Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#111 (Accuracy: 100% / 3 votes)
A SysOps administrator manages policies for many AWS member accounts in an AWS Organizations structure. Administrators on other teams have access to the account root user credentials of the member accounts. The SysOps administrator must prevent all teams, including their administrators, from using Amazon DynamoDB. The solution must not affect the ability of the teams to access other AWS services.

Which solution will meet these requirements?
  • A. In all member accounts, configure IAM policies that deny access to all DynamoDB resources for all users, including the root user.
  • B. Create a service control policy (SCP) in the management account to deny all DynamoDB actions. Apply the SCP to the root of the organization
  • C. In all member accounts, configure IAM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.
  • D. Remove the default service control policy (SCP) in the management account. Create a replacement SCP that includes a single statement that denies all DynamoDB actions.
#112 (Accuracy: 100% / 3 votes)
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t3.large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes.

What change should be made to alleviate the performance problem?
  • A. Change the Amazon EBS volume to Provisioned IOPs.
  • B. Upgrade to a compute-optimized instance.
  • C. Add additional t2.large instances to the application.
  • D. Purchase Reserved Instances.
#113 (Accuracy: 100% / 5 votes)
A SysOps administrator must create a solution that immediately notifies software developers if an AWS Lambda function experiences an error.
Which solution will meet this requirement?
  • A. Create an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer. Create an Amazon CloudWatch alarm by using the Errors metric and the Lambda function name as a dimension. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
  • B. Create an Amazon Simple Notification Service (Amazon SNS) topic with a mobile subscription for each developer. Create an Amazon EventBridge (Amazon CloudWatch Events) alarm by using the LambdaError as the event pattern and the SNS topic name as a resource. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
  • C. Verify each developer email address in Amazon Simple Email Service (Amazon SES). Create an Amazon CloudWatch rule by using the LambdaError metric and developer email addresses as dimensions. Configure the rule to send an email through Amazon SES when the rule state reaches ALARM.
  • D. Verify each developer mobile phone in Amazon Simple Email Service (Amazon SES). Create an Amazon EventBridge (Amazon CloudWatch Events) rule by using Error as the event pattern and the Lambda function name as a resource. Configure the rule to send a push notification through Amazon SES when the rule state reaches ALARM.
#114 (Accuracy: 100% / 4 votes)
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company’s security team wants to protect the website by using AWS Certificate Manager (ACM) certificates. The ELB must automatically redirect any HTTP requests to HTTPS.

Which solution will meet these requirements?
  • A. Create an Application Load Balancer that has one HTTPS listener on port 80. Attach an SSL/TLS certificate to listener port 80. Create a rule to redirect requests from HTTP to HTTPS.
  • B. Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443. Attach an SSL/TLS certificate to listener port 443. Create a rule to redirect requests from port 80 to port 443.
  • C. Create an Application Load Balancer that has two TCP listeners on port 80 and port 443. Attach an SSL/TLS certificate to listener port 443. Create a rule to redirect requests from port 80 to port 443.
  • D. Create a Network Load Balancer that has two TCP listeners on port 80 and port 443. Attach an SSL/TLS certificate to listener port 443. Create a rule to redirect requests from port 80 to port 443.
#115 (Accuracy: 91% / 7 votes)
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.

Which actions should be taken to improve the performance of the website? (Choose two.)
  • A. Add Amazon CloudFront caching for static content.
  • B. Change the load balancer listener from HTTPS to TCP.
  • C. Enable Amazon Route 53 latency-based routing.
  • D. Implement Amazon EC2 Auto Scaling for the web servers.
  • E. Move the static content from Amazon S3 to the web servers.
#116 (Accuracy: 100% / 3 votes)
A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

Public Subnet (10.0.1.0/24) Route Table

Destination  Target -
10.0.0.0/16  local
0.0.0.0/0   IGW

Private Subnet (10.0.2.0/24) Route Table

Destination   Target -
10.0.0.0/16   local

What should be added to the private subnet’s route table in order to address this issue, given the information provided?
  • A. 0.0.0.0/0  IGW
  • B. 0.0.0.0/0  NAT
  • C. 10.0.1.0/24  IGW
  • D. 10.0.1.0/24  NAT
#117 (Accuracy: 100% / 4 votes)
A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS account.

What is the MOST operationally efficient solution that will meet this requirement?
  • A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.
  • B. Create an IAM role that has access to the object. Instruct the users to assume the role.
  • C. Create an IAM user that has access to the object. Share the credentials with the users.
  • D. Generate a presigned URL for the object. Share the URL with the users.
#118 (Accuracy: 100% / 4 votes)
A company creates a new Amazon FSx for Windows File Server file system. To help manage costs, the company configures the storage capacity for the file system with minimal room for growth.

The company creates an Amazon Simple Notification Service (Amazon SNS) topic in the same AWS account whore the file system resides. The company subscribes a SysOps administrator's email address to the SNS topic. The SysOps administrator needs to receive email notification when the file system has less than 100 GB of space available.

Which combination of steps should the SysOps administrator take to meet this requirement? (Choose two.)
  • A. Create an Amazon EventBridge rule for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).
  • B. Create an Amazon CloudWatch alarm for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).
  • C. Create an AWS Lambda function that will run when the Amazon CloudWatch alarm enters ALARM state. Configure the Lambda function to publish to the SNS topic.
  • D. Configure the Amazon EventBridge rule's alarm action to publish to the SNS topic when the rule enters ALARM state.
  • E. Configure the Amazon CloudWatch alarm action to publish to the SNS topic when the alarm enters ALARM state.
#119 (Accuracy: 100% / 3 votes)
A SysOps administrator needs to update an AWS account name.

What should the SysOps administrator do to accomplish this goal?
  • A. Add the AdministratorAccess policy to the SysOps administrator’s IAM user.
  • B. Add the AWS_ConfigureRole policy to the SysOps administrator’s IAM user.
  • C. Change the AWS account name through the AWS Trusted Advisor interface.
  • D. Sign in as the AWS account root user to make the change.
#120 (Accuracy: 100% / 3 votes)
A SysOps administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.

What would be the command line necessary to deploy one of the sites’ certificates to the load balancer?
  • A. aws kms modify-listener –-load-balancer-name my-load-balancer
    -–certificates CertificateArn=arn:aws:iam::123456789012:server-certifiate/my-new-server-cert
  • B. aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
  • C. aws ec2 put-ssl-certificate –-load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
  • D. aws acm put-ssl-certificate –-load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert