Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

How to Easily Pass the Amazon Web Services SOA-C02 Exam: Expert Advice

Questions 51

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOpe administrator notices that some of these EC2 instances show up as heathy in the Auto Scaling g-out but show up as unhealthy in the ALB target group.

What is a possible reason for this issue?

Options:

A.

Security groups ate rot allowing traffic between the ALB and the failing EC2 instances

B.

The Auto Seating group health check is configured for EC2 status checks

C.

The EC2 instances are failing to launch and failing EC2 status checks.

D.

The target group health check is configured with an incorrect port or path

Buy Now
Questions 52

A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance's public IP address from the remote IP address 203.0.113.12, the response is "request timed out." The flow logs contain the following information:

What is one cause of the problem?

Options:

A.

Inbound security group deny rule

B.

Outbound security group deny rule

C.

Network ACL inbound rules

D.

Network ACL outbound rules

Buy Now
Questions 53

A global company operates out of five AWS Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instances.

The company requires the output to display the instance ID and tags.

What is the MOST operationally efficient way for the SysOps administrator to meet these requirements?

Options:

A.

Create a tag-based resource group in AWS Resource Groups.

B.

Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.

C.

Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.

D.

Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resource type of AWS::EC2::Instance.

Buy Now
Questions 54

A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.

The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.

Which solution will securely share the AMI with the other AWS accounts?

Options:

A.

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms ReEncrypf, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

B.

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*. kms:CreateGrant, and kms;Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI. and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.

C.

In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescrlbeKey, kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI. and specify the CMK. Modify the permissions on the copied AMI to make it public.

D.

In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescnbeKey. kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Buy Now
Questions 55

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)

Options:

A.

Change to the least outstanding requests algorithm on the ALB target group.

B.

Configure cookie forwarding in the CloudFront distribution cache behavior.

C.

Configure header forwarding in the CloudFront distribution cache behavior.

D.

Enable group-level stickiness on the ALB listener rule.

E.

Enable sticky sessions on the ALB target group.

Buy Now
Questions 56

A company runs a high performance computing (HPC) application on an Amazon EC2 instance The company needs to scale this architecture to two or more EC2 instances. The EC2 instances wilt need to communicate with each other at high speeds with low latency to support the application.

The company wants to ensure that the network performance can support the required communication between the EC2 instances.

What should a SysOps administrator do to meet these requirements?

Options:

A.

Create a cluster placement group. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Restore the EC2 instance from the AMI into the placement group Launch the additional EC2 instances into the placement group

B.

Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launch template from the existing EC2 instance by specifying the AMI. Create an Auto Scaling group and configure the desired instance count.

C.

Create a Network Load Balancer (NLB) and a target group. Launch the new EC2 instances and register them with the target group Register the existing EC2 instance with the target group. Pass all application traffic through the NLB.

D.

Back up the existing EC2 Instance to an Amazon Machine Image (AMI). Create additional clones of the EC2 instance from the AMI in the same Availability Zone where the existing EC2 instance is located.

Buy Now
Questions 57

A company runs its applications on a large number of Amazon EC2 instances. A SysOps administrator must implement a solution to notify the operations team whenever an EC2 instance slate changes.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create a script that captures instance state changes and publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Systems Manager Run Command to run the script on all EC2 instances.

B.

Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set an Amazon Simple Notification Service (Amazon SNS) topic as the target.

C.

Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set as the target an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.

D.

Create an AWS Config custom rule that evaluates instance state changes with automatic remediation. Use the rule to invoke an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.

Buy Now
Questions 58

A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.

A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservations.

Which purchasing option will meet these requirements?

Options:

A.

Compute Savings Plans for 1 year with the No Upfront payment option

B.

Compute Savings Plans for 1 year with the Partial Upfront payment option

C.

EC2 Instance Savings Plans for 1 year with the All Upfront payment option

D.

EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Buy Now
Questions 59

A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resource Name (ARN) to the company for this integration.

What should a SysOps administrator do to configure this integration?

Options:

A.

Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.

B.

Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.

C.

Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.

D.

Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

Buy Now
Questions 60

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

Options:

A.

Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.

B.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

C.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

D.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Buy Now
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Oct 13, 2024
Questions: 425

PDF + Testing Engine

$159.99
$56

Testing Engine

$119.99
$42

PDF (Q&A)

$99.99
$35