Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#121 (Accuracy: 100% / 1 votes)
A company's SysOps administrator uses AWS IAM Identity Center (AWS Single Sign-On) to connect to an Active Directory. The SysOps administrator creates a new account that all the company's users need to access.

The SysOps administrator uses the Active Directory Domain Users group for permissions to the new account because all users are already members of the group. When users try to log in, their access is denied.

Which action will resolve this access issue?
  • A. Create a new group. Add users to the new group to provide access.
  • B. Correct the time on the Active Directory domain controllers.
  • C. Remove the account. Re-add the account to the organization that is integrated with IAM Identity Center.
  • D. Correct the permissions on the Active Directory group so that IAM Identity Center has read access.
#122 (Accuracy: 100% / 1 votes)
A SysOps administrator configures VPC flow logs to publish to Amazon CloudWatch Logs. The SysOps administrator reviews the logs in CloudWatch Logs and notices less traffic than expected. After the SysOps administrator compares the VPC flow logs to logs that were captured on premises, the SysOps administrator believes that the VPC flow logs are incomplete.

Which of the following is a possible reason for the difference in traffic?
  • A. CloudWatch Logs throttling has been applied.
  • B. The CloudWatch IAM role does not have a trust relationship with the VPC flow logs service.
  • C. The VPC flow log is still in the process of being created.
  • D. VPC flow logs cannot capture traffic from on-premises servers to a VPC.
#123 (Accuracy: 100% / 3 votes)
An application is running on an Amazon EC2 instance in a VPC with the default DHCP option set. The application connects to an on-premises Microsoft SQL
Server database with the DNS name mssql.example.com. The application is unable to resolve the database DNS name.
Which solution will fix this problem?
  • A. Create an Amazon Route 53 Resolver inbound endpoint. Add a forwarding rule for the domain example.com. Associate the forwarding rule with the VPC.
  • B. Create an Amazon Route 53 Resolver inbound endpoint. Add a system rule for the domain example.com. Associate the system rule with the VPC.
  • C. Create an Amazon Route 53 Resolver outbound endpoint. Add a forwarding rule for the domain example.com. Associate the forwarding rule with the VPC.
  • D. Create an Amazon Route 53 Resolver outbound endpoint. Add a system rule for the domain example.com. Associate the system rule with the VPC.
#124 (Accuracy: 100% / 2 votes)
A company has an application that uses an Amazon RDS for MariaDB Multi-AZ database. The application becomes unavailable for several minutes every time the database experiences a failover during a planned maintenance event.

What should a SysOps administrator do to reduce the downtime of the application during failover?
  • A. Create an RDS for MariaDB DB cluster that has multiple writer instances. Configure the application to retry failed queries on another primary node during maintenance events.
  • B. Configure the RDS maintenance window settings to pool connections while a failover is in process.
  • C. Configure an Amazon ElastiCache write-through cache for the database. Configure the application to connect to the cache instead of directly to the database.
  • D. Create an RDS proxy that is associated with the database. Configure the application to connect to the proxy instead of directly to the database.
#125 (Accuracy: 100% / 2 votes)
A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443.

The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet.

Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Choose three.)
  • A. Ensure that the inbound rules of the instance’s security group allow traffic on ports 80 and 443.
  • B. Ensure that the outbound rules of the instance’s security group allow traffic on ports 80 and 443.
  • C. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of the network ACL that is associated with the instance's subnet.
  • D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance’s subnet.
  • E. Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.
  • F. Ensure that AWS WAF is turned on for the instance and is blocking web traffic.
#126 (Accuracy: 100% / 3 votes)
A company is deploying an ecommerce application to an AWS Region that is located in France. The company wants users from only France to be able to access the first version of the application. The company plans to add more countries for the next version of the application. A SysOps administrator needs to configure the routing policy in Amazon Route 53.

Which solution will meet these requirements?
  • A. Use a geoproximity routing policy. Select France as the location in the record.
  • B. Use a geolocation routing policy. Select France as the location in the record.
  • C. Use an IP-based routing policy. Select all IP addresses that are allocated to France in the record.
  • D. Use a geoproximity routing policy. Select all IP addresses that are allocated to France in the record.
#127 (Accuracy: 100% / 3 votes)
A SysOps administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.

Why would this template fail to deploy? (Choose two.)
  • A. The template referenced an IAM user that is not available in eu-west-1.
  • B. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1.
  • C. The template did not have the proper level of permissions to deploy the resources.
  • D. The template requested services that do not exist in eu-west-1.
  • E. CloudFormation templates can be used only to update existing services.
#128 (Accuracy: 100% / 3 votes)
A company has an on-premises DNS solution and wants to resolve DNS records in an Amazon Route 53 private hosted zone for example.com. The company has set up an AWS Direct Connect connection for network connectivity between the on-premises network and the VPC. A SysOps administrator must ensure that an on-premises server can query records in the example.com domain.

What should the SysOps administrator do to meet these requirements?
  • A. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint to allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
  • B. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint to allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.
  • C. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpoint to allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
  • D. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpoint to allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.
#129 (Accuracy: 100% / 3 votes)
A company has an encrypted Amazon S3 bucket that is hosted in the ap-southeast-2 Region. Users from the eu-west-2 Region access the S3 bucket over the internet. The users from eu-west-2 need faster transfers to and from the S3 bucket for large files.

Which solution will meet these requirements?
  • A. Reduce the length of the S3 bucket prefixes within the S3 bucket.
  • B. Change the server-side encryption on the S3 bucket from AES to RSA.
  • C. Create a new S3 bucket that has an identical name in eu-west-2. Use the new S3 bucket endpoint's domain name for access.
  • D. Enable S3 Transfer Acceleration on the S3 bucket. Use the new s3-accelerate endpoint's domain name for access.
#130 (Accuracy: 100% / 3 votes)
A company runs a high performance computing (HPC) application on an Amazon EC2 instance. The company needs to scale this architecture to two or more EC2 instances. The EC2 instances will need to communicate with each other at high speeds with low latency to support the application.

The company wants to ensure that the network performance can support the required communication between the EC2 instances

What should a SysOps administrator do to meet these requirements?
  • A. Create a cluster placement group. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Restore the EC2 instance from the AMI into the placement group. Launch the additional EC2 instances into the placement group.
  • B. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launch template from the existing EC2 instance by specifying the AMI. Create an Auto Scaling group and configure the desired instance count.
  • C. Create a Network Load Balancer (NLB) and a target group. Launch the new EC2 instances and register them with the target group. Register the existing EC2 instance with the target group. Pass all application traffic through the NLB.
  • D. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create additional clones of the EC2 instance from the AMI in the same Availability Zone where the existing EC2 instance is located.