SOA-C02 Practice Exam Questions with Answers AWS Certified SysOps Administrator - Associate (SOA-C02) Certification

Question # 6

A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.

What should the SysOps administrator do to ensure that all traffic is logged?

Create a new flow tog that has a titter setting to capture all traffic

Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog

Edit the existing flow log Change the fitter setting to capture all traffic

Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog

Full Access

Question # 7

A SysOps administrator is responsible for a legacy. CPU-heavy application The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance The system is showing 90% CPU usage and significant performance latency after a few minutes

What change should be made to alleviate the performance problem?

Change the Amazon EBS volume to Provisioned lOPs

Upgrade to a compute-optimized instance

Add additional 12 large instances to the application

Purchase Reserved Instances

Full Access

Question # 8

A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.

A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.

Which action will ensure that the CloudWatch alarms function correctly?

Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.

Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

Full Access

Question # 9

A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.

However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions.

Which action will meet these requirements?

Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

Specify the capacity-optimized allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

Specify the lowest-price allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

Specify the lowest-price allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

Full Access

Question # 10

A company has a stateless application that runs on four Amazon EC2 instances. The application requires tour instances at all times to support all traffic. A SysOps administrator must design a highly available, fault-tolerant architecture that continually supports all traffic if one Availability Zone becomes unavailable.

Which configuration meets these requirements?

Deploy two Auto Scaling groups in two Availability Zones with a minimum capacity of two instances in each group.

Deploy an Auto Scaling group across two Availability Zones with a minimum capacity of four instances.

Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of four instances.

Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of six instances.

Full Access

Question # 11

A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out.

Which action should the SysOps administrator take to meet these requirements?

Enable instance scale-in protection.

Place the instance into the Standby stale.

Remove the listener from the ALB

Suspend the Launch and Terminate process types.

Full Access

Question # 12

A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working In us-east-1. but it is failing In us-west-2 with the error code:

SOA-C02 question answer

How should the administrator ensure that the AWS Cloud Formation template is working in every region?

Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.

Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID.

Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control.

Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings" section. Refer to the proper mapping within the template for the proper AMI ID.

Full Access

Question # 13

A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application Into a production VPC. The application consists of an AWS Lambda function an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoDB table.

Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack

Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

Enable termination protection on the AWS Cloud Formation stack.

Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

Full Access

Question # 14

A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company already has configured the database to use the maximum max_connections value that is possible

What should a SysOps administrator do to resolve these errors'?

Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases

Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function

Increase the value in the max_connect_errors parameter in the parameter group that the database uses

Update the Lambda function's reserved concurrency to a higher value

Full Access

Question # 15

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

Configure the file system for Provisioned Throughput.

Enable encryption in transit on the file system.

Identify any unused files in the file system, and remove the unused files.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Full Access

Question # 16

A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones The application uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests tor dynamic content to the load balancer and requests for static content to an Amazon S3 bucket Site visitors are reporting extremely long loading times.

Which actions should be taken to improve the performance of the website? (Select TWO )

Add Amazon CloudFront caching for static content

Change the load balancer listener from HTTPS to TCP

Enable Amazon Route 53 latency-based routing

Implement Amazon EC2 Auto Scaling for the web servers

Move the static content from Amazon S3 to the web servers

Full Access

Question # 17

A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi-AZ database for data storage.

Which configuration approach will meet these requirements?

Enable Transparent Data Encryption (TDE) in the MySQL configuration file. Manually rotate the key every 12 months.

Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS.

Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable RDS encryption on the database at creation time by using the KMS key.

Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the RDS DB instance.

Full Access

Question # 18

A company plans to migrate several of its high performance computing (MPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.

Which strategy should the SysOps administrator choose to meet these requirements?

Deploy the instances in a cluster placement group in one Availability Zone.

Deploy the instances in a partition placement group in two Availability Zones

Deploy the instances in a partition placement group in one Availability Zone

Deploy the instances in a spread placement group in two Availably Zones

Full Access

Question # 19

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

SOA-C02 question answer

See the Explanation for solution.

Full Access

Question # 20

A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application's availability or design.

Which solution will meet these requirements?

Reduce the number of application servers.

Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.

Provision an Application Load Balancer in front of the instances.

Scale up the instance size of the application servers.

Full Access

Question # 21

A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.

How should the SysOps administrator use AWS CloudFormation to create a solution?

Use Amazon EC2 user data in a CloudFormation template

Use nested stacks to provision resources

Use parameters in a CloudFormation template

Use stack policies to provision resources

Full Access

Question # 22

A company's financial department needs to view the cost details of each project in an AWS account A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer

Which solution will meet this requirement?

Activate cost allocation tags Add a project tag to the appropriate resources

Configure consolidated billing Create AWS Cost and Usage Reports

Use AWS Budgets Create AWS Budgets reports

Use cost categories to define custom groups that are based on AWS cost and usage dimensions

Full Access

Question # 23

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.

Which solution will meet these requirements?

Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.

Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.

Create an auto scaling policy with a target metric of 195 DatabaseConnections

Modify the DB cluster by increasing the Aurora Replica instance size.

Full Access

Question # 24

A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS.

What is the MOST operationally efficient solution that meets these requirements?

Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chef recipes.

Use AWS CloudFormation to create a stack and add layers for Chef recipes.

Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.

Use AWS OpsWorks to create a stack and add layers with Chef recipes.

Full Access

Question # 25

A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.

Which solution will meet these requirements in the MOST secure manner?

Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user. Share the user credentials with the security administrator.

Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM

user. Share the user credentials with the security administrator.

Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account.

Full Access

Question # 26

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Full Access

Answer:

See the Explanation for solution.

Explanation:

Here are the steps to configure an Amazon S3 bucket to serve a static error page in the event of a failure at the primary site:

Log in to the AWS Management Console and navigate to the S3 service in the us-east-2 Region.
Find the existing S3 bucket named lab-751906329398-26023898.com and click on it.
In the "Properties" tab, click on "Static website hosting" and select "Use this bucket to host a website".
In "Index Document" field, enter the name of the object that you want to use as the index document, in this case, "index.html"
In the "Permissions" tab, click on "Block Public Access", and make sure that "Block all public access" is turned OFF.
Click on "Bucket Policy" and add the following policy to allow public read access:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "PublicReadGetObject",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::lab-751906329398-26023898.com/*"

}

]

}

Now navigate to the Amazon Route 53 service, and find the existing hosted zone named lab-751906329398-26023898.com.
Click on the "A record" and update the routing policy to "Primary - Failover" and add the existing ALB as the primary record.
Click on "Create Record" button and create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing S3 bucket.
Now, when the primary site (ALB) goes down, traffic will be automatically routed to the S3 bucket serving the static error page.

Note:

You can use CloudWatch to monitor the health of your ALB.
You can use Amazon S3 to host a static website.
You can use Amazon Route 53 for routing traffic to different resources based on health checks.
You can refer to the AWS documentation for more information on how to configure and use these services:

SOA-C02 question answer