US President Inauguration Day 55% Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

Questions 4

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy

What is likely to be the problem?

Options:

A.

The Amazon Machine Image used is not available in that region

B.

The AWS CloudFormation template needs to be updated to the latest version

C.

The VPC configuration parameters have changed and must be updated in the template

D.

The account has reached the default limit for VPCs allowed

Buy Now
Questions 5

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?

Options:

A.

Resources tags defined in the CloudFormation template are specific to the us-east-1 Region.

B.

The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.

C.

The cfn-init script did not execute during resource provisioning in the us-west-2 Region.

D.

The IAM user was not created in the specified Region.

Buy Now
Questions 6

A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours

Which steps will ensure that the instance maintenance does not produce an outage?

Options:

A.

Configure an Amazon Lambda function to automatically start the instance if it is stopped

B.

Create an Amazon Machine Image (AMI) of the instance and use the AMI to launch a new instance once the existing instance is retired

C.

Enable termination protection on the EC2 instance

D.

Stop and start the EC2 instance during a maintenance window outside of normal business hours

Buy Now
Questions 7

Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.

How can this be accomplished?

Options:

A.

Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.

B.

Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

C.

Send Cost and Usage Reports files to a central Amazon S3 bucket and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.

D.

Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.

Buy Now
Questions 8

An organization stores sensitive customer information in S3 buckets protected by bucket policies Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The chief information security officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.

Which steps should a SysOps administrator take to meet the CISO's requirement? (Select TWO.)

Options:

A.

Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.

B.

Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.

C.

Use Amazon Athena to query S3 Analytics reports for HTTP 403 errors, and determine the 1AM user or role making the requests.

D.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the 1AM user or role making the requests.

E.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the 1AM user or role making the requests.

Buy Now
Questions 9

A sysops administrator created an AWS Lambda function within a VPC with no access to the internet. The Lambda function pulls messages from an Amazon SOS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.

Which of the following are possible causes for this? (Select TWO.)

Options:

A.

A VPC endpoint has not been created for Amazon RDS.

B.

A VPC endpoint has not been created for Amazon SQS.

C.

The RDS security group is not allowing connections from the Lambda function.

D.

The subnet associated with the Lambda function does not have an internet gateway attached

E.

The subnet associated with the Lambda function has a NAT gateway

Buy Now
Questions 10

A company’s static website hosted on Amazon S3 was launched recently, and is being used by tens of thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.

Why are these errors occurring?

Options:

A.

The request rate to Amazon S3 is too high.

B.

There is an error with the Amazon RDS database.

C.

The requests to Amazon S3 do not have the proper permissions.

D.

The users are in different geographical region and Amazon Route 53 is restricting access.

Buy Now
Questions 11

An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.

What is the MOST secure way to grant the application access to the credentials?

Options:

A.

Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters

B.

Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters

C.

Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters

D.

Create an IAM user for the application and grant the user permission to read the Systems Manager parameters

Buy Now
Questions 12

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

Options:

A.

Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.

B.

Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.

C.

Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.

D.

Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Buy Now
Questions 13

A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.

Which solution will meet these requirements?

Options:

A.

Set up an AWS Config rule to alert based on changes to any Cloud Formation stack. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.

B.

Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.

C.

Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update:*

D.

Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource names (ARNs) of the protected resources.

Buy Now
Questions 14

A sysops administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Options:

A.

Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).

B.

Create an origin access identity and grant it permissions to read objects in the S3 bucket.

C.

Assign an 1AM user to the CloudFront distribution and whitelist the 1AM user in the S3 bucket policy.

D.

Assign an 1AM role to the CloudFront distribution and whitelist the 1AM role in the S3 bucket policy.

Buy Now
Questions 15

A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.

How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

Options:

A.

Update the EFS file system settings to enable server-side encryption using AES-256.

B.

Create a new encrypted EFS file system and copy the data from the unencrypted EFS file system to the new encrypted EFS file system.

C.

Use AWS CloudHSM to encrypt the files directly before storing them in the EFS file system.

D.

Modify the EFS file system mount options to enable Transport Layer Security (TLS) on each of the EC2 instances.

Buy Now
Questions 16

A company's Marketing department generates gigabytes of assets each day and stores them locally. They would like to protect the files by backing them up to AWS All the assets should be stored on the cloud but the most recent assets should be available locally for tow latency access

Which AWS service meets the requirements?

Options:

A.

Amazon EBS

B.

Amazon EFS

C.

Amazon S3

D.

AWS Storage Gateway

Buy Now
Questions 17

A company has an application running on a fleet of Microsoft Windows instances. Patches to the operating system need to be applied each month. AWS Systems Manager Patch Manager is used to apply the patches on a schedule.

When the fleet is being patched, customers complain about delayed service responses.

What can be done to ensure patches are deployed with MINIMAL customer impact?

Options:

A.

Change the number of instances patched at any one time to 100%.

B.

Create a snapshot of each server in the fleet using a Systems Manager Automation document before starting the patch process.

C.

Configure the maintenance window to patch 10% of the instance in the patch group at a time.

D.

Create a patched Amazon Machine Image (AMI). Configure the maintenance window option to deploy the patched AMI on only 10% of the fleet at a time.

Buy Now
Questions 18

An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.

What should the organization do to reduce costs?

Options:

A.

Purchase Reserved Instances for the specific m2 instances

B.

Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances

C.

Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.

D.

Purchase Spot Instances for the specific m2 instances

Buy Now
Questions 19

An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account.

How can a SysOps administrator achieve this while maintaining the security of the application?

Options:

A.

Create an encrypted Amazon Machine Image (AMI) of the instance and make it public to allow the other account to search and launch an instance from it.

B.

Create an AMI of the instance, add permissions for the AMI to the other AWS account, and start a new instance in the new region by using that AMI.

C.

Create an AMI of the instance, copy the AMI to the new region, add permissions for the AMI to the other AWS account, and start the new instance.

D.

Create an encrypted snapshot of the instance and make it public Provide only permissions to decrypt to the other AWS account.

Buy Now
Questions 20

A sysops administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.

How should this report be generated?

A, Access the Cloud Trail logs stored in the Amazon S3 bucket tied to Cloud Trail. Use Amazon Athena to extract the information needed to generate the report

B. Locate the monthly reports that CloudTrail sends that are emailed to the account's root user. Forward the reports to the auditor using a secure channel

C. Use the AWS Management Console to search for the user name in the CloudTrail history. Filter by API and download the report in CSV format

D. Use the CloudTrail digest files stored in the company's Amazon S3 bucket. Send the logs to Amazon QuickSight to create the report.

Options:

Buy Now
Questions 21

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

Options:

A.

Delete the failed stack and create a new stack.

B.

Execute a change set on the failed stack.

C.

Perform an update-stack action on the failed stack.

D.

Run a validate-template command.

Buy Now
Questions 22

An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.

What is the MOST cost-effective way to run this workload?

Options:

A.

Run the application on On-Demand EC2 instances. Run the jobs on Spot Instances with a specified duration.

B.

Run the application on Reserved Instance EC2 instances. Run the jobs on AWS Lambda.

C.

Run the application on On-Demand EC2 instances. Run the jobs on On-Demand EC2 instances.

D.

Run the application on Reserved instance EC2 instances. Run the jobs on Spot Instances with a specified duration.

Buy Now
Questions 23

A SysOps Administrator must take a team’s single existing AWS CloudFormation template and split it into

smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.

What should the Administrator do to ensure that this S3 bucket can be referenced by all the service

templates?

Options:

A.

Include the S3 bucket as a mapping in each template.

B.

Add the S3 bucket as a resource in each template.

C.

Create the S3 bucket in its own template and export it.

D.

Generate the S3 bucket using StackSets.

D18912E1457D5D1DDCBD40AB3BF70D5D

Buy Now
Questions 24

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

Options:

A.

The EC2 instances are in the same Availability Zone, causing contention between the two.

B.

The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.

C.

The ALB health check has failed, and the ALB has taken EC2 instances out of service.

D.

The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Buy Now
Questions 25

A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront

What is the MOST cost-effective way to achieve this?

Options:

A.

Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL

B.

Create an ALIAS record in Amazon Route 53 that points to the CloudFront distribution URL

C.

Creole an A record in Amazon Route 53 that points to the public IP address of the web application

D.

Create a PTR record in Amazon Route 53 that points to the public IP address of the web application

Buy Now
Questions 26

A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.

What will be the result of this configuration?

Options:

A.

Amazon CloudWatch will not capture the data because it is in the future.

B.

Amazon CloudWatch will accept the custom metric data and record it.

C.

The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.

D.

The Amazon CloudWatch agent will agent check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

Buy Now
Questions 27

An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.

How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?

Options:

A.

Deploy a second CloudFormation stack and use Amazon Route 53 to redirect traffic to the new stack.

B.

Run the awa cloudformation update-atack command with the —rollback-configuration option.

C.

Set an AutoScal ingRollingUpdate policy in the CloudFormation template to update the stack.

D.

Update the CloudFormation template with the new AMI ID. then reboot the EC2 instances.

Buy Now
Questions 28

A sysops administrator is creating two AWS Cloud Formation templates The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway The second template will deploy application resources within the VPC that was created by the first template The second template should refer to the resources created by the first template

How can this be accomplished with the LEAST amount of administrative effort?

Options:

A.

Add an export field to the outputs of the first template and import the values in the second template

B.

Create a custom resource that queries the stack created by the first template and retrieves the required values.

C.

Create a mapping in the first template that is referenced by the second template

D.

Input the names of resources in the first template and refer to those names in the second template as a parameter

Buy Now
Questions 29

A SysOps administrator is maintaining an application running on Amazon EBS-backed Amazon EC2 instances in an Amazon EC2 Auto scaling group. The application is set to automatically terminate unhealthy instances. The administrator wants to preserve application logs from these instances for failure analysis.

Which action will accomplish this?

Options:

A.

Change the storage type from EBS to instance stone.

B.

Configure an Amazon CloudWatch Events rule to transfer the logs to Amazon S3 upon an EC2 state change to terminate.

C.

Configure the unified CloudWatch agent to stream the logs to Amazon CloudWatch Logs.

D.

Configure VPC Flow logs for the subnet hosting the EC2 instance.

Buy Now
Questions 30

A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The administrator notices an increase in the httpcode_ELS_5xx_Count Amazon CloudWatch metric for the load balancer.

What is the possible cause for this increase?

Options:

A.

The ALB Is associated with private subnets within the VPC.

B.

The ALB received a request from a client, but the client closed the connection.

C.

The ALB security group is not configured to allow inbound traffic from the users.

D.

The ALB target group does not contain healthy EC2 instances.

Buy Now
Questions 31

A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.

How can this be accomplished?

Options:

A.

Create an Auto Scaling target tracking scaling policy to gradually move traffic the old version to the new one

B.

Change the Application Load Balancer to a Network Load Balancer, then add both Auto Scaling groups as targets

C.

Use an Amazon Route 53 weighted routing policy to gradually move traffic from the old version to the new one

D.

Deploy Amazon Redshift to gradually move traffic from the old version to the new one using a set of predefined values

Buy Now
Questions 32

A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.

What should the Administrator do to restore the user's file from the snapshot?

Options:

A.

Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.

B.

Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.

C.

Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.

D.

Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.

Buy Now
Questions 33

A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.

Which AWS tool will provide the necessary information?

Options:

A.

AWS Macie

B.

AWS Artifact

C.

AWS OpsWorks

D.

AWS Organizations

Buy Now
Questions 34

A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.

How can the Administrator achieve this requirement?

Options:

A.

Use Amazon Inspector and Amazon CloudWatch Events.

B.

Use AWS Trusted Advisor and Amazon CloudWatch Events.

C.

Use the Personal Health Dashboard and CloudWatch Events.

D.

Use AWS CloudTrail and CloudWatch Events.

Buy Now
Questions 35

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?

Options:

A.

Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.

B.

Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.

C.

Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.

D.

Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.

Buy Now
Questions 36

A popular auctioning platform requires near-real-time access to dynamic bidding information The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during peak bidding sessions and can no longer be resized. To improve application performance, a SysOps Administrator is evaluating Amazon ElastiCache and has chosen Redis over Memcached

What advantages will this solution provide? (Select TWO )

Options:

A.

Data partitioning

B.

Multi-threaded processing

C.

Multi-AZ with automatic failover

D.

Multi-region with automatic failover

E.

Online resharding

Buy Now
Questions 37

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

Options:

A.

Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

Buy Now
Questions 38

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

Options:

A.

Back up the current KMS key and enable automatic key rotation.

B.

Create a new key in AWS KMS and assign the key to Amazon EBS.

C.

Enable automatic key rotation of the EBS volume key in AWS KMS.

D.

Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Jan 19, 2021
Questions: 254

PDF + Testing Engine

$58.5  $129.99

Testing Engine

$42.75  $94.99

PDF (Q&A)

$38.25  $85.00