Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#361 (Accuracy: 100% / 3 votes)
A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
  • A. Create a service control policy in AWS Organizations and apply it to the development account.
  • B. Create a customer managed policy in IAM and apply it to all users within the development account.
  • C. Create a job function policy in IAM and apply it to all users within the development account.
  • D. Create an IAM policy and apply it in API Gateway to restrict the development account.
#362 (Accuracy: 100% / 1 votes)
An application running on Amazon EC2 instances needs to write files to an Amazon S3 bucket.
What is the MOST secure way to grant the application access to the S3 bucket?
  • A. Create an IAM user with the necessary privileges. Generate an access key and embed the key in the code running on the EC2 instances.
  • B. Install secure FTP (SFTP) software on the EC2 instances. Use an AWS Lambda function to copy the files from the EC2 instances to Amazon S3 using SFTP.
  • C. Create an IAM role with the necessary privileges. Associate the role with the EC2 instances at launch.
  • D. Use rsync and cron to set up the transfer of files from the EC2 instances to the S3 bucket. Enable AWS Shield to protect the data.
#363 (Accuracy: 100% / 1 votes)
The Database Administration team is interested in performing manual backups of an Amazon RDS Oracle DB instance.
What steps should be taken to perform the backups?
  • A. Attach an Amazon EBS volume with Oracle RMAN installed to the RDS instance.
  • B. Take a snapshot of the EBS volume that is attached to the DB instance.
  • C. Install Oracle Secure Backup on the RDS instance and back up the Oracle database to Amazon S3.
  • D. Take a snapshot of the DB instance.
#364 (Accuracy: 100% / 1 votes)
A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?
  • A. Update the EFS file system settings to enable server-side encryption using AES-256.
  • B. Create a new encrypted EFS file system and copy the data from the unencrypted EFS file system to the new encrypted EFS file system.
  • C. Use AWS CloudHSM to encrypt the files directly before storing them in the EFS file system.
  • D. Modify the EFS file system mount options to enable Transport Layer Security (TLS) on each of the EC2 instances.
#365 (Accuracy: 100% / 1 votes)
After a particularly high AWS bill, an organization wants to review the use of AWS services.
What AWS service will allow the SysOps Administrator to quickly view this information to share it, and will also forecast expenses for the current billing period?
  • A. AWS Trusted Advisor
  • B. Amazon QuickSight
  • C. AWS Cost and Usage Report
  • D. AWS Cost Explorer
#366 (Accuracy: 100% / 1 votes)
A company is running a popular social media site on EC2 instances. The application stores data in an Amazon RDS for MySQL DB instance and has implemented read caching by using an ElastiCache for Redis (cluster mode enabled) cluster to improve read times. A social event is happening over the weekend, and the
SysOps Administrator expects website traffic to triple.
What can a SysOps Administrator do to ensure improved read times for users during the social event?
  • A. Use Amazon RDS Multi-AZ.
  • B. Add shards to the existing Redis cluster.
  • C. Offload static data to Amazon S3.
  • D. Launch a second Multi-AZ Redis cluster.
#367 (Accuracy: 100% / 1 votes)
An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an
Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Choose two.)
  • A. Add the EC2 instances to the ALB target group, configure the health check, and ensure that the instances report healthy.
  • B. Add the EC2 instances to an Auto Scaling group, configure the health check to ensure that the instances report healthy, and remove the public IPs from the instances.
  • C. Create a new subnet in which EC2 instances and ALB will reside to ensure that they can communicate, and remove the public IPs from the instances.
  • D. Change the security group for the EC2 instances to allow access from only the ALB security group, and remove the public IPs from the instances.
  • E. Change the security group to allow access from 0.0.0.0/0, which permits access from the ALB.
#368 (Accuracy: 100% / 3 votes)
The networking team has created a VPC in an AWS account. The application team has asked for access to resources in another VPC in the same AWS account.
The SysOps Administrator has created the VPC peering connection between both the accounts, but the resources in one VPC cannot communicate with the resources in the other VPC.
What could be causing this issue?
  • A. One of the VPCs is not sized correctly for peering.
  • B. There is no public subnet in one of the VPCs.
  • C. The route tables have not been updated.
  • D. One VPC has disabled the peering flag.
#369 (Accuracy: 100% / 1 votes)
A SysOps Administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:
AMI [ami-12345678] does not exist
How should the Administrator ensure that the AWS CloudFormation template is working in every region?
  • A. Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.
  • B. Edit the AWS CloudFormation template to specify the region code as part of the fully qualified AMI ID.
  • C. Edit the AWS CloudFormation template to offer a drop-down list of all AMIs to the user by using the AWS::EC2::AMI::ImageID control.
  • D. Modify the AWS CloudFormation template by including the AMI IDs in the ג€Mappingsג€ section. Refer to the proper mapping within the template for the proper AMI ID.
#370 (Accuracy: 100% / 1 votes)
The Accounting department would like to receive billing updates more than once a month. They would like the updates to be in a format that can easily be viewed with a spreadsheet application.
How can this request be fulfilled?
  • A. Use Amazon CloudWatch Events to schedule a billing inquiry on a bi-weekly basis. Use AWS Glue to convert the output to CSV.
  • B. Set AWS Cost and Usage Reports to publish bills daily to an Amazon S3 bucket in CSV format.
  • C. Use the AWS CLI to output billing data as JSON. Use Amazon SES to email bills on a daily basis.
  • D. Use AWS Lambda, triggered by CloudWatch, to query billing data and push to Amazon RDS.