Limited Time Discount Offer 20% Off - Ends in 0d 00h 00m 00s - Coupon code: 20good

SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

Questions 4

A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.

How should this be achieved within a VPC?

Options:

A.

Create one public subnet for the Application Load Balancer, one public subnet for the servers, and private subnet for the database servers.

B.

Create one public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers.

C.

Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.

D.

Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.

Buy Now
Questions 5

A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that a efficient, cost effective, and allow for scaling with future demand.

Which action should be taken to accomplish this?

Options:

A.

Add a second NAT instance and place both instance behind a load balancer.

B.

Convert the NAT instance to a larger instance size.

C.

Replace the NAT instance with NAT gateway.

D.

Replace the NAT instance with a virtual private gateway.

Buy Now
Questions 6

A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.

How should the Administrator accomplish this?

Options:

A.

Use the set-alarm-state command in AWS CloudTrail to invoke the Amazon SNS notification

B.

Use CloudWatch custom metrics to set the alarm state in AWS CloudTrail and enable Amazon SNS notifications

C.

Use EC2 instance metadata to manually set the CPU utilization to 75% and invoke the alarm state

D.

Use the set-alarm-state command in the AWS CLI for CloudWatch

Buy Now
Questions 7

A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.

How can this be accomplished?

Options:

A.

Create an Auto Scaling target tracking scaling policy to gradually move traffic the old version to the new one

B.

Change the Application Load Balancer to a Network Load Balancer, then add both Auto Scaling groups as targets

C.

Use an Amazon Route 53 weighted routing policy to gradually move traffic from the old version to the new one

D.

Deploy Amazon Redshift to gradually move traffic from the old version to the new one using a set of predefined values

Buy Now
Questions 8

An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.

What is a possible cause of this failure?

Options:

A.

The IAM user did not have privileges to launch the CloudFormation template.

B.

The t2 medium EC2 instance service limit was reached.

C.

An AWS Budgets threshold was breached.

D.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

Buy Now
Questions 9

A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access? (Select TWO)

Options:

A.

Attach an IAM policy to the users or groups that require access to the EC2 instances

B.

Attach an IAM role to control access to the EC2 instances

C.

Create a placement group for the EC2 instances and add a specific tag

D.

Create a service account and attach it to the EC2 instances that need to be controlled

E.

Create an IAM policy that grants access to any EC2 instances with a tag specified in the condition element

Buy Now
Questions 10

A company uses multiple accounts for its applications. Account A manages the company’s Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the company’s web servers.

How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?

Options:

A.

Create an Amazon EC2 proxy in Account A that forwards requests to Account B.

B.

Create a load balancer in Account A that points to the load balancer in Account B.

C.

Create a CNAME record in Account A pointing to an alias record to the load balancer in Account B.

D.

Create an alias record in Account A pointing to the load balancer in Account B.

Buy Now
Questions 11

A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1. A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage. Data will be replicated from the primary region to the secondary region. The Information Security team’s compliance requirements specify that all data must be encrypted and must not traverse the public internet.

How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?

Options:

A.

Configure EC2 instances to act as VPN appliances, then configure route tables.

B.

Configure inter-region VPC peering between the two VPCs, then configure route tables.

C.

Configure NAT gateways in both VPCs, then configure route tables.

D.

Configure an internet gateway in each VPC, and use these as the targets for the VPC route tables.

Buy Now
Questions 12

A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the Administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the Administrator add to the route tables?

Options:

A.

Route ::/0 traffic to a NAT gateway

B.

Route ::/0 traffic to an internet gateway

C.

Route 0.0.0.0/0 traffic to an egress-only internet gateway

D.

Route ::/0 traffic to an egress-only internet gateway

Buy Now
Questions 13

A company is storing monthly reports on Amazon S3. The company’s security requirement states that traffic from the client VPC to Amazon S3 cannot traverse the internet.

What should the SysOps Administrator do to meet this requirement?

Options:

A.

Use AWS Direct Connect and a public virtual interface to connect to Amazon S3.

B.

Use a managed NAT gateway to connect to Amazon S3.

C.

Deploy a VPC endpoint to connect to Amazon S3.

D.

Deploy an internet gateway to connect to Amazon S3.

Buy Now
Questions 14

In configuring an Amazon Route 53 health check, a SysOps Administrator selects ‘Yes’ to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.

This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the

health check, the Administrator receives an alert stating that the check failed. However, when the

Administrator navigates to the page, it loads successfully.

What is the MOST likely cause of this false alarm?

Options:

A.

The search string is not HTML-encoded.

B.

The search string must be put in quotes.

C.

The search string must be escaped with a backslash (\) before the forward slash (/).

D.

The search string is not in the first 5120 bytes of the tested page.

Buy Now
Questions 15

A company's finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements?

Options:

A.

Configure AWS Cost and Usage reports for each department Run the reports monthly.

B.

Schedule a monthly report for each department using AWS Budgets

C.

Run a monthly AWS CloudTrail report of resource usage by tag using department codes

D.

Tag all resources with department codes Generate a monthly cost allocation report

Buy Now
Questions 16

A SysOpsAdministrator is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Administrator wants to be notified automatically of AWS Personal Health Dashboard events.

In the main payer account, the Administrator configures Amazon CloudWatch Events triggered by AWS Health events triggered by AWS Health triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger.

Why did the alerts fail?

Options:

A.

Amazon SNS cannot be triggered from the AWS Personal Health Dashboard

B.

The AWS Personal Health Dashboard only reports events from one account, not linked accounts.

C.

The AWS Personal Health Dashboard must be configured from the payer account only; all events will then roll up into the payer account.

D.

AWS Organizations must be used to monitor linked accounts.

Buy Now
Questions 17

A SysOps Administrator has implemented a VPC network design with the following requirements

• Two Availability Zones (AZs) - Two private subnets

• Two public subnets

• One internet gateway

• One NAT gateway

What would potentially cause applications in the VPC to fail during an AZ outage?

Options:

A.

A single virtual private gateway, because it can be associated with a single AZ only.

B.

A single internet gateway, because it is not redundant across both AZs.

C.

A single NAT gateway, because it is not redundant across both AZs

D.

The default VPC route table, because it can be associated with a single AZ only

Buy Now
Questions 18

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.

Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)

Options:

A.

Attach a NAT gateway to the VPC and configure routing

B.

Attach a virtual private gateway to the VPC and configure routing

C.

Attach an internet gateway to the VPC and configure routing

D.

Configure a VPN connection back to the corporate office.

E.

Configure an Application Load Balancer in front of the EC2 instances

Buy Now
Questions 19

A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.

Which AWS tool will provide the necessary information?

Options:

A.

AWS Macie

B.

AWS Artifact

C.

AWS OpsWorks

D.

AWS Organizations

Buy Now
Questions 20

A SySOps Administrator is managing an AWS account where Developers are authorized to launch Amazon EC2 instances to test new code. To limit costs, the Administrator must ensure that the EC2 instances in the account are terminated 24 hours after launch.

How should the Administrator meet these requirements?

Options:

A.

Create an Amazon CloudWatch alarm based on the CPUUtilization metric. When the metric is 0% for 24 hours, trigger an action to terminate the EC2 instance when the alarm is triggered.

B.

Create an AWS Lambda function to check all EC2 instances and terminate instances running more than 24 hours. Trigger the function with an Amazon CloudWatch Events event every 15 minutes.

C.

Add an action to AWS Trusted Advisor to turn off EC2 instances based on the Low Utilization Amazon EC2 Instances check, terminating instances identified by Trusted Advisor as running for more than 24 hours.

D.

Install the unified Amazon CloudWatch agent on every EC2 instance. Configure the agent to terminate instances after they have been running for 24 hours.

Buy Now
Questions 21

A SysOps Administration team is supporting an applications that stores a configuration file in an Amazon S3 bucket Previous revisions of the configuration file must be maintained for change control and rollback

How should the S3 bucket be configured to meet these requirements?

Options:

A.

Enable a lifecycle policy on the S3 bucket

B.

Enable cross-origin resource sharing on the S3 bucket

C.

Enable object tagging on the S3 bucket

D.

Enable versioning on the S3 bucket

Buy Now
Questions 22

A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months

What is the process to rotate the key?

Options:

A.

Enable automatic key rotation tor the CMK and specify a period of 6 months

B.

Create a new CMK with new imported material and update the key alias to point to the new CMK

C.

Delete the current key material and import new material into the existing CMK

D.

Import a copy of the existing key material into a new CMK as a backup and set the rotation schedule for 6 months

Buy Now
Questions 23

A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.

What should the sysops administrator do to prevent similar attacks?

Options:

A.

Install Amazon Inspector on the EC2 instances and configure a rules package Use the findings reports to identify and block SQL injection attacks.

B.

Modify the security group of the ALB Use the IP addresses from the logs to block the IP addresses where SQL injection originated.

C.

Create an AWS WAF web ACL in front of the ALB. Add an SQL injection rule to the web ACL Associate the web ACL to the ALB

D.

Enable Amazon GuardDuty in the AWS Region Use Amazon CloudWatch Events to trigger an AWS Lambda function response every time an SQL injection finding is discovered

Buy Now
Questions 24

A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.

Which service can be used to monitor and recover the EC2 instances?

Options:

A.

Amazon EC2 Systems Manager

B.

Amazon Inspector

C.

AWS CloudFormation

D.

Amazon CloudWatch

Buy Now
Questions 25

A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.

Which metric can be measured given the constraints? (Select Three)

Options:

A.

CPU Utilization

B.

Disk Read Operations

C.

Memory Utilization

D.

Network Packets In

E.

Network Packets Dropped

F.

CPU Ready Time

Buy Now
Questions 26

A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.

How can the Administrator achieve this requirement?

Options:

A.

Use Amazon Inspector and Amazon CloudWatch Events.

B.

Use AWS Trusted Advisor and Amazon CloudWatch Events.

C.

Use the Personal Health Dashboard and CloudWatch Events.

D.

Use AWS CloudTrail and CloudWatch Events.

Buy Now
Questions 27

A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.

How should the SysOps Administrator publish the memory metrics? (Choose two.)

Options:

A.

Enable detailed monitoring on the instance within Amazon CloudWatch

B.

Publish the memory metrics to Amazon CloudWatch Events

C.

Publish the memory metrics using the Amazon CloudWatch agent

D.

Publish the memory metrics using Amazon CloudWatch Logs

E.

Set metrics_collection_interval to 60 seconds

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Aug 10, 2020
Questions: 216

PDF + Testing Engine

$99.99  $124.99

Testing Engine

$71.99  $89.99

PDF (Q&A)

$64  $80.00