Summer Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

SOA-C02 PDF

$49.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

SOA-C02 PDF + Testing Engine

$79.2

$175.99

3 Months Free Update

  • Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Last Update: Jun 23, 2022
  • Questions and Answers: 154
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

SOA-C02 Engine

$59.4

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question # 6

A SysOps administrator receives notification that an application that is running on Amazon EC2 instances has failed to authenticate to an Amazon RDS database To troubleshoot, the SysOps administrator needs to investigate AWS Secrets Manager password rotation

Which Amazon CloudWatch log will provide insight into the password rotation?

A.

AWS CloudTrail logs

B.

EC2 instance application logs

C.

AWS Lambda function logs

D.

RDS database logs

Full Access
Question # 7

A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.

Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

A.

Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

Full Access
Question # 8

A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working In us-east-1. but it is failing In us-west-2 with the error code:

How should the administrator ensure that the AWS Cloud Formation template is working in every region?

A.

Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.

B.

Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID.

C.

Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control.

D.

Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings" section. Refer to the proper mapping within the template for the proper AMI ID.

Full Access
Question # 9

A company has a stateless application that runs on four Amazon EC2 instances. The application requires tour instances at all times to support all traffic. A SysOps administrator must design a highly available, fault-tolerant architecture that continually supports all traffic if one Availability Zone becomes unavailable.

Which configuration meets these requirements?

A.

Deploy two Auto Scaling groups in two Availability Zones with a minimum capacity of two instances in each group.

B.

Deploy an Auto Scaling group across two Availability Zones with a minimum capacity of four instances.

C.

Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of four instances.

D.

Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of six instances.

Full Access
Question # 10

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:

Which solution will provide the EC2 instances in the private subnet with access to the internet?

A.

Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.

B.

Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.

C.

Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.

D.

Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Full Access
Question # 11

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A.

a dedicated VPC.

B.

a single subnet inside the VPC.

C.

a placement group.

D.

a single Availability Zone.

Full Access
Question # 12

A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance. The administrator has been tasked with reconfiguring the infrastructure to support this approach.

How can the administrator accomplish this with the LEAST administrative overhead?

A.

Use Amazon CloudFront to log the URL and forward the request.

B.

Use Amazon CloudFront to rewrite the header based on the microservice and forward the request.

C.

Use an Application Load Balancer (ALB) and do path-based routing.

D.

Use a Network Load Balancer (NLB) and do path-based routing.

Full Access
Question # 13

A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.

Which parameters should be specified to accomplish this in the MOST efficient manner?

A.

Specify "' as the principal and PrincipalOrgld as a condition.

B.

Specify all account numbers as the principal.

C.

Specify PrincipalOrgld as the principal.

D.

Specify the organization's management account as the principal.

Full Access
Question # 14

The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.

Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

A.

AWS Trusted Advisor

B.

Amazon Inspector

C.

AWS Config

D.

AWS Organizations

Full Access
Question # 15

A company is running an application on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances are launched by an Auto Scaling group and are automatically registered in a target group. A SysOps administrator must set up a notification to alert application owners when targets fail health checks.

What should the SysOps administrator do to meet these requirements?

A.

Create an Amazon CloudWatch alarm on the UnHealthyHostCount metric. Configure an action to send an Amazon Simple Notification Service (Amazon SNS) notification when the metric is greater than 0.

B.

Configure an Amazon EC2 Auto Scaling custom lifecycle action to send an Amazon Simple Notification Service (Amazon SNS) notification when an instance is in the Pending:Wait state.

C.

Update the Auto Scaling group. Configure an activity notification to send an Amazon Simple Notification Service (Amazon SNS) notification for the Unhealthy event type.

D.

Update the ALB health check to send an Amazon Simple Notification Service (Amazon SNS) notification when an instance is unhealthy.

Full Access
Question # 16

A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the most flexibility.

What should the company do to MAXIMIZE cost savings while meeting these requirements?

A.

Establish the compute expense by the hour. Purchase a Compute Savings Plan.

B.

Establish the compute expense by the hour. Purchase an EC2 Instance Savings Plan.

C.

Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy.

D.

Use EC2 Spot Instances to match the instances that run in each Region.

Full Access
Question # 17

An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership

What is the BEST method to allow access using current LDAP credentials?

A.

Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD

B.

Create a Lambda function to read LDAP groups and automate the creation of IAM users

C.

Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server

D.

Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions

Full Access
Question # 18

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

A.

Configure the file system for Provisioned Throughput.

B.

Enable encryption in transit on the file system.

C.

Identify any unused files in the file system, and remove the unused files.

D.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Full Access
Question # 19

A company stores files on 50 Amazon S3 buckets in the same AWS Region The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances The company needs a solution that produces no additional cost

Which solution will meet these requirements?

A.

Create a gateway VPC endpoint lor each S3 bucket Attach the gateway VPC endpoints to each subnet inside the VPC

B.

Create an interface VPC endpoint (or each S3 bucket Attach the interface VPC endpoints to each subnet inside the VPC

C.

Create one gateway VPC endpoint for all the S3 buckets Add the gateway VPC endpoint to the VPC route table

D.

Create one interface VPC endpoint for all the S3 buckets Add the interface VPC endpoint to the VPC route table

Full Access
Question # 20

A company has a new requirement stating that all resources in AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWSConfig

D.

AWS Systems Manager

Full Access
Question # 21

A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.

What is the MOST cost-effective way to resize the cluster?

A.

Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.

B.

Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original duster.

C.

Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and restore the backup in the new cluster. After the process is complete, shut down the original cluster.

D.

Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to large nodes.

Full Access
Question # 22

A recent audit found that most resources belonging to the development team were in violation of patch compliance standards The resources were properly tagged Which service should be used to quickly remediate the issue and bring the resources back into compliance?

A.

AWS Config

B.

Amazon Inspector

C.

AWS Trusted Advisor

D.

AWS Systems Manager

Full Access
Question # 23

A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and

Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log sources contain the status codes? (Choose two.)

A.

VPC Flow Logs

B.

AWS CloudTrail logs

C.

ALB access logs

D.

CloudFront access logs

E.

RDS logs

Full Access