Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#341 (Accuracy: 100% / 5 votes)
A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket.

Which of the following does this feature replicate to the destination S3 bucket by default?
  • A. Objects in the source S3 bucket for which the bucket owner does not have permissions
  • B. Objects that are stored in S3 Glacier
  • C. Objects that existed before replication was configured
  • D. Object metadata
#342 (Accuracy: 100% / 3 votes)
A company’s SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots are deleted.

Which solution will provide this functionality?
  • A. Turn on deletion protection on individual EBS snapshots that need to be kept.
  • B. Create an IAM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age. Apply the policy to all users.
  • C. Create a Recycle Bin retention rule for EBS snapshots for the desired retention period.
  • D. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.
#343 (Accuracy: 100% / 4 votes)
A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled. A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.

How should the SysOps administrator implement this solution?
  • A. Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days. Run an AWS Lambda function when a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users.
  • B. Configure an AWS Config rule to identify IAM users that have not been active for 90 days. Set up an automatic weekly batch process on an Amazon EC2 instance to disable the AWS access keys and passwords for these IAM users.
  • C. Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days. Automatically delete these IAM users.
  • D. Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days. Set up an AWS Systems Manager automation runbook to disable the AWS access keys for these IAM users.
#344 (Accuracy: 100% / 3 votes)
A company has an existing public web application for www.example.com. The Application Load Balancer (ALB) is configured with a single HTTP 80 listener. A SysOps administrator must ensure that all web requests to www.example.com are encrypted between the client and the ALB.

The SysOps administrator already has requested and validated a public certificate for www.example.com in AWS Certificate Manager (ACM). Existing users of the application must not be required to change the endpoint to which they are connecting.

Which additional set of steps should the SysOps administrator take to meet these requirements?
  • A. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
  • B. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. Delete the original HTTP listener on port 80.
  • C. Modify the ALB default rule for the HTTP port 80 listener. Create a rule in the listener to forward all traffic for the host www example.com to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
  • D. Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.
#345 (Accuracy: 100% / 1 votes)
A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and ROP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.

Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances.

What should a SysOps administrator do to resolve this issue?
  • A. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.
  • B. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
  • C. Configure the SSM Agent to log in with a user name of “ubuntu”.
  • D. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.
#346 (Accuracy: 100% / 2 votes)
A company is running production workloads that use a Multi-AZ deployment of an Amazon RDS for MySQL db.m6g.xlarge (general purpose) standard DB instance. Users report that they are frequently encountering a “too many connections” error. A SysOps administrator observes that the number of connections on the database is high.

The SysOps administrator needs to resolve this issue while keeping code changes to a minimum.

Which solution will meet these requirements MOST cost-effectively?
  • A. Modify the RDS for MySQL DB instance to a larger instance size.
  • B. Modify the RDS for MySQL DB instance to Amazon DynamoDB.
  • C. Configure RDS Proxy. Modify the application configuration file to use the RDS Proxy endpoint.
  • D. Modify the RDS for MySQL DB instance to a memory optimized DB instance.
#347 (Accuracy: 100% / 3 votes)
A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files.
Which solution will meet these requirements?
  • A. Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.
  • B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Rekognition.
  • C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
  • D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.
#348 (Accuracy: 100% / 3 votes)
A company runs a workload on an Amazon EC2 instance. The workload needs a temporary cache that contains data that changes frequently. The workload does not need to retain the cache across instance restarts.

Which storage option will provide the HIGHEST performance for the cache?
  • A. General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume
  • B. Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume
  • C. Throughput Optimized HDD (st1) Amazon Elastic Block Store (Amazon EBS) volume
  • D. EC2 instance store
#349 (Accuracy: 100% / 1 votes)
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.

Which solution will meet this requirement?
  • A. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.
  • B. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
  • C. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.
  • D. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.