Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#351 (Accuracy: 100% / 2 votes)
An Amazon EC2 instance is unable to connect an SMTP server in a different subnet. Other instances are successfully communicating with the SMTP server, however VPC Flow Logs have been enabled on the SMTP server's network interface and show the following information:
2 223342798652 eni-abe77dab 10.1.1.200 10.100.1.10 1123 25 17 70 48252 1515534437 1515535037 REJECT OK
What can be done to correct this problem?
  • A. Add the instance to the security group for the SMTP server and ensure that is permitted to communicate over TCP port 25.
  • B. Disable the iptables service on the SMTP server so that the instance can properly communicate over the network.
  • C. Install an email client on the instance to ensure that it communicates correctly on TCP port 25 to the SMTP server.
  • D. Add a rule to the security group for the instance to explicitly permit TCP port 25 outbound to any address.
#352 (Accuracy: 100% / 2 votes)
A SysOps Administrator must use a bastion host to administer a fleet of Amazon EC2 instances. All access to the bastion host is managed by the Security team.
What is the MOST secure way for the Security team to provide the SysOps Administrator access to the bastion host?
  • A. Assign the same IAM role to the Administrator that is assigned to the bastion host.
  • B. Provide the Administrator with the SSH key that was used for the bastion host when it was originally launched.
  • C. Create a new IAM role with the same permissions as the Security team, and assign it to the Administrator.
  • D. Create a new administrative account on the bastion host, and provide those credentials to the Administrator using AWS Secrets Manager.
#353 (Accuracy: 100% / 2 votes)
A company is using AWS Organizations to manage all their accounts. The Chief Technology Officer wants to prevent certain services from being used within production accounts until the services have been internally certified. They are willing to allow developers to experiment with these uncertified services in development accounts but need a way to ensure that these services are not used within production accounts.
Which option ensures that services are not allowed within the production accounts, yet are allowed in separate development accounts within the LEAST administrative overhead?
  • A. Use AWS Config to shut down non-compliant services found within the production accounts on a periodic basis, while allowing these same services to run in the development accounts.
  • B. Apply service control policies to the AWS Organizational Unit (OU) containing the production accounts to whitelist certified services. Apply a less restrictive policy to the OUs containing the development accounts.
  • C. Use IAM policies applied to the combination of user and account to prevent developers from using these services within the production accounts. Allow the services to run in development accounts.
  • D. Use Amazon CloudWatch to report on the use of non-certified services within any account, triggering an AWS Lambda function to terminate only those non- certified services when found in a production account.
#354 (Accuracy: 100% / 1 votes)
A SysOps Administrator is receiving multiple reports from customers that they are unable to connect to the company's website. which is being served through
Amazon CloudFront. Customers are receiving HTTP response codes for both 4XX and 5XX errors.
Which metric can the Administrator use to monitor the elevated error rates in CloudFront?
  • A. TotalErrorRate
  • B. RejectedConnectionCount
  • C. NetworkTransmitThroughput
  • D. HealthyHostCount
#355 (Accuracy: 100% / 3 votes)
After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.
What should the SysOps Administrator analyze?
  • A. VPC Flow Logs
  • B. Elastic Load Balancing logs
  • C. Amazon CloudFront logs
  • D. Amazon RDS MySQL error logs
#356 (Accuracy: 100% / 2 votes)
A company has multiple web applications running on Amazon EC2 instances in private subnets. The EC2 instances require connectivity to the internet for patching purposes, but cannot be publicly accessible.
Which step will meet these requirements?
  • A. Add an internet gateway and update the route tables.
  • B. Add a NAT gateway to the VPC and update the route tables.
  • C. Add an interface endpoint and update the route tables.
  • D. Add a virtual gateway to the VPC and update the route tables.
#357 (Accuracy: 100% / 2 votes)
A SysOps Administrator must provide data to show the overall usage of Amazon EC2 instances within each department, and must determine if the purchased
Reserved Instances are being used effectively.
Which service should be used to provide the necessary information?
  • A. AWS Personal Health Dashboard
  • B. AWS Cost Explorer
  • C. AWS Service Catalog
  • D. AWS Application Discovery Service
#358 (Accuracy: 100% / 2 votes)
A SysOps Administrator attempting to delete an Amazon S3 bucket ran the following command: aws s3 rb s3://my bucket
The command failed and bucket still exists. The administrator validated that no files existed in the bucket by running aws s3 1s s3://mybucket and getting an empty response.
Why is the Administrator unable to delete the bucket, and what must be done to accomplish this task?
  • A. The bucket has MFA Delete enabled, and the Administrator must turn it off.
  • B. The bucket has versioning enabled, and the Administrator must permanently delete the objects' delete markers.
  • C. The bucket is storing files in Amazon Glacier, and the Administrator must wait 3-5 hours for the files to delete.
  • D. The bucket has server-side encryption enabled, and the Administrator must run the aws s3 rb s3://my bucket -- sse command.
#359 (Accuracy: 100% / 2 votes)
A website uses Elastic Load Balancing (ELB) in front of several Amazon EC2 instances backed by an Amazon RDS database. The content is dynamically generated for visitors of a webpage based on their geographic location. and is updated daily. Some of the generated objects are large in size and are taking longer to download than they should, resulting in a poor user experience.
Which approach will improve the user experience?
  • A. Implement Amazon ElastiCache to cache the content and reduce the load on the database.
  • B. Enable an Amazon CloudFront distribution with Elastic Load Balancing as a custom origin.
  • C. Use Amazon S3 to store and deliver the content.
  • D. Enable Auto Scaling for the EC2 instances so that they can scale automatically.
#360 (Accuracy: 100% / 2 votes)
Company A purchases Company B and inherits three new AWS accounts. Company A would like to centralize billing and Reserved Instance benefits but wants to keep all other resources separate.
How can this be accomplished?
  • A. Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.
  • B. Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.
  • C. Send Cost and Usage Reports files to a central Amazon S3 bucket, and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.
  • D. Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.