Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

How to Pass the Amazon Web Services SOA-C01 Exam: Comprehensive AWS Certified SysOps Administrator - Associate Guide and Tips

Questions 51

A sysops administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Options:

A.

Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).

B.

Create an origin access identity and grant it permissions to read objects in the S3 bucket.

C.

Assign an 1AM user to the CloudFront distribution and whitelist the 1AM user in the S3 bucket policy.

D.

Assign an 1AM role to the CloudFront distribution and whitelist the 1AM role in the S3 bucket policy.

Buy Now
Questions 52

A company will migrate its on-premises enterprise system to AWS. The enterprise system will be hosted on memory optimized Amazon EC2 instances across multiple Availability Zones. The enterprise system needs shared file storage that is scalable and block-based. A SysOps team must configure the encryption of data in transit tor the shared He system and develop a backup strategy to cost-effectively store the file system data centrally.

Which solution will meet these requirements?

Options:

A.

Use Amazon Elastic Block Store (Amazon EBS) for the shared file storage. Mount the EBS volume to the EC2 instances. Use a custom script to create a backup of the entire file system and protect data in transit by using SSL

B.

Use Amazon Elastic File System (Amazon EFS) for the shared file storage. Use AWS Backup to configure backups. Use lifecycle policies to automatically transition backups to cold storage. Use the amazon-efs-utils package to mount the EFS file system by using the TLS options.

C.

Use Amazon Elastic File System (Amazon EFS) for the shared file storage. Use AWS Backup to configure backups. Use lifecycle policies to automatically transition backups to cold storage Perform data-in-transit encryption by using client-side encryption.

D.

Use Amazon S3 for the shared file storage. Mount the S3 bucket directory to the EC2 instances. Use an S3 Lifecycle policy to archive the data in Amazon S3 Glacier.

Buy Now
Questions 53

A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The administrator notices an increase in the httpcode_ELS_5xx_Count Amazon CloudWatch metric for the load balancer.

What is the possible cause for this increase?

Options:

A.

The ALB Is associated with private subnets within the VPC.

B.

The ALB received a request from a client, but the client closed the connection.

C.

The ALB security group is not configured to allow inbound traffic from the users.

D.

The ALB target group does not contain healthy EC2 instances.

Buy Now
Questions 54

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?

Options:

A.

Change the root user password by using the AWS CLI routinely.

B.

Periodically use the AWS CLI to rotate access keys and secret keys for the root user.

C.

Use AWS Trusted Advisor security checks to review the configuration of the root user.

D.

Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.

Buy Now
Questions 55

A company backs up data from its data center using a tape gateway on AWS Storage Gateway. The SysOps Administrator needs to reboot the virtual machine running Storage Gateway.

What process will protect data integrity?

Options:

A.

Stop Storage Gateway and reboot the virtual machine, then restart Storage Gateway.

B.

Reboot the virtual machine, then restart Storage Gateway.

C.

Reboot the virtual machine.

D.

Shut down the virtual machine and stop Storage Gateway, then turn on the virtual machine.

Buy Now
Questions 56

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)

Options:

A.

Active AWS Budgets.

B.

Active cost allocation tags

C.

Create an organization using AWS Organization

D.

Create and apply resource tags

E.

enable AWS trusted advisor

Buy Now
Questions 57

A SysOps administrator is configuring an application on AWS to be used over the internet by departments in other countries For remote locations, the company requires a static public IP address to be explicitly allowed as a target for outgoing internet traffic

How should the SysOps administrator deploy the application to meet this requirement?

Options:

A.

Deploy the application on an Amazon Elastic Container Service (Amazon ECS) cluster Configure an AWS App Mesh service mesh.

B.

Deploy the application as AWS Lambda functions behind an Application Load Balancer

C.

Deploy the application on Amazon EC2 instances behind an internet-facing Network Load Balancer

D.

Deploy the application on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Amazon API Gateway

Buy Now
Questions 58

A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be cut of compliance because it was not encrypted.

Which approach will resolve the encryption requirement?

Options:

A.

Log in to the RDS console and select the encryption box to encrypt the database.

B.

Create a new encrypted Amazon EBS volume and attach it to the instance.

C.

Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.

D.

Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.

Buy Now
Questions 59

A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.

The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.

What should be done to resolve the issue?

Options:

A.

Assign elastic IP addresses to the instances and create a route from the private subnets to the internet gateway.

B.

Delete the NAT instance and replace it with AWS WAF.

C.

Disable source/destination checks on the NAT instance.

D.

Start/Stop the NAT instance so it is launched on a different host.

Buy Now
Questions 60

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances

How will AWS respond to this request?

Options:

A.

AWS will apply the patch during the next maintenance window and will provide the Administrator with a report of all patched EC2 instances

B.

AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI) and will provide the Administrator with a report of all patched EC2 instances

C.

AWS will research the vulnerability to see if the Administrator's operating system is impacted and will patch the EC2 instances that are affected

D.

AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Oct 14, 2024
Questions: 263

PDF + Testing Engine

$159.99
$56

Testing Engine

$119.99
$42

PDF (Q&A)

$99.99
$35