Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#1 (Accuracy: 100% / 1 votes)
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's data center. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console. Will the console allow the user to delete the VPC?
  • A. Yes, the console will delete all the setups and also delete the virtual private gateway
  • B. No, the console will ask the user to manually detach the virtual private gateway first and then allow deleting the VPC
  • C. Yes, the console will delete all the setups and detach the virtual private gateway
  • D. No, since the NAT instance is running
#2 (Accuracy: 100% / 2 votes)
A user has launched an EBS backed instance with EC2-Classic. The user stops and starts the instance. Which of the below mentioned statements is not true with respect to the stop/start action?
  • A. The instance gets new private and public IP addresses
  • B. The volume is preserved
  • C. The Elastic IP remains associated with the instance
  • D. The instance may run on a new host computer
#3 (Accuracy: 100% / 1 votes)
An organization is measuring the latency of an application every minute and storing data inside a file in the JSON format. The organization wants to send all latency data to AWS CloudWatch. How can the organization achieve this?
  • A. The user has to parse the file before uploading data to CloudWatch
  • B. It is not possible to upload the custom data to CloudWatch
  • C. The user can supply the file as an input to the CloudWatch command
  • D. The user can use the CloudWatch Import command to import data from the file to CloudWatch
#4 (Accuracy: 100% / 1 votes)
You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 In the same region.
How do you remedy this situation?
  • A. Add an additional ENI
  • B. Change to a larger Instance
  • C. Use DirectConnect between EC2 and S3
  • D. Use EBS PIOPS on the local volume
#5 (Accuracy: 100% / 2 votes)
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?
  • A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
  • B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
  • C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
  • D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block
#6 (Accuracy: 100% / 3 votes)
Security has identified an IP address that should be explicitly denied for both ingress and egress requests for all services in an Amazon VPC immediately.
Which feature can be used to meet this requirement?
  • A. Host-based firewalls
  • B. NAT Gateway
  • C. Network access control lists
  • D. Security Groups
#7 (Accuracy: 100% / 1 votes)
An Amazon S3 bucket in a SysOps Administrator's account can be accesses by users in other SWS accounts.
How can the Administrator ensure that the bucket is only accessible to members of the Administrator's AWS account?
  • A. Move the S3 bucket from a public subnet to a private subnet in the Amazon VPC.
  • B. Change the bucket access control list (ACL) to restrict access to the bucket owner.
  • C. Enable server-side encryption for all objects in the bucket.
  • D. Use only Amazon S3 presigned URLs for accessing objects in the bucket.
#8 (Accuracy: 100% / 4 votes)
In configuring an Amazon Route 53 health check, a SysOps Administrator selects `˜Yes' to the String Matching option in the Advanced Configuration section. In the
Search String box, the Administrator types the following text: /html.
This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the health check, the Administrator receives an alert stating that the check failed. However, when the Administrator navigates to the page, it loads successfully.
What is the MOST likely cause of this false alarm?
  • A. The search string is not HTML-encoded.
  • B. The search string must be put in quotes.
  • C. The search string must be escaped with a backslash (\) before the forward slash (/).
  • D. The search string is not in the first 5120 bytes of the tested page.
#9 (Accuracy: 100% / 3 votes)
A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.
How should the Administrator ensure that this is done?
  • A. Change the root user password by using the AWS CLI routinely.
  • B. Periodically use the AWS CLI to rotate access keys and secret keys for the root user.
  • C. Use AWS Trusted Advisor security checks to review the configuration of the root user.
  • D. Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.
#10 (Accuracy: 100% / 2 votes)
A company must share monthly report files that are uploaded to Amazon S3 with a third party. The third-party user list is dynamic, is distributed, and changes frequently. The least amount of access must be granted to the third party. Administrative overhead must be low for the internal teams who manage the process.
How can this be accomplished while providing the LEAST amount of access to the third party?
  • A. Allow only specified IP addresses to access the S3 buckets which will host files that need to be provided to the third party.
  • B. Create an IAM role with the appropriate access to the S3 bucket, and grant login permissions to the console for the third party to access the S3 bucket.
  • C. Create a pre-signed URL that can be distributed by email to the third party, allowing it to download specific S3 filed.
  • D. Have the third party sign up for an AWS account, and grant it cross-account access to the appropriate S3 bucket in the source account.