Summer Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

SOA-C01 Sample Questions Answers

Questions 4

A SysOps Administrator must take a team’s single existing AWS CloudFormation template and split it into

smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.

What should the Administrator do to ensure that this S3 bucket can be referenced by all the service

templates?

Options:

A.

Include the S3 bucket as a mapping in each template.

B.

Add the S3 bucket as a resource in each template.

C.

Create the S3 bucket in its own template and export it.

D.

Generate the S3 bucket using StackSets.

D18912E1457D5D1DDCBD40AB3BF70D5D

Buy Now
Questions 5

A SysOps Administrator is creating additional Amazon EC2 instances and receives an InstanceLimitExceeded error.

What is the cause of the issue and how can it be resolved?

Options:

A.

The Administrator has requested too many instances at once and must request fewer instances in batches.

B.

The concurrent running instance limit has been reached, and an EC2 limit increase request must be filed with AWS Support.

C.

AWS does not currently have enough available capacity and a different instance type must be used.

D.

The Administrator must specify the maximum number of instances to be created while provisioning EC2 instances.

Buy Now
Questions 6

A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:

What is one cause of this?

Options:

A.

The cluster has Enhanced VPC Routing enabled and it must be turned off

B.

The cluster is only a single node and needs to be expanded to multi-node.

C.

The cluster login credentials are incorrect request new credentials from the Administrator

D.

The cluster nodes are running in multiple Availability Zones, and all need to be placed in a single Availability Zone.

Buy Now
Questions 7

Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration. Which log type will confirm whether users are trying to connect to the correct port?

Options:

A.

AWS CloudTrail logs

B.

Elastic Load Balancer access logs

C.

Amazon S3 access logs

D.

VPC Flow Logs

Buy Now
Questions 8

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

Options:

A.

Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

Buy Now
Questions 9

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead''

Options:

A.

Create a role for each department within AWS 1AM and assign each role the necessary permissions.

B.

Create a user for each department within AWS 1AM and assign each user the necessary permissions.

C.

Implement service control policies within AWS Organizations to determine which resources each department can access

D.

Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

Buy Now
Questions 10

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

Options:

A.

The EC2 instances are in the same Availability Zone, causing contention between the two.

B.

The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.

C.

The ALB health check has failed, and the ALB has taken EC2 instances out of service.

D.

The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Buy Now
Questions 11

A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.

The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.

What should be done to resolve the issue?

Options:

A.

Assign elastic IP addresses to the instances and create a route from the private subnets to the internet gateway.

B.

Delete the NAT instance and replace it with AWS WAF.

C.

Disable source/destination checks on the NAT instance.

D.

Start/Stop the NAT instance so it is launched on a different host.

Buy Now
Questions 12

A company needs to run a distributed application that processes large amounts of data across multiple EC2 instances. The application is designed to tolerate processing interruptions.

What is the MOST cost-effective Amazon EC2 pricing model for these requirements?

Options:

A.

Dedicated Hosts

B.

On-Demand instances

C.

Reserved instances

D.

Spot instances

Buy Now
Questions 13

An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3. With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.

Which service would be the MOST efficient way to transfer this data to Amazon S3?

Options:

A.

AWS Snowball

B.

AWS Direct Connect

C.

AWS Storage Gateway

D.

Amazon S3 Transfer Acceleration

Buy Now
Questions 14

A SysOps Administrator is deploying an Amazon EC2 instance and is using third-party VPN software to route traffic to an on-premises data center Based on the shared responsibility model AWS is responsible for managing which element of this deployment?

Options:

A.

Configuring IPsec tunnels for the VPN

B.

Ensuring high availability of the EC2 instance

C.

Ensuring high availability of the VPN connection

D.

Managing the health of the underlying EC2 host

Buy Now
Questions 15

A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create end delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company's AWS accounts and should be available to the Data Scientists, but no other users within the accounts.

Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?

Options:

A.

Create an Amazon Machine Image (AMI) of the EC2 instance. Share the AMI with authorized accounts owned by the company. Allow the Data Scientists to create EC2 instances with this AMI.

B.

Distribute an AWS CloudFormation template containing the EC2 instance configuration to the Data Scientists from an Amazon S3 bucket. Set the S3 template object to be readable from the AWS Organization orgid.

C.

Publish the instance configuration to the Private Marketplace Share the Private Marketplace with the company's AWS accounts. Allow the Data Scientists to subscribe and launch the product from the Private Marketplace.

D.

Upload an AWS CloudFormation template to AWS Service Catalog. Allow the Data Scientists to provision and deprovision products from the company's AWS Service Catalog portfolio.

Buy Now
Questions 16

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?

Options:

A.

Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.

B.

Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.

C.

Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.

D.

Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.

Buy Now
Questions 17

A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours.

What should be done to MINIMIZE disruption to the business?

Options:

A.

Reboot the instance as soon as possible to perform the system maintenance before the scheduled retirement.

B.

Reboot the instance outside business hours to perform the system maintenance before the scheduled retirement.

C.

Reboot the instance outside business hours to a new host before the scheduled retirement.

D.

Write an AWS Lambda function to restore the system when the Scheduled retirement occurs

Buy Now
Questions 18

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

Options:

A.

Back up the current KMS key and enable automatic key rotation.

B.

Create a new key in AWS KMS and assign the key to Amazon EBS.

C.

Enable automatic key rotation of the EBS volume key in AWS KMS.

D.

Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Buy Now
Questions 19

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instance in an Auto Scaling group that terminates unhealthy instances. The Auto Scaling group is configured to determine the health status of EC2 instances using both EC2 status checks and ALB checks. The Development team wants to analyze the unhealthy instances before termination.

What should the SysOps Administrator do to accomplish this?

Options:

A.

Configure the ALB health check to restart instances instead of terminating them.

B.

Configure an AWS Lambda function to take a snapshot of all instance before they are terminated.

C.

Implement Amazon CloudWatch Events to capture lifecycle events and trigger an AWS Lambda function for remediation.

D.

Use an Amazon EC2 Auto Scaling lifecycle hook to pause instance termination after the instance has been removed from service.

Buy Now
Questions 20

A SysOps administrator is managing a VPC network consisting of public and private subnets. Instances in the private subnets access the internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creating the most network traffic.

How should this be accomplished?

Options:

A.

Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses

B.

Run an AWS Cost and Usage report and group the findings by instance ID.

C.

Use the VPC traffic mirroring feature to send traffic to Amazon QuickSight.

D.

Use Amazon CloudWatch metrics generated by the NAT gateway for each individual instance.

Buy Now
Questions 21

A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.

What steps should be the Administrator take to complete this task?

Options:

A.

Select the AWS Namespace, filter by metric name, then add to the dashboard.

B.

Add a text widget, select the appropriate metric from the custom namespace, then add to the dashboard.

C.

Select the appropriate widget and metrics from the custom namespace, then add to the dashboard.

D.

Open the CloudWatch console, from the CloudWatch Events, add all custom metrics.

Buy Now
Questions 22

A SysOps administrator recently launched an application consisting of web servers running on Amazon EC2 instances, an Amazon ElastiCache cluster communicating on port 6379, and an Amazon RDS tor PostgreSQL DB instance communicating on port 5432. The web servers are in the security group web-sg. the ElastiCache cluster is in the security group cache-sg. and the DB instance is in the security group database-sg.

The application fails on start, with the error message "Unable to connect to the database."

The rules in web-sg are as follows.

Which change should the SysOps administrator make to web-sg to correct the issue without compromising security?

Options:

A.

Add a new inbound rule:

database-ag TCP 5432

B.

Add a new outbound rule:

database-sg TCP 5432

C.

Add a new outbound rule:

0.0.0.0/0 Ail Traffic 0-€5535

D.

Change the outbound rule to:

cache-sg TCP 54 32

Buy Now
Questions 23

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes tor this problem? (Select TWO.)

Options:

A.

CloudFront does not have the ALB configured as the origin access identity.

B.

The DNS is still pointing to the ALB instead of the CloudFront distribution.

C.

The ALB security group is not permitting inbound traffic from CloudFront.

D.

The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

E.

The target groups associated with the ALB are configured for sticky sessions.

Buy Now
Questions 24

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

Options:

A.

Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.

B.

Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.

C.

Disable server-side encryption for objects written to the S3 bucket by the Lambda function.

D.

Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.

Buy Now
Questions 25

An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted?

How can this be resolved?

Options:

A.

Enable encryption on each host’s connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.

B.

Enable encryption on the existing EFS volume by using the AWS command line interface.

C.

Enable encryption on each host’s local drive. Restart each host to encrypt the drive.

D.

Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each hosts to the new volume.

Buy Now
Questions 26

A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.

Which action should a SysOps Administrator recommend?

Options:

A.

Create a custom report using AWS Systems Manager Inventory to identify unapproved AMIs

B.

Run Amazon Inspector on all EC2 instances and flag instances using unapproved AMIs

C.

Use an AWS Config rule to identify unapproved AMIs

D.

Use AWS Trusted Advisor to identify EC2 workloads using unapproved AMIs

Buy Now
Questions 27

A SysOps administrator set up an Amazon ElastiCache for Memcached cluster for an application During testing, the application expenences increased latency. Amazon CloudWatch metrics (or the Memcached cluster show CPUUtilization is consistently above 95% and FreeableMemory is consistently under 1 MB.

Which aclion will solve the problem?

Options:

A.

Configure ElastiCache automatic scaling for the Memcached cluster. Set the CPU Utilization metric as a scaling trigger above 75% and FreeableMemory below 10 MB.

B.

Configure ElastiCache read replicas for each Memcached node in different Availability Zones to distribute the workload.

C.

Deploy an Application Load Balancer to distribute the workload to Memcached cluster nodes.

D.

Replace the Memcached cluster and select a node type that has a higher CPU and memory.

Buy Now
Questions 28

A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.

How should the SysOps Administrator publish the memory metrics? (Choose two.)

Options:

A.

Enable detailed monitoring on the instance within Amazon CloudWatch

B.

Publish the memory metrics to Amazon CloudWatch Events

C.

Publish the memory metrics using the Amazon CloudWatch agent

D.

Publish the memory metrics using Amazon CloudWatch Logs

E.

Set metrics_collection_interval to 60 seconds

Buy Now
Questions 29

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?

Options:

A.

Use Amazon CloudFront to log the URL and forward the request

B.

Use Amazon CloudFront to rewrite the header based on the microservice and forward the request

C.

Use a Network Load Balancer (NLB) and do path-based routing

D.

Use an Application Load Balancer (ALB) and do path-based routing

Buy Now
Questions 30

A SysOps Administrator is attempting to use AWS Systems Manager Session Manager to initiate a SSH session with an Amazon EC2 instance running on a custom Linux Amazon Machine Image (AMI) The Administrator cannot find the target instance in the Session Manager console

Which combination of actions with solve this issue? (Select TWO )

Options:

A.

Add Systems Manager permissions to the instance profile

B.

Configure the bucket used by Session Manager logs to allow write access

C.

install Systems Manager Agent on the instance

D.

Modify the instance security group to allow inbound traffic on SSH port 22

E.

Reboot the instance with a new SSH key pair named ssm-user

Buy Now
Questions 31

A SysOps Administrate is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company All data must be encrypted at rest

How should the Administrate implement this process?

Options:

A.

Write a script to download the encrypted snapshot decrypt it using the AWS KMS encryption key used to encrypt the snapshot then create a new volume in each account

B.

date the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts then share the snapshot with those accounts

C.

Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts Require each account owner to create a new volume from that snapshot and encrypt it

D.

Create a new unencrypted RDS instance from the encrypted snapshot connect to the instance using SSH/RDP, export the database contents into a file then share this file with the other accounts

Buy Now
Questions 32

A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet information security guidelines.

Which option would meet the requirement?

Options:

A.

Create a new CMK every 7 days to manually rotate the encryption keys.

B.

Enable key rotation on the CMKs and set the rotation period 7 days.

C.

Switch to using AWS CloudHSM as AWS KMS does not support key rotation.

D.

Use data keys for each encryption task to avoid the need to rotate keys.

Buy Now
Questions 33

The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.

What should the SysOps Administrator do to provide near real-time compliance reporting?

Options:

A.

Enable AWS Trusted Advisor and show the Security team that the Security Groups unrestricted access check will alarm.

B.

Schedule an AWS Lambda function to run hourly to scan and evaluate all security groups, and send a report to the Security team.

C.

Use AWS Config to enable the restricted-common-ports rule, and add port 80 to the parameters.

D.

Use Amazon Inspector to evaluate the security groups during scans, and send the completed reports to the Security team.

Buy Now
Questions 34

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?

Options:

A.

Copy the AMI to each region using aws ec2 copy-image Update the CloudFormation mapping include mappings for the copy AMIs.

B.

Creating a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI.

C.

Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.

D.

Update the CloudFormation template to include the additional regions in the auto scaling group. Update the existing stack in us-east-1.

Buy Now
Questions 35

A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:

What action will resolve the issue?

Options:

A.

Modify the EC2 security group rules to allow inbound traffic from the on-premises computer

B.

Modify the EC2 security group rules to allow outbound traffic to the on-premises computer

C.

Modify the VPC network ACL rules to allow inbound traffic from the on-premises computer

D.

Modify the VPC network ACL rules to allow outbound traffic to the on-premises computer

Buy Now
Questions 36

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?

Options:

A.

AWS Service Health Dashboard

B.

AWS Trusted Advisor

C.

AWS Personal Health Dashboard

D.

AWS Systems Manager

Buy Now
Questions 37

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?

Options:

A.

Implement an IAM policy that uses the aws:sourceConnection condition to allow access from the AWS Direct Connect connection ID only

B.

Set up a public virtual interface on the AWS Direct Connect connection

C.

Configure AWS Shield to protect the AWS Management Console from being accessed by IP addresses other than those within the data center ranges

D.

Update all the VPC network ACLs to allow access from the data center IP ranges

Buy Now
Questions 38

A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.

What should a sysops administrator use to validate the calls mode to SQS?

Options:

A.

Amazon CloudWatch

B.

Amazon S3 server access logs

C.

AWS CloudTrail

D.

AWS Cost Explorer

Buy Now
Questions 39

A company's application running on Amazon EC2 Linux recently crashed because it ran out ot available memory. Management wants to be alerted if this ever happens again. Which combination of steps will accomplish this? (Select TWO.)

Options:

A.

Create an Amazon CloudWatch dashboard to monitor the memory usage metrics on the Instance over time.

B.

Create an alarm on the dashboard that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

C.

Create an alarm on the metric that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

D.

Create an alarm on the AWS Personal Health Dashboard that publishes an Amazon SNS notification to alert the CIO when the system is out of memory.

E.

Configure the Amazon CloudWatch agent to collect and push memory usage metrics on the instance.

Buy Now
Questions 40

A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront

What is the MOST cost-effective way to achieve this?

Options:

A.

Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL

B.

Create an ALIAS record in Amazon Route 53 that points to the CloudFront distribution URL

C.

Creole an A record in Amazon Route 53 that points to the public IP address of the web application

D.

Create a PTR record in Amazon Route 53 that points to the public IP address of the web application

Buy Now
Questions 41

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances

How will AWS respond to this request?

Options:

A.

AWS will apply the patch during the next maintenance window and will provide the Administrator with a report of all patched EC2 instances

B.

AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI) and will provide the Administrator with a report of all patched EC2 instances

C.

AWS will research the vulnerability to see if the Administrator's operating system is impacted and will patch the EC2 instances that are affected

D.

AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances

Buy Now
Questions 42

An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.

What is the MOST cost-effective way to run this workload?

Options:

A.

Run the application on On-Demand EC2 instances. Run the jobs on Spot Instances with a specified duration.

B.

Run the application on Reserved Instance EC2 instances. Run the jobs on AWS Lambda.

C.

Run the application on On-Demand EC2 instances. Run the jobs on On-Demand EC2 instances.

D.

Run the application on Reserved instance EC2 instances. Run the jobs on Spot Instances with a specified duration.

Buy Now
Questions 43

A company backs up data from its data center using a tape gateway on AWS Storage Gateway. The SysOps Administrator needs to reboot the virtual machine running Storage Gateway.

What process will protect data integrity?

Options:

A.

Stop Storage Gateway and reboot the virtual machine, then restart Storage Gateway.

B.

Reboot the virtual machine, then restart Storage Gateway.

C.

Reboot the virtual machine.

D.

Shut down the virtual machine and stop Storage Gateway, then turn on the virtual machine.

Buy Now
Questions 44

A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.

Which metric can be measured given the constraints? (Select Three)

Options:

A.

CPU Utilization

B.

Disk Read Operations

C.

Memory Utilization

D.

Network Packets In

E.

Network Packets Dropped

F.

CPU Ready Time

Buy Now
Questions 45

An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.

What is a possible cause of this failure?

Options:

A.

The IAM user did not have privileges to launch the CloudFormation template.

B.

The t2 medium EC2 instance service limit was reached.

C.

An AWS Budgets threshold was breached.

D.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

Buy Now
Questions 46

A company’s web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC@ Auto Scaling group across multiple Availability Zones. Data is stored in an Amazon ElastiCache for Radius cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at midnight on Tuesday.

Which resources will need to have a maintenance window configured for midnight on Tuesday? (Choose two.)

Options:

A.

Elastic Load Balancer

B.

EC2 instances

C.

RDS instance

D.

ElastiCache cluster

E.

Auto Scaling group

Buy Now
Questions 47

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

Options:

A.

Delete the failed stack and create a new stack.

B.

Execute a change set on the failed stack.

C.

Perform an update-stack action on the failed stack.

D.

Run a validate-template command.

Buy Now
Questions 48

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

Options:

A.

Create a service control policy in AWS Organizations and apply it to the development account.

B.

Create a customer managed policy in IAM and apply it to all users within the development account.

C.

Create a job function policy in IAM and apply it to all users within the development account.

D.

Create an IAM policy and apply it in API Gateway to restrict the development account.

Buy Now
Questions 49

The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.

Which action should a SysOps Administrator take to accomplish this?

Options:

A.

Add each existing account to the central organization using AWS IAM.

B.

Create a new organization in each account and join them to the central organization.

C.

Log in to each existing account an add them to the central organization.

D.

Send each existing account an invitation from the central organization.

D18912E1457D5D1DDCBD40AB3BF70D5D

Buy Now
Questions 50

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

Options:

A.

Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway

B.

Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.

C.

Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.

D.

Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Buy Now
Questions 51

An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.

What is the MOST secure way to grant the application access to the credentials?

Options:

A.

Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters

B.

Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters

C.

Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters

D.

Create an IAM user for the application and grant the user permission to read the Systems Manager parameters

Buy Now
Questions 52

A company wants to identify specific Amazon EC2 instances that ate underutilized and the estimated cost savings for each instance How can this be done with MINIMAL effort?

Options:

A.

Use AWS Budgets to report on low utilization of EC2 instances.

B.

Run an AWS Systems Manager script to check for low memory utilization of EC2 instances.

C.

Run Cost Explorer to look for low utilization of EC2 instances.

D.

Use Amazon CloudWatch metrics to identify EC2 instances with low utilization.

Buy Now
Questions 53

A SysOps Administrator needs to create a replica of a company’s existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources.

What is the MOST efficient way to accomplish this?

Options:

A.

Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.

B.

Manually create an AWS Service Catalog portfolio in the new AWS account that duplicates the original portfolio.

C.

Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.

D.

Share the AWS Service Catalog portfolio with the other AWS accounts and import the portfolio into the other AWS accounts.

Buy Now
Questions 54

A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.

Which action should be taken to meet these requirements?

Options:

A.

Edit the template to remove the RDS resources and update the stack.

B.

Enable termination protection on the stack.

C.

Set the deletionPolicy attributes for RDS resources to retain in the template.

D.

Set the deletion-protection parameter on RDS resources.

Buy Now
Questions 55

An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.

How should the SAML assertion mapping be configured?

Options:

A.

Map the group attribute to an AWS group. The AWS group is assigned IAM policies that govern access to AWS resources.

B.

Map the policy attribute to IAM policies the federated user is assigned to. These policies govern access to AWS resources.

C.

Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.

D.

Map the user attribute to an AWS user. The AWS user is assigned specific IAM policies that govern access to AWS resources.

Buy Now
Questions 56

A company’s application stores documents within an Amazon S3 bucket. The application is running on Amazon EC2 in a VPC. A recent change in security requirements states that traffic between the company’s application and the S3 bucket must never leave the Amazon network.

What AWS feature can provide this functionality?

Options:

A.

Security groups

B.

NAT gateways

C.

Virtual private gateway

D.

Gateway VPC endpoints

Buy Now
Questions 57

A company uses AWS CloudFotmatlon to provision ils VPC. Amazon EC2 instances, and Amazon RDS DB instance The DB instance was deleted manually. When the stack was updated, it (ailed. During rollback, the stack returned the UPDATE_ROLLBACK_FAILEO state. A SysOps administrator must return the AWS Cloud Formation stack to a working state without interrupting existing resources.

Which solution will meet this requirement?

Options:

A.

Continue the update rollback while skipping the resources that have been manually deleted.

B.

Run the signal-resource command with the 08 instance name to proceed with the stack rollback.

C.

Recreate the DB Instance using the same resource name, and update the stack.

D.

Remove Amazon RDS from the template, and update the stack.

Buy Now
Questions 58

A sysops administrator is implementing SSL for a domain of an internet facing application running behind an Application load balancer (ALB). The administrator decides to use an SSL certificates from Amazon certificate Manager (ACM) to secure it. Upon creating a request for the ALB fully qualified domain name (FQND), it fails, and the error message “Domain not allowed” is displayed.

How can the administrator fix this issue?

Options:

A.

Contact the domain register and ask them to provide the verification required by AWS.

B.

Place a new request with the proper domain name instead of the ALB FQDN.

C.

Select the certificate request in the ACM console and resend the validation email.

D.

Contact AWS support and verify the request by answering security challenge questions.

Buy Now
Questions 59

A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The administrator notices an increase in the httpcode_ELS_5xx_Count Amazon CloudWatch metric for the load balancer.

What is the possible cause for this increase?

Options:

A.

The ALB Is associated with private subnets within the VPC.

B.

The ALB received a request from a client, but the client closed the connection.

C.

The ALB security group is not configured to allow inbound traffic from the users.

D.

The ALB target group does not contain healthy EC2 instances.

Buy Now
Questions 60

An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.

What should the organization do to reduce costs?

Options:

A.

Purchase Reserved Instances for the specific m2 instances

B.

Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances

C.

Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.

D.

Purchase Spot Instances for the specific m2 instances

Buy Now
Questions 61

A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.

Destination – 10.2.0.0/16

Target – local

Status – Active

Propagated – No

Destination – 0.0.0.0/0

Target – nat-xxxxxxx

Status – Blackhole

Propagated – No

What has caused the connectivity issue?

Options:

A.

The NAT gateway no longer exists

B.

There is no route to the internet gateway.

C.

The routes are no longer propagating.

D.

There is no route rule with a destination for the internet.

Buy Now
Questions 62

A SysOps Administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The Administrator has set up AWS Organizations and enabled Consolidated Billing.

Which additional steps must the Administrator perform to set up the billing alerts?

Options:

A.

In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers.

B.

In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

C.

In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers.

D.

In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

Buy Now
Questions 63

An environment company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and Expressures (CVE) report. The Security tea, requests that all these instances be upgraded.

Who is responsible for upgrading the EC2 instances?

Options:

A.

The AWS Security team

B.

The Amazon EC2 team

C.

The AWS Premium Support team

D.

The company’s System Administrator

Buy Now
Questions 64

A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.

Which action will resolve this issue?

Options:

A.

Configure AWS Database Migration Service (AWS DMS) to allow Amazon RDS for MySQL to scale and accept more requests.

B.

Configure RDS for MySQL to scale horizontally by additional nodes to offload write requests.

C.

Enable the Multi-AZ feature for the RDS instance.

D.

Modify the RDS MySQL instance so it is a larger instance type.

Buy Now
Questions 65

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

Options:

A.

Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.

B.

Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.

C.

Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.

D.

Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Buy Now
Questions 66

A SysOps administrator is implementing automated I/O load performance testing as part of lite continuous integraliorVcontinuous delivery (CI'CD) process for an application The application uses an Amazon Elastic Block Store (Amazon E8S) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.

Which actions could the SysOps administrator take to accomplish this goal? (Select TWO.)

Options:

A.

Restore the EBS volume from the snapshot with fast snapshot restore enabled

B.

Restore the EBS volume from the snapshot using the cold HDD volume type.

C.

Restore the EBS volume from the snapshot and pre-warm the volume by reading all of the blocks.

D.

Restore the EBS volume from the snapshot and configure encryption.

E.

Restore the EBS volume from the snapshot and configure I/O block sizes at random

Buy Now
Questions 67

A company uses multiple accounts for its applications. Account A manages the company’s Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the company’s web servers.

How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?

Options:

A.

Create an Amazon EC2 proxy in Account A that forwards requests to Account B.

B.

Create a load balancer in Account A that points to the load balancer in Account B.

C.

Create a CNAME record in Account A pointing to an alias record to the load balancer in Account B.

D.

Create an alias record in Account A pointing to the load balancer in Account B.

Buy Now
Questions 68

A company’s website went down for several hours. The root cause was a full disk on one of the company’s Amazon EC2 instances.

Which steps should the SysOps Administrator take to prevent this from happening in this future?

Options:

A.

Configure Amazon CloudWatch Events to filter and forward AWS Health events for disk space utilization to an Amazon SNS topic to notify the Administrator.

B.

Create an AWS Lambda function to describe the volume status for each EC2 instance. Post a notification to an Amazon SNS topic when a volume status is impaired.

C.

Enable detailed monitoring for the EC2 instances. Create an Amazon CloudWatch alarm to notify the

Administrator when disk space is running low.

D.

Use the Amazon CloudWatch agent on the EC2 instances to collect disk metrics. Create a CloudWatch alarm to notify the Administrator when disk space is running low.

Buy Now
Questions 69

A company uses LDAP-based credentials and Has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-Based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion.

Which API call should be used to retrieve credentials for federated programmatic access?

Options:

A.

sts:AssumeRote

B.

sts:AssumeRoleWithSAML

C.

stsAssumeRoleWithWebldentity

D.

sts:GetFederationToken

Buy Now
Questions 70

A SysOps administrator notices a scale-out event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric tor the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests

Where can the administrator find this information?

Options:

A.

Auto Scaling logs

B.

AWS CloudTrail logs

C.

EC2 instance logs

D.

Elastic Load Balancer access logs

Buy Now
Questions 71

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations

What should a SysOps administrator do to implement this requirement?

Options:

A.

Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console

B.

Develop an 1AM policy that limits the business units to provision EC2 instances only Instruct the business units to launch instances by using an AWS CtoudFormation template.

C.

Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog Allow the business units to perform actions in AWS Service Catalog only

D.

Share an AWS CloudFormation template with the business units Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Buy Now
Questions 72

A recent AWS CloudFormation stack update has failed and returned the error update_rollback_failed. A Sysops administrator is tasked with returning the CloudFormation stack to its previous working state.

What must be done to accomplish this?

Options:

A.

Fix the error that caused the attack to fail, then select the continue update Rollback action in the console.

B.

Select the update stack action with a working template in the console.

C.

Update the password of the IAM user, then select the continue update rollback action in the console.

D.

Use the AWS CLI to manually change the stack status to update_complete, then continue updating the stack with a working template.

Buy Now
Questions 73

A company is about to launch a new product and is expecting a large increase in application traffic. The application is running on Amazon EC3 is an Auto scaling group and using an Amazon RDS multi-AZ instance. The static content is stored in Amazon S3. During the load test, the time to access the application increased significantly. A SysOps administrator wants to increase the scalability of the application without compromising the durability of the architecture.

How can this goal be achieved?

Options:

A.

Move the static content from Amazon EFS and serve that the content through the EC2 instances.

B.

Move the databases from Amazon RDS to Amazon ElastiCache for Memcached.

C.

Use Amazon Cloudfront to cache the static content.

D.

Use Amazon Route S3 with geolocation routing.

Buy Now
Questions 74

A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.

Which remediation steps should be taken to resolve this issue? (Select TWO.)

Options:

A.

Add a larger Amazon EBS volume to the ElastiCache cluster nodes

B.

Add a load balancer to route traffic to the ElastiCache cluster

C.

Add additional worker nodes to the ElastiCache cluster

D.

Create an Auto Scaling group to the ElastiCache cluster

E.

Vertically scale the ElastiCache cluster by changing the node type

Buy Now
Questions 75

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?

Options:

A.

Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits al S3 actions on the bucket to the VPC endpoint as the source

B.

Create a VPC endpoint for the S3 bucket and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source

C.

Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket

D.

Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway

Buy Now
Questions 76

Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.

How can this be accomplished?

Options:

A.

Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.

B.

Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

C.

Send Cost and Usage Reports files to a central Amazon S3 bucket and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.

D.

Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.

Buy Now
Questions 77

A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:

403 Forbiddan - Access Denied

What change should be made to fix this error'?

Options:

A.

Add a bucket policy that grants everyone read access to the bucket

B.

Add a bucket policy that grants everyone read access to the bucket objects

C.

Remove the default bucket policy that denies read access to the bucket.

D.

Configure cross origin resource sharing (CORS) on the bucket

Buy Now
Questions 78

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)

Options:

A.

Use a VPN to set up a tunnel between the on-premises data center and the AWS resources

B.

Use AWS Certificate Manager to create TLS/SSL certificates

C.

Use AWS CloudHSM to encrypt the data

D.

Use AWS KMS to create TLS/SSL certificates

E.

Use AWS KMS to manage the encryption keys used for data encryption

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: May 24, 2024
Questions: 263
$64  $159.99
$48  $119.99
$40  $99.99
buy now SOA-C01