Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#101 (Accuracy: 100% / 4 votes)
A company's SysOps administrator manages a fleet of hundreds of Amazon EC2 instances that run Windows-based workloads and Linux-based workloads. Each EC2 instance has a tag that identifies its operating system. All the EC2 instances run AWS Systems Manager Session Manager.

A zero-day vulnerability is reported, and no patches are available. The company's security team provides code for all the relevant operating systems to reduce the risk of the vulnerability. The SysOps administrator needs to implement the code on the EC2 instances and must provide a report that shows that the code has successfully run on all the instances.

What should the SysOps administrator do to meet these requirements as quickly as possible?
  • A. Use Systems Manager Run Command. Choose either the AWS-RunShellScript document or the AWS-RunPowerShellScript document. Configure Run Command with the code from the security team. Specify the operating system tag in the Targets parameter. Run the command. Provide the command history's evidence to the security team.
  • B. Create an AWS Lambda function that connects to the EC2 instances through Session Manager. Configure the Lambda function to identify the operating system, run the code from the security team, and return the results to an Amazon RDS DB instance. Query the DB instance for the results. Provide the results as evidence to the security team.
  • C. Log on to each EC2 instance. Run the code from the security team on each EC2 instance. Copy and paste the results of each run into a single spreadsheet. Provide the spreadsheet as evidence to the security team.
  • D. Update the launch templates of the EC2 instances to include the code from the security team in the user data. Relaunch the EC2 instances by using the updated launch templates. Retrieve the EC2 instance logs of each instance. Provide the EC2 instance logs as evidence to the security team.
#102 (Accuracy: 100% / 2 votes)
A SysOps administrator has noticed millions of LIST requests on an Amazon S3 bucket.

Which services or features can the administrator use to investigate where the requests are coming from? (Choose two.)
  • A. AWS CloudTrail data events
  • B. Amazon EventBridge
  • C. AWS Health Dashboard
  • D. Amazon S3 server access logging
  • E. AWS Trusted Advisor
#103 (Accuracy: 100% / 4 votes)
A SysOps administrator is troubleshooting a VPC with public and private subnets that leverage custom network ACLs. Instances in the private subnet are unable to access the internet. There is an internet gateway attached to the public subnet. The private subnet has a route to a NAT gateway that is also attached to the public subnet. The Amazon EC2 instances are associated with the default security group for the VPC.

What is causing the issue in this scenario?
  • A. There is a network ACL on the private subnet set to deny all outbound traffic.
  • B. There is no NAT gateway deployed in the private subnet of the VPC.
  • C. The default security group for the VPC blocks all inbound traffic to the EC2 instances.
  • D. The default security group for the VPC blocks all outbound traffic from the EC2 instances.
#104 (Accuracy: 100% / 3 votes)
A company's VPC has an existing IPv4 configuration. The IPv4 configuration includes public subnets, private subnets, NAT gateways, default route tables, and ACLs.

The company associates an IPv6 CIDR block with the VPC. The company adds IPv6 allocations to each existing subnet and adds routes to the route tables. The company updates the ACLs to allow all IPv6 traffic.

Public subnets are working as expected, but private subnets are not allowing internet IPv6 connections.

What should a SysOps administrator do to allow outbound-only connectivity for the new IPv6 subnets?
  • A. Configure an egress-only internet gateway and associate it with the VPC. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the egress-only internet gateway.
  • B. Turn on IPv6 NAT on the NAT gateways. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the NAT gateways.
  • C. Configure a new IPv6-only NAT gateway. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the IPv6-only NAT gateway.
  • D. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the existing internet gateway.
#105 (Accuracy: 100% / 3 votes)
A company recently deployed an application in production. The production environment currently runs on a single Amazon EC2 instance that hosts the application's web application and a MariaDB database. Company policy states that all IT production environments must be highly available.

What should a SysOps administrator do to meet this requirement?
  • A. Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Run the application on EC2 instances that are in an Auto Scaling group that extends across multiple Availability Zones. Place the EC2 instances behind a load balancer.
  • B. Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Use AWS Application Migration Service to convert the application into an AWS Lambda function. Specify the Multi-AZ option for the Lambda function.
  • C. Copy the database to a different EC2 instance in a different Availability Zone. Use AWS Backup to create Amazon Machine Images (AMIs) of the application EC2 instance and the database EC2 instance. Create an AWS Lambda function that performs health checks every minute. In case of failure, configure the Lambda function to launch a new EC2 instance from the AMIs that AWS Backup created.
  • D. Migrate the database to a different EC2 instance. Place the application EC2 instance in an Auto Scaling group that extends across multiple Availability Zones. Create an Amazon Machine Image (AMI) from the database EC2 instance. Use the AMI to launch a second database EC2 instance in a different Availability Zone. Put the second database EC2 instance in the stopped state. Use the second database EC2 instance as a standby.
#106 (Accuracy: 95% / 5 votes)
A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application’s performance. A SysOps administrator must scale the application to meet the increased traffic.

Which solution meets these requirements?
  • A. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.
  • B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached.
  • C. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the ALB to the Auto Scaling group.
  • D. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the ALB to the Auto Scaling group.
#107 (Accuracy: 91% / 3 votes)
A SysOps administrator is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are issued weekly.

The SysOps administrator needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation.

What is the MOST operationally efficient solution that meets these requirements?
  • A. Create a script that uses Packer. Schedule a cron job to run the script.
  • B. Install the application and its dependencies on an EC2 instance. Create an AMI of the EC2 instance.
  • C. Use EC2 Image Builder with a custom recipe to install the application and its dependencies.
  • D. Invoke the EC2 CreateImage API operation by using an Amazon EventBridge scheduled rule.
#108 (Accuracy: 100% / 3 votes)
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)
  • A. A network ACL associated with the bastion's subnet is blocking the network traffic.
  • B. The instance does not have a private IP address.
  • C. The route table associated with the bastion's subnet does not have a route to the internet gateway.
  • D. The security group for the instance does not have an inbound rule on port 22.
  • E. The security group for the instance does not have an outbound rule on port 3389.
#109 (Accuracy: 100% / 4 votes)
A company has deployed an application on AWS. The application runs on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is configured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.

A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying files. The solution also must ensure that the data is consistent.

Which solution will meet these requirements?
  • A. Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
  • B. Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
  • C. Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a lifecycle hook during instance launch to configure the cron job on all the EC2 instances. Rotate out the older EC2 instances.
  • D. Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) file system. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
#110 (Accuracy: 100% / 3 votes)
A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC.

What is the MOST operationally efficient method to deploy and update the VPCs in each account?
  • A. Create an AWS CloudFormation template that defines the VPC. Sign in to the AWS Management Console under each account. Create a stack from the template.
  • B. Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text file. Create the VPC in every account in the list.
  • C. Create an AWS Lambda function that configures the VPStore the account information in Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC in every account in the list.
  • D. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set.