Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Questions 4

The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.

Options:

Options:

A.

Create a Systems Manager Distributor package that includes the auditing software. Store the package in an Amazon S3 bucket. Create a Systems Manager State Manager association in each Region to install the software package on all managed instances in the company's AWS account.

B.

Load the installer for the auditing software into an Amazon S3 bucket. Connect to every instance by using Systems Manager Fleet Manager Remote Desktop. Download the installer by using the AWS CLI. Run the installer manually.

C.

Create an AWS Lambda function that calls the software installer. Merge the auditing software into the Lambda function by using Lambda layers. Run the Lambda function from each instance by using a scheduled Amazon EventBridge rule.

D.

Create an Amazon EventBridge rule to react to Amazon EC2 RunInstances events. Configure the rule to modify the events to include a step that runs the software installer. Reboot all the instances.

Buy Now
Questions 5

A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3 Which action should a SysOps administrator take to meet this requirement?

Options:

A.

Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.

B.

Create an Amazon ElastiCache duster and enable caching for the S3 bucket

C.

Set up AWS Global Accelerator and configure it with the S3 bucket

D.

Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files

Buy Now
Questions 6

An application runs on multiple Amazon EC2 instances in an Auto Scaling group The Auto Scaling group is configured to use the latest version of a launch template A SysOps administrator must devise a solution that centrally manages the application logs and retains the logs for no more than 90 days

Which solution will meet these requirements?

Options:

A.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to an Amazon S3 bucket Apply a 90-day S3 Lifecycle policy on the S3 bucket to expire the application logs

B.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to a log group Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to perform an instance refresh every 90 days

C.

Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Configure the retention period on the log group to be 90 days

D.

Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Set the log rotation configuration of the EC2 instances to 90 days

Buy Now
Questions 7

While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it

What address should be used to create the customer gateway resource?

Options:

A.

The private IP address of the customer gateway device

B.

The MAC address of the NAT device in front of the customer gateway device

C.

The public IP address of the customer gateway device

D.

The public IP address of the NAT device in front of the customer gateway device

Buy Now
Questions 8

A SysOps administrator manages a company's Amazon S3 buckets. The SysOps administrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in the company's AWS account. The SysOps administrator needs to reduce the number of incomplete multipart upload objects in the S3 bucket.

Which solution will meet this requirement?

Options:

A.

Create an S3 Lifecycle rule on the S3 bucket to delete expired markers or incomplete multipart uploads

B.

Require users that perform uploads of files into Amazon S3 to use the S3 TransferUtility.

C.

Enable S3 Versioning on the S3 bucket that contains the incomplete multipart uploads.

D.

Create an S3 Object Lambda Access Point to delete incomplete multipart uploads.

Buy Now
Questions 9

A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC.

What is the MOST operationally efficient method to deploy and update the VPCs in each account?

Options:

A.

Create an AWS Cloud Formation template that defines the VPC. Sign in to the AWS Management Console under each account. Create a stack from the template.

B.

Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text file. Create the VPC in every account in the list.

C.

Create an AWS Lambda function that configures the VPC. Store the account information in Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC in every account in the list.

D.

Create an AWS Cloud Formation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set.

Buy Now
Questions 10

A company runs an application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application sometimes becomes slow and unresponsive. Amazon CloudWatch metrics show that some EC2 instances are experiencing high CPU load.

A SysOps administrator needs to create a CloudWatch dashboard that can automatically display CPU metrics of all the EC2 instances. The metrics must include new instances that are launched as part of the Auto Scaling group.

What should the SysOps administrator do to meet these requirements in the MOST operationally efficient way?

Options:

A.

Create a CloudWatch dashboard. Use activity notifications from the Auto Scaling group to invoke a custom AWS Lambda function. Use the Lambda function to update the CloudWatch dashboard to monitor the CPUUtilization metric for the new instance IDs.

B.

Create a CloudWatch dashboard. Run a custom script on each EC2 instance to stream the CPU utilization to the dashboard.

C.

Use CloudWatch metrics explorer to filter by the aws:autoscaling:groupName tag and to create a visualization for the CPUUtilization metric. Add the visualization to a CloudWatch dashboard.

D.

Use CloudWatch metrics explorer to filter by instance state and to create a visualization for the CPUUtilization metric. Add the visualization to a CloudWatch dashboard.

Buy Now
Questions 11

A company performs advanced statistical analysis by using custom software. The custom software runs on a cluster of Amazon EC2 instances and is sensitive to network latency between the nodes. None of the instances are approaching their network throughput limitations.

Which solution will MINIMIZE the network latency?

Options:

A.

Place all the EC2 instances into a cluster placement group.

B.

Configure and assign two Elastic IP addresses for each EC2 instance.

C.

Configure jumbo frames on all the EC2 instances in the cluster.

D.

Place all the EC2 instances into a spread placement group in the same AWS Region.

Buy Now
Questions 12

A company migrated a non-production application that is I/O intensive to a general purpose Amazon EC2 instance. A General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume is attached to the EC2 instance. Users report that actions that require intensive reading and writing to the disk are taking longer than normal or are failing.

A SysOps administrator reviews the performance metrics of the EBS volume. The VolumeQueueLength metric is consistently high during the same times in which the users report issues. The SysOps administrator needs to resolve this problem to restore full performance to the application.

Which action will meet this requirement?

Options:

A.

Attach an Amazon ElastiCache cluster to the EBS volume.

B.

Modify the EBS volume properties by enabling the Auto-Enabled IO attribute.

C.

Modify the EBS volume properties to increase the IOPS.

D.

Modify the EC2 instance to enable enhanced networking. Reboot the EC2 instance.

Buy Now
Questions 13

A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.

A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservations.

Which purchasing option will meet these requirements?

Options:

A.

Compute Savings Plans for 1 year with the No Upfront payment option

B.

Compute Savings Plans for 1 year with the Partial Upfront payment option

C.

EC2 Instance Savings Plans for 1 year with the All Upfront payment option

D.

EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Buy Now
Questions 14

A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.

Which configuration will meet these requirements?

Options:

A.

Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.

B.

Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.

C.

Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.

D.

Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Buy Now
Questions 15

A company has applications that process transaction requests multiple times each minute. The applications write transaction data to a single Amazon RDS DB instance. As the company begins to process more transactions, the company becomes concerned that it has no failover solution in place for disaster recovery (DR). The company needs the DB instance to fail over automatically without losing any committed transactions.

Which solution will meet these requirements?

Options:

A.

Create an RDS read replica in the same AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.

B.

Create an RDS read replica in a different AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.

C.

Modify the DB instance to be a Multi-AZ deployment.

D.

Setup an Amazon CloudWatch alarm that monitors the DB instance memory utilization with a threshold greater than 90%. Invoke an AWS Lambda function to restart the DB instance.

Buy Now
Questions 16

The company is experiencing increased message load from the frontend to the backend, causing message loss due to backend capacity limitations.

Options:

Options:

A.

Redevelop the backend application as a series of AWS Lambda functions.

B.

Implement an Amazon Kinesis data stream to replace the backend application.

C.

Implement an Application Load Balancer to distribute message traffic across the backend application instances.

D.

Implement an Amazon Simple Queue Service (Amazon SQS) queue between the frontend and backend components.

Buy Now
Questions 17

A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an

EC2 Auto Scaling group behind an Application Load Balancer (ALB).

A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability

Zones. There are no errors in the Auto Scaling group's activity history.

What is the MOST likely reason for the unexpected placement of EC2 instances?

Options:

A.

One Availability Zone did not have sufficient capacity for the requested EC2 instance type.

B.

The ALB was configured for only two Availability Zones.

C.

The Auto Scaling group was configured for only two Availability Zones.

D.

Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Buy Now
Questions 18

A company has an application that is deployed 10 two AWS Regions in an active-passive configuration. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling group in each Region. The application uses an Amazon Route 53 hosted zone (or DNS. A SysOps administrator needs to configure automatic failover to the secondary Region.

What should the SysOps administrator do to meet these requirements?

Options:

A.

Configure Route 53 alias records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.

B.

Configure CNAME records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.

C.

Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region astargets.

D.

Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as targets.

Buy Now
Questions 19

A SysOps administrator must ensure that all of a company's current and future Amazon S3 buckets have logging enabled If an S3 bucket does not have logging enabled an automated process must enable logging for the S3 bucket.

Which solution will meet these requirements?

Options:

A.

Use AWS Trusted Advisor 10 perform a check for S3 buckets that do not have logging enabled Configure the check to enable logging for S3 buckets that do not have logging enabled.

B.

Configure an S3 bucket policy that requires all current and future S3 buckets to have logging enabled

C.

Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging.

D.

Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLoggmg AWS Systems Manager Automation runbook to enable logging.

Buy Now
Questions 20

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.

Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

Options:

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.

D.

Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.

E.

Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Buy Now
Questions 21

A company uses AWS Organizations to manage its multi-account environment. The organization contains a dedicated account for security and a dedicated account for logging. A SysOps administrator needs to implement a centralized solution that provides alerts when a resource metric in any account crosses a standard defined threshold.

Which solution will meet these requirements?

Options:

A.

Deploy an AWS CloudFormation stack set to the accounts in the organization. Use a template that creates the required Amazon CloudWatch alarms and references an Amazon Simple Notification Service (Amazon SNS) topic in the logging account with publish permissions for all the accounts.

B.

Deploy an AWS CloudFormation stack in each account. Use the stack to deploy the required Amazon CloudWalch alarms and the required Amazon Simple Notification Service (Amazon SNS) topic.

C.

Deploy an AWS Lambda function on a cron job in each account. Configure the Lambda function to read resources that are in the account and to invoke an Amazon Simple Notification Service (Amazon SNS) topic if any metrics cross the defined threshold.

D.

Deploy an AWS CloudFormation change set to the organization. Use a template to create the required Amazon CloudWatch alarms and to send alerts to a verified Amazon Simple Email Service (Amazon SES) identity.

Buy Now
Questions 22

A SysOps administrator needs to give users the ability to upload objects to an Amazon S3 bucket. The SysOps administrator creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket.

Which of the following could be the cause of this problem?

Options:

A.

The user has not properly configured the AWS CLI with their access key and secret access key.

B.

The SysOps administrator does not have the necessary permissions to upload the object to the S3 bucket.

C.

The SysOps administrator must apply a bucket policy to the S3 bucket to allow the user to upload the object.

D.

The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid.

Buy Now
Questions 23

The SysOps administrator must restart the web server if specific errors are detected in logs on EC2 instances behind a load balancer.

Options (Select THREE):

Options:

A.

Install the Amazon CloudWatch agent on the EC2 instances.

B.

Create an AWS CloudTrail metric filter for the web logs. Configure an alarm for the specific errors.

C.

Create an Amazon CloudWatch metric filter for the web logs. Configure an alarm for the specific errors.

D.

Publish alarm findings to Amazon Simple Email Service (Amazon SES). Invoke an AWS Lambda function to restart the web server software.

E.

Create an Amazon EventBridge rule that responds to the alarm. Configure the rule to invoke an AWS Systems Manager Automation runbook to restart the web server software.

F.

Create an Amazon Simple Notification Service (Amazon SNS) notification that responds to the alarm. Configure the notification to invoke an AWS Systems Manager Automation runbook to restart the web server software.

Buy Now
Questions 24

A company has a Python script that needs to send an SMS message to a monitoring center. A SysOps administrator must use Amazon EventBridge and AWS Lambda to automatically run the Python script every 60 minutes. Which solution will meet these requirements?

Options:

A.

Configure an EventBridge event pattern rule to invoke a Lambda function that runs the Python script. Program the Lambda function to make an API call to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the appropriate phone number to the SNS topic.

B.

Configure an EventBridge event pattern rule to invoke a Lambda function that runs the Python script. Program the Lambda function to make an API call to send a notification to an Amazon Simple Queue Service (Amazon SQS) queue.

C.

Configure a schedule in EventBridge Scheduler to invoke a Lambda function that runs the Python script. Program the Lambda function to make an API call to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the appropriate phone number to the SNS topic.

D.

Configure a schedule in EventBridge Scheduler to invoke a Lambda function that runs the Python script. Program the Lambda function to make an API call to send a notification to an Amazon Simple Queue Service (Amazon SQS) queue.

Buy Now
Questions 25

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Buy Now
Questions 26

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Options:

Buy Now
Questions 27

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Buy Now
Questions 28

A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.

Which solution will meet these requirements?

Options:

A.

Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.

B.

Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.

C.

Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.

D.

Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the reboot parameter enabled.

Buy Now
Questions 29

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)

Options:

A.

Change to the least outstanding requests algorithm on the ALB target group.

B.

Configure cookie forwarding in the CloudFront distribution cache behavior.

C.

Configure header forwarding in the CloudFront distribution cache behavior.

D.

Enable group-level stickiness on the ALB listener rule.

E.

Enable sticky sessions on the ALB target group.

Buy Now
Questions 30

A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically

Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.)

Create a Systems Manager Distributor package for the third-party agent.

Options:

A.

Make sure that Systems Manager Inventory Is configured. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows.

B.

Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

C.

Create a Systems Manager State Manager- association to run the AWS-ConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

D.

Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsitem. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day.

Buy Now
Questions 31

A company is creating a new multi-account architecture. A Sysops administrator must implement a login solution to centrally manage

user access and permissions across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language (SAML) 2.0 identity provider (IdP).

What should the SysOps administrator do to meet these requirements?

Options:

A.

Configure an Amazon Cognito user pool. Integrate the user pool with the third-party IdP.

B.

Enable and configure AWS Single Sign-On with the third-party IdP.

C.

Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization.

D.

Integrate the third-party IdP directly with AWS Organizations.

Buy Now
Questions 32

A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times.

Which deployment policies satisfy this requirement? (Select TWO.)

Options:

A.

All at once

B.

Immutable

C.

Rebuild

D.

Rolling

E.

Rolling with additional batch

Buy Now
Questions 33

A team of On-call engineers frequently needs to connect to Amazon EC2 Instances In a private subnet to troubleshoot and run commands. The Instances use either the latest AWS-provided Windows Amazon Machine Images (AMIs) or Amazon Linux AMIs.

The team has an existing IAM role for authorization. A SysOps administrator must provide the team with access to the Instances by granting IAM permissions to this

Which solution will meet this requirement?

Options:

A.

Add a statement to the IAM role policy to allow the ssm:StartSession action on the instances. Instruct the team to use AWS Systems Manager Session Manager to connect to the Instances by using the assumed IAM role.

B.

Associate an Elastic IP address and a security group with each instance. Add the engineers' IP addresses to the security group inbound rules. Add a statement to the IAM role policy to allow the ec2:AuthoflzeSecurityGroupIngress action so that the team can connect to the Instances.

C.

Create a bastion host with an EC2 Instance, and associate the bastion host with the VPC. Add a statement to the IAM role policy to allow the ec2:CreateVpnConnection action on the bastion host. Instruct the team to use the bastion host endpoint to connect to the instances.D Create an internet-facing Network Load Balancer. Use two listeners. Forward port 22 to a target group of Linux instances. Forward port 3389 to a target group of Windows I

Buy Now
Questions 34

The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.

Options:

Options:

A.

"kms:ReEncrypt", "kms:GenerateDataKey*", "kms:Encrypt", "kms:DescribeKey"

B.

"kms:ListAliases", "kms:GetKeyPolicy", "kms:Describe*", "kms:Decrypt"

C.

"kms:ListAliases", "kms:DescribeKey", "kms:Decrypt"

D.

"kms:Update*", "kms:TagResource", "kms:Revoke*", "kms:Put*", "kms:List*", "kms:Get*", "kms:Enable*", "kms:Disable*", "kms:Describe*", "kms:Delete*", "kms:Create*", "kms:CancelKeyDeletion"

Buy Now
Questions 35

A company decides to stop non-production Amazon EC2 instances during the EC2 instances. The company's IT manager must receive notification in near real time whenever an EC2 instance that has an environment type tag value of non-production is started during the night.

Which solution will meet this requirement with the MOST operational efficiency?

Options:

A.

Configure an AWS Lambda function with an SMTP client library. Subscribe the Lambda function to the AWS Health Dashboard to receive notification whenever an EC2 instance is in the running state. Configure the Lambda function to use Amazon Pinpoint to send email notifications to the IT manager. Deploy a second Lambda function to throttle calls from the first Lambda function during the daytime.

B.

Deploy an AWS Lambda function that queries the Amazon EC2 API to determine the state of each EC2 instance. Use the EC2 instance scheduler to configure the Lambda function to run every minute during the night and to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.

C.

Create an Amazon EventBridge rule that includes the EC2 Instance State-change Notification event type. Filter the event to capture only the running state. Create an AWS Lambda function as a target of the rule. Configure the Lambda function to check the current time and the EC2 instances’ tags to determine the environment type. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target of the Lambda function for notification

D.

Store the EC2 instance metadata, including the environment type, in an Amazon DynamoDB table. Deploy a custom application to an EC2 instance. Configure the custom application to poll the DynamoDB data every minute during the night and to query the Amazon EC2 API to determine the state of each instance. Additionally, configure the custom application to send an email notification to the IT manager for each non-production EC2 instance that is

Buy Now
Questions 36

A company hosts a static website in an Amazon S3 bucket. The website is accessed globally. The company has configured an Amazon CloudFront distribution and has set the S3 bucket as the distribution's origin. The Cache-Control max-age header is set to 1 hour The Maximum TTL is set to 5 minutes.

A SysOps administrator observes that website performance is lower than expected. CloudFront is not caching objects for the amount of time that is configured.

What is the reason for this issue?

Options:

A.

The Expires header has been set to 3 hours

B.

Cached assets are not expiring in the edge location.

C.

Cache invalidation is missing in the CloudFront configuration.

D.

Cache-duration settings conflict with each other

Buy Now
Questions 37

A SysOps administrator is creating resources from an AWS CloudFormation template that defines an Auto Scaling group of Amazon EC2 instances. The Auto Scaling group launch template provisions each EC2 instance by using a user data script. The creation of the Auto Scaling group resource is failing because of an error The wait condition is not receiving the required number of signals.

How should the SysOps administrator resolve this error?

Options:

A.

Run cfn-signal at the completion of the user data script.

B.

Modify the EC2 instances' security group to allow outgoing traffic on port 443.

C.

Reduce the Auto Scaling group's DesiredCapacity value in the CloudFormation template.

D.

Set the AssociatePubliclpAddress property to True in the Auto Scaling group launch template.

Buy Now
Questions 38

A SysOps administrator needs to configure an Amazon S3 bucket to host a web application. The SysOps administrator has created the S3 bucket and has copied the static files for the web application to the S3 bucket.

The company has a policy that all S3 buckets must not be public.

What should the SysOps administrator do to meet these requirements?

Options:

A.

Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with an origin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucket policy.

B.

Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create a DNS CNAME to point to the S3 website endpomt.

C.

Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALB listener configuration. Forward the traffic to the S3 bucket.

D.

Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port 443. Set the endpoint type to forward the traffic to the S3 bucket.

Buy Now
Questions 39

A recent organizational audit uncovered an existing Amazon RDS database that is not currently configured for high availability. Given the critical nature of this database, it must be configured for high availability as soon as possible.

How can this requirement be met?

Options:

A.

Switch to an active/passive database pair using the create-db-instance-read-replica with the --availability-zone flag.

B.

Specify high availability when creating a new RDS instance, and live-migrate the data.

C.

Modify the RDS instance using the console to include the Multi-AZ option.

D.

Use the modify-db-instance command with the --na flag.

Buy Now
Questions 40

A company has two general purpose Amazon EC2 instances that run a software package. Each EC2 instance is attached to its own 500 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume.

Each EBS volume frequently reaches its IOPS limit, negatively affecting workload performance. The company is starting a large promotion that will require 5 times more IOPS.

Which solution will meet these requirements?

Options:

A.

Migrate the attached EBS volumes to Throughput Optimized HDD (st1) EBS volumes.

B.

Configure Amazon ElastiCache integration on the EC2 instances.

C.

Migrate the workload to two storage optimized EC2 instances.

D.

Migrate the attached EBS volumes to General Purpose SSD (gp3) EBS volumes. Provision the appropriate IOPS.

Buy Now
Questions 41

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS

CloudFormation stack, it fails to deploy.

What is likely to be the problem?

Options:

A.

The Amazon Machine image used is not available in that region.

B.

The AWS CloudFormation template needs to be updated to the latest version.

C.

The VPC configuration parameters have changed and must be updated in the template.

D.

The account has reached the default limit for VPCs allowed.

Buy Now
Questions 42

A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. The database will store data for a demonstration environment. The data must be reset on a daily basis.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create a manual snapshot of the DB cluster after the data has been populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the snapshot and then delete the previous DB cluster.

B.

Enable the Backtrack feature during the creation of the DB cluster. Specify a target backtrack window of 48 hours. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to perform a backtrack operation.

C.

Export a manual snapshot of the DB cluster to an Amazon S3 bucket after the data has been populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the snapshot from Amazon S3.

D.

Set the DB cluster backup retention period to 2 days. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the DB cluster to a point in time and then delete the previous DB cluster.

Buy Now
Questions 43

A company uses AWS Organizations to manage multiple AWS accounts. Corporate policy mandates that only specific AWS Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of Amazon EC2 instances in unauthorized Regions by anyone in the company.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Configure AWS CloudTrail in all Regions to record all API activity Create an Amazon EventBridge rule in all unauthorized Regions for ec2:Runlnstances events. Use AWS Lambda to terminate the launched EC2 instances.

B.

In each AWS account, create a managed 1AM policy that uses a Region condition to deny the ec2:Runlnstances action in all unauthorized Regions. Attach this policy to all 1AM groups in each AWS account.

C.

In each AWS account, create an 1AM permissions boundary policy that uses a Region condition to deny the ec2:Runlnstances action in all unauthorized Regions. Attach the permissions boundary policy to all 1AM users in each AWS account.

D.

Create a service control policy (SCP) in AWS Organizations to deny the ec2:Runlnstances action in all unauthorized Regions. Attach this policy to the root level of the organization.

Buy Now
Questions 44

A company has a new requirement stating that all resources In AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

Options:

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWS Config

D.

AWS Systems Manager

Buy Now
Questions 45

A SysOps administrator needs to configure the Amazon Route 53 hosted zone for example.com and www.example.com to point to an Application Load Balancer (ALB). Which combination of actions should the SysOps administrator take to meet these requirements? (Select TWO.)

Options:

A.

Configure anArecordforexample.com to point to the IP address of the ALB.

B.

Configure an A record for www.example.com to point to the IP address of the ALB.

C.

Configure an alias record for example.com to point to the CNAME of the ALB.

D.

Configure an alias record for www.example.com to point to the Route 53 example.com record.

E.

Configure a CNAME record for example com to point to the CNAME of the ALB.

Buy Now
Questions 46

A company's ecommerce application is running on Amazon EC2 instances that are behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. Customers report that the website is occasionally down. When the website is down, the website returns an HTTP 500 (server error) status message to customer browsers.

The Auto Scaling group's health check is configured for EC2 status checks, and the instances are healthy.

Which solution will resolve the problem?

Options:

A.

Replace the ALB with a Network Load Balancer.

B.

Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.

C.

Update the target group configuration on the ALB. Enable session affinity (sticky sessions).

D.

Install the Amazon CloudWatch agent on all the instances. Configure the agent to reboot the instances.

Buy Now
Questions 47

A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.

Options:

Options:

A.

Make the AMI public. Reference the AMI ID from within the member accounts of the organization.

B.

Share the AMI's associated snapshots with all the accounts in the organization.

C.

Share the AMI with the organization by specifying the organization Amazon Resource Name (ARN).

D.

Upload the AMI to AWS Marketplace. Search for the uploaded AMI when an instance is launched from a member account in the organization.

Buy Now
Questions 48

A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.

What additional step must be taken to ensure that API calls are authenticated using MFA?

Options:

A.

Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.

B.

Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.

C.

Restrict the IAM users to use of the console, as MFA is not supported for CLI use.

D.

Require users to use temporary credentials from the get-session token command to sign API calls.

Buy Now
Questions 49

A Sysops administrator launches an Amazon EC2 instance from a Windows Amazon Machine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store (Amazon EBS) volumes. When the instance is launched, none of the additional Amazon Elastic Block Store (Amazon EBS) volumes are initialized and ready for use through a drive letter. The SysOps administrator needs to automate the EBS volume initialization.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.

Create an Amazon EventBridge rule. Configure an AWS Systems Manager Automation runbook as a target of the EventBridge rule to initialize the disks after an EC2 instance launch event.

B.

Create an AmazolkventBridge rule. Configure an AWS Lambda function as a target of the EventBridge rule to initialize the drives after the AMI is launched.

C.

Create an AWS Config rule to automatically initialize the EBS volumes on Windows EC2 instances.

D.

Add the secondary volume configuration to the DriveLetterMappingConfig.json file. Configure the InitializeDisks.ps1 Windows PowerShell script to run at launch. Create a new AMI from the running EC2 instance.

Buy Now
Questions 50

A company's IT department noticed an increase in the spend of their developer AWS account. There are over 50 developers using the account, and the finance team wants to determine the service costs incurred by each developer.

What should a SysOps administrator do to collect this information? (Select TWO.)

Options:

A.

Activate the createdBy tag in the account.

B.

Analyze the usage with Amazon CloudWatch dashboards.

C.

Analyze the usage with Cost Explorer.

D.

Configure AWS Trusted Advisor to track resource usage.

E.

Create a billing alarm in AWS Budgets.

Buy Now
Questions 51

A company is expanding its fleet of Amazon EC2 instances before an expected increase of traffic. When a SysOps administrator attempts to add more instances, an InstanceLimitExceeded error is returned.

What should the SysOps administrator do to resolve this error?

Options:

A.

Add an additional CIDR block to the VPC.

B.

Launch the EC2 instances in a different Availability Zone.

C.

Launch new EC2 instances in another VPC.

D.

Use Service Quotas to request an EC2 quota increase.

Buy Now
Questions 52

A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket. The company's risk team must receive immediate notification about any delete events.

Which solution will meet these requirements?

Options:

A.

Enable S3 server access logging for audit logs. Set up an Amazon Simple Notification Service (Amazon SNSJ notification for the S3 bucket. Select DeleteObject tor the event type for the alert system.

B.

Enable S3 server access logging for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.

C.

Use Amazon CloudWatch Logs for audit logs. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.

D.

Use Amazon CloudWatch Logs for audit logs. Launch an Amazon EC2 instance for The alert system. Run a cron job on the EC2 Instance each day to compare the list of the items with the list from the previous day. Configure the cron job to send a notification if an item is missing.

Buy Now
Questions 53

The company’s ecommerce website running on EC2 instances behind an ALB intermittently returns HTTP 500 errors. The Auto Scaling group is only using EC2 status checks.

Options:

Options:

A.

Replace the ALB with a Network Load Balancer.

B.

Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.

C.

Update the target group configuration on the ALB. Enable session affinity (sticky sessions).

D.

Install the Amazon CloudWatch agent on all the instances. Configure the agent to reboot the instances.

Buy Now
Questions 54

A company is experiencing issues with legacy software running on Amazon EC2 instances. Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A short-term solution is required while the software is being rewritten. A SysOps administrator is tasked with creating a solution to restart the instances when the CPU utilization rises above 80%.

Which solution meets these requirements with the LEAST operational overhead?

Options:

A.

Write a script that monitors the CPU utilization of the EC2 instances and reboots the instances when utilization exceeds 80%. Run the script as a cron job.

B.

Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action to reboot the EC2 instances.

C.

Create an Amazon EventBridge rule using the predefined patterns for CPU utilization of the EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function to restart the instances.

D.

Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS Systems Manager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.

Buy Now
Questions 55

A SysOps administrator uses AWS Systems Manager Session Manager to connect to instances After the SysOps administrator launches a new Amazon EC2 instance the EC2 instance does not appear in the Session Manager list of systems that are available for connection. The SysOps administrator verities that Systems Manager Agent is installed updated and running on the EC2 instance

What is the reason for this issue?

Options:

A.

The SysOps administrator does not have access to the key pair that is required for connection

B.

The SysOps administrator has not attached a security group to the EC2 instance to allow SSH on port 22.

C.

The EC2 instance does not have an attached IAM role that allows Session Manager to connect to the EC2 instance.

D.

The EC2 instance ID has not been entered into the Session Manager configuration

Buy Now
Questions 56

A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.

Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

Options:

A.

Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

Buy Now
Questions 57

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:

Which solution will provide the EC2 instances in the private subnet with access to the internet?

Options:

A.

Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.

B.

Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.

C.

Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.

D.

Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Buy Now
Questions 58

A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS account. What is the MOST operationally efficient solution that will meet this requirement?

Options:

A.

Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.

B.

Create an 1AM role that has access to the object. Instruct the users to assume the role.

C.

Create an 1AM user that has access to the object. Share the credentials with the users.

D.

Generate a presigned URL for the object. Share the URL with the users.

Buy Now
Questions 59

A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.

Which solution will meet this requirement?

Options:

A.

Configure Amazon Cognito to detect any compromised 1AM credentials.

B.

Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.

C.

Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.

D.

Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Buy Now
Questions 60

A SysOps administrator is unable to launch Amazon EC2 instances into a VPC because there are no available private IPv4 addresses in the VPC. Which combination of actions must the SysOps administrator take to launch the instances? (Select TWO.)

Options:

A.

Associate a secondary IPv4 CIDR block with the VPC

B.

Associate a primary IPv6 CIDR block with the VPC

C.

Create a new subnet for the VPC

D.

Modify the CIDR block of the VPC

E.

Modify the CIDR block of the subnet that is associated with the instances

Buy Now
Questions 61

A SysOps administrator needs to ensure that an Amazon RDS for PostgreSQL DB instance has available backups The DB instance has automated backups turned on with a backup retention period of 7 days. However, no automated backups for the DB instance have been created in the past month.

What could be the cause of the lack of automated backups?

Options:

A.

The Amazon S3 bucket that stores the backups is full

B.

The DB instance is in the STORAGE_FULL state

C.

The DB instance is not configured for Multi-AZ.

D.

The backup retention period must be 30 days.

Buy Now
Questions 62

A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.

Which solution will meet these requirements?

Options:

A.

Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints to each subnet inside the VPC.

B.

Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC endpoints to each subnet inside the VPC.

C.

Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC endpoint to the VPC route table.

D.

Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.

Buy Now
Questions 63

A compliance learn requites all administrator passwords for Amazon RDS DB instances to be changed at least annually.

Which solution meets this requirement in the MOST operationally efficient manner?

Options:

A.

Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.

B.

Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.

C.

Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.

D.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Buy Now
Questions 64

A company has developed a service that is deployed on a fleet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving the underlying cause of the service failure could take several weeks.

A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances.

Which solutions will meet this requirement? (Select TWO.)

Options:

A.

Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails.

B.

Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes.

C.

Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunSheIIScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes.

D.

Update the EC2 user data that is specified in the Auto Scaling group's launch template to include a script that runs on a cron schedule every 5 minutes.

E.

Update the EC2 user data that is specified in the Auto Scaling group's launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template.

Buy Now
Questions 65

A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized users through Amazon CloudFront. Unauthorized users must be restricted from access.

Which solution will meet these requirements?

Options:

A.

Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed URLs to access the S3 bucket through CloudFront.

B.

Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Restrict S3 bucket access with signed URLs in CloudFront.

C.

Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Enable field-level encryption.

D.

Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed cookies for restricted delivery of the content through CloudFront.

Buy Now
Questions 66

A company is supposed to receive a data file every hour in an Amazon S3 bucket. An S3 event notification invokes an AWS Lambda function each time a file arrives. The function processes the data for use by an application.

The application team notices that sometimes the file does not arrive. The application team wants to receive a notification whenever the file does not arrive.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Add an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects that were created in the last hour. Configure another S3 event notification to be invoked by the lifecycle transition when the number of objects transitioned is zero. Publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team.

B.

Configure another S3 event notification to invoke a Lambda function that posts a message to an Amazon Simple Queue Service (Amazon SQS) queue. Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team when the ApproximateAgeOfOldestMessage metric of the queue is greater than 1 hour.

C.

Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert the application team when the Invocations metric of the Lambda function is zero for an hour. Configure the alarm to treat missing data as breaching.

D.

Create a new Lambda function to get the timestamp of the newest file in the S3 bucket. If the timestamp is more than 1 hour ago, publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the new function hourly.

Buy Now
Questions 67

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.

What should a SysOps administrator do to implement this requirement?

Options:

A.

Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.

B.

Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.

C.

Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.

D.

Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Buy Now
Questions 68

A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families.

During initial testing, a SysOps administrator identifies performance issues on selected EC2 instances. The company has a strict budget allocation policy, so the

SysOps administrator must use the right resource types with the performance characteristics to match the workload.

What should the SysOps administrator do to meet this requirement?

Options:

A.

Purchase regional Reserved Instances (RIs) for immediate cost savings. Review and take action on the EC2 rightsizing recommendations in Cost Explorer. Exchange the RIs for the optimal instance family after rightsizing.

B.

Purchase zonal Reserved Instances (RIs) for the existing instances. Monitor the RI utilization in the AWS Billing and Cost Management console. Make adjustments to instance sizes to optimize utilization.

C.

Review and take action on AWS Compute Optimizer recommendations. Purchase Compute Savings Plans to reduce the cost that is required to run the compute resources. Most Voted

D.

Review resource utilization metrics in the AWS Cost and Usage Report. Rightsize the EC2 instances. Create On-Demand Capacity Reservations for the rightsized resources.

Buy Now
Questions 69

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors.

The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.

Based on these requirements what should be added to the template?

Options:

A.

Conditions with a timeout set to 4 hours.

B.

CreationPolicy with timeout set to 4 hours.

C.

DependsOn a timeout set to 4 hours.

D.

Metadata with a timeout set to 4 hours

Buy Now
Questions 70

A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is configured to use a simple scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SOS) queue.

Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the instances to accommodate the increased number of messages.

Which solution will meet these requirements?

Options:

A.

Use CloudWatch to create a metric math expression to calculate the approximate age of the oldest message in the SQS queue. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.

B.

Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.

C.

Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a target tracking scaling policy for the ALBRequestCountPerTarget metric to modify the Auto Scaling group.

D.

Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a scheduled scaling policy for the Auto Scaling group.

Buy Now
Questions 71

A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.

Which solution should the SysOps administrator implement to meet these requirements?

Options:

A.

Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.

B.

Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.

C.

Migrate the database to an Amazon Aurora multi-master DB cluster.

D.

Migrate the database to an Amazon RDS for MySQL DB instance.

Buy Now
Questions 72

A company has implemented a data ingestion pipeline to process files in the form of messages. A frontend application accepts user input and stores the input in Amazon S3. A backend application uses Amazon EC2 instances to process the object that was uploaded to Amazon S3. The company recently experienced a significant increase in customer traffic. The frontend application is now sending more messages at one time than the backend application can handle, resulting in some lost messages.

Which action will resolve this problem with the LEAST operational effort?

Options:

A.

Redevelop the backend application as a series of AWS Lambda functions.

B.

Implement an Amazon Kinesis data stream to replace the backend application.

C.

Implement an Application Load Balancer to distribute message traffic across the backend application instances.

D.

Implement an Amazon Simple Queue Service (Amazon SQS) queue between the frontend and backend components.

Buy Now
Questions 73

A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.

B.

Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.

C.

Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.

D.

Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance failure, restore the EBS volume from a snapshot.

Buy Now
Questions 74

A company has a list of pre-appf oved Amazon Machine Images (AMIs) for developers lo use to launch Amazon EC2 instances However, developers are still launching EC2 instances from unapproved AMIs.

A SysOps administrator must implement a solution that automatically terminates any instances that are launched from unapproved AMIs.

Which solution will meet mis requirement?

Options:

A.

Set up an AWS Config managed rule to check if instances are running from AMIs that are on the list of pre-approved AMIs. Configure an automatic remediation action so that an AWS Systems Manager Automation runbook terminates any instances that are noncompliant with the rule

B.

Store the list of pre-approved AMIs in an Amazon DynamoDB global table that is replicated to all AWS Regions that the developers use. Create Regional EC2 launch templates. Configure the launch templates to check AMIs against the list and to terminate any instances that are not on the list

C.

Select the Amazon CloudWatch metric that shows all running instances and the AMIs that the instances were launched from Create a CloudWatch alarm that terminates an instance if the metric shows the use of an unapproved AMI.

D.

Create a custom Amazon Inspector finding to compare a running instance's AMI against the list of pre-approved AMIs Create an AWS Lambda function thatterminates instances. Configure Amazon Inspector to report findings of unapproved AMIs to an Amazon Simple Queue Service (Amazon SQS) queue to invoke the Lambda function.

Buy Now
Questions 75

A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.

Which solution will give the application the ability to resolve the internal domain names?

Options:

A.

Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.

B.

Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.

C.

Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.

D.

Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Buy Now
Questions 76

A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is compliant. Terminate any noncompliant instances.

B.

Create an IAM policy that enforces all EC2 instance tag requirements. If the required tags are not in place for an instance, the policy will terminate noncompliant instance.

C.

Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5 minutes.

D.

Create an AWS Config rule to check if the required tags are present. If an EC2 instance is noncompliant, invoke an AWS Systems Manager Automation document to terminate the instance.

Buy Now
Questions 77

A company is using an Amazon S3 bucket in the us-east-1 Region to set up a static website. The S3 bucket is named example-website-hosting-bucket. The website stores photographs in the following structure: www.example.com/Photographs/user/.

The S3 bucket has an Amazon Resource Name (ARN) of arn:aws:s3:::example-website-hosting-bucket. A SysOps administrator configured the S3 bucket for static website hosting and to allow public read access.

The SysOps administrator did not configure S3 Block Public Access.

Amazon Route 53 does not display the S3 bucket as the alias target when the SysOps administrator attempts to create a DNS record.

Which solution will make the website available?

Options:

A.

In Route 53, update the record to reference the S3 bucket by using the following ARN: arn:aws:s3::https://www.google.com/search?q=example-website-hosting-bucket.s3-website-us-east-1.amazonaws.com.

B.

Change the ARN of the S3 bucket to arn:aws:s3:::example-website-hosting-bucket/Photographs. Configure Route 53 to point to the S3 bucket through the ARN.

C.

Configure versioning on the S3 bucket. Create an S3 access point that points to the S3 bucket. Create an access point alias name for Route 53 to use to reach the S3 bucket through the access point.

D.

Create a new S3 bucket named www.example.com. Migrate the website contents to the new S3 bucket. Configure the new S3 bucket with the same settings as the original S3 bucket. Configure the Route 53 alias record to point to the new S3 bucket.

Buy Now
Questions 78

A company’s SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company’s accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account’s Personal Health Dashboard.

Which solution will meet this requirement with the LEAST amount of effort?

Options:

A.

Enable organizational view in AWS Health.

B.

Configure the Personal Health Dashboard in each account to forward events to a central AWS CloudTrail log.

C.

Create an AWS Lambda function to query the AWS Health API and to write all events to an Amazon DynamoDB table.

D.

Use the AWS Health API to write events to an Amazon DynamoDB table.

Buy Now
Questions 79

A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working In us-east-1. but it is failing In us-west-2 with the error code:

How should the administrator ensure that the AWS Cloud Formation template is working in every region?

Options:

A.

Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.

B.

Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID.

C.

Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control.

D.

Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings" section. Refer to the proper mapping within the template for the proper AMI ID.

Buy Now
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Apr 23, 2025
Questions: 528
SOA-C02 pdf

SOA-C02 PDF

$29.75  $84.99
SOA-C02 Engine

SOA-C02 Testing Engine

$35  $99.99
SOA-C02 PDF + Engine

SOA-C02 PDF + Testing Engine

$47.25  $134.99