SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.

What should the organization do to reduce costs?

A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.

How can the Administrator achieve this requirement?

A company ' s Marketing department generates gigabytes of assets each day and stores them locally. They would like to protect the files by backing them up to AWS All the assets should be stored on the cloud but the most recent assets should be available locally for tow latency access

Which AWS service meets the requirements?

Website users report that an application ' s pages are loading slowly at the beginning of the workday The application runs on Amazon EC2 instances and data is stored in an Amazon RDS database The SysOps Administrator suspects the issue is related to high CPU usage on a component of this application

How can the Administrator find out which component is causing the performance bottleneck?

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy

What is likely to be the problem?

A SysOps Administrator deployed an AWS elastic Beanstalk worker node environment that reads messages from an auto-generated Amazon simple Queue service (Amazon SQS) queue and deletes them from the queue after processing. Amazon EC2 auto scaling scales in and scales out number of worker nodes based on CPU utilization. After some time, the administrator notices that the number of messages in the SQS queue are increasing significantly.

Which action will remediate the issue?

A sysops administrator created an AWS Lambda function within a VPC with no access to the internet. The Lambda function pulls messages from an Amazon SOS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.

Which of the following are possible causes for this? (Select TWO.)

A company’s web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC@ Auto Scaling group across multiple Availability Zones. Data is stored in an Amazon ElastiCache for Radius cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at midnight on Tuesday.

Which resources will need to have a maintenance window configured for midnight on Tuesday? (Choose two.)

A security officer has requested Ifial internet access be removed from subnets in a VPC. The subnets currently route internet-bound traffic to a NAT gateway. A SysOps administrator needs to remove this access while allowing access to Amazon S3.

Which solution will meet these requirements?

A company is planning to expand into an additional AWS region for disaster recovery purposes. the company uses AWS CloudFormation, and its infrastructure is well-defined as code. The company would like to reuse as much of its existing code as possible when deploying resources to additional Regions.

A SysOps Administrator is reviewing how Amazon Machine Images (AMIs) are selected in AWS CloudFormation, but is having trouble making the same stack work in the new Region.

Which action would make it easier to manage multiple Regions?

An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.

What is the MOST efficient way to accomplish this goal?

A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.

How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

A company stores thousands of non-critical log files in an Amazon S3 bucket A set of reporting scripts retrieve these log files daily. Which of the following storage options will be the MOST cost efficient for the company ' s use case?

A sysops administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.

How should this report be generated?

A, Access the Cloud Trail logs stored in the Amazon S3 bucket tied to Cloud Trail. Use Amazon Athena to extract the information needed to generate the report

B. Locate the monthly reports that CloudTrail sends that are emailed to the account ' s root user. Forward the reports to the auditor using a secure channel

C. Use the AWS Management Console to search for the user name in the CloudTrail history. Filter by API and download the report in CSV format

D. Use the CloudTrail digest files stored in the company ' s Amazon S3 bucket. Send the logs to Amazon QuickSight to create the report.

Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.

How can this be accomplished?

A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:

403 Forbiddan - Access Denied

What change should be made to fix this error ' ?

An environment company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and Expressures (CVE) report. The Security tea, requests that all these instances be upgraded.

Who is responsible for upgrading the EC2 instances?

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company ' s systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances

How will AWS respond to this request?

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps administrator has been asked to determine what is causing this increase.

What is the Most comprehensive tool that will accomplish this task?

The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.

Which action should a SysOps Administrator take to accomplish this?

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A serverless application running on AWS Lambda is expected to receive a significant increase in traffic. A SysOps Administrator needs to ensure that the Lambda function is configured to scale so the application can process the increased traffic.

What should the Administrator do to accomplish this?

A company’s use of AWS Cloud services is quickly growing, so a SysOps Administrator has been asked to generate details of daily spending to share with management.

Which method should the Administrator choose to produce this data?

A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.

Which actions will restore the objects? (Choose two.)

A company needs to migrate an on-premises asymmetric key management system into AWS.

Which AWS service should be used to accomplish this?

A company ' s application infrastructure was deployed using AWS CloudFormation and is composed of Amazon EC2 instances behind an Application Load Balancer. The instances run an EC2 Auto Scaling group across multiple Availability Zones. When releasing a new version of the application, the update deployment must avoid D NS changes and allow rollback.

Which solution should a sysops administrator use to meet the deployment requirements for this new release?

A company is concerned about a security vulnerability impacting its Linux operating system.

What should the SysOps Administrator do to alleviate this concern?

A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.

Which service can be used to monitor and recover the EC2 instances?

Which component of an Ethernet frame is used to notify a host that traffic is coming?

A SysOps Administrator has been tasked with deploying a company’s infrastructure as code. The Administrator wants to write a single template that can be reused for multiple environments in a safe, repeatable manner.

What is the recommended way to use AWS CloudFormation to meet this requirement?

An application is running on multiple EC2 instances. As part of an initiative to improve overall infrastructure security, the EC2 instances were moved to a private subnet. However, since moving, the EC2 instances have not been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely.

Which two actions could the Administrator take to securely resolve these issues? (Choose two.)

A SySOps Administrator is managing an AWS account where Developers are authorized to launch Amazon EC2 instances to test new code. To limit costs, the Administrator must ensure that the EC2 instances in the account are terminated 24 hours after launch.

How should the Administrator meet these requirements?

Development teams are maintaining several workloads on AWS. Company management is concerned about rising costs and wants the SysOps Administrator to configure alerts so teams are notified when spending approaches preset limits.

Which AWS service will satisfy these requirements?

A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.

Which metric can be measured given the constraints? (Select Three)

A company is planning to deploy multiple ecommerce websites across the eu-west-1, ap-east-1, and us-west-1 Regions. The websites consist of Amazon S3 buckets Amazon EC2 instances, Amazon RDS databases and Elastic Load Balancers.

Which method will accomplish the deployment with the LEAST amount of effort?

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

A SysOps Administrator is trying to set up an Amazon Route 53 domain namo to route traffic to a website hosted on Amazon S3 The domain name of the website is www anycompany com and the S3 bucket name is anycompany-static After the record set is set up in Route 53, the domain name www anycompany com does not seem to work, and the static website is not displayed in the browser

Which of the following is a cause of this?

A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.

How can these requirements be met?

A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.

Which action should be taken to meet these requirements?

A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:

What is one cause of this?

A SysOps Administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency alter a few minutes

What change should be made to alleviate the performance problem?

A company wants to increase the availability and durability of a critical business application. The application currently uses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.

How should the company meet these requirements?

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.

Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)

A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.

How should the SysOps Administrator publish the memory metrics? (Choose two.)

A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.

Which AWS tool will provide the necessary information?

A company wants to create a new Network Load Balancer (NLB) (or an existing interface VPC endpoint. A SysOps administrator tries to remove the existing NLB but sees the error " existing VPC Endpoint connections and cannot be removed. "

Which solution will resolve this issue?

An application is being developed that will be served across a fleet of Amazon EC2 instances, which require a consistent view of persistent data. Items stored vary in size from 1 KB lo 300MB; the items are read frequently, created occasio nally, and often require partial changes without conflict. The data store is not expected to grow beyond 2TB. and items will be expired according to age and content type.

Which AWS service solution meets these requirements?

A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.

How should this be achieved within a VPC?

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead ' '

A SysOps Administrator manages an Amazon RDS MySQL DB instance in production. The database is accessed by several applications. The Administrator needs to ensure minimal downtime of the applications in the event the database suffers a failure. This change must not impact customer use during regular business hours.

Which action will make the database MORE highly available?

An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.

What is the MOST secure way to grant the application access to the credentials?

A fleet of servers must send local logs to Amazon CloudWatch.

How should the servers be configured to meet this requirement?

A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.

Which action should a SysOps Administrator recommend?

After launching a new Amazon EC2 instance from a Microsoft Windows 2012 Amazon Machine Image (AMI), the SysOps Administrator is unable to connect to the instance using Remote Desktop Protocol (RDP). The instance is also unreachable. As part of troubleshooting, the Administrator deploys a second instance from a different AMI using the same configuration and is able to connect to the instance.

What should be the next logical step in troubleshooting the first instance?

A popular auctioning plat form requires near-real-time access to dynamic bidding information. The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during the weekend auction and can no longer be resized. To improve applicati on performance, a sysops administrator is evaluating Amazon ElastiCache and has chosen Redis (cluster mode enabled) instead of Memcached

What are reasons for making this choice? (Select TWO.)

A SysOps Administrator has configured health checks on a load balancer. An Amazon EC2 instance attached to this load balancer fails the health check.

What will happen next? (Choose two.)

A SysOps Administrator is configuring AWS SSO tor the first time. The Administrator has already created a directory in the master account using AWS Directory Service and enabled full access in AWS Organizations

What should the Administrator do next to configure the service?

A company ' s finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements?

A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.

What should a sysops administrator use to validate the calls mode to SQS?

An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.

What is the MOST cost-effective way to run this workload?

A SysOps Administrator is responsible for maintaining an Amazo EC2 instance that acts as a bastion host. The Administrator can sucessfully connect to the instance using SSH, but attempts to ping the instance result in a timeout.

What is one reason for the issue?

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

A company’s website went down for several hours. The root cause was a full disk on one of the company’s Amazon EC2 instances.

Which steps should the SysOps Administrator take to prevent this from happening in this future?

An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3. With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.

Which service would be the MOST efficient way to transfer this data to Amazon S3?

A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access? (Select TWO)

An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account. How can a SysOps administrator achieve this while maintaining the security of the application?

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.

Which of the following tools or services provides this information?

A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.

Which action will resolve this issue?

A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.

What will be the result of this configuration?

A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.

Which solution will meet these requirements?

A SysOps administrator is impleme nting automated I/O load performance testing as part of lite continuous integraliorVcontinuous delivery (CI ' CD) process for an application The application uses an Amazon Elastic Block Store (Amazon E8S) Provisioned IOPS volume for each instance that is res tored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.

Which actions could the SysOps administrator take to accomplish this goal? (Select TWO.)

An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data A new company policy requires the secondary volume to be encrypted at rest. Wh ich solution will meet this requirement?