Amazon AWS Certified SysOps Administrator - Associate SOA-C02
Prev

There are 349 results

Next
#81 (Accuracy: 100% / 5 votes)
A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.

Which AWS service will mitigate this issue?
  • A. AWS Shield Standard
  • B. AWS WAF
  • C. Elastic Load Balancing
  • D. Amazon Cognito
#82 (Accuracy: 91% / 11 votes)
A company has an application that is running on Amazon EC2 instances in a VPC. The application needs access to download software updates from the internet. The VPC has public subnets and private subnets. The company’s security policy requires all EC2 instances to be deployed in private subnets.

What should a SysOps administrator do to meet these requirements?
  • A. Add an internet gateway to the VPC. In the route table for the private subnets, add a route to the internet gateway.
  • B. Add aNAT gateway to a private subnet. In the route table for the private subnets, add a route to the NAT gateway.
  • C. Add a NAT gateway to public subnet. In the route table for the private subnets, add a route to the NAT gateway.
  • D. Add two internet gateways to the VPC. In the route tables for the private subnets and public subnets, add a route to each internet gateway.
#83 (Accuracy: 100% / 3 votes)
A development team created and deployed a new AWS Lambda function 15 minutes ago. Although the function was invoked many times, Amazon CloudWatch Logs are not showing any log messages.

What is one cause of this?
  • A. The developers did not enable log messages for this Lambda function.
  • B. The Lambda function's role does not include permissions to create CloudWatch Logs items.
  • C. The Lambda function raises an exception before the first log statement has been reached.
  • D. The Lambda functions creates local log files that have to be shipped to CloudWatch Logs first before becoming visible.
#84 (Accuracy: 100% / 3 votes)
A SysOps administrator is creating resources from an AWS. CloudFbrmation template that defines an Auto Scaling group of Amazon EC2 instances. The Auto Scaling group launch template provisions each EC2 instance by using a user data script. The creation of the Auto Scaling group resource is failing because of an error. The wait condition is not receiving the required number of signals.

How should the SysOps administrator resolve this error?
  • A. Run cfn-signal at the completion of the user data script.
  • B. Modify the EC2 instances’ security group to allow outgoing traffic on port 443.
  • C. Reduce the Auto Scaling group's DesiredCapacity value in the CloudFormation template.
  • D. Set the AssociatePublicIpAddress property to True in the Auto Scaling group launch template.
#85 (Accuracy: 95% / 6 votes)
A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A SysOps administrator must block the public IP address.

Which solution will meet this requirement?
  • A. Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.
  • B. Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.
  • C. Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.
  • D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.
#86 (Accuracy: 100% / 6 votes)
A company has migrated its legacy on-premises web application to an Amazon EC2 instance. The web application requires a single static public IP address to accept traffic and process requests. End users must be able to reach the web application through the example.com domain. A SysOps administrator must implement a solution that maintains the web application with the least amount of effort.

Which combination of actions will meet these requirements? (Choose two.)
  • A. Configure an Application Load Balancer (ALB). Add the EC2 instance to a target group that is associated with the ALB.
  • B. Create an Amazon Route 53 A record for the associated EC2 IP address.
  • C. Create an Amazon Route 53 CNAME record for the associated EC2 IP address.
  • D. Create an Elastic IP address, and associate it with the EC2 instance.
  • E. Create an Auto Scaling group with a minimum capacity of 1 and a maximum capacity of 2.
#87 (Accuracy: 100% / 5 votes)
A company runs its applications on a large number of Amazon EC2 instances. A SysOps administrator must implement a solution to notify the operations team whenever an EC2 instance state changes.

What is the MOST operationally efficient solution that meets these requirements?
  • A. Create a script that captures instance state changes and publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Systems Manager Run Command to run the script on all EC2 instances.
  • B. Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set an Amazon Simple Notification Service (Amazon SNS) topic as the target
  • C. Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set as the target an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.
  • D. Create an AWS Config custom rule that evaluates instance state changes with automatic remediation. Use the rule to invoke an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.
#88 (Accuracy: 100% / 6 votes)
A company asks a SysOps administrator to provision an additional environment for an application in four additional AWS Regions. The application is running on more than 100 Amazon C2 instances in the us-east-1 Region, using fully configured Amazon Machine Images (AMIs). The company has an AWS CloudFormation template to deploy resources in us-east-1.

What should the SysOps administrator do to provision the application in the MOST operationally efficient manner?
  • A. Copy the AMI to each Region by using the aws ec2 copy-image command. Update the CloudFormation template to include mappings for the copied AMIs.
  • B. Create a snapshot of the running instance. Copy the snapshot to the other Regions. Create an AMI from the snapshots. Update the CloudFormation template for each Region to use the new AMI.
  • C. Run the existing CloudFormation template in each additional Region based on the success of the template that is used currently in us-east-1.
  • D. Update the CloudF ormation template to include the additional Regions in the Auto Scaling group. Update the existing stack in us-east-1.
#89 (Accuracy: 92% / 9 votes)
A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.

Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)
  • A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
  • B. Add an AWS Config rule to detect the security groups that allow SSH.
  • C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH.
  • D. Call an AWS Systems Manager Automation runbook to close the port.
  • E. Call AWS Systems Manager Run Command to close the port.
#90 (Accuracy: 93% / 9 votes)
A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company’s security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.

Which solution will meet these requirements in the MOST secure manner?
  • A. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to an IAM user. Share the user credentials with the security administrator.
  • B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM user. Share the user credentials with the security administrator.
  • C. Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.
  • D. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.