11.11 Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

Questions 4

A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create end delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company's AWS accounts and should be available to the Data Scientists, but no other users within the accounts.

Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?

Options:

A.

Create an Amazon Machine Image (AMI) of the EC2 instance. Share the AMI with authorized accounts owned by the company. Allow the Data Scientists to create EC2 instances with this AMI.

B.

Distribute an AWS CloudFormation template containing the EC2 instance configuration to the Data Scientists from an Amazon S3 bucket. Set the S3 template object to be readable from the AWS Organization orgid.

C.

Publish the instance configuration to the Private Marketplace Share the Private Marketplace with the company's AWS accounts. Allow the Data Scientists to subscribe and launch the product from the Private Marketplace.

D.

Upload an AWS CloudFormation template to AWS Service Catalog. Allow the Data Scientists to provision and deprovision products from the company's AWS Service Catalog portfolio.

Buy Now
Questions 5

A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.

What should a sysops administrator use to validate the calls mode to SQS?

Options:

A.

Amazon CloudWatch

B.

Amazon S3 server access logs

C.

AWS CloudTrail

D.

AWS Cost Explorer

Buy Now
Questions 6

A SysOps administrator must deploy a company's infrastructure as code (laC) The administrator needs to write a single template that can be reused for multiple environments in a safe, repeatable manner

How should the administrator meet this requirement by using AWS Cloud Formation?

Options:

A.

Use duplicate resource definitions for each environment selected based on conditions

B.

Use nested stacks to provision the resources

C.

Use parameter references and mappings for resource attributes

D.

Use AWS Cloud Formation StackSets to provision the resources

Buy Now
Questions 7

A company uses AWS CloudFotmatlon to provision ils VPC. Amazon EC2 instances, and Amazon RDS DB instance The DB instance was deleted manually. When the stack was updated, it (ailed. During rollback, the stack returned the UPDATE_ROLLBACK_FAILEO state. A SysOps administrator must return the AWS Cloud Formation stack to a working state without interrupting existing resources.

Which solution will meet this requirement?

Options:

A.

Continue the update rollback while skipping the resources that have been manually deleted.

B.

Run the signal-resource command with the 08 instance name to proceed with the stack rollback.

C.

Recreate the DB Instance using the same resource name, and update the stack.

D.

Remove Amazon RDS from the template, and update the stack.

Buy Now
Questions 8

A SysOps Administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing What should the SysOps Administrator do first to resolve this issue?

Options:

A.

Reboot the EC2 instance so it can be launched on a new host

B.

Stop and then start the EC2 instance so that it can be launched on a new host

C.

Terminate the EC2 instance and relaunch it.

D.

View the AWS CloudTrail log to investigate what changed on the EC2 instance

Buy Now
Questions 9

An application is being developed that will be served across a fleet of Amazon EC2 instances, which require a consistent view of persistent data. Items stored vary in size from 1 KB lo 300MB; the items are read frequently, created occasionally, and often require partial changes without conflict. The data store is not expected to grow beyond 2TB. and items will be expired according to age and content type.

Which AWS service solution meets these requirements?

Options:

A.

Amazon S3 buckets with lifecycle policies to delete old objects

B.

Amazon ROS PostgreSQL and a job that deletes rows based on age and file type columns.

C.

Amazon EFS and a scheduled process to delete files based on age and extension.

D.

An EC2 instance store synced on boot from a central Amazon EBS-backed instance.

Buy Now
Questions 10

An application is running on multiple EC2 instances. As part of an initiative to improve overall infrastructure security, the EC2 instances were moved to a private subnet. However, since moving, the EC2 instances have not been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely.

Which two actions could the Administrator take to securely resolve these issues? (Choose two.)

Options:

A.

Set up a bastion host in a public subnet, and configure security groups and route tables accordingly.

B.

Set up a bastion host in the private subnet, and configure security groups accordingly.

C.

Configure a load balancer in a public subnet, and configure the route tables accordingly.

D.

Set up a NAT gateway in a public subnet, and change the private subnet route tables accordingly.

E.

Set up a NAT gateway in a private subnet, and ensure that the route tables are configured accordingly.

Buy Now
Questions 11

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

Options:

A.

Set up MFA Delete on all the S3 buckets to prevent the buckets from being ddeleted.

B.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

C.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

D.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Buy Now
Questions 12

A SysOps Administrator is maintaining a web application using an Amazon Cloud Front web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log source contain the status codes? (Select TWO.)

Options:

A.

VPC Flow Logs

B.

AWS CloudTrail logs

C.

ALB access logs

D.

ClodFront access logs

E.

RDS logs

Buy Now
Questions 13

A SysOps Administrator needs an Amazon EBS volume type for a big data application. The application data is accessed infrequently and stored sequentially.

What EBS volume type will be the MOST cost-effective solution?

Options:

A.

Provisioned IOPS SSD (io1)

B.

Cold HDD (sc1)

C.

Throughput Optimized HDD (st1)

D.

General Purpose SSD (gp2)

Buy Now
Questions 14

A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.

How can the Administrator achieve this requirement?

Options:

A.

Use Amazon Inspector and Amazon CloudWatch Events.

B.

Use AWS Trusted Advisor and Amazon CloudWatch Events.

C.

Use the Personal Health Dashboard and CloudWatch Events.

D.

Use AWS CloudTrail and CloudWatch Events.

Buy Now
Questions 15

A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.

What would be the command line necessary to deploy one of the sites’ certificates to the load balancer?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 16

The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.

What should the SysOps Administrator do to provide near real-time compliance reporting?

Options:

A.

Enable AWS Trusted Advisor and show the Security team that the Security Groups unrestricted access check will alarm.

B.

Schedule an AWS Lambda function to run hourly to scan and evaluate all security groups, and send a report to the Security team.

C.

Use AWS Config to enable the restricted-common-ports rule, and add port 80 to the parameters.

D.

Use Amazon Inspector to evaluate the security groups during scans, and send the completed reports to the Security team.

Buy Now
Questions 17

Website users report that an application's pages are loading slowly at the beginning of the workday The application runs on Amazon EC2 instances and data is stored in an Amazon RDS database The SysOps Administrator suspects the issue is related to high CPU usage on a component of this application

How can the Administrator find out which component is causing the performance bottleneck?

Options:

A.

Use AWS CloudTrail to review the resource usage history for each component

B.

Use Amazon CloudWatch metrics to examine the resource usage of each component

C.

Use Amazon Inspector to view the resource usage details for each component

D.

Use Amazon CloudWatch Events to examine the high usage events for each component

Buy Now
Questions 18

A company wants to create a new Network Load Balancer (NLB) (or an existing interface VPC endpoint. A SysOps administrator tries to remove the existing NLB but sees the error "existing VPC Endpoint connections and cannot be removed."

Which solution will resolve this issue?

Options:

A.

Create a new interface endpoint. Move the existing NLB to the new interface endpoint. Replace the NLB from the old endpoint with a new NLB.

B.

Create a new NLB. Disassociate the NLB used by the interface endpoint service. Associate the new NLB with the interface endpoint service.

C.

Disassociate the NLB used by the interface endpoint service. Create a new NLB and associate it with the Interface endpoint.

D.

Reject the interface endpoint connection. Disassociate the NLB. Create a new NLB and associate it with the interface endpoint.

Buy Now
Questions 19

A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that a efficient, cost effective, and allow for scaling with future demand.

Which action should be taken to accomplish this?

Options:

A.

Add a second NAT instance and place both instance behind a load balancer.

B.

Convert the NAT instance to a larger instance size.

C.

Replace the NAT instance with NAT gateway.

D.

Replace the NAT instance with a virtual private gateway.

Buy Now
Questions 20

A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months

What is the process to rotate the key?

Options:

A.

Enable automatic key rotation tor the CMK and specify a period of 6 months

B.

Create a new CMK with new imported material and update the key alias to point to the new CMK

C.

Delete the current key material and import new material into the existing CMK

D.

Import a copy of the existing key material into a new CMK as a backup and set the rotation schedule for 6 months

Buy Now
Questions 21

A SysOps Administrate is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company All data must be encrypted at rest

How should the Administrate implement this process?

Options:

A.

Write a script to download the encrypted snapshot decrypt it using the AWS KMS encryption key used to encrypt the snapshot then create a new volume in each account

B.

date the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts then share the snapshot with those accounts

C.

Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts Require each account owner to create a new volume from that snapshot and encrypt it

D.

Create a new unencrypted RDS instance from the encrypted snapshot connect to the instance using SSH/RDP, export the database contents into a file then share this file with the other accounts

Buy Now
Questions 22

Which component of an Ethernet frame is used to notify a host that traffic is coming?

Options:

A.

Type field

B.

preamable

C.

Data field

D.

start of frame delimiter

Buy Now
Questions 23

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?

Options:

A.

AWS CloudTrail data event logging

B.

AWS CloudTrail management event logging

C.

Amazon inspector bucket event logging

D.

Amazon inspector event logging

Buy Now
Questions 24

A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) tor the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.

What is the MOST operationally efficient solution to control the production account?

Options:

A.

Create a customer managed policy in AWS Identity and Access Management (1AM) Apply the policy to all users within the production account.

B.

Create a job function policy in AWS Identity and Access Management (1AM). Apply the policy to all users within the production OU.

C.

Create a service control policy (SCP). Apply the SCP to the production OU.

D.

Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Buy Now
Questions 25

A SysOps Administrator is creating additional Amazon EC2 instances and receives an InstanceLimitExceeded error.

What is the cause of the issue and how can it be resolved?

Options:

A.

The Administrator has requested too many instances at once and must request fewer instances in batches.

B.

The concurrent running instance limit has been reached, and an EC2 limit increase request must be filed with AWS Support.

C.

AWS does not currently have enough available capacity and a different instance type must be used.

D.

The Administrator must specify the maximum number of instances to be created while provisioning EC2 instances.

Buy Now
Questions 26

An application is running on Amazon EC2 Instances behind an Application Load Balancer (ALB). An operations team wants to be notified in near-teal time when the ALB has issues connecting to backend EC2 instances.

Which solution will meet these requirements with the LEAST amount of effort?

Options:

A.

Configure the ALB to send logs to Amazon S3. Write an AWS Lambda function to process the log files and send an email message to the operations team when the number of requests exceeds the threshold.

B.

Create an Amazon CloudWatch rule to monitor the HealthyHostCount metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when HealthyHostCount is equal to zero.

C.

Create an Amazon CloudWatch rule lo monitor the TargetConnectionErrorCount metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when TargetConnectionErrorCount is greater than 1.

D.

Create an Amazon CloudWatch rule to monitor the HTTPCode_Target_5XX_Count metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when HTTPCode_Target_5XX_Count is greater than zero.

Buy Now
Questions 27

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

Options:

A.

Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.

B.

Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.

C.

Disable server-side encryption for objects written to the S3 bucket by the Lambda function.

D.

Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.

Buy Now
Questions 28

Developers are using 1AM access keys to manage AWS resources using AWS CL1 Company policy requires that access keys are automatically disabled when the access key age is greater than 90 days

Which solution will accomplish this?

Options:

A.

Configure an Amazon CloudWatch alarm to trigger an AWS Lambda function that disables keys older than 90 days

B.

Configure AWS Trusted Advisor to identify and disable keys older than 90 days.

C.

Set a password policy on the account with a 90-day expiration

D.

Use an AWS Config rule to identify noncompliant keys Create a custom AWS Systems Manager Automation document for remediation.

Buy Now
Questions 29

A developer is deploying a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) and notices that the application is not receiving all the expected elements from HTTP requests. The developer suspects users are not sending the correct query string

How should a sysops administrator verify this?

Options:

A.

Monitor the ALB default Amazon CloudWatch metrics Verify that the requests contain the expected query string

B.

Configure the ALB to store access logs within Amazon S3 Verify that log entries contain the expected query string

C.

Open the ALB logs in Amazon CloudWatch Verify that requests contain the expected query string

D.

Create a custom Amazon CloudWatch metric to store requests Verify that the metric contains the expected query string

Buy Now
Questions 30

The Chief Financial Officer (CFO) of an organization has seen a spike in Amazon S3 storage costs over the last few months A sysops administrator suspects that these costs are related to storage for older versions of S3 objects from one of its S3 buckets

What can the administrator do to confirm this suspicion1?

Options:

A.

Enable Amazon S3 inventory and then query the inventory to identify the total storage of previous object versions

B.

Use object-level cost allocation tags to identify the total storage of previous object versions.

C.

Enable the Amazon S3 analytics feature for the bucket to identify the total storage of previous object versions

D.

Use Amazon CloudWatch storage metrics for the S3 bucket to identify the total storage of previous object versions

Buy Now
Questions 31

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

Options:

A.

Enable the CloudTrail log file integrity check in AWS Config Rules.

B.

Use CloudWatch Events to scan log files hourly.

C.

Enable CloudTrail log file integrity validation.

D.

Turn on Amazon S3 MFA Delete for the CloudTrail bucket.

E.

Implement a DENY ALL bucket policy on the CloudTrail bucket.

Buy Now
Questions 32

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy

What is likely to be the problem?

Options:

A.

The Amazon Machine Image used is not available in that region

B.

The AWS CloudFormation template needs to be updated to the latest version

C.

The VPC configuration parameters have changed and must be updated in the template

D.

The account has reached the default limit for VPCs allowed

Buy Now
Questions 33

A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:

403 Forbiddan - Access Denied

What change should be made to fix this error'?

Options:

A.

Add a bucket policy that grants everyone read access to the bucket

B.

Add a bucket policy that grants everyone read access to the bucket objects

C.

Remove the default bucket policy that denies read access to the bucket.

D.

Configure cross origin resource sharing (CORS) on the bucket

Buy Now
Questions 34

A sysops administrator is writing an AWS Cloud Formation template. The template will create a new Amazon S3 bucket and copy objects from an existing Amazon S3 bucket into the new bucket. The objects include data files, images, and scripts.

How should the CIoudFormation template be configured to perform this copy operation?

Options:

A.

Configure an AWS Data Pipeline resource with a CopyActivity activity object. Specify the input and output bucket names and a list of object keys.

B.

Configure the S3 bucket resource to activate cross-Region replication. Point to the existing S3 bucket and specify a list of object keys to replicate.

C.

Create an AWS Lambda function that can perform the copy operation. Add the Lambda function to the template as a custom resource.

D.

Specify the commands to copy the objects in the user data field of the template's S3 bucket resource.

Buy Now
Questions 35

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

Options:

A.

Create an AWS Lambda function K> look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

B.

Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

C.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.

D.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

Buy Now
Questions 36

A development team recently deployed new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.

Which AWS service will mitigate this issue?

Options:

A.

AWS Shield Standard

B.

AWS WAF

C.

Elastic Load balancing

D.

Amazon Cognito

Buy Now
Questions 37

A SysOps administrator is configuring an application on AWS to be used over the internet by departments in other countries For remote locations, the company requires a static public IP address to be explicitly allowed as a target for outgoing internet traffic

How should the SysOps administrator deploy the application to meet this requirement?

Options:

A.

Deploy the application on an Amazon Elastic Container Service (Amazon ECS) cluster Configure an AWS App Mesh service mesh.

B.

Deploy the application as AWS Lambda functions behind an Application Load Balancer

C.

Deploy the application on Amazon EC2 instances behind an internet-facing Network Load Balancer

D.

Deploy the application on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Amazon API Gateway

Buy Now
Questions 38

An e-commerce company wants to lower costs on its nightly jobs that aggregate the current day’s sales and store the results in Amazon S3. The jobs are currently run using multiple on-demand instances and the job take just under 2 hours to complete. If a job fails for any reason, it needs to be restarted from the beginning.

What method is the MOST cost effective based on these requirements?

Options:

A.

Use a mixture of On-Demand and Spot Instances for job execution.

B.

Submit a request for a Spot block to be used for job execution.

C.

Purchase Reserved Instances to be used for job execution.

D.

Submit a request for a one-time Spot Instance for job execution.

Buy Now
Questions 39

A company has a sales department and a marketing department. The company uses one AWS account. There Is a need to determine what charges are incurred on the AWS platform by each department. There is also a need to receive notifications when a specified cost level is approached or exceeded.

Which actions must a SysOps administrator take to achieve both requirements with the LEAST amount of administrative overhead? (Select TWO.)

Options:

A.

Use AWS Trusted Advisor to obtain a report containing the checked items in the Cost Optimization pillar

B.

Download the detailed billing report, upload it to a database, and match the line items with a list of known resources by department.

C.

Create a script by using the AWS CLI to automatically apply tags to existing resources (or each department. Schedule the script to run weekly.

D.

Use AWS Organizations to create a department Organizational Unit and allow only authorized personnel in each department to create resources.

E.

Create a Budget from the Billing and Cost Management console. Specify the budget type as Cost, assign tags for each department, define notifications, and specify any other options as required.

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Nov 14, 2024
Questions: 263
SOA-C01 pdf

SOA-C01 PDF

$24  $80
SOA-C01 Engine

SOA-C01 Testing Engine

$28.5  $95
SOA-C01 PDF + Engine

SOA-C01 PDF + Testing Engine

$39  $130