Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#321 (Accuracy: 100% / 1 votes)
A SysOps Administrator is configuring AWS SSO for the first time. The Administrator has already created a directory in the master account using AWS Directory
Service and enabled full access in AWS Organizations.
What should the Administrator do next to configure the service?
  • A. Create IAM roles in each account to be used by AWS SSO, and associate users with these roles using AWS SSO.
  • B. Create IAM users in the master account, and use AWS SSO to associate the users with the accounts they will access.
  • C. Create permission sets in AWS SSO, and associate the permission sets with Directory Service users or groups.
  • D. Create service control policies (SCPs) in Organizations, and associate the SCPs with Directory Service users or groups.
#322 (Accuracy: 100% / 2 votes)
A SysOps Administrator is notified that a security vulnerability affects a version of MySQL that is being used with Amazon RDS MySQL.
Who is responsible for ensuring that the patch is applied to the MySQL cluster?
  • A. The database vendor
  • B. The Security department of the SysOps Administrator's company
  • C. AWS
  • D. The SysOps Administrator
#323 (Accuracy: 100% / 1 votes)
A company uses multiple accounts for its applications. Account A manages the company's Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the company's web servers.
How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?
  • A. Create an Amazon EC2 proxy in Account A that forwards requests to Account B.
  • B. Create a load balancer in Account A that points to the load balancer in Account B.
  • C. Create a CNAME record in Account A pointing to an alias record for the load balancer in Account B.
  • D. Create an alias record in Account A pointing to the DNS name for the load balancer in Account B.
#324 (Accuracy: 100% / 1 votes)
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?
  • A. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.
  • B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
  • C. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
  • D. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.
#325 (Accuracy: 100% / 1 votes)
A SysOps Administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different Administrator.
Which action will the Administrator of the second account be able to perform?
  • A. Add a product from the imported portfolio to a local portfolio.
  • B. Add new products to the imported portfolio.
  • C. Change the launch role for the products contained in the imported portfolio.
  • D. Customize the products in the imported portfolio.
#326 (Accuracy: 100% / 2 votes)
A SysOps Administrator must ensure all Amazon EBS volumes currently in use, and those created in the future, are encrypted with a specific AWS KMS customer master key (CMK).
What is the MOST efficient way for the Administrator to meet this requirement?
  • A. Create an AWS Lambda function to run on a daily schedule, and have the function run the aws ec2 describe-volumes --filters encrypted command.
  • B. Within AWS Config, configure the encrypted-volumes managed rule and specify the key ID of the CMK.
  • C. Log in to the AWS Management Console on a daily schedule, then filter the list of volumes by encryption status, then export this list.
  • D. Create an AWS Lambda function to run on a daily schedule, and have the function run the aws kms describe-key command.
#327 (Accuracy: 100% / 2 votes)
A SysOps Administrator manages a website running on Amazon EC2 instances behind an ELB Application Load Balancer. Users visiting the load balancer's DNS address in a browser are reporting errors. The administrator has confirmed:
✑ The security groups and network ACLs are correctly configured.
✑ The load balancer target group shows no healthy instances.
What should the Administrator do to resolve this issue?
  • A. Review the application's logs for requests originating from the VPC DNS address.
  • B. Review the load balancer access logs, looking for any issues or errors.
  • C. Review the load balancer target group health check configuration.
  • D. Review the load balancer listener configuration.
#328 (Accuracy: 100% / 1 votes)
What should a SysOps Administrator do to ensure a company has visibility into maintenance events performed by AWS?
  • A. Run a script that queries AWS Systems Manager for upcoming maintenance events, and then push these events to an Amazon SNS topic to which the Operations team is subscribed.
  • B. Query the AWS Health API for upcoming maintenance events and integrate the results with the company's existing operations dashboard.
  • C. Integrate the AWS Service Health Dashboard's RSS feed into the company's existing operations dashboard.
  • D. Use Amazon Inspector to send notifications of upcoming maintenance events to the Operations team distribution list.
#329 (Accuracy: 100% / 2 votes)
An AWS CodePipeline in us-east-1 returns `InternalError` with the code `JobFailed` when launching a deployment using an artifact from an Amazon S3 bucket in us-west-1.
What is causing this error?
  • A. S3 Transfer Acceleration is not enabled.
  • B. The S3 bucket is not in the appropriate region.
  • C. The S3 bucket is being throttled.
  • D. There are insufficient permissions on the artifact in Amazon S3.
#330 (Accuracy: 100% / 2 votes)
A SysOps Administrator is managing an AWS account where Developers are authorized to launch Amazon EC2 instances to test new code. To limit costs, the
Administrator must ensure that the EC2 instances in the account are terminated 24 hours after launch.
How should the Administrator meet these requirements?
  • A. Create an Amazon CloudWatch alarm based on the CPUUtilization metric. When the metric is 0% for 24 hours, trigger an action to terminate the EC2 instance when the alarm is triggered.
  • B. Create an AWS Lambda function to check all EC2 instances and terminate instances running more than 24 hours. Trigger the function with an Amazon CloudWatch Events event every 15 minutes.
  • C. Add an action to AWS Trusted Advisor to turn off EC2 instances based on the Low Utilization Amazon EC2 Instances check, terminating instances identified by Trusted Advisor as running for more than 24 hours.
  • D. Install the unified Amazon CloudWatch agent on every EC2 instance. Configure the agent to terminate instances after they have been running for 24 hours.