Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Amazon Web Services SOA-C02 Practice Exam with Questions & Answers | Set: 4

Questions 31

A SysOps administrator needs to monitor Amazon DynamoDB usage across a company's AWS accounts. The accounts are in an organization with all features enabled in AWS Organizations. The company recently experienced write throttling on a DynamoDB table after the company breached the AccountProvisionedWriteCapacityUnits quota in a member account.

The SysOps administrator must create alarms to monitor DynamoDB provisioned write capacity units (WCUs) and quota usage in each account. The SysOps administrator must manage and view the alarms from a single monitoring account.

Which combination of steps will meet these requirements? (Select TWO.)

Options:
A.

Configure an Amazon CloudWatch delegated administrator from the organization's management account.

B.

Configure the monitoring account to accept metrics from source accounts. Link each source account to the monitoring account.

C.

Create a metric stream in each source account by using an Amazon Data Firehose stream. Configure the monitoring account to accept metrics from the Firehouse stream in the source accounts.

D.

Create two Amazon CloudWatch alarms in the monitoring account. Use the AccountProvisionedWriteCapacrtyUnits metric for the first alarm. Specify a math expression that uses the SERVICE_QUOTA() function as a new metric for the second alarm.

E.

Create two Amazon CloudWatch alarms in every account Use the ProvisionedWriteCapacityUnits metric for the first alarm. Specify a math expression that uses the SERVICE_QUOTA() function as a new metric for the second alarm.

Amazon Web Services SOA-C02 Premium Access
Questions 32

A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements?

Options:
A.

Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.

B.

Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.

C.

Purchase Reserved Instances through the Amazon EC2 console.

D.

Use AWS Compute Optimizer and take action on the provided recommendations.

Questions 33

A SysOps administrator needs to deploy a critical update to a web application that runs on Amazon EC2 instances. The SysOps administrator must minimize application downtime during the update. The SysOps administrator also must minimize the risk of a failed deployment of the update. Which deployment types will meet these requirements? (Select TWO.)

Options:
A.

All-at-once deployment

B.

Blue/green deployment

C.

Canary deployment

D.

Immutable deployment

E.

In-place deployment

Questions 34

A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect the website by using AWS Certificate Manager (ACM) certificates The ELB must automatically redirect any HTTP requests to HTTPS

Which solution will meet these requirements?

Options:
A.

Create an Application Load Balancer that has one HTTPS listener on port 80 Attach an SSLTLS certificate to listener port 80 Create a rule to redirect requests from HTTP to HTTPS

B.

Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443 Attach an SSL TLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443

C.

Create an Application Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443

D.

Create a Network Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443

Questions 35

A SysOps administrator needs to update an AWS accoun1 name What should the SysOps administrator do to accomplish this goal?

Options:
A.

Add the Administrator Access policy to the SysOps administrator's 1AM user.

B.

Add the AWS_ConfigRole policy to the SysOps administrator's 1AM user.

C.

Change the AWS account name through the AWS Trusted Advisor interface.

D.

Sign in as the AWS account root user to make the change.

Questions 36

To manage Auto Scaling group instances that have OS vulnerabilities, the SysOps administrator needs an automated patching solution.

Options:

Options:
A.

Use AWS Systems Manager Patch Manager to patch the instances during a scheduled maintenance window. In the AWS-RunPatchBaseline document, ensure that the RebootOption parameter is set to RebootIfNeeded.

B.

Use EC2 Image Builder pipelines on a schedule to create new Amazon Machine Images (AMIs) and new launch templates that reference the new AMIs. Use the instance refresh feature for EC2 Auto Scaling to replace instances.

C.

Use AWS Config to scan for operating system vulnerabilities and to patch instances when the instance status changes to NON_COMPLIANT. Send an Amazon Simple Notification Service (Amazon SNS) notification to an operations team to reboot the instances during off-peak hours.

D.

In the Auto Scaling launch template, provide an Amazon Machine Image (AMI) ID for an AWS-provided base image. Update the user data with a shell script to download and install patches.

Questions 37

A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately. What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?

Options:
A.

Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.

B.

Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.

C.

Create an AWS Config rule that is invoked when CloudTrail configuration changes. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.

D.

Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.

Questions 38

A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.

Which solution will meet this requirement?

Options:
A.

Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.

B.

Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.

C.

Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.

D.

Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.

Questions 39

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.

What actions should the SysOps administrator take to meet these requirements?

Options:
A.

Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

B.

Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

C.

Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.

D.

Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.

Questions 40

A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named pcx-12345 between both VPCs.

Which rules should appear in the route table of VPC A after configuration? (Select TWO.)

Options:
A.

Destination: 10.0.0.0/16, Target: Local

B.

Destination: 172.31.0.0/16, Target: Local

C.

Destination: 10.0.0.0/16, Target: pcx-12345

D.

Destination: 172.31.0.0/16, Target: pcx-12345

E.

Destination: 10.0.0.0/16. Target: 172.31.0.0/16