Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#11 (Accuracy: 100% / 1 votes)
A company is using an Amazon EC2 Auto Scaling group to support a workload. A SysOps administrator finds that the Auto Scaling group is configured with two similar scaling policies.

One scaling policy adds 5 instances when CPU utilization reaches 80%. The other scaling policy adds 10 instances when CPU utilization reaches 80%.

What will happen when CPU utilization reaches the 80% threshold?
  • A. Amazon EC2 Auto Scaling will add 5 instances.
  • B. Amazon EC2 Auto Scaling will add 10 instances.
  • C. Amazon EC2 Auto Scaling will add 15 instances.
  • D. The Auto Scaling group will not scale because of conflicting policies.
#12 (Accuracy: 100% / 9 votes)
A software development company has multiple developers who work on the same product. Each developer must have their own development environments, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?
  • A. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.
  • B. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.
  • C. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance.
  • D. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment resources.
#13 (Accuracy: 92% / 9 votes)
A SysOps administrator is notified that an Amazon EC2 instance has stopped responding. The AWS Management Console indicates that the system checks are failing.
What should the administrator do first to resolve this issue?
  • A. Reboot the EC2 instance so it can be launched on a new host.
  • B. Stop and then start the EC2 instance so that it can be launched on a new host.
  • C. Terminate the EC2 instance and relaunch it.
  • D. View the AWS CloudTrail log to investigate what changed on the EC2 instance.
#14 (Accuracy: 100% / 4 votes)
The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.
Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?
  • A. AWS Trusted Advisor
  • B. Amazon Inspector
  • C. AWS Config
  • D. AWS Organizations
#15 (Accuracy: 100% / 2 votes)
A company is using an Amazon CloudWatch alarm to monitor the FreeLocalStorage metric for an Amazon Aurora PostgreSQL production database. The alarm goes into ALARM state and indicates that the database is running low on temporary storage. A SysOps administrator discovers that a weekly report is using most of the temporary storage that is currently allocated.

What should the SysOps administrator do to solve this problem?
  • A. Turn on Aurora PostgreSQL query plan management.
  • B. Modify the configuration of the DB cluster to turn on storage auto scaling.
  • C. Add an Aurora read replica to the DB cluster. Modify the report to use the new read replica.
  • D. Modify the DB instance class for each DB instance in the DB cluster to increase the instance size.
#16 (Accuracy: 100% / 4 votes)
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months.
What is the process to rotate the key?
  • A. Enable automatic key rotation for the CMK, and specify a period of 6 months.
  • B. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
  • C. Delete the current key material, and import new material into the existing CMK.
  • D. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.
#17 (Accuracy: 100% / 10 votes)
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS
Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?
  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
  • B. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
  • C. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
  • D. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
#18 (Accuracy: 100% / 4 votes)
A SysOps administrator must manage the security of an AWS account. Recently, an IAM user's access key was mistakenly uploaded to a public code repository.
The SysOps administrator must identify anything that was changed by using this access key.
How should the SysOps administrator meet these requirements?
  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events to an AWS Lambda function for analysis.
  • B. Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe.
  • C. Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.
  • D. Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe.
#19 (Accuracy: 93% / 8 votes)
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.
How can this be resolved?
  • A. Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
  • B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
  • C. Enable encryption on each host's local drive. Restart each host to encrypt the drive.
  • D. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
#20 (Accuracy: 100% / 4 votes)
A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at rest.
Which solution will meet these requirements?
  • A. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS managed customer master key (CMK). Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  • B. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256. Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  • C. Create an Amazon S3 bucket that is configured with default server-side encryption that uses AES-256. Configure CloudFront to use the S3 bucket as a log destination.
  • D. Create an Amazon S3 bucket that is configured with no default encryption. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination.