Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

How to Pass the Amazon Web Services SOA-C01 Exam: Comprehensive AWS Certified SysOps Administrator - Associate Guide and Tips

Questions 21

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations

What should a SysOps administrator do to implement this requirement?

Options:

A.

Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console

B.

Develop an 1AM policy that limits the business units to provision EC2 instances only Instruct the business units to launch instances by using an AWS CtoudFormation template.

C.

Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog Allow the business units to perform actions in AWS Service Catalog only

D.

Share an AWS CloudFormation template with the business units Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Buy Now
Questions 22

A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours

Which steps will ensure that the instance maintenance does not produce an outage?

Options:

A.

Configure an Amazon Lambda function to automatically start the instance if it is stopped

B.

Create an Amazon Machine Image (AMI) of the instance and use the AMI to launch a new instance once the existing instance is retired

C.

Enable termination protection on the EC2 instance

D.

Stop and start the EC2 instance during a maintenance window outside of normal business hours

Buy Now
Questions 23

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

Options:

A.

Back up the current KMS key and enable automatic key rotation.

B.

Create a new key in AWS KMS and assign the key to Amazon EBS.

C.

Enable automatic key rotation of the EBS volume key in AWS KMS.

D.

Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Buy Now
Questions 24

An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.

What is the MOST secure way to grant the application access to the credentials?

Options:

A.

Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters

B.

Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters

C.

Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters

D.

Create an IAM user for the application and grant the user permission to read the Systems Manager parameters

Buy Now
Questions 25

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

Options:

A.

Create a service control policy in AWS Organizations and apply it to the development account.

B.

Create a customer managed policy in IAM and apply it to all users within the development account.

C.

Create a job function policy in IAM and apply it to all users within the development account.

D.

Create an IAM policy and apply it in API Gateway to restrict the development account.

Buy Now
Questions 26

Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?

Options:

A.

Performing underlying OS updates

B.

Provisioning of storage for database

C.

Scheduling maintenance, patches, and other updates

D.

Executing maintenance, patches, and other updates

Buy Now
Questions 27

A SysOps Administrator at an ecommerce company discovers that several 404 errors are being sent to one IP address every minute. The Administrator suspects a bot is collecting information about products listed on the company’s website.

Which service should be used to block this suspected malicious activity?

Options:

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWS Shield Standard

D.

AWS WAF

Buy Now
Questions 28

A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The

Administrator notices that the additional instances have not been included in the aggregated metrics.

Why are the additional instances missing from the aggregated metrics?

Options:

A.

The warm-up period has not expired

B.

The instances are still in the boot process

C.

The instances have not been attached to the Auto Scaling group

D.

The instances are included in a different set of metrics

Buy Now
Questions 29

A company wants to identify specific Amazon EC2 instances that ate underutilized and the estimated cost savings for each instance How can this be done with MINIMAL effort?

Options:

A.

Use AWS Budgets to report on low utilization of EC2 instances.

B.

Run an AWS Systems Manager script to check for low memory utilization of EC2 instances.

C.

Run Cost Explorer to look for low utilization of EC2 instances.

D.

Use Amazon CloudWatch metrics to identify EC2 instances with low utilization.

Buy Now
Questions 30

A SysOps Administrate is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company All data must be encrypted at rest

How should the Administrate implement this process?

Options:

A.

Write a script to download the encrypted snapshot decrypt it using the AWS KMS encryption key used to encrypt the snapshot then create a new volume in each account

B.

date the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts then share the snapshot with those accounts

C.

Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts Require each account owner to create a new volume from that snapshot and encrypt it

D.

Create a new unencrypted RDS instance from the encrypted snapshot connect to the instance using SSH/RDP, export the database contents into a file then share this file with the other accounts

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Oct 13, 2024
Questions: 263

PDF + Testing Engine

$159.99
$56

Testing Engine

$119.99
$42

PDF (Q&A)

$99.99
$35