0.0.0/0.

C.  

Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0.0.0.0/0.

D.  

Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS. Destination - 0.0.0.0/0.

Discussion 0
Questions 11

A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between

6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.  

Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.

B.  

Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.

C.  

Create a target tracking scaling policy to add more instances when memory utilization is above 70%.

D.  

Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.

Discussion 0
Questions 12

A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The company uses Amazon Route 53 for its website's DNS solution.

Which configuration will meet these requirements?

Options:

A.  

Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.

B.  

Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.

C.  

Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.

D.  

Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.

Discussion 0
Questions 13

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Discussion 0
Questions 14

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Discussion 0
Questions 15

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

See the Explanation for solution.

Options:

Discussion 0
Questions 16

A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the

member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers

are unable to configure a billing alarm. The IAM permissions for all users are correct.

What could be the cause of this issue?

Options:

A.  

The management/payer account does not have billing alerts turned on.

B.  

The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account.

C.  

Amazon GuardDuty is turned on for all the accounts.

D.  

The company has not configured an AWS Config rule to monitor billing.

Discussion 0
Questions 17

A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately What should the SysOps administrator do to meet these requirements WITHOUT writing custom code''

Options:

A.  

Add the AWS account to AWS Organizations Enable CloudTrail in the management account

B.  

Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action

C.  

Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail

D.  

Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail

Discussion 0
Questions 18

A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code

Which solution will meet these requirements?

Options:

A.  

Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name

B.  

Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution.

C.  

Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.

D.  

Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.

Discussion 0
Questions 19

A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.

Which solution will meet this requirement?

Options:

A.  

Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.

B.  

Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.

C.  

Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.

D.  

Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Discussion 0
Questions 20

A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and

Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log sources contain the status codes? (Choose two.)

Options:

A.  

VPC Flow Logs

B.  

AWS CloudTrail logs

C.  

ALB access logs

D.  

CloudFront access logs

E.  

RDS logs

Discussion 0
Questions 21

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.  

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.

B.  

Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon S3 object. The security team can use the information in the tag to verify the integrity of the delivered files.

C.  

Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.

D.  

Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Discussion 0
Questions 22

A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected The SysOps administrator configures an Amazon EC2 Auto Scaling Lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 distances When the configuration is complete, the Lambda function calls the complete Lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambda function is not invoked when the EC2 instances auto scale.

What should the SysOps administrator do to reserve this issue?

Options:

A.  

Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.

B.  

Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout.

C.  

Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.

D.  

Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event

Discussion 0
Questions 23

A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.

Which solution will meet these requirements?

Options:

A.  

Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topic. Subscribe the SysOps team email address to the SNS topic.

B.  

Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.

C.  

Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Seating group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).

D.  

Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.

Discussion 0
Questions 24

A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS records.

Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

Options:

A.  

Geolocation routing policy

B.  

Geoproximity routing policy

C.  

Latency routing policy

D.  

Multivalue answer routing policy

Discussion 0
Questions 25

A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.

The SysOps administrator must give Systems Manager the ability to access the EC2 instances.

Which additional action must the SysOps administrator perform to meet this requirement?

Options:

A.  

Add an inbound rule to the instances' security group.

B.  

Attach an 1AM instance profile with access to Systems Manager to the instances.

C.  

Create a Systems Manager activation Then activate the fleet of instances.

D.  

Manually specify the instances to patch Instead of using tag-based selection.

Discussion 0
Questions 26

A company has a compliance requirement that no security groups can allow SSH ports to be open to all IP addresses. A SysOps administrator must implement a solution that will notify the company's SysOps team when a security group rule violates this requirement. The solution also must remediate the security group rule automatically.

Which solution will meet these requirements?

AZ. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a security group changes. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on all ports, and notify the SysOps team if the security group is noncompliant.

B. Create an AWS CloudTrail metric filter for security group changes. Create an Amazon CloudWatch alarm to notify the SysOps team through an Amazon Simple Notification Service (Amazon SNS) topic when (he metric is greater than 0. Subscribe an AWS Lambda function to the SNS topic to remediate the security group rule by removing the rule.

C. Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to the AWS Config rule by using the AWS Systems Manager Automation AWS-

DisablePublicAccessForSecurityGroup runbook. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.

D. Create an AWS CloudTrail metric filter for security group changes. Create an Amazon CloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manager action to the CloudWatch alarm to suspend the security group by using the Systems Manager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarm is in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as a second target to notify the SysOps team.

Options:

Discussion 0