Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#411 (Accuracy: 100% / 1 votes)
A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto
Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.
How can these requirements be met?
  • A. Create read replicas for the RDS database and use them in case of a database failure
  • B. Create a new RDS instance from the snapshot of the original RDS instance if a failure occurs
  • C. Keep a separate RDS database running and switch the endpoint in the web application if a failure occurs
  • D. Modify the RDS instance to be a Multi-AZ deployment
#412 (Accuracy: 100% / 2 votes)
A company has Amazon EC2 instances that serve web content behind an Elastic Load Balancing (ELB) load balancer. The ELB Amazon CloudWatch metrics from a few hours ago indicate a significant number of 4XX errors. The EC2 instances from the time of these errors have been deleted.
At the time of the 4XX errors, how can an Administrator obtain information about who originated these requests?
  • A. If ELB access logs have been enabled, the information can be retrieved from the S3 bucket
  • B. Contact AWS Support to obtain application logs from the deleted instances
  • C. Amazon S3 always keeps a backup of application logs from EC2 instances. Retrieve these logs for analysis
  • D. Use AWS Trusted Advisor to obtain ELB access logs
#413 (Accuracy: 100% / 2 votes)
A SysOps Administrator has an AWS Lambda function that stops all Amazon EC2 instances in a test environment at night and on the weekend. Stopping instances causes some servers to become corrupt due to the nature of the applications running on them.
What can the SysOps Administrator use to identify these EC2 instances?
  • A. AWS Config
  • B. Amazon EC2 termination protection
  • C. Resource tagging
  • D. Amazon CloudWatch
#414 (Accuracy: 100% / 2 votes)
Recently several critical files were mistakenly deleted from a shared Amazon S3 bucket. A SysOps Administrator needs to prevent accidental deletions from occurring in the future by enabling MFA Delete.
Once enabled, which bucket activities will require MFA authentication? (Choose two.)
  • A. Permanently removing an object version from the bucket
  • B. Disabling default object encryption for the bucket
  • C. Listing all versions of deleted objects in the bucket
  • D. Suspending versioning on the bucket
  • E. Enabling MFA Add on the bucket
#415 (Accuracy: 100% / 2 votes)
Malicious traffic is reaching company web servers from a single IP address located in another country. The SysOps Administrator is tasked with blocking this IP address.
How should the Administrator implement the restriction?
  • A. Edit the security group for the web servers and add a deny entry for the IP address
  • B. Edit the network access control list for the web server subnet and add a deny entry for the IP address
  • C. Edit the VPC route table to route the malicious IP address to a black hole
  • D. Use Amazon CloudFront's geo restriction feature to block traffic from the IP address
#416 (Accuracy: 100% / 1 votes)
An application is running on Amazon EC2 instances behind a Classic Load Balancer. The instances run in an Auto Scaling group across multiple Availability
Zones. Occasionally multiple incoming requests will receive a 5xx HTTP response when making a request to the Classic Load Balancer. From the Amazon
CloudWatch metrics, a SysOps Administrator observes the Elastic Load Balancing (ELB) SpillOverCount metric to be greater than zero during these occasions.
These errors can be avoided by triggering scaling actions on which ELB metric?
  • A. HealthyHostCount
  • B. BackendConnectionErrors
  • C. SurgeQueueLength
  • D. UnHealthyHostCount
#417 (Accuracy: 100% / 2 votes)
A SysOps Administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account., but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.
How can the Administrator identify who is creating the Elastic IP address?
  • A. Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the Developer who creates it.
  • B. Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
  • C. Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.
  • D. Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.
#418 (Accuracy: 100% / 1 votes)
A new application is being tested for deployment on an Amazon EC2 instance that requires greater IOPS than currently provided by the single 4TB General
Purpose SSD (gp2) volume.
Which actions should be taken to provide additional Amazon EBS IOPS for the application? (Choose two.)
  • A. Increase the size of the General Purpose (gp2) volume
  • B. Use RAID 0 to distribute I/O across multiple volumes
  • C. Migrate to a Provisioned IOPS SSD (io1) volume
  • D. Enable MAX I/O performance mode on the General Purpose (gp2) volume
  • E. Use RAID 1 to distribute I/O across multiple volumes
#419 (Accuracy: 100% / 2 votes)
A SysOps Administrator has an AWS Direct Connect connection in place in region us-east-1, between an AWS account and a data center. The Administrator is now required to connect the data center to a VPC in another AWS Region, us-west-2, which must have consistent network performance and low-latency.
What is the MOST efficient and quickest way to establish this connectivity?
  • A. Create an AWS VPN CloudHub architecture, and use software VPN to connect to the VPC in region us-west-2.
  • B. Create a new Direct Connect connection between the data center and region us-west-2.
  • C. Create a VPC peering connection between the VPC in region us-east-1 and us-west-2, and access the VPC in us-west-2 from the data center.
  • D. Use Direct Connect gateway with the existing Direct Connect connection to connect to the Virtual Private Gateway of the VPC in region us-west-2.
#420 (Accuracy: 100% / 1 votes)
The InfoSec team has asked the SysOps Administrator to perform some hardening on the company Amazon RDS database instances.
Based on this requirement, what actions should be recommended for the start of the security review? (Choose two.)
  • A. Use Amazon Inspector to present a detailed report of security vulnerabilities across the RDS database fleet
  • B. Review the security group's inbound access rules for least privilege
  • C. Export AWS CloudTrail entries detailing all SSH activity on the RDS instances
  • D. Use the cat command to enumerate the allowed SSH keys in ~/.ssh on each RDS instance
  • E. Report on the Parameter Group settings and ensure that encrypted connections are enforced