Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#11 (Accuracy: 100% / 1 votes)
A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified. A sysops administrator needs to automate remediation.
What should the sysops administrator do to meet these requirements?
  • A. Create an IAM managed policy to deny access to ports 22 and 3389 on any security groups in a VPC.
  • B. Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.
  • C. Enable AWS Trusted Advisor to remediate public port access.
  • D. Use AWS Systems Manager configuration compliance to remediate public port access.
#12 (Accuracy: 100% / 1 votes)
A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.
Which action should a SysOps Administrator recommend?
  • A. Create a custom report using AWS Systems Manager Inventory to identify unapproved AMIs
  • B. Run Amazon Inspector on all EC2 instances and flag instances using unapproved AMIs
  • C. Use an AWS Config rule to identify unapproved AMIs
  • D. Use AWS Trusted Advisor to identify EC2 workloads using unapproved AMIs
#13 (Accuracy: 100% / 1 votes)
A custom application must be installed on all Amazon EC2 instances. The application is small, updated frequently and can be installed automatically.
How can the application be deployed on new EC2 instances?
  • A. Launch a script that downloads and installs the application using the Amazon EC2 user data.
  • B. Create a custom API using Amazon API Gateway to call an installation executable from an AWS CloudFormation Template.
  • C. Use AWS Systems Manager to inject the application into an AMI.
  • D. Configure AWS CodePipeline to deploy code changes and updates.
#14 (Accuracy: 100% / 2 votes)
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, am Amazon RDS PostgreSQL database, an
Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps Administrator enable at-rest encryption on?
  • A. EBS General Purpose SSD volumes
  • B. RDS PostgreSQL database
  • C. Amazon EFS file systems
  • D. S3 objects within a bucket
#15 (Accuracy: 100% / 2 votes)
You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?
  • A. Consolidate your accounts so you have a single bill for all accounts and projects
  • B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account
  • C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
  • D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend
#16 (Accuracy: 100% / 1 votes)
You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.
Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? (Choose two.)
  • A. A network ACL that allows communication between the two subnets.
  • B. Both instances are the same instance class and using the same Key-pair.
  • C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate.
  • D. Security groups are set to allow the application host to talk to the database on the right port/protocol.
#17 (Accuracy: 100% / 1 votes)
You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows "impaired."
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?
  • A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the "impaired" system status
  • B. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the 'impaired" system status
  • C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the ג€impairedג€ system status.
  • D. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the "impaired" system status
  • E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working properly, causing the "impaired" system status
#18 (Accuracy: 100% / 2 votes)
What is a security group in Amazon AWS?
  • A. A UNIX Group that gives permission to edit security settings
  • B. An authorized group of instances that control access to other resources
  • C. A virtual firewall that controls the traffic for one or more instances
  • D. An Access Control List (ACL) for AWS resources
#19 (Accuracy: 100% / 1 votes)
Which of the following size ranges is true of Individual Amazon S3 objects?
  • A. 5 gigabytes to 5 terabytes
  • B. 0 bytes to 5 terabytes
  • C. 100 megabytes to 5 gigabytes
  • D. 1 byte to 5 gigabytes
#20 (Accuracy: 100% / 1 votes)
What was the recommended use case for S3 Reduced Redundancy storage before its deprecation was planned?
  • A. It was used to reduce storage costs by providing 500 times the durability of a typical disk drive at lower levels of redundancy.
  • B. It was used to reduce storage costs for noncritical data at lower levels of redundancy.
  • C. It was used to reduce storage costs by allowing you to destroy any copy of your files outside a specific jurisdiction.
  • D. It was used to reduce storage costs for reproducible data at high levels of redundancy in a single facility.