Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

How to Easily Pass the Amazon Web Services SOA-C02 Exam: Expert Advice

Questions 61

A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation.

Which solution will meet these requirements?

Options:

A.

Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.

B.

Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.

C.

Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.

D.

Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.

Buy Now
Questions 62

A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.

What should the SysOps administrator do to ensure that all traffic is logged?

Options:

A.

Create a new flow tog that has a titter setting to capture all traffic

B.

Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog

C.

Edit the existing flow log Change the fitter setting to capture all traffic

D.

Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog

Buy Now
Questions 63

A software company runs a workload on Amazon EC2 instances behind an Application Load Balancer (ALB) A SysOcs administrator needs to define a custom health check for the EC2 instances. What is the MOST operationally efficient solution?

Options:

A.

Set up each EC2 Instance so that it writes its healthy/unhealthy status into a shared Amazon S3 bucket for the ALB to read

B.

Configure the health check on the ALB and ensure that the HeathCheckPath setting is correct

C.

Set up Amazon ElasticCache to track the EC2 instances as they scale in and out

D.

Configure an Amazon API Gateway health check to ensure custom checks on aw of the EC2 instances

Buy Now
Questions 64

A company needs to view a list of security groups that are open to the internet on port 3389.

What should a SysOps administrator do to meet this requirement?

Options:

A.

Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.

B.

Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.

C.

Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.

D.

Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389

Buy Now
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Oct 13, 2024
Questions: 425

PDF + Testing Engine

$159.99
$56

Testing Engine

$119.99
$42

PDF (Q&A)

$99.99
$35