Winter 50% Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 28285018

SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

Questions 4

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)

Options:

A.

Use a VPN to set up a tunnel between the on-premises data center and the AWS resources

B.

Use AWS Certificate Manager to create TLS/SSL certificates

C.

Use AWS CloudHSM to encrypt the data

D.

Use AWS KMS to create TLS/SSL certificates

E.

Use AWS KMS to manage the encryption keys used for data encryption

Buy Now
Questions 5

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

Options:

A.

Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.

B.

Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.

C.

Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.

D.

Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Buy Now
Questions 6

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances

How will AWS respond to this request?

Options:

A.

AWS will apply the patch during the next maintenance window and will provide the Administrator with a report of all patched EC2 instances

B.

AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI) and will provide the Administrator with a report of all patched EC2 instances

C.

AWS will research the vulnerability to see if the Administrator's operating system is impacted and will patch the EC2 instances that are affected

D.

AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances

Buy Now
Questions 7

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?

Options:

A.

Change the root user password by using the AWS CLI routinely.

B.

Periodically use the AWS CLI to rotate access keys and secret keys for the root user.

C.

Use AWS Trusted Advisor security checks to review the configuration of the root user.

D.

Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.

Buy Now
Questions 8

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

Options:

A.

Back up the current KMS key and enable automatic key rotation.

B.

Create a new key in AWS KMS and assign the key to Amazon EBS.

C.

Enable automatic key rotation of the EBS volume key in AWS KMS.

D.

Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Buy Now
Questions 9

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

Options:

A.

Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway

B.

Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.

C.

Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.

D.

Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Buy Now
Questions 10

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?

Options:

A.

AWS CloudTrail data event logging

B.

AWS CloudTrail management event logging

C.

Amazon inspector bucket event logging

D.

Amazon inspector event logging

Buy Now
Questions 11

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?

Options:

A.

Copy the AMI to each region using aws ec2 copy-image Update the CloudFormation mapping include mappings for the copy AMIs.

B.

Creating a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI.

C.

Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.

D.

Update the CloudFormation template to include the additional regions in the auto scaling group. Update the existing stack in us-east-1.

Buy Now
Questions 12

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

Options:

A.

Create an AWS Lambda function K> look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

B.

Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

C.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.

D.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

Buy Now
Questions 13

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?

Options:

A.

Implement a blue/green strategy using AWS Elastic Beanstalk.

B.

Perform a canary deployment using Application Load Balancers and target groups.

C.

Create a change set for the running stack.

D.

Submit the update using the UpdateStack API call.

Questions 14

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances

How will AWS respond to this request?

Options:

A.

AWS will apply the patch during the next maintenance window and will provide the Administrator with a report of all patched EC2 instances

B.

AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI) and will provide the Administrator with a report of all patched EC2 instances

C.

AWS will research the vulnerability to see if the Administrator's operating system is impacted and will patch the EC2 instances that are affected

D.

AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances

Buy Now
Questions 15

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

Options:

A.

a dedicated VPC.

B.

a single subnet inside the VPC.

C.

a placement group.

D.

a single Availability Zone.

Buy Now
Questions 16

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

Options:

A.

Add a product from the imported portfolio to a local portfolio.

B.

Add new product to the imported portfolio.

C.

Change the launch role for the products contained in the imported portfolio.

D.

Remove Products from the imported portfolio.

Buy Now
Questions 17

A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.

What should the Administrator do to restore the user's file from the snapshot?

Options:

A.

Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.

B.

Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.

C.

Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.

D.

Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.

Buy Now
Questions 18

A sysops administrator is writing an AWS Cloud Formation template. The template will create a new Amazon S3 bucket and copy objects from an existing Amazon S3 bucket into the new bucket. The objects include data files, images, and scripts.

How should the CIoudFormation template be configured to perform this copy operation?

Options:

A.

Configure an AWS Data Pipeline resource with a CopyActivity activity object. Specify the input and output bucket names and a list of object keys.

B.

Configure the S3 bucket resource to activate cross-Region replication. Point to the existing S3 bucket and specify a list of object keys to replicate.

C.

Create an AWS Lambda function that can perform the copy operation. Add the Lambda function to the template as a custom resource.

D.

Specify the commands to copy the objects in the user data field of the template's S3 bucket resource.

Buy Now
Questions 19

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?

Options:

A.

AWS Service Health Dashboard

B.

AWS Trusted Advisor

C.

AWS Personal Health Dashboard

D.

AWS Systems Manager

Buy Now
Questions 20

A SysOps administrator recently launched an application consisting of web servers running on Amazon EC2 instances, an Amazon ElastiCache cluster communicating on port 6379, and an Amazon RDS tor PostgreSQL DB instance communicating on port 5432. The web servers are in the security group web-sg. the ElastiCache cluster is in the security group cache-sg. and the DB instance is in the security group database-sg.

The application fails on start, with the error message "Unable to connect to the database."

The rules in web-sg are as follows.

Which change should the SysOps administrator make to web-sg to correct the issue without compromising security?

Options:

A.

Add a new inbound rule:

database-ag TCP 5432

B.

Add a new outbound rule:

database-sg TCP 5432

C.

Add a new outbound rule:

0.0.0.0/0 Ail Traffic 0-€5535

D.

Change the outbound rule to:

cache-sg TCP 54 32

Buy Now
Questions 21

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)

Options:

A.

Active AWS Budgets.

B.

Active cost allocation tags

C.

Create an organization using AWS Organization

D.

Create and apply resource tags

E.

enable AWS trusted advisor

Buy Now
Questions 22

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?

Options:

A.

Create a new CloudFormation stack based on the changes that were made Delete the old stack and deploy the new stack

B.

Update the CloudFormation stack using a change set Review the changes and update the stack

C.

Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed

D.

Use drift detection on the CloudFormation stack Use the output to update the CloudFormation template and redeploy the stack

Buy Now
Questions 23

A company's IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.

What should a SysOps Administrator do to collect this information? (Select TWO)

Options:

A.

Activate the createdBy tag in the account

B.

Analyze the usage with Amazon CloudWatch dashboards

C.

Analyze the usage with Cost Explorer

D.

Configure AWS Trusted Advisor to track resource usage

E.

Create a billing alarm in AWS Budgets

Buy Now
Questions 24

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

Options:

A.

Create and run an Amazon Inspector assessment template.

B.

Manually SSH into each instance and check the software version.

C.

Use AWS CloudTrail to verify Amazon EC2 activity in the account.

D.

Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

Buy Now
Questions 25

A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:

What is one cause of this?

Options:

A.

The cluster has Enhanced VPC Routing enabled and it must be turned off

B.

The cluster is only a single node and needs to be expanded to multi-node.

C.

The cluster login credentials are incorrect request new credentials from the Administrator

D.

The cluster nodes are running in multiple Availability Zones, and all need to be placed in a single Availability Zone.

Buy Now
Questions 26

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?

Options:

A.

Scale the cluster by adding additional nodes

B.

Scale the cluster by adding read replicas

C.

Scale the cluster by increasing CPU capacity

D.

Scale the web layer by adding additional EC2 instances

Buy Now
Questions 27

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?

Options:

A.

Use Amazon CloudFront to log the URL and forward the request

B.

Use Amazon CloudFront to rewrite the header based on the microservice and forward the request

C.

Use a Network Load Balancer (NLB) and do path-based routing

D.

Use an Application Load Balancer (ALB) and do path-based routing

Buy Now
Questions 28

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

Options:

A.

Delete the failed stack and create a new stack.

B.

Execute a change set on the failed stack.

C.

Perform an update-stack action on the failed stack.

D.

Run a validate-template command.

Buy Now
Questions 29

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?

Options:

A.

Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.

B.

Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.

C.

Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.

D.

Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.

Buy Now
Questions 30

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?

Options:

A.

Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances

B.

Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric

C.

Use a target tracking scaling policy based on the ALB’s ActiveConnectionCount metric

D.

Use a target tracking scaling policy based on the ALB’s RequestCountPerTarget metric

Buy Now
Questions 31

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

Options:

A.

Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.

B.

Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.

C.

Disable server-side encryption for objects written to the S3 bucket by the Lambda function.

D.

Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.

Buy Now
Questions 32

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?

Options:

A.

Implement an IAM policy that uses the aws:sourceConnection condition to allow access from the AWS Direct Connect connection ID only

B.

Set up a public virtual interface on the AWS Direct Connect connection

C.

Configure AWS Shield to protect the AWS Management Console from being accessed by IP addresses other than those within the data center ranges

D.

Update all the VPC network ACLs to allow access from the data center IP ranges

Buy Now
Questions 33

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?

Options:

A.

AWS Cost Explorer

B.

AWS Config

C.

AWS Organizations

D.

AWS Budgets

Buy Now
Questions 34

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?

Options:

A.

Resources tags defined in the CloudFormation template are specific to the us-east-1 Region.

B.

The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.

C.

The cfn-init script did not execute during resource provisioning in the us-west-2 Region.

D.

The IAM user was not created in the specified Region.

Buy Now
Questions 35

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

Options:

A.

The EC2 instances are in the same Availability Zone, causing contention between the two.

B.

The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.

C.

The ALB health check has failed, and the ALB has taken EC2 instances out of service.

D.

The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Buy Now
Questions 36

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

Options:

A.

Enable the CloudTrail log file integrity check in AWS Config Rules.

B.

Use CloudWatch Events to scan log files hourly.

C.

Enable CloudTrail log file integrity validation.

D.

Turn on Amazon S3 MFA Delete for the CloudTrail bucket.

E.

Implement a DENY ALL bucket policy on the CloudTrail bucket.

Buy Now
Questions 37

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?

Options:

A.

change sets What features of AWS CloudFormation will

B.

Nested stacks

C.

Stack policies

D.

StacksSets

Buy Now
Questions 38

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

Options:

A.

Create a service control policy in AWS Organizations and apply it to the development account.

B.

Create a customer managed policy in IAM and apply it to all users within the development account.

C.

Create a job function policy in IAM and apply it to all users within the development account.

D.

Create an IAM policy and apply it in API Gateway to restrict the development account.

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Apr 20, 2021
Questions: 263

PDF + Testing Engine

$70  $139.99

Testing Engine

$52.5  $104.99

PDF (Q&A)

$47.5  $94.99