Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#191 (Accuracy: 100% / 3 votes)
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.

A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.

What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?
  • A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
  • B. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations.
  • C. Use CloudWatch Logs Insights to identify the top five internet destinations.
  • D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.
#192 (Accuracy: 96% / 8 votes)
A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.
Which solution should a SysOps administrator choose to meet these requirements?
  • A. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
  • B. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
  • C. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
  • D. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
#193 (Accuracy: 100% / 3 votes)
A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are needed to meet service requirements.

Which action will maintain uptime for the application MOST cost-effectively?
  • A. Use a Spot Fleet with an On-Demand capacity of 6 instances.
  • B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances.
  • C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances.
  • D. Use a Spot Fleet with a target capacity of 6 instances.
#194 (Accuracy: 100% / 2 votes)
A company is running workloads on premises and on AWS. A SysOps administrator needs to automate tasks across all servers on premises by using AWS services. The SysOps administrator must not install long-term credentials on the on-premises servers.

What should the SysOps administrator do to meet these requirements?
  • A. Create an IAM role and instance profile that include AWS Systems Manager permissions. Attach the role to the on-premises servers.
  • B. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises servers. Register the servers with the activation code and ID from the instance activation.
  • C. Create an AWS managed IAM policy that includes the appropriate AWS Systems Manager permissions. Download the IAM policy to the on-premises servers.
  • D. Create an IAM user and an access key. Log on to the on-premises servers and install the AWS CLI. Configure the access key in the AWS credentials file after the AWS CLI is successfully installed.
#195 (Accuracy: 100% / 3 votes)
A company runs its web application on multiple Amazon EC2 instances that are part of an Auto Scaling group. The company wants the Auto Scaling group to scale out as soon as CPU utilization rises above 50% for the instances.

How should a SysOps administrator configure the Auto Scaling group to meet these requirements?
  • A. Configure the Auto Scaling group to scale based on events.
  • B. Configure the Auto Scaling group to scale based on a schedule.
  • C. Configure the Auto Scaling group to scale dynamically based on demand.
  • D. Configure the Auto Scaling group to use predictive scaling.
#196 (Accuracy: 100% / 1 votes)
A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more.

Which solution will meet this requirement in the MOST operationally efficient manner?
  • A. Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown if CPU utilization is less than 10%.
  • B. Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
  • C. Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
  • D. Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.
#197 (Accuracy: 100% / 3 votes)
A company uses an AWS Service Catalog portfolio to create and manage resources. A SysOps administrator must create a replica of the company's existing AWS infrastructure in a new AWS account.
What is the MOST operationally efficient way to meet this requirement?
  • A. Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.
  • B. In the new AWS account, manually create an AWS Service Catalog portfolio that duplicates the original portfolio.
  • C. Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.
  • D. Share the AWS Service Catalog portfolio with the new AWS account. Import the portfolio into the new AWS account.
#198 (Accuracy: 100% / 3 votes)
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?
  • A. Create an Aurora Replica. Promote the replica to replace the primary DB instance.
  • B. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
  • C. Use backtracking to rewind the existing DB cluster to the desired recovery point.
  • D. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.
#199 (Accuracy: 100% / 1 votes)
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database.

What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
  • A. Enter the DB instance connection string into the VPC1 route table.
  • B. Configure VPC peering between the two VPCs.
  • C. Add the same IPv4 CIDR range for both VPCs.
  • D. Connect to the DB instance by using the DB instance’s public IP address.
#200 (Accuracy: 100% / 2 votes)
A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted.

Which approach will resolve the encryption requirement?
  • A. Log in to the RDS console and select the encryption box to encrypt the database.
  • B. Create a new encrypted Amazon EBS volume and attach it to the instance.
  • C. Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
  • D. Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.