Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#151 (Accuracy: 100% / 1 votes)
___________ is a task coordination and state management service for cloud applications.
  • A. Amazon SWF
  • B. Amazon FPS
  • C. Amazon SES
  • D. Amazon SNS
#152 (Accuracy: 100% / 1 votes)
A company is hosting backend web services across Amazon EC2 Linux instances in public subnets in a VPC. A SysOps administrator tries to connect to the instance by using SSH but is unable to connect.
What could be the cause of the failed connection?
  • A. The security group does not allow inbound traffic on port 22.
  • B. The network ACL does not allow outbound traffic on port 80.
  • C. The security group does not allow outbound traffic on port 3389.
  • D. The network ACL does not allow inbound traffic on port 443.
#153 (Accuracy: 100% / 1 votes)
A SysOps Administrator is deploying a legacy web application on AWS. The application has four Amazon EC2 instances behind a Classic Load Balancer and stores data in an Amazon RDS instance. The legacy application has known vulnerabilities to SQL injection attacks, but the application code is no longer available to update.
What cost-effective configuration change should the Administrator make to mitigate the risk of SQL injection attacks?
  • A. Configure Amazon GuardDuty to monitor the application for SQL injection threats.
  • B. Configure AWS WAF with a Classic Load Balancer for protection against SQL injection attacks.
  • C. Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.
  • D. Configure an Amazon CloudFront distribution with the Classic Load Balancer as the origin and subscribe to AWS Shield Standard.
#154 (Accuracy: 100% / 1 votes)
An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account.
How can a SysOps Administrator achieve this while maintaining the security of the application?
  • A. Create an encrypted Amazon Machine Image (AMI) of the instance and make it public to allow the other account to search and launch an instance from it.
  • B. Create an AMI of the instance, add permissions for the AMI to the other AWS account, and start a new instance in the new region by using that AMI.
  • C. Create an AMI of the instance, copy the AMI to the new region, add permissions for the AMI to the other AWS account, and start new instance.
  • D. Create an encrypted snapshot of the instance and make it public. Provide only permissions to decrypt to the other AWS account.
#155 (Accuracy: 100% / 1 votes)
Which of the following steps are required to configure SAML 2.0 for federated access to AWS? (Choose two.)
  • A. Create IAM users for each identity provider (IdP) user to allow access to the AWS environment.
  • B. Define assertions that map the company's identity provider (IdP) users to IAM roles.
  • C. Create IAM roles with a trust policy that lists the SAML provider as the principal.
  • D. Create IAM users, place them in a group named SAML, and grant them necessary IAM permissions.
  • E. Grant identity provider (IdP) users the necessary IAM permissions to be able to log in to the AWS environment.
#156 (Accuracy: 100% / 1 votes)
A SysOps Administrator is writing an AWS Lambda function in AWS Account A to put objects in an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.
Which step will fix this issue?
  • A. Add s3:DeleteObject permission to the IAM execution role of the AWS Lambda function in Account A.
  • B. Change the bucket policy of the S3 bucket in Account B to allow s3:DeleteObject permission for Account A.
  • C. Disable server-side encryption for objects written to the S3 bucket by the Lambda function.
  • D. Modify the Lambda function to call the S3:PutObjectAcl API operation to specify bucket owner, full control.
#157 (Accuracy: 100% / 1 votes)
A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC.
What is the SIMPLEST method to deploy and update the VPCs in each account?
  • A. Create an AWS CloudFormation template defines the VPC. Log in to the AWS Management Console under each account and create a stack from the template.
  • B. Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the script from a text file, then create the VPC in every account in the list.
  • C. Create an AWS Lambda function that configures the VPC. Store the account information in Amazon DynamoDB, grant Lambda access to the DynamoDB table, then create the VPC in every account in the list.
  • D. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template, then deploy the template to all accounts using the stack set.
#158 (Accuracy: 100% / 1 votes)
A company has a multi-account AWS environment that includes the following:
✑ A central identity account that contains all IAM users and groups
✑ Several member accounts that contain IAM roles
A SysOps administrator must grant permissions for a particular IAM group to assume a role in one of the member accounts.
How should the SysOps administrator accomplish this task?
  • A. In the member account, add sts:AssumeRole permissions to the role's policy. In the identity account, add a trust policy to the group that specifies the account number of the member account.
  • B. In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:AssumeRole permissions.
  • C. In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:PassRole permissions.
  • D. In the member account, add the group Amazon Resource Name (ARN) to the role's inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.
#159 (Accuracy: 100% / 1 votes)
True or False: Amazon Route 53 provides highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services.
  • A. False, you can only import an existing domain using Amazon Route 53.
  • B. True, however, it only provides .com domains.
  • C. FALSE
  • D. TRUE
#160 (Accuracy: 100% / 1 votes)
If an IAM policy has multiple conditions, or if a condition has multiple keys, its boolean outcome will be calculated using a logical ______ operation.
  • A. NAND
  • B. OR
  • C. AND
  • D. None of these