Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#71 (Accuracy: 100% / 2 votes)
A SysOps administrator is troubleshooting an AWS CloudFormation stack creation that failed. Before the SysOps administrator can identify the problem, the stack and its resources are deleted. For future deployments, the SysOps administrator must preserve any resources that CloudFormation successfully created.

What should the SysOps administrator do to meet this requirement?
  • A. Set the value of the DisableRollback parameter to False during stack creation
  • B. Set the value of the OnFailure parameter to DO_NOTHING during stack creation
  • C. Specify a rollback configuration that has a rollback trigger of DO_NOTHING during stack creation
  • D. Set the value of the OnFailure parameter to ROLLBACK during stack creation
#72 (Accuracy: 100% / 2 votes)
A company is using Amazon CloudWatch alarms to monitor Amazon Elastic Kubernetes Service (Amazon EKS) workloads. The alarms are initiated through a threshold definition and are not helping the EKS cluster operate more efficiently.

A SysOps administrator must implement a solution that identifies anomalies and generates recommendations for how to address the anomalies.

Which solution will meet these requirements?
  • A. Use CloudWatch anomaly detection to identify anomalies and provide recommendations
  • B. Use CloudWatch Container Insights with Amazon DevOps Guru to identify anomalies and provide recommendations.
  • C. Use CloudWatch Container Insights to identify anomalies and provide recommendations
  • D. Use CloudWatch anomaly detection with CloudWatch Container Insights to identify anomalies and provide recommendations
#73 (Accuracy: 100% / 1 votes)
A SysOps administrator has an Amazon S3 website and wants to restrict access to a single Amazon CloudFront distribution. Visitors to the website should not be able to circumvent CloudFront or view the S3 website directly from the bucket.

Which AWS service or feature will meet these requirements?
  • A. S3 bucket ACL
  • B. AWS Firewall Manager
  • C. Amazon Route 53 private hosted zone
  • D. Origin access identity (OAI)
#74 (Accuracy: 100% / 5 votes)
A SysOps administrator receives an alert that a production Auto Scaling group has been scaled down to two Amazon EC2 instances. The Auto Scaling group was originally configured with a minimum capacity of three instances. However, the SysOps administrator confirms that the configuration now reflects a minimum capacity of two instances.

Which AWS service will help identify who made the change?
  • A. AWS Config
  • B. Amazon Inspector
  • C. Amazon Macie
  • D. Amazon Cloud Watch Logs
#75 (Accuracy: 100% / 3 votes)
An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting an Amazon EC2 instance when the problem occurs for more than 2 minutes.

How can this be accomplished?
  • A. Create an Amazon CloudWatch alarm for the EC2 instance with basic monitoring. Add an action to restart the instance.
  • B. Create an Amazon CloudWatch alarm for the EC2 instance with detailed monitoring. Add an action to restart the instance.
  • C. Create an AWS Lambda function to restart the EC2 instance, invoked on a scheduled basis every 2 minutes.
  • D. Create an AWS Lambda function to restart the EC2 instance, invoked by EC2 health checks.
#76 (Accuracy: 100% / 2 votes)
A company plans to migrate several of its high performance computing (HPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.

Which strategy should the SysOps administrator choose to meet these requirements?
  • A. Deploy the instances in a cluster placement group in one Availability Zone.
  • B. Deploy the instances in a partition placement group in two Availability Zones.
  • C. Deploy the instances in a partition placement group in one Availability Zone.
  • D. Deploy the instances in a spread placement group in two Availability Zones.
#77 (Accuracy: 100% / 5 votes)
A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However, users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.

What additional step must be taken to ensure that API calls are authenticated using MFA?
  • A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.
  • B. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.
  • C. Restrict the IAM users to use of the console, as MFA is not supported for CLI use.
  • D. Require users to use temporary credentials from the get-session token command to sign API calls.
#78 (Accuracy: 100% / 3 votes)
A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified.

Which solution will meet this requirement?
  • A. Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance.
  • B. Use VPC flow logs with Amazon Athena to block traffic to the external IP address.
  • C. Create a network ACL. Add an outbound deny rule for traffic to the external IP address.
  • D. Create a new security group to block traffic to the external IP address. Assign the new security group to the entire VPC.
#79 (Accuracy: 93% / 5 votes)
A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.

Which solution should the SysOps administrator implement to meet these requirements?
  • A. Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.
  • B. Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.
  • C. Migrate the database to an Amazon Aurora multi-master DB cluster.
  • D. Migrate the database to an Amazon RDS for MySQL DB instance.
#80 (Accuracy: 100% / 4 votes)
A SysOps administrator needs to develop a solution that provides email notification and inserts a record into a database every time a file is put into an Amazon S3 bucket.

What is the MOST operationally efficient solution that meets these requirements?
  • A. Set up an S3 event notification that targets an Amazon Simple Notification Service (Amazon SNS) topic. Create two subscriptions for the SNS topic. Use one subscription to send the email notification. Use the other subscription to invoke an AWS Lambda function that inserts the record into the database.
  • B. Set up an Amazon CloudWatch alarm that enters ALARM state whenever an object is created in the S3 bucket. Configure the alarm to invoke an AWS Lambda function that sends the email notification and inserts the record into the database.
  • C. Create an AWS Lambda function to send the email notification and insert the record into the database whenever a new object is detected in the S3 bucket. Invoke the function every minute with an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule.
  • D. Set up two S3 event notifications. Target a separate AWS Lambda function with each notification. Configure one function to send the email notification. Configure the other function to insert the record into the database.