Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#311 (Accuracy: 100% / 1 votes)
A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1. A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage. Data will be replicated from the primary region to the secondary region. The Information Security team's compliance requirements specify that all data must be encrypted and must not traverse the public internet.
How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?
  • A. Configure EC2 instances to act as VPN appliances, then configure route tables.
  • B. Configure inter-region VPC peering between the two VPCs, then configure route tables.
  • C. Configure NAT gateways in both VPCs, then configure route tables.
  • D. Configure an internet gateway in each VPC, and use these as the targets for the VPC route tables.
#312 (Accuracy: 100% / 2 votes)
A company is setting up a VPC peering connection between its VPC and a customer's VPC. The company VPC is an IPv4 CIDR block of 172.16.0.0/16, and the customer's is an IPv4 CIDR block of 10.0.0.0/16. The SysOps Administrator wants to be able to ping the customer's database private IP address from one of the company's Amazon EC2 instances.
What action should be taken to meet the requirements?
  • A. Ensure that both accounts are linked and are part of consolidated billing to create a file sharing network, and then enable VPC peering.
  • B. Ensure that both VPC owners manually add a route to the VPC route tables that points to the IP address range of the other VPC.
  • C. Instruct the customer to set up a VPC with the same IPv4 CIDR block as that of the source VPC: 172.16.0.0/16.
  • D. Instruct the customer to create a virtual private gateway to link the two VPCs.
#313 (Accuracy: 100% / 2 votes)
A security team is concerned that intellectual property might leak to the internet. A SysOps administrator must identify controls to address the potential problem.
The instances in question operate in a VPC and cannot be allowed to send traffic to the internet.
What should the SysOps administrator do to meet these requirements?
  • A. Add the following route to a route table for the subnets used by the instances: Destination: 0.0.0.0/0 Target: igw-xxxxxxxx
  • B. Ensure that the instances do not have Elastic IP addresses. Move the instances to a private subnet.
  • C. Enable enhanced networking on the instances. Move the instances to a private subnet.
  • D. Remove any routes that allow internet traffic from the route table associated with the instance's subnets.
#314 (Accuracy: 100% / 3 votes)
A SysOps Administrator deployed an AWS Elastic Beanstalk worker node environment that reads messages from an auto-generated Amazon Simple Queue
Service (Amazon SQS) queue and deletes them from the queue after processing. Amazon EC2 Auto Scaling scales in and scales out the number of worker nodes based on CPU utilization. After some time, the Administrator notices that the number of messages in the SQS queue are increasing significantly.
Which action will remediate this issue?
  • A. Change the scaling policy to scale based upon the number of messages in the queue.
  • B. Decouple the queue from the Elastic Beanstalk worker node and create it as a separate resource.
  • C. Increase the number of messages in the queue.
  • D. Increase the retention period of the queue.
#315 (Accuracy: 100% / 1 votes)
A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company's AWS environment. The
Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.
What should be done to accomplish this?
  • A. Back up the current KMS key and enable automatic key rotation.
  • B. Create a new key in AWS KMS and assign the key to Amazon EBS.
  • C. Enable automatic key rotation of the EBS volume key in AWS KMS.
  • D. Upload new key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.
#316 (Accuracy: 100% / 1 votes)
A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.
Which action will resolve this issue?
  • A. Configure AWS Database Migration Service (AWS DMS) to allow Amazon RDS for MySQL to scale and accept more requests.
  • B. Configure RDS for MySQL to scale horizontally by adding additional nodes to offload write requests.
  • C. Enable the Multi-AZ feature for the RDS instance.
  • D. Modify the RDS MySQL instance so it is a larger instance type.
#317 (Accuracy: 100% / 1 votes)
A SysOps Administrator is tasked with deploying and managing a single CloudFormation template across multiple AWS accounts.
What feature of AWS CloudFormation will accomplish this?
  • A. Change sets
  • B. Nested stacks
  • C. Stack policies
  • D. StackSets
#318 (Accuracy: 100% / 1 votes)
A SysOps Administrator has been notified that some Amazon EC2 instances in the company's environment might have a vulnerable software version installed.
What should be done to check all of the instances in the environment with the LEAST operational overhead?
  • A. Create and run an Amazon Inspector assessment template.
  • B. Manually SSH into each instance and check the software version.
  • C. Use AWS CloudTrail to verify Amazon EC2 activity in the account.
  • D. Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.
#319 (Accuracy: 100% / 1 votes)
A SysOps Administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.
How should the Administrator implement this process?
  • A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
  • B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
  • C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
  • D. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP, export the database contents into a file, then share this file with the other accounts.
#320 (Accuracy: 100% / 2 votes)
A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment requires unique credentials for external services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
  • A. Pass the credentials for the target environment to the CloudFormation template as parameters. Use the user data script to insert the parameterized credentials into the EC2 instances.
  • B. Store the credentials as secure strings in AWS Systems Manager Parameter Store. Pass an environment tag as a parameter to the CloudFormation template. Use the user data script to insert the environment tag in the EC2 instances. Access the credentials from the application.
  • C. Create a separate CloudFormation template for each environment. In the Resources section, include a user data script for each EC2 instance. Use the user data script to insert the proper credentials for the environment into the EC2 instances.
  • D. Create separate Amazon Machine Images (AMIs) with the required credentials for each environment. Pass the environment tag as a parameter to the CloudFormation template. In the Mappings section of the CloudFormation template, map the environment tag to the proper AMI, then use that AMI when launching the EC2 instances.