Amazon AWS Certified SysOps Administrator - Associate SOA-C01
Prev

There are 439 results

Next
#71 (Accuracy: 100% / 1 votes)
An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it?
  • A. AWS S3
  • B. AWS Glacier
  • C. AWS RDS
  • D. AWS RRS
#72 (Accuracy: 100% / 1 votes)
An organization wants to move to Cloud. They are looking for a secure encrypted database storage option. Which of the below mentioned AWS functionalities helps them to achieve this?
  • A. AWS MFA with EBS
  • B. AWS EBS encryption
  • C. Multi-tier encryption with Redshift
  • D. AWS S3 server side storage
#73 (Accuracy: 100% / 1 votes)
The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?
  • A. Create a second, independent LOAP server in AWS for your application to use for authentication
  • B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
  • C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
  • D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication
#74 (Accuracy: 100% / 1 votes)
Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users? (Choose two.)
  • A. Configure multi-factor authentication for privileged 1AM users
  • B. Create 1AM users for privileged accounts
  • C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service
  • D. Enable the 1AM single-use password policy option for privileged users
#75 (Accuracy: 100% / 1 votes)
A SysOps administrator must run a script on production servers to fix an issue. The company has a policy to block all remote interactive access to production servers.
Based on this situation, how should the administrator run the script?
  • A. Share and use the Amazon EC2 key pairs to gain access to the servers and run the script.
  • B. Put the script into the user data of the instances.
  • C. Configure the script to run as a cron job or scheduled task on the EC2 instances.
  • D. Use AWS Systems Manager to run the script.
#76 (Accuracy: 100% / 1 votes)
A large company has multiple AWS accounts that are assigned to each department. A SysOps administrator needs to help the company reduce overhead and manage its AWS resources more easily. The SysOps administrator also must ensure that department users, including AWS account root users, have access only to AWS services that are essential for their job function.
Which solution will meet these requirements?
  • A. Enable AWS Directory Service. Enforce Group Policy Objects (GPOs) on each department to restrict access.
  • B. Migrate all the accounts to a central account. Create IAM groups for each department with only the necessary permissions.
  • C. Use AWS Organizations and implement service control policies (SCPs) to ensure accounts use only essential AWS services.
  • D. Use AWS Single Sign-On and configure it to limit access to only essential AWS services.
#77 (Accuracy: 100% / 1 votes)
A SysOps administrator wants to encrypt an existing Amazon RDS DB instance with AWS Key Management Service (AWS KMS).
How should the SysOps administrator accomplish this goal?
  • A. Copy the data volumes of the unencrypted instance. Apply the KMS key to the copied data volumes. Start the instance with the encrypted volumes.
  • B. Create a read replica of the unencrypted instance. Encrypt the read replica with the KMS key. Promote the read replica to become the primary instance.
  • C. Take a snapshot of the unencrypted instance. Apply the KMS key to the existing instance using the modify-db-instance command. Restart the instance.
  • D. Take a snapshot of the unencrypted instance. Create an encrypted copy of the snapshot with the KMS key. Restore the instance from the encrypted snapshot.
#78 (Accuracy: 100% / 1 votes)
A company's application infrastructure was deployed using AWS CloudFormation and is composed of Amazon EC2 instances behind an Application Load
Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. When releasing a new version of the application, the update deployment must avoid DNS changes and allow rollback.
Which solution should a SysOps administrator use to meet the deployment requirements for this new release?
  • A. Configure the Auto Scaling group to use lifecycle hooks. Deploy new instances with the new application version. Complete the lifecycle hook action once healthy.
  • B. Create a new Amazon Machine Image (AMI) containing the updated code. Create a launch configuration with the AMI. Update the Auto Scaling group to use the new launch configuration.
  • C. Deploy a second CloudFormation stack. Wait for the application to be available. Cut over to the new Application Load Balancer.
  • D. Modify the CloudFormation template to use an AutoScalingReplacingUpdate policy. Update the stack. Perform a second update with the new release.
#79 (Accuracy: 100% / 1 votes)
A company has an application that is hosted on two Amazon EC2 instances in different Availability Zones. Both instances contain data that is critical for the company's business. Backups need to be retained for 7 days and need to be updated every 12 hours.
Which solution will meet these requirements with the LEAST amount of effort?
  • A. Use an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to create snapshots of the Amazon Elastic Block Store (Amazon EBS) volumes.
  • B. Use Amazon Data Lifecycle Manager (Amazon DLM) to create a snapshot lifecycle policy for both instances.
  • C. Create a batch job to generate automated snapshots of the Amazon Elastic Block Store (Amazon EBS) volumes.
  • D. Create an AWS Lambda function to copy the data to Amazon S3 Glacier.
#80 (Accuracy: 100% / 1 votes)
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)
  • A. A network ACL associated with the bastion's subnet is blocking the network traffic.
  • B. The instance does not have a private IP address.
  • C. The route table associated with the bastion's subnet does not have a route to the internet gateway.
  • D. The security group for the instance does not have an inbound rule on port 22.
  • E. The security group for the instance does not have an outbound rule on port 3389.