Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#321 (Accuracy: 100% / 2 votes)
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds.

How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?
  • A. The Auto Scaling group will launch an additional EC2 instance every time the RequestCountPerTarget metric exceeds the predefined limit.
  • B. The Auto Scaling group will launch one EC2 instance and will wait for the default cooldown period before launching another instance.
  • C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not add new EC2 instances until the load is normalized.
  • D. The Auto Scaling group will try to distribute the traffic among all EC2 instances before launching another instance.
#322 (Accuracy: 92% / 2 votes)
A company has a hybrid environment. The company has set up an AWS Direct Connect connection between the company's on-premises data center and a workload that runs in a VPC. The company uses Amazon Route 53 for DNS on AWS. The company uses a private hosted zone to manage DNS names for a set of services that are hosted on AWS.

The company wants the on-premises servers to use Route 53 for DNS resolution of the private hosted zone.

Which solution will meet these requirements?
  • A. Create a Route 53 inbound endpoint. Ensure that security groups and routing allow the traffic from the on-premises data center. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone's domain name to the IP addresses of the inbound endpoint.
  • B. Create a Route 53 outbound endpoint. Ensure that security groups and routing allow the traffic from the VPC. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the IP addresses of the outbound endpoint.
  • C. Edit the private hosted zone in Route 53 with a TXT record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.
  • D. Edit the private hosted zone in Route 53 with a PTR record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.
#323 (Accuracy: 100% / 2 votes)
A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the Instance multiple times. However, the SysOps administrator always receives a timeout error.

Which action will allow the SysOps administrator to remotely connect to the instance?
  • A. Add a route table entry in the public subnet for the SysOps administrator's IP address.
  • B. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.
  • C. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.
  • D. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.
#324 (Accuracy: 100% / 3 votes)
A company migrates a write-once, ready-many (WORM) drive to an Amazon S3 bucket that has S3 Object Lock configured in governance mode. During the migration, the company copies unneeded data to the S3 bucket.

A SysOps administrator attempts to delete the unneeded data from the S3 bucket by using the AWS CLI. However, the SysOps administrator receives an error.

Which combination of steps should the SysOps administrator take to successfully delete the unneeded data? (Choose two.)
  • A. Increase the Retain Until Date.
  • B. Assume a role that has the s3:BypassLegalRetention permission.
  • C. Assume a role that has the s3:BypassGovernanceRetention permission.
  • D. Include the x-amz-bypass-governance-retention:true header in the request when issuing the delete command.
  • E. Include the x-amz-bypass-legal-retention:true header in the request when issuing the delete command.
#325 (Accuracy: 100% / 2 votes)
A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at all times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00, 7 days a week.

How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?
  • A. Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%.
  • B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is available at 09:00. Create a second scheduled scaling policy that scales in the fleet at 17:00.
  • C. Set the Auto Scaling group to start with 2 instances by setting the desired instances, maximum instances, and minimum instances to 2. Create a scheduled scaling policy that ensures that the fleet is available at 09:00.
  • D. Create a scheduled scaling policy that ensures that the fleet is available at 09:00. Create a second scheduled scaling policy that scales in the fleet at 17:00.
#326 (Accuracy: 92% / 5 votes)
A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM permissions for all users are correct.

What could be the cause of this issue?
  • A. The management/payer account does not have billing alerts turned on.
  • B. The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account.
  • C. Amazon GuardDuty is turned on for all the accounts.
  • D. The company has not configured an AWS Config rule to monitor billing.
#327 (Accuracy: 100% / 3 votes)
A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service.

Which of the following is the cause of this issue?
  • A. The IAM password is incorrect.
  • B. The server certificate is missing.
  • C. The SSH key pair is incorrect.
  • D. There is no access key.
#328 (Accuracy: 100% / 3 votes)
A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.

How should the administrator implement this process?
  • A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
  • B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
  • C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
  • D. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP, export the database contents into a file, then share this file with the other accounts.
#329 (Accuracy: 100% / 2 votes)
A company’s application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company’s IAM policies allow only the permissions that the application requires.

How can the SysOps administrator create a policy to meet this requirement?
  • A. Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub.
  • B. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS Identity and Access Management Access Analyzer.
  • C. Use the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer.
  • D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management Access Analyzer.
#330 (Accuracy: 100% / 4 votes)
A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response.

What is the MOST operationally efficient solution that meets these requirements?
  • A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.
  • B. Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.
  • C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
  • D. Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.