Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

How to Pass the Amazon Web Services SOA-C01 Exam: Comprehensive AWS Certified SysOps Administrator - Associate Guide and Tips

Questions 11

A sysops administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.

How should this report be generated?

A, Access the Cloud Trail logs stored in the Amazon S3 bucket tied to Cloud Trail. Use Amazon Athena to extract the information needed to generate the report

B. Locate the monthly reports that CloudTrail sends that are emailed to the account's root user. Forward the reports to the auditor using a secure channel

C. Use the AWS Management Console to search for the user name in the CloudTrail history. Filter by API and download the report in CSV format

D. Use the CloudTrail digest files stored in the company's Amazon S3 bucket. Send the logs to Amazon QuickSight to create the report.

Options:

Buy Now
Questions 12

A SysOps Administrator has an AWS CloudFormation template of the company’s existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.

Why would this template fail to deploy? (Choose two.)

Options:

A.

The template referenced an IAM user that is not available in eu-west-1

B.

The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1

C.

The template did not have the proper level of permissions to deploy the resources

D.

The template requested services that do not exist in eu-west-1

E.

CloudFormation templates can be used only to update existing services

Buy Now
Questions 13

A company has a VPC with public and private subnets An Amazon EC2 based application resides in the private subnets and needs to process raw csv files stored in an Amazon S3 bucket A sysops administrator has set up the correct 1AM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket

Which action will solve this problem while adhering to least privilege access?

Options:

A.

Add a bucket policy to the S3 bucket permitting access from the 1AM role.

B.

Attach an S3 gateway endpoint to the VPC Configure the route table for the private subnet.

C.

Configure the route table to allow the instances on the private subnet access through the internet gateway

D.

Create a NAT gateway in a private subnet and configure the route table for the private subnets.

Buy Now
Questions 14

Security has identified an IP address that should be explicity denied for both ingress and egress requests for all services in an Amazon VPC immediately.

Which feature can be used to meet this requirement?

Options:

A.

Host-based firewalls

B.

NAT Gateway

C.

Network access control lists

D.

Security Groups

Buy Now
Questions 15

A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:

403 Forbiddan - Access Denied

What change should be made to fix this error'?

Options:

A.

Add a bucket policy that grants everyone read access to the bucket

B.

Add a bucket policy that grants everyone read access to the bucket objects

C.

Remove the default bucket policy that denies read access to the bucket.

D.

Configure cross origin resource sharing (CORS) on the bucket

Buy Now
Questions 16

A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.

How should the SysOps Administrator publish the memory metrics? (Choose two.)

Options:

A.

Enable detailed monitoring on the instance within Amazon CloudWatch

B.

Publish the memory metrics to Amazon CloudWatch Events

C.

Publish the memory metrics using the Amazon CloudWatch agent

D.

Publish the memory metrics using Amazon CloudWatch Logs

E.

Set metrics_collection_interval to 60 seconds

Buy Now
Questions 17

An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.

What is the MOST efficient way to accomplish this goal?

Options:

A.

Deploy the solution to memory-optimized EC2 instances, and use the CloudWatch MemoryUtilization metric

B.

Enable the Memory Monitoring option by using AWS Config

C.

Install the AWS Systems Manager agent on the applicable EC2 instances to monitor memory

D.

Monitor memory by using a script within the instance, and send it to CloudWatch as a custom metric

Buy Now
Questions 18

A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A sysops administrator needs to design a provisioning process that save time and resources.

Which action should be taken to meet these requirements?

Options:

A.

Automate using AWS Elastic Beanstalk to provision the AWS Accounts, set up infrastructure, and integrate with AWS Organizations.

B.

Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure.

C.

Use AWS config to provision accounts and deploy instances using AWS service catalog.

D.

Use AWS Control Tower to create a template in account factory and use the template to provision new accounts.

Buy Now
Questions 19

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all. introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.

What should the administrator do to meet these requirements?

Options:

A.

Create an 1AM managed policy lo deny access to ports 22 and 3389 on any security groups in a VPC.

B.

Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.

C.

Enable AWS Trusted Advisor to remediate public port access.

D.

Use AWS Systems Manager configuration compliance to remediate public port access.

Buy Now
Questions 20

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?

Options:

A.

Resources tags defined in the CloudFormation template are specific to the us-east-1 Region.

B.

The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.

C.

The cfn-init script did not execute during resource provisioning in the us-west-2 Region.

D.

The IAM user was not created in the specified Region.

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Oct 13, 2024
Questions: 263

PDF + Testing Engine

$159.99
$56

Testing Engine

$119.99
$42

PDF (Q&A)

$99.99
$35