Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#261 (Accuracy: 100% / 2 votes)
A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?
  • A. Create one public subnet for the Application Load Balancer, one public subnet for the web servers, and one private subnet for the database servers.
  • B. Create one public subnet for the Application Load Balancer, two public subnets for the web servers, and two private subnets for the database servers.
  • C. Create two public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers.
  • D. Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.
#262 (Accuracy: 100% / 2 votes)
Each SysOps Administrator at a company has a unique IAM user account. Each user is a member of the SysOps IAM group that has an IAM policy applied. A recent change to the IT security policy states that employees must now use their on-premises Active Directory user accounts to access the AWS Management
Console.
Which solution should be used to satisfy these requirements?
  • A. Configure the on-premises Active Directory to use AWS Direct Connect.
  • B. Enable an Active Directory federation in an Amazon Route 53 private zone.
  • C. Implement a VPN tunnel and configure an Active Directory connector.
  • D. Implement multi-factor authentication for IAM and Active Directory.
#263 (Accuracy: 100% / 2 votes)
A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps Administrator has been asked to determine what is causing this increase.
What is the MOST comprehensive tool that will accomplish this task?
  • A. AWS Cost Explorer
  • B. AWS Trusted Advisor
  • C. Cost allocation tags
  • D. Resource groups
#264 (Accuracy: 100% / 1 votes)
An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.
What Amazon Glacier configuration option should be used to meet this compliance requirement?
  • A. A Glacier data retrieval policy
  • B. A Glacier vault access policy
  • C. A Glacier vault lock policy
  • D. A Glacier vault notification
#265 (Accuracy: 100% / 2 votes)
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones.
The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Choose two.)
  • A. Add Amazon CloudFront caching for static content.
  • B. Change the load balancer listener from HTTPS to TCP.
  • C. Enable Amazon Route 53 latency-based routing.
  • D. Implement Amazon EC2 Auto Scaling for the web servers.
  • E. Move the static content from Amazon S3 to the web servers.
#266 (Accuracy: 100% / 2 votes)
A SysOps Administrator has implemented a VPC network design with the following requirements:
✑ Two Availability Zones (AZs)
✑ Two private subnets
✑ Two public subnets
✑ One internet gateway
✑ One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?
  • A. A single virtual private gateway, because it can be associated with a single AZ only.
  • B. A single internet gateway, because it is not redundant across both AZs.
  • C. A single NAT gateway, because it is not redundant across both AZs.
  • D. The default VPC route table, because it can be associated with a single AZ only.
#267 (Accuracy: 100% / 2 votes)
A Chief Financial Officer has asked for a breakdown of costs per project in a single AWS account using Cost Explorer.
Which combination of options should be set to accomplish this? (Choose two.)
  • A. Activate AWS Budgets.
  • B. Activate cost allocation tags.
  • C. Create an organization using AWS Organizations.
  • D. Create and apply resource tags.
  • E. Enable AWS Trusted Advisor.
#268 (Accuracy: 100% / 1 votes)
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.
What actions should the SysOps Administrator take to meet these requirements?
  • A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
  • B. Create a VPC endpoint for the S3 bucket, and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
  • C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
  • D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
#269 (Accuracy: 100% / 1 votes)
A company recently performed a security audit of all its internal applications developed in house. Certain business-critical applications that handle sensitive data were flagged because they use Amazon ES clusters that are open for read/write to a wider user group that intended.
Who is responsible for correcting the issue?
  • A. AWS Premium Support
  • B. the Amazon ES team
  • C. the AWS IAM team
  • D. a SysOps Administrator
#270 (Accuracy: 100% / 1 votes)
A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.
What will be the result of this configuration?
  • A. Amazon CloudWatch will not capture the data because it is in the future.
  • B. Amazon CloudWatch will accept the custom metric data and record it.
  • C. The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.
  • D. The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.