Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#301 (Accuracy: 100% / 4 votes)
A company has an application that runs behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon Route 53 record set contains an alias record for app.anycompany.com that references the ALB in us-west-2 and uses a simple routing policy. The application is experiencing an increase in users from other locations in the world. These users are experiencing high latency.

Most of the new users are close to the ap-southeast-2 Region. The company deploys a copy of the application to ap-southeast-2. A SysOps administrator must implement a solution that automatically routes requests to the lowest latency endpoint for users without changing the URL.

Which solution will meet these requirements?
  • A. Add a new value to the existing alias record for app.anycompany.com with the DNS name of the new ALB in ap-southeast-2.
  • B. Change the existing alias record to use a geolocation routing policy. Create two geolocation records, one record that references each ALSelect the location that is closest to each Region.
  • C. Change the existing alias record to use a latency routing policy. Create two latency records, one record that references each ALB.
  • D. Change the existing alias record to use a multivalue routing policy Add the DNS name of each ALB to the record.
#302 (Accuracy: 100% / 3 votes)
A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log sources contain the status codes? (Choose two.)
  • A. VPC Flow Logs
  • B. AWS CloudTrail logs
  • C. ALB access logs
  • D. CloudFront access togs
  • E. RDS logs
#303 (Accuracy: 100% / 4 votes)
An Amazon CloudFront distribution has a single Amazon S3 bucket as its origin. A SysOps administrator must ensure that users can access the S3 bucket only through requests from the CloudFront endpoint.
Which solution will meet these requirements?
  • A. Configure S3 Block Public Access on the S3 bucket. Update the S3 bucket policy to allow the GetObject action from only the CloudFront distribution.
  • B. Configure Origin Shield in the CloudFront distribution. Update the CloudFront origin to include a custom Origin_Shield header.
  • C. Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Update the S3 bucket policy to restrict access to the OAI.
  • D. Create an origin access identity (OAI). Assign the OAI to the S3 bucket. Update the CloudFront origin to include a custom Origin header with the OAI value.
#304 (Accuracy: 100% / 6 votes)
A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an
InsufficientInstanceCapacity error.
Which actions should a SysOps administrator take to remediate this issue? (Choose two.)
  • A. Change the instance type that the company is using.
  • B. Configure the Auto Scaling group in different Availability Zones.
  • C. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.
  • D. Increase the maximum size of the Auto Scaling group.
  • E. Request an increase in the instance service quota.
#305 (Accuracy: 100% / 3 votes)
A team of on-call engineers frequently needs to connect to Amazon EC2 instances in a private subnet to troubleshoot and run commands. The instances use either the latest AWS-provided Windows Amazon Machine Images (AMIs) or Amazon Linux AMIs.
The team has an existing 1AM role for authorization. A SysOps administrator must provide the team with access to the instances by granting IAM permissions to this role.
Which solution will meet this requirement?
  • A. Add a statement to the 1AM role policy to allow the ssm:StartSession action on the instances. Instruct the team to use AWS Systems Manager Session Manager to connect to the instances by using the assumed IAM role.
  • B. Associate an Elastic IP address and a security group with each instance. Add the engineers' IP addresses to the security group inbound rules. Add a statement to the IAM role policy to allow the ec2:AuthorizeSecurityGrouplngress action so that the team can connect to the instances.
  • C. Create a bastion host with an EC2 instance, and associate the bastion host with the VPC. Add a statement to the 1AM role policy to allow the ec2:CreateVpnConnection action on the bastion host. Instruct the team to use the bastion host endpoint to connect to the instances.
  • D. Create an internet-facing Network Load Balancer. Use two listeners. Forward port 22 to a target group of Linux instances. Forward port 3389 to a target group of Windows instances. Add a statement to the IAM role policy to allow the ec2:CreateRoute action so that the team can connect to the instances.
#306 (Accuracy: 100% / 3 votes)
A company stores critical data in Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity.
Which action will meet this requirement?
  • A. Configure S3 bucket metrics to record object access logs.
  • B. Create an AWS CloudTrail trail to log data events for all S3 objects.
  • C. Enable S3 server access logging for each S3 bucket.
  • D. Use AWS IAM Access Analyzer for Amazon S3 to store object access logs.
#307 (Accuracy: 100% / 4 votes)
A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue. The Auto Scaling group is set to scale based on the number of messages in the queue. Messages can take up to 12 hours to process completely. A SysOps administrator must ensure that instances are not interrupted during message processing.

What should the SysOps administrator do to meet these requirements?
  • A. Enable instance scale-in protection for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Disable instance scale-in protection after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script.
  • B. Set the Auto Scaling group's termination policy to OldestInstance.
  • C. Set the Auto Scaling group's termination policy to OldestLaunchConfiguration.
  • D. Suspend the Launch and Terminate scaling processes for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Resume the scaling processes after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script.
#308 (Accuracy: 100% / 5 votes)
A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near-real time.
Which solution will meet these requirements?
  • A. Create an AWS Config rule with the required-tags managed rule to identify noncompliant resources. Configure automatic remediation to run the AWS- TerminateEC2Instance automation document to terminate noncompliant resources.
  • B. Create a new Amazon EventBridge (Amazon CloudWatch Events) rule to monitor when new EC2 instances are created. Send the event to a Simple Notification Service (Amazon SNS) topic for automatic remediation.
  • C. Ensure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behavior to terminate.
  • D. Ensure AWS Systems Manager Compliance is configured to manage the EC2 instances. Call the AWS-StopEC2Instances automation document to stop noncompliant resources.
#309 (Accuracy: 100% / 5 votes)
A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3.
Which action should a SysOps administrator take to meet this requirement?
  • A. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.
  • B. Create an Amazon ElastiCache cluster and enable caching for the S3 bucket.
  • C. Set up AWS Global Accelerator and configure it with the S3 bucket.
  • D. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files.
#310 (Accuracy: 100% / 5 votes)
A SysOps administrator has used AWS CloudFormation to deploy a serverless application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS CloudFormation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS CloudFormation stack?
  • A. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack.
  • B. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.
  • C. Enable termination protection on the AWS CloudFormation stack.
  • D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTable action.