SOA-C01 Practice Exam Questions with Answers AWS Certified SysOps Administrator - Associate Certification

The ALB Is associated with private subnets within the VPC.

The ALB received a request from a client, but the client closed the connection.

The ALB security group is not configured to allow inbound traffic from the users.

The ALB target group does not contain healthy EC2 instances.

Create a new CloudFormation stack based on the changes that were made Delete the old stack and deploy the new stack

Update the CloudFormation stack using a change set Review the changes and update the stack

Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed

Use drift detection on the CloudFormation stack Use the output to update the CloudFormation template and redeploy the stack

Performing underlying OS updates

Provisioning of storage for database

Scheduling maintenance, patches, and other updates

Executing maintenance, patches, and other updates

Activate the createdBy tag in the account

Analyze the usage with Amazon CloudWatch dashboards

Analyze the usage with Cost Explorer

Configure AWS Trusted Advisor to track resource usage

Create a billing alarm in AWS Budgets

Redeploy the operational function to a VPC.

Increase the operational function timeout.

Set the operational function concurrency to 1.

Increase the operational function memory.

The instance does not have an Elastic IP address.

The instance has security group that does not allow Internet Control Message Protocol (ICMP) traffic

The instance is not set up in a VPC using AWS Direct Connect.

The instance is running in a peered VPC.

Enable a lifecycle policy on the S3 bucket

Enable cross-origin resource sharing on the S3 bucket

Enable object tagging on the S3 bucket

Enable versioning on the S3 bucket

Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.

Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.

Use Amazon Athena to query S3 Analytics reports for HTTP 403 errors, and determine the 1AM user or role making the requests.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the 1AM user or role making the requests.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the 1AM user or role making the requests.

A network ACL associated with the bastion's subnet is blocking the network traffic

The instance does not have a private IP address.

The route table associated with the bastion's subnet does not have a route to the internet gateway

The security group for the instance does not have an inbound rule on port 22

The security group for the instance does not have an outbound rule on port 3389.

Automate using AWS Elastic Beanstalk to provision the AWS Accounts, set up infrastructure, and integrate with AWS Organizations.

Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure.

Use AWS config to provision accounts and deploy instances using AWS service catalog.

Use AWS Control Tower to create a template in account factory and use the template to provision new accounts.

Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.

Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

Send Cost and Usage Reports files to a central Amazon S3 bucket and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.

Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.

A single virtual private gateway, because it can be associated with a single AZ only.

A single internet gateway, because it is not redundant across both AZs.

A single NAT gateway, because it is not redundant across both AZs

The default VPC route table, because it can be associated with a single AZ only

The load balancer will continue to perform the health check on the EC2 instance.

The EC2 instance will be terminated based on the health check failure.

The EC2 instance will be rebooted.

The load balancer will stop sending traffic to the EC2 instance.

A new EC2 instance will be deployed to replace the unhealthy instance.

Monitor AWS CloudTrail for StopInstances API calls related to upcoming maintenance.

Review the Personal Health Dashboard for any scheduled maintenance.

From the AWS Management Console, list any instances with failed system status checks.

Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring.

Contact AWS Support to pre-warm the database to ensure that it can handle any unexpected spikes in traffic

Create a new Multi-AZ RDS DB instance. Migrate the data to the new DB instance and delete the old one

Create a read replica from the existing database outside of business hours

Modify the DB instance to outside of business hours be a Multi-AZ deployment

Use Amazon Inspector and Amazon CloudWatch Events.

Use AWS Trusted Advisor and Amazon CloudWatch Events.

Use the Personal Health Dashboard and CloudWatch Events.

Use AWS CloudTrail and CloudWatch Events.

Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL

Create an ALIAS record in Amazon Route 53 that points to the CloudFront distribution URL

Creole an A record in Amazon Route 53 that points to the public IP address of the web application

Create a PTR record in Amazon Route 53 that points to the public IP address of the web application

Add an export field to the outputs of the first template and import the values in the second template

Create a custom resource that queries the stack created by the first template and retrieves the required values.

Create a mapping in the first template that is referenced by the second template

Input the names of resources in the first template and refer to those names in the second template as a parameter

Place the EC2 instances into an AWS Auto Scaling group.

Configure the ALB's Target Group to use more frequent health checks.

Enable sticky sessions on the Application Load Balancer.

Increase the idle timeout setting of the Application Load Balancer.

Apply an 1AM policy to all 1AM entities in the account with a statement to explicitly deny NotAction: s3:

Configure AWS Config to terminate compute resources that have been created in the accounts.

Configure AWS CloudTrail to block any action where the event source is not s3.amazonaws.com.

Update the service control policy on the account to deny the unapproved services.

VPC Flow Logs

AWS CloudTrail logs

ALB access logs

ClodFront access logs

RDS logs

Add the EC2 instances to the ALB target group, configure the health check, and ensure that the instances report healthy.

Add the EC2 instances to an Auto Scaling group, configure the health check to ensure that the instances report healthy, and remove the public IPs from the instances.

Create a new subnet in which EC2 instances and ALB will reside to ensure that they can communicate, and remove the public IPs from the instances.

Change the security group for the EC2 instances to allow access from only the ALB security group, and remove the public IPs from the instances.

Change the security group to allow access from 0.0.0.0/0, which permits access from the ALB.

AWS Config

AWS Systems Manager

Amazon inspector

AWS Service Catalog

Create an AWS Storage Gateway volume gateway configured as a stored volume Mount it from clients using Internet Small Computer System Interface OSCSI)

Mount an Amazon EFS volume on a local server Share this volume with employees who need access to the images

Store the images in Amazon S3 and use AWS Data Pipeline to allow for caching of S3 data on local workstations

Use Amazon S3 for file storage, and enable S3 Transfer Acceleration to maintain a cache for frequently used files to increase local performance

Set up a bastion host in a public subnet, and configure security groups and route tables accordingly.

Set up a bastion host in the private subnet, and configure security groups accordingly.

Configure a load balancer in a public subnet, and configure the route tables accordingly.

Set up a NAT gateway in a public subnet, and change the private subnet route tables accordingly.

Set up a NAT gateway in a private subnet, and ensure that the route tables are configured accordingly.

The cluster has Enhanced VPC Routing enabled and it must be turned off

The cluster is only a single node and needs to be expanded to multi-node.

The cluster login credentials are incorrect request new credentials from the Administrator

The cluster nodes are running in multiple Availability Zones, and all need to be placed in a single Availability Zone.

Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters

Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters

Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters

Create an IAM user for the application and grant the user permission to read the Systems Manager parameters

Use Amazon CloudFront to cache the traffic and block access to the web servers

Use Amazon GuardDuty to protect the web servers from bots and scrapers

Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups

Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold

Purchase Reserved Instances for the specific m2 instances

Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances

Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.

Purchase Spot Instances for the specific m2 instances

Use AWS Direct Connect and a public virtual interface to connect to Amazon S3.

Use a managed NAT gateway to connect to Amazon S3.

Deploy a VPC endpoint to connect to Amazon S3.

Deploy an internet gateway to connect to Amazon S3.

Create a custom script that pipes memory utilization to Amazon S3, then, scale with an AWS Lambda-powered event

Install the Amazon CloudWatch memory monitoring scripts, and create a custom metric based on the script’s results

Increase the minimum size of the cluster to meet memory and application load demands

Deploy an Application Load Balancer to more evenly distribute traffic among nodes

Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04

Ensure the heath check setting on the NLB for the Matcher configuration is between 200 and 399

Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r 100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).

Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses

AWS will apply the patch during the next maintenance window and will provide the Administrator with a report of all patched EC2 instances

AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI) and will provide the Administrator with a report of all patched EC2 instances

AWS will research the vulnerability to see if the Administrator's operating system is impacted and will patch the EC2 instances that are affected

AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances

Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.

Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.

Stop the EC2 instance. Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.

Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.