Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

SOA-C02 Questions and Answers

Question # 6

A company has an organization in AWS Organizations. The company uses shared VPCs to provide networking resources across accounts A SysOps administrator has been able to successfully launch and manage Amazon EC2 instances in a participant account However the SysOps administrator is now receiving an InstanceLimitExceeded error when the SysOps administrator tries to launch a new EC2 instance

What should the SysOps administrator do to resolve this error')

A.

Request an instance quota increase from the account that owns the VPC

B.

Launch additional EC2 instances in a different AWS Region

C.

Request an instance quota increase from the parte pant account

D.

Launch additional EC2 instances by using a different Amazon Machine image (AMI)

Full Access
Question # 7

A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.

Which solution will meet these requirements?

A.

Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the CloudFront distribution.

B.

Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3 bucket.

C.

Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.

D.

Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.

Full Access
Question # 8

A company has a mobile app that uses Amazon S3 to store images The images are popular for a week, and then the number of access requests decreases over time The images must be highly available and must be immediately accessible upon request A SysOps administrator must reduce S3 storage costs for the company Which solution will meet these requirements MOST cost-effectively?

A.

Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days

B.

Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days

C.

Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days

D.

Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days

Full Access
Question # 9

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.

Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.

D.

Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.

E.

Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Full Access
Question # 10

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

A.

Configure the file system for Provisioned Throughput.

B.

Enable encryption in transit on the file system.

C.

Identify any unused files in the file system, and remove the unused files.

D.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Full Access
Question # 11

A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company’s account. The administrator must be alerted to potential issues.

What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

A.

Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications

B.

Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.

C.

Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.

D.

Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space

Full Access
Question # 12

A data storage company provides a service that gives users the ability to upload and download files as needed. The files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently during the first 30 days after the files are stored. Users rarely access files after 30 days.

The company's SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object availability and minimizes cost.

Which solution will meet these requirements?

A.

Move objects to S3 Glacier after 30 days.

B.

Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

C.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

D.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.

Full Access
Question # 13

A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts.

Which AWS feature should the SysOps administrator use to meet these requirements?

A.

AWS Config aggregator

B.

IAM user permissions boundaries

C.

AWS Organizations service control policies (SCPs)

D.

AWS Security Hub conformance packs

Full Access
Question # 14

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:

Which solution will provide the EC2 instances in the private subnet with access to the internet?

A.

Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.

B.

Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.

C.

Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.

D.

Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Full Access
Question # 15

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances The instances all exist in the same VPC across multiple Availability Zones. There are two instances In each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency.

Which solution will meet these requirements?

A.

Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances

B.

Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.

C.

Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.

D.

Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective Availability Zone.

Full Access
Question # 16

A recent audit found that most resources belonging to the development team were in violation of patch compliance standards The resources were properly tagged Which service should be used to quickly remediate the issue and bring the resources back into compliance?

A.

AWS Config

B.

Amazon Inspector

C.

AWS Trusted Advisor

D.

AWS Systems Manager

Full Access
Question # 17

A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users across the globe.

Which solution will meet these requirements?

A.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the request originates.

B.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon Route 53 to create an alias record that points to the CloudFront distribution.

C.

Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create an alias record that points to the ALB.

D.

Create an Application Load Balancer (ALB) and a target group in two Regions. Create an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in each target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct ALB based on where the request originates.

Full Access
Question # 18

A company has a new requirement stating that all resources In AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWS Config

D.

AWS Systems Manager

Full Access
Question # 19

A SysOps administrator has launched a large general purpose Amazon EC2 instance to regularly process large data files. The instance has an attached 1 TB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBS-optimized. To save costs, the SysOps administrator stops the instance each evening and restarts the instance each morning.

When data processing is active, Amazon CloudWatch metrics on the instance show a consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O performance while ensuring data integrity.

Which action will meet these requirements?

A.

Change the instance type to a large, burstable, general purpose instance.

B.

Change the instance type to an extra large general purpose instance.

C.

Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

D.

Move the data that resides on the EBS volume to the instance store.

Full Access
Question # 20

A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.

Which solution will meet these requirements?

A.

Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation

B.

Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation

C.

Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update

D.

Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources

Full Access
Question # 21

A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The application's usage varies by season and by day of the week.

The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple times.

A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency.

Which solution will meet these requirements?

A.

Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify the application to check the cache before the application issues new queries to the database. Add the results of any queries to the cache.

B.

Deploy an Aurora Replica for the DB cluster. Modify the application to use the reader endpoint for search operations. Use Aurora Auto Scaling to scale the number of replicas based on load. Most Voted

C.

Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.

D.

Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application. Use Aurora Auto Scaling to scale the instance size based on load.

Full Access
Question # 22

A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between

6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.

What is the MOST operationally efficient solution that meets these requirements?

A.

Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.

B.

Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.

C.

Create a target tracking scaling policy to add more instances when memory utilization is above 70%.

D.

Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.

Full Access
Question # 23

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon FC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified

Which solution will meet this requirement?

A.

Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance

B.

Use VPC flow logs with Amazon Athena to block traffic to the external IP address

C.

Create a network ACL Add an outbound deny rule tor traffic to the external IP address

D.

Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC

Full Access
Question # 24

A SysOps administrator wants to upload a file that is 1 TB in size from on-premises to an Amazon S3 bucket using multipart uploads. What should the SysOps administrator do to meet this requirement?

A.

Upload the file using the S3 console.

B.

Use the s3api copy-object command.

C.

Use the s3api put-object command.

D.

Use the s3 cp command.

Full Access
Question # 25

A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.

What should the SysOps administrator do to ensure that all traffic is logged?

A.

Create a new flow tog that has a titter setting to capture all traffic

B.

Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog

C.

Edit the existing flow log Change the fitter setting to capture all traffic

D.

Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog

Full Access