Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#21 (Accuracy: 100% / 1 votes)
A company has an application that uses Amazon DynamoDB tables. The tables are spread across AWS accounts and AWS Regions. The company uses AWS CloudFormation to deploy AWS resources.

A new team at the company is deleting unused AWS resources. The team accidentally deletes several production DynamoDB tables by running an AWS Lambda function that makes a DynamoDB DeleteTable API call. The table deletions cause an application outage.

A SysOps administrator must implement a solution that minimizes the chance of accidental deletions of tables. The solution also must minimize data loss that results from accidental deletions.

Which combination of steps will meet these requirements? (Choose two.)
  • A. Enable termination protection for the CloudFormation stacks that deploy the DynamoDB tables.
  • B. Enable deletion protection for the DynamoDB tables.
  • C. Enable point-in-time recovery for the DynamoDB tables. Restore the tables if they are accidentally deleted.
  • D. Schedule daily backups of the DynamoDB tables. Restore the tables if they are accidentally deleted.
  • E. Export the DynamoDB tables to Amazon S3 every day. Use Import from Amazon S3 to restore data for tables that are accidentally deleted.
#22 (Accuracy: 100% / 1 votes)
A company has a list of pre-approved Amazon Machine Images (AMIs) for developers to use to launch Amazon EC2 instances. However, developers are still launching EC2 instances from unapproved AMIs.

A SysOps administrator must implement a solution that automatically terminates any instances that are launched from unapproved AMIs.

Which solution will meet this requirement?
  • A. Set up an AWS Config managed rule to check if instances are running from AMIs that are on the list of pre-approved AMIs. Configure an automatic remediation action so that an AWS Systems Manager Automation runbook terminates any instances that are noncompliant with the rule.
  • B. Store the list of pre-approved AMIs in an Amazon DynamoDB global table that is replicated to all AWS Regions that the developers use. Create Regional EC2 launch templates. Configure the launch templates to check AMIs against the list and to terminate any instances that are not on the list.
  • C. Select the Amazon CloudWatch metric that shows all running instances and the AMIs that the instances were launched from. Create a CloudWatch alarm that terminates an instance if the metric shows the use of an unapproved AMI.
  • D. Create a custom Amazon Inspector finding to compare a running instance's AMI against the list of pre-approved AMIs. Create an AWS Lambda function that terminates instances. Configure Amazon Inspector to report findings of unapproved AMIs to an Amazon Simple Queue Service (Amazon SQS) queue to invoke the Lambda function.
#23 (Accuracy: 100% / 1 votes)
A SysOps administrator needs to ensure that an Amazon RDS for PostgreSQL DB instance has available backups. The DB instance has automated backups turned on with a backup retention period of 7 days. However, no automated backups for the DB instance have been created in the past month.

What could be the cause of the lack of automated backups?
  • A. The Amazon S3 bucket that stores the backups is full.
  • B. The DB instance is in the STORAGE_FULL state.
  • C. The DB instance is not configured for Multi-AZ.
  • D. The backup retention period must be 30 days.
#24 (Accuracy: 100% / 1 votes)
A company has created an AWS CloudFormation template that consists of the AWS::EC2::Instance resource and a custom CloudFormation resource. The custom CloudFormation resource is an AWS Lambda function that attempts to run automation on the Amazon EC2 instance.

During testing, the Lambda function fails because the Lambda function tries to run before the EC2 instance is launched.

Which solution will resolve this issue?
  • A. Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.
  • B. Update the custom resource's service token to point to a valid Lambda function.
  • C. Update the Lambda function to use the cfn-response module to send a response to the custom resource.
  • D. Use the Fn::If intrinsic function to check for the EC2 instance before the custom resource runs.
#25 (Accuracy: 100% / 2 votes)
A company is using Amazon S3 to set up a temporary static website that is public. A SysOps administrator creates an S3 bucket by using the default settings. The SysOps administrator updates the S3 bucket properties to configure static website hosting. The SysOps administrator then uploads objects that contain content for index html and error html.

When the SysOps administrator navigates to the website URL the SysOps administrator receives an HTTP Status Code 403: Forbidden (Access Denied) error.

What should the SysOps administrator do to resolve this error?
  • A. Create an Amazon Route 53 DNS entry Point the entry to the S3 bucket.
  • B. Edit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow GetObject access on the S3 bucket.
  • C. Edit the permissions on the index html and error html files for read access.
  • D. Edit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow PutObject access on the S3 bucket.
#26 (Accuracy: 100% / 3 votes)
A company needs to enforce tagging requirements for Amazon DynamoDB tables in its AWS accounts. A SysOps administrator must implement a solution to identify and remediate all DynamoDB tables that do not have the appropriate tags.

Which solution will meet these requirements with the LEAST operational overhead?
  • A. Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.
  • B. Create a custom AWS Lambda function to evaluate and remediate ail DynamoDB tables. Create an AWS Config custom rule to invoke the Lambda function.
  • C. Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWS
    Systems Manager Automation custom runbook.
  • D. Create an Amazon EventBridge managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure the EventBridge rule to run an AWS Systems Manager
    Automation custom runbook for remediation.
#27 (Accuracy: 100% / 1 votes)
A company deploys a new application on three Amazon EC2 instances across three Availability Zones. The company uses a Network Load Balancer (NLB) to route traffic to the EC2 instances. A SysOps administrator must implement a solution so that the EC2 instances allow traffic from only the NLB.

What should the SysOps administrator do to meet these requirements with the LEAST operational overhead?
  • A. Configure the security group that is associated with the EC2 instances to allow traffic from only the security group that is associated with the NLB
  • B. Configure the security group that is associated with the EC2 instances to allow traffic from only the elastic network interfaces that are associated with the NLB
  • C. Create a network ACL Associate the network ACL with the application subnets. Configure the network ACL to allow inbound traffic from only the CIDR ranges of the NLB
  • D. Use a third-party firewall solution that is installed on a separate EC2 instance. Configure a firewall rule that allows traffic to the application's EC2 instances from only the subnets where the NLB is deployed.
#28 (Accuracy: 100% / 2 votes)
A company's SysOps administrator is troubleshooting communication between the components of an application. The company configured VPC flow logs to be published to Amazon CloudWatch Logs. However, there are no logs in CloudWatch Logs.

What could be blocking the VPC flow logs from being published to CloudWatch Logs?
  • A. The IAM policy that is attached to the IAM role for the flow log is missing the logs CreateLogGroup permission
  • B. The IAM policy that is attached to the IAM role for the flow log is missing the logs CreateExportTask permission
  • C. The VPC is configured for IPv6 addresses
  • D. The VPC is peered with another VPC in the AWS account
#29 (Accuracy: 91% / 4 votes)
A company needs to track spending in its AWS account. The company must receive a notification when current costs and forecasted costs exceed specific thresholds.

Which solution will meet these requirements with the LEAST operational overhead?
  • A. Create a new IAM role. Attach the AWSPurchaseOrdersServiceRolePolicy AWS managed policy to the role. Check AWS Cost Explorer on a regular basis to monitor current costs and forecasted costs.
  • B. Create an AWS Cost and Usage Report. Create an AWS Step Functions state machine that runs when a new usage file is generated. Configure the state machine to pass the data to Amazon Forecast and to invoke an AWS Lambda function. Configure the Lambda function to parse the data and to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic if costs exceed the thresholds.
  • C. Create an AWS Cost and Usage Report. Separate the current costs and forecasted costs by service. Schedule the report to be sent to an Amazon Simple Notification Service (Amazon SNS) topic each month.
  • D. Create a recurring cost budget in AWS Budgets. Create an alert for the actual cost. Create a second alert for the forecasted costs. Configure an Amazon Simple Notification Service (Amazon SNS) topic to receive the alerts.
#30 (Accuracy: 100% / 2 votes)
A company recently moved its server infrastructure to Amazon EC2 instances. The company wants to use Amazon CloudWatch Logs to track the instance logs.

What should a SysOps administrator do to meet this requirement in compliance with AWS best practices?
  • A. Configure CloudWatch from the AWS Management Console for the instances. Wait for AWS to automatically install and configure the agents for the instances
  • B. Install and configure the CloudWatch agent on the instances. Attach an IAM role to allow the instances to write logs to CloudWatch
  • C. Install and configure the CloudWatch agent on the instances. Attach an IAM user to allow the instances to write logs to CloudWatch
  • D. Install and configure the CloudWatch agent on the instances. Attach the necessary security groups to allow the instances to write logs to CloudWatch