Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the Amazon Web Services SOA-C02 Exam: Expert Advice

Questions 41

A SysOps administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing What should the administrator do first to resolve this issue?

Options:

A.

Reboot the EC2 instance so it can be launched on a new host

B.

Stop and then start the EC2 instance so that it can be launched on a new host

C.

Terminate the EC2 instance and relaunch it

D.

View the AWS CloudTrail log to investigate what changed on the EC2 instance

Buy Now
Questions 42

A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon

Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS.

A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B.

What should a SysOps administrator do to meet these requirements?

Options:

A.

In Account A, create an AWS Systems Manager document that updates the /etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNS resolver for the VPC in Account B.

B.

In Account A, create an AWS CloudFormation template that associates the private hosted zone from Account B with the private hosted zone in Account A.

C.

In Account A, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account B to associate the VPC from Account A with the private hosted zone in Account B.

D.

In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A.

Buy Now
Questions 43

A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises website as a custom origin.

The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution.

What should a SysOps administrator do to resolve this problem?

Options:

A.

Examine the expiration date on the certificate on the origin site. Validate that the certificate has not expired. Replace the certificate if necessary.

B.

Examine the hostname on the certificate on the origin site. Validate that the hostname matches one of the hostnames on the CloudFront distribution. Replace the certificate if necessary.

C.

Examine the firewall rules that are associated with the origin server. Validate that port 443 is open for inbound traffic from the internet. Create an inbound rule if necessary.

D.

Examine the network ACL rules that are associated with the CloudFront distribution. Validate that port 443 is open for outbound traffic to the origin server. Create an outbound rule if necessary.

Buy Now
Questions 44

A company runs a website from Sydney, Australia. Users in the United States (US) and Europe are reporting that images and videos are taking a long time to load. However, local testing in Australia indicates no performance issues. The website has a large amount of static content in the form of images and videos that are stored m Amazon S3.

Which solution will result In the MOST Improvement In the user experience for users In the US and Europe?

Options:

A.

Configure AWS PrivateLink for Amazon S3.

B.

Configure S3 Transfer Acceleration.

C.

Create an Amazon CloudFront distribution. Distribute the static content to the CloudFront edge locations

D.

Create an Amazon API Gateway API in each AWS Region. Cache the content locally.

Buy Now
Questions 45

A company is creating a new multi-account architecture. A Sysops administrator must implement a login solution to centrally manage

user access and permissions across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language (SAML) 2.0 identity provider (IdP).

What should the SysOps administrator do to meet these requirements?

Options:

A.

Configure an Amazon Cognito user pool. Integrate the user pool with the third-party IdP.

B.

Enable and configure AWS Single Sign-On with the third-party IdP.

C.

Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization.

D.

Integrate the third-party IdP directly with AWS Organizations.

Buy Now
Questions 46

A team of On-call engineers frequently needs to connect to Amazon EC2 Instances In a private subnet to troubleshoot and run commands. The Instances use either the latest AWS-provided Windows Amazon Machine Images (AMIs) or Amazon Linux AMIs.

The team has an existing IAM role for authorization. A SysOps administrator must provide the team with access to the Instances by granting IAM permissions to this

Which solution will meet this requirement?

Options:

A.

Add a statement to the IAM role policy to allow the ssm:StartSession action on the instances. Instruct the team to use AWS Systems Manager Session Manager to connect to the Instances by using the assumed IAM role.

B.

Associate an Elastic IP address and a security group with each instance. Add the engineers' IP addresses to the security group inbound rules. Add a statement to the IAM role policy to allow the ec2:AuthoflzeSecurityGroupIngress action so that the team can connect to the Instances.

C.

Create a bastion host with an EC2 Instance, and associate the bastion host with the VPC. Add a statement to the IAM role policy to allow the ec2:CreateVpnConnection action on the bastion host. Instruct the team to use the bastion host endpoint to connect to the instances.

D Create an internet-facing Network Load Balancer. Use two listeners. Forward port 22 to a target group of Linux instances. Forward port 3389 to a target group of Wi

Buy Now
Questions 47

A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chef recipes.

B.

Use AWS CloudFormation to create a stack and add layers for Chef recipes.

C.

Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.

D.

Use AWS OpsWorks to create a stack and add layers with Chef recipes.

Buy Now
Questions 48

A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?

Options:

A.

Log in to the RDS console and select the encryption box to encrypt the database

B.

Create a new encrypted Amazon EBS volume and attach it to the instance

C.

Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.

D.

Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance

Buy Now
Questions 49

A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address.

What change should the systems administrator make to the existing build fleet to comply with this new requirement?

Options:

A.

Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.

B.

Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.

C.

Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.

D.

Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Buy Now
Questions 50

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.

Which solution will meet these requirements?

Options:

A.

Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.

B.

Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.

C.

Create an auto scaling policy with a target metric of 195 DatabaseConnections

D.

Modify the DB cluster by increasing the Aurora Replica instance size.

Buy Now
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Jul 21, 2024
Questions: 425

PDF + Testing Engine

$159.99
$64

Testing Engine

$119.99
$48

PDF (Q&A)

$99.99
$40