Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#231 (Accuracy: 100% / 2 votes)
A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented strict IP whitelisting that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?
  • A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
  • B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
  • C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
  • D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.
#232 (Accuracy: 100% / 2 votes)
A company's data processing workflow uses AWS Lambda to interact with other AWS services, including AWS Step Functions, Amazon DynamoDB, and Amazon
S3. The Lambda functions make several API calls to these services as a part of the workflow. AWS CloudTrail has been enabled in the AWS Region and is logging to Amazon CloudWatch Logs. The Lambda functions are also logging to CloudWatch Logs.
A SysOps administrator notices that a specific Lambda function in the workflow is taking longer to run than it did last month. The SysOps administrator needs to determine the parts of the Lambda function that are experiencing higher-than-normal response times.
What solution will accomplish this?
  • A. Analyze logs in CloudWatch Logs for the timestamps at which the API calls are made while the Lambda function is running. Compare with the logs from the previous month.
  • B. Enable AWS X-Ray for the function. Analyze the service map and traces to help identify the API calls with anomalous response times.
  • C. Search CloudTrail logs for the calls from the Lambda function. Compare the observed and expected times of API calls relative to the time when the function starts.
  • D. Use CloudWatch to monitor the Duration metric of function invocations for the Lambda function. Compare with the measurements from the previous month.
#233 (Accuracy: 100% / 2 votes)
A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.
What is the MOST operationally efficient solution to control the production account?
  • A. Create a customer managed policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production account.
  • B. Create a job function policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production OU.
  • C. Create a service control policy (SCP). Apply the SCP to the production OU.
  • D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.
#234 (Accuracy: 100% / 1 votes)
A company that hosts a multi-tier ecommerce web application on AWS has been alerted to suspicious application traffic. The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB). After examining the instance logs, a SysOps administrator determines that the suspicious traffic is an attempted SQL injection attack.
What should the SysOps administrator do to prevent similar attacks?
  • A. Create an Amazon CloudFront distribution with the ALB as the origin. Enable AWS Shield Advanced to protect from SQL injection attacks at edge locations.
  • B. Create an AWS WAF web ACL, and configure a SQL injection rule to add to the web ACL. Associate the WAF web ACL with the ALB.
  • C. Enable Amazon GuardDuty. Use Amazon EventBridge (Amazon CloudWatch Events) to trigger an AWS Lambda function every time GuardDuty detects SQL injection.
  • D. Install Amazon Inspector on the EC2 instances, and configure a rules package. Use the findings reports to identify and block SQL injection attacks.
#235 (Accuracy: 100% / 2 votes)
A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns
2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?
  • A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.
  • B. Create an A record for each server. Associate the records with the Route 53 TCP health check.
  • C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.
  • D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.
#236 (Accuracy: 100% / 1 votes)
A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and RDP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.
Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session
Manager permission for all instances.
What should a SysOps administrator do to resolve this issue?
  • A. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.
  • B. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
  • C. Configure the SSM Agent to log in with a user name of ג€ubuntuג€.
  • D. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.
#237 (Accuracy: 100% / 2 votes)
A company is evaluating solutions for connecting its data centers to a VPC in an AWS Region running a mission-critical application. A secondary Region has already been set up as a disaster recovery solution. The company needs a consistent, low-latency connection of at least 10 Gbps that must be highly resilient and fault tolerant.
Which solution meets these requirements?
  • A. Set up a 10 Gbps AWS Direct Connect connection at two Direct Connect locations. Use two customer routers and dynamically routed, active/active connections.
  • B. Set up a 10 Gbps AWS Direct Connect connection. Use a Direct Connect gateway to support both Regions.
  • C. Establish an AWS Direct Connect connection for the primary connection to the VPC with an AWS-managed VPN connection as a backup.
  • D. Establish 10 VPN connections to the VPC. Enable the VPN Equal Cost Multipath (ECMP) feature to balance traffic over the active connections.
#238 (Accuracy: 100% / 2 votes)
An image processing system runs asynchronously on AWS Lambda. A SysOps administrator is configuring a Lambda function to notify developers when an image falls to process after three attempts. The SysOps administrator has created an Amazon Simple Notification Service (Amazon SNS) topic to notify the developers.
Which additional action should the SysOps administrator take to meet this requirement?
  • A. Configure an Amazon CloudWatch alarm for errors from the Lambda function, which notifies the Amazon SNS topic.
  • B. Implement a dead-letter queue targeting the Amazon SNS topic.
  • C. Modify the Lambda function code to publish failed orders to the Amazon SNS topic before exiting.
  • D. Subscribe to Lambda function error notifications from the AWS Personal Health Dashboard.
#239 (Accuracy: 100% / 2 votes)
The chief financial officer (CFO) of an organization has seen a spike in Amazon S3 storage costs over the last few months. A SysOps administrator suspects that these costs are related to storage for older versions of S3 objects from one of its S3 buckets.
What can the administrator do to confirm this suspicion?
  • A. Enable Amazon S3 inventory and then query the inventory to identify the total storage of previous object versions.
  • B. Use object-level cost allocation tags to identify the total storage of previous object versions.
  • C. Enable the Amazon S3 analytics feature for the bucket to identify the total storage of previous object versions.
  • D. Use Amazon CloudWatch storage metrics for the S3 bucket to identify the total storage of previous object versions.
#240 (Accuracy: 100% / 1 votes)
A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals spikes in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A SysOps administrator is tasked with finding the process ID (PID) of the service or process that is consuming more CPU.
How can the administrator accomplish this with the LEAST amount of effort?
  • A. Configure an AWS Lambda function in Python 3.7 to run every minute to capture the PID and send a notification.
  • B. Configure the procstat plugin to collect and send CPU metrics for the running processes.
  • C. Log in to the EC2 Linux instance using a .pem key each night and then run the top command.
  • D. Use the default Amazon CloudWatch CPU utilization metric to capture the PID in the CloudWatch dashboard.