Recommend!!

Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

Amazon-Web-Services
Exam Questions SOA-C02
AWS Certified SysOps Administrator - Associate (SOA-C02)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

NEW QUESTION 1
- (Exam Topic 1)
An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users
access to all AWS resources Currently the organization handles access via LDAP group membership
What is the BEST method to allow access using current LDAP credentials?

A. Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD
B. Create a Lambda function to read LDAP groups and automate the creation of IAM users
C. Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server
D. Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions

Answer: D

NEW QUESTION 2
- (Exam Topic 1)
A company has an application that is running on Amazon EC2 instances in a VPC. The application needs access to download software updates from the internet.
The VPC has public subnets and private signets. The company's security policy requires all ECS instances to be deployed in private subnets
What should a SysOps administrator do to meet those requirements?

A. Add an internet gateway to the VPC In the route table for the private subnets, odd a route to the interne; gateway.
B. Add a NAT gateway to a private subne
C. In the route table for the private subnets, add a route to the NAT gateway.
D. Add a NAT gateway to a public subnet in the route table for the private subnets, add a route to the NAT gateway.
E. Add two internet gateways to the VP
F. In The route tablet for the private subnets and public subnets, add a route to each internet gateway.

Answer: C

NEW QUESTION 3
- (Exam Topic 1)
A SysOps administrator applies the following policy to an AWS CloudFormation stack:

What is the result of this policy?

A. Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command.
B. Users can update all resources in the stack except for resources that have a logical ID that begins with "Production".
C. Users can update all resources in the stack except for resources that have an attribute that begins with "Production".
D. Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command.

Answer: B

NEW QUESTION 4
- (Exam Topic 1)
A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2
instances The instances all exist in the same VPC across multiple Availability Zones. There are two instances In each Availability Zone. The SysOps administrator
must make the file system accessible to each instance with the lowest possible latency.
Which solution will meet these requirements?

A. Create a mount target for the EFS file system in the VP

B. Use the mount target to mount the file system on each of the instances
C. Create a mount target for the EFS file system in one Availability Zone of the VP
D. Use the mount target to mount the file system on the instances in that Availability Zon
E. Share the directory with the other instances.
F. Create a mount target for each instanc

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

G. Use each mount target to mount the EFS file system on each respective instance.
H. Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective Availability
Zone.

Answer: D

Explanation:
A mount target provides an IP address for an NFSv4 endpoint at which you can mount an Amazon EFS file system. You mount your file system using its Domain
Name Service (DNS) name, which resolves to the IP address of the EFS mount target in the same Availability Zone as your EC2 instance. You can create one
mount target in each Availability Zone in an AWS Region. If there are multiple subnets in an Availability Zone in your VPC, you create a mount target in one of the
subnets. Then all EC2 instances in that Availability Zone share that mount target. https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html

NEW QUESTION 5
- (Exam Topic 1)
A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The
company uses Amazon Route 53 for its website's DNS solution.
Which configuration will meet these requirements?

A. Create a failover routing polic

B. Within the policy, configure 80% of the website traffic to be sent to the original resourc
C. Configure the remaining 20% of traffic as the failover record that points to the new resource.
D. Create a multivalue answer routing polic
E. Within the policy, create 4 records with the name and IP address of the original resourc
F. Configure 1 record with the name and IP address of the new resource.
G. Create a latency-based routing polic
H. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.
I. Create a weighted routing polic
J. Within the policy, configure a weight of 80 for the record pointing to the original resourc
K. Configure a weight of 20 for the record pointing to the new resource.

Answer: C

NEW QUESTION 6
- (Exam Topic 1)
A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the
noncompliant instance should be terminated.
What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each
instance is complian
B. Terminate any noncompliant instances.
C. Create an IAM policy that enforces all EC2 instance tag requirement
D. If the required tags are not in place for an instance, the policy will terminate noncompliant instance.
E. Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncomplian
F. Schedule the Lambda function to invoke every 5 minutes.
G. Create an AWS Config rule to check if the required tags are presen
H. If an EC2 instance is noncompliant, invoke an AWS Systems Manager Automation document to terminate the instance.

Answer: D

Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html

NEW QUESTION 7
- (Exam Topic 1)
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2
instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network
interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.
A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.
What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?

A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.

Answer: C

NEW QUESTION 8
- (Exam Topic 1)
A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.
Which solution will meet these requirements?

A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volum
B. Configure AWS Key Management Service (AWS KMS) encryption.
C. Store the data in an Amazon S3 Glacier vaul
D. Configure a vault lock policy for write-once, read-many (WORM) access.
E. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.
F. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

Answer: B

Explanation:
To meet the requirements of the workload, a company should store the data in an Amazon S3 Glacier vault and configure a vault lock policy for write-once, read-
many (WORM) access. This will ensure that the data is stored securely and cannot be edited in the future. The other solutions (storing the data in an Amazon
Elastic Block Store (Amazon EBS) volume and configuring AWS Key Management Service (AWS KMS) encryption, storing the data in Amazon S3 Standard-
Infrequent Access (S3 Standard-IA) and configuring server-side encryption, or storing the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) and
configuring multi-factor authentication (MFA)) will not meet the requirements, as they do not provide a way to protect the audit logs from future edits.
https://docs.aws.amazon.com/zh_tw/AmazonS3/latest/userguide/object-lock.html

NEW QUESTION 9
- (Exam Topic 1)
The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The
team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.
Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

A. AWS Trusted Advisor

B. Amazon Inspector
C. AWS Config
D. AWS Organizations

Answer: A

NEW QUESTION 10
- (Exam Topic 1)
A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront
distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an
unintended side effect, mobile users are now being served the desktop version of the website.
Which action should a SysOps administrator take to resolve this issue?

A. Configure the CloudFront distribution behavior to forward the User-Agent header.

B. Configure the CloudFront distribution origin setting
C. Add a User-Agent header to the list of origin custom headers.
D. Enable IPv6 on the AL
E. Update the CloudFront distribution origin settings to use the dualstack endpoint.
F. Enable IPv6 on the CloudFront distributio
G. Update the Route 53 record to use the dualstack endpoint.

Answer: A

Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-

NEW QUESTION 10
- (Exam Topic 1)
A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the member accounts want to
receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM
permissions for all users are correct. What could be the cause of this issue?

A. The management/payer account does not have billing alerts turned on.
B. The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the
management/payer account.
C. Amazon GuardDuty is turned on for all the accounts.
D. The company has not configured an AWS Config rule to monitor billing.

Answer: B

NEW QUESTION 14
- (Exam Topic 1)
A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?

A. Log in to the RDS console and select the encryption box to encrypt the database
B. Create a new encrypted Amazon EBS volume and attach it to the instance
C. Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
D. Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance

Answer: D

NEW QUESTION 19
- (Exam Topic 1)
A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket Which of the following does this feature replicate to the
destination S3 bucket by default?

A. Objects in the source S3 bucket for which the bucket owner does not have permissions
B. Objects that are stored in S3 Glacier
C. Objects that existed before replication was configured
D. Object metadata

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

Answer: B

NEW QUESTION 23
- (Exam Topic 1)
A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the
Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.
What is the MOST operationally efficient solution that will improve the application's responsiveness?

A. Configure CloudWatch logging on the EC2 instanc

B. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.
C. Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency.
D. Create an Auto Scaling group, and assign it to an Application Load Balance
E. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group.
F. Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%.Configure the alarm to invoke an AWS Lambda function
that vertically scales the instance.

Answer: C

NEW QUESTION 28
- (Exam Topic 1)
A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance
application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps
administrator must reduce the cost of running the application without affecting the application's availability or design.
Which solution will meet these requirements?

A. Reduce the number of application servers.

B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.
C. Provision an Application Load Balancer in front of the instances.
D. Scale up the instance size of the application servers.

Answer: C

NEW QUESTION 29
- (Exam Topic 1)
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones The
application uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests tor dynamic content to the load balancer and requests for
static content to an Amazon S3 bucket Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Select TWO )

A. Add Amazon CloudFront caching for static content

B. Change the load balancer listener from HTTPS to TCP
C. Enable Amazon Route 53 latency-based routing
D. Implement Amazon EC2 Auto Scaling for the web servers
E. Move the static content from Amazon S3 to the web servers

Answer: AD

NEW QUESTION 31
- (Exam Topic 1)
A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are
attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the
DiskWriteBytes metric.
A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold.
However, the CloudWatch alarms were not in ALARM state.
Which action will ensure that the CloudWatch alarms function correctly?

A. Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.
B. Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.
C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.
D. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

Answer: A

NEW QUESTION 33
- (Exam Topic 1)
A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new
deployments at all times.
Which deployment policies satisfy this requirement? (Select TWO.)

A. All at once
B. Immutable
C. Rebuild
D. Rolling
E. Rolling with additional batch

Answer: BE

Explanation:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

NEW QUESTION 35
- (Exam Topic 1)
A company needs to implement a managed file system to host Windows file shares for users on premises. Resources in the AWS Cloud also need access to the
data on these file shares. A SysOps administrator needs to present the user file shares on premises and make the user file shares available on AWS with
minimum latency.
What should the SysOps administrator do to meet these requirements?

A. Set up an Amazon S3 File Gateway.

B. Set up an AWS Direct Connect connection.
C. Use AWS DataSync to automate data transfers between the existing file servers and AWS.
D. Set up an Amazon FSx File Gateway.

Answer: D

Explanation:
Amazon FSx provides a fully managed file system that is optimized for Windows-based workloads and can be used to create file shares that can be accessed both
on premises and in the AWS Cloud. The file shares that are created in Amazon FSx are highly available and can be accessed with low latency. Additionally,
Amazon FSx supports Windows-based authentication, making it easy to integrate with existing Windows user accounts.
References:
[1] https://aws.amazon.com/fsx/
[2] https://aws.amazon.com/storage/file-storage/
[3] https://docs.aws.a

NEW QUESTION 38
- (Exam Topic 1)
A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps
administrator creates the following policy:

Which actions does this policy allow? (Select TWO.)

A. Create an AWS Storage Gateway.

B. Create an IAM role for an AWS Lambda function.
C. Delete an Amazon Simple Queue Service (Amazon SQS) queue.
D. Describe AWS load balancers.
E. Invoke an AWS Lambda function.

Answer: DE

NEW QUESTION 40
- (Exam Topic 1)
A company uses AWS Organizations to manage its AWS accounts. A SysOps administrator must create a backup strategy for all Amazon EC2 instances across
all the company's AWS accounts.
Which solution will meet these requirements In the MOST operationally efficient way?

A. Deploy an AWS Lambda function to each account to run EC2 instance snapshots on a scheduled basis.
B. Create an AWS CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance
C. Use AWS Backup In the management account to deploy policies for all accounts and resources.
D. Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account.

Answer: B

NEW QUESTION 41
- (Exam Topic 1)
A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps administrator has noticed consistently high latency in responses
as data is transferred among the four instances. There is no way for the administrator to alter the application code.
The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A. a dedicated VPC.
B. a single subnet inside the VPC.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

C. a placement group.
D. a single Availability Zone.

Answer: C

NEW QUESTION 42
- (Exam Topic 1)
A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each
Lambda function. How should a SysOps administrator provide these recommendations?

A. Create an AWS Serverless Application Repository and export the Lambda function recommendations.
B. Enable AWS Compute Optimizer and export the Lambda function recommendations
C. Enable all features of AWS Organization and export the recommendations from AWS CloudTrailInsights.
D. Run AWS Trusted Advisor and export the Lambda function recommendations

Answer: B

NEW QUESTION 43
- (Exam Topic 1)
A SysOps administrator wants to upload a file that is 1 TB in size from on-premises to an Amazon S3 bucket using multipart uploads. What should the SysOps
administrator do to meet this requirement?

A. Upload the file using the S3 console.

B. Use the s3api copy-object command.
C. Use the s3api put-object command.
D. Use the s3 cp command.

Answer: D

Explanation:
It's a best practice to use aws s3 commands (such as aws s3 cp) for multipart uploads and downloads, because these aws s3 commands automatically perform
multipart uploading and downloading based on the file size. By comparison, aws s3api commands, such as aws s3api create-multipart-upload, should be used only
when aws s3 commands don't support a specific upload need, such as when the multipart upload involves multiple servers, a multipart upload is manually stopped
and resumed later, or when the aws s3 command doesn't support a required request parameter.
https://aws.amazon.com/premiumsupport/knowledge-center/s3-multipart-upload-cli/

NEW QUESTION 48
- (Exam Topic 1)
A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting
vulnerability that could expose user data
Which AWS service will mitigate this issue?

A. AWS Shield Standard

B. AWS WAF
C. Elastic Load Balancing
D. Amazon Cognito

Answer: B

Explanation:
https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/

NEW QUESTION 53
- (Exam Topic 1)
A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to
appear on the billing report.
What should the SysOps administrator do to meet this requirement?

A. Activate the tags as AWS generated cost allocation tags.

B. Activate the tags as user-defined cost allocation tags.
C. Create a new cost categor
D. Select the account billing dimension.
E. Create a new AWS Cost and Usage Repor
F. Include the resource IDs.

Answer: B

Explanation:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/custom-tags.html "User-defined tags are tags that you define, create, and apply to resources. After
you have created and applied the user-defined tags, you can activate by using the Billing and Cost Management console for cost allocation tracking. "
To meet this requirement, the SysOps administrator should activate the company-defined tags as user-defined cost allocation tags. This will ensure that the tags
appear on the billing report and that the resources can be tracked with the specific tags. The other options (activating the tags as AWS generated cost allocation
tags, creating a new cost category and selecting the account billing dimension, and creating a new AWS Cost and Usage Report and including the resource IDs)
will not meet the requirements and are not the correct solutions for this issue.

NEW QUESTION 55
- (Exam Topic 1)
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests
Where can the administrator find this information?

A. Auto Scaling logs

B. AWS CloudTrail logs
C. EC2 instance logs
D. Elastic Load Balancer access logs

Answer: D

Explanation:
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the
time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns
and troubleshoot issues.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html

NEW QUESTION 60
- (Exam Topic 1)
A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the
VPC is prohibited. After adding and configuring the required components to the VPC. the administrator is unable to connect to any of the domains that reside on
the internet.
What additional route destination rule should the administrator add to the route tables?

A. Route ;:/0 traffic to a NAT gateway

B. Route ::/0 traffic to an internet gateway
C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
D. Route ::/0 traffic to an egress-only internet gateway

Answer: D

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html

NEW QUESTION 65
- (Exam Topic 1)
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides
in a data center with a NAT gateway in front of it
What address should be used to create the customer gateway resource?

A. The private IP address of the customer gateway device

B. The MAC address of the NAT device in front of the customer gateway device
C. The public IP address of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway device

Answer: D

NEW QUESTION 66
- (Exam Topic 1)
A SysOos administrator s tasked with analyzing database performance. The database runs on a single Amazon RDS D6 instance. The SysOps administrator finds
that, during times of peak traffic, resources on the database are over utilized due to the amount of read traffic.
Which actions should the SysOps administrator take to improve RDS performance? (Select TWO.)

A. Add a read replica.

B. Modify the application to use Amazon ElastiCache for Memcached.
C. Migrate the database from RDS to Amazon DynamoDB.
D. Migrate the database to Amazon EC2 with enhanced networking enabled
E. Upgrade the database to a Multi-AZ deployment.

Answer: AB

NEW QUESTION 71
- (Exam Topic 1)
A software company runs a workload on Amazon EC2 instances behind an Application Load Balancer (ALB) A SysOcs administrator needs to define a custom
health check for the EC2 instances. What is the MOST operationally efficient solution?

A. Set up each EC2 Instance so that it writes its healthy/unhealthy status into a shared Amazon S3 bucket for the ALB to read
B. Configure the health check on the ALB and ensure that the HeathCheckPath setting s correct
C. Set up Amazon ElasticCache to track the EC2 instances as they scale in and out
D. Configure an Amazon API Gateway health check to ensure custom checks on aw of the EC2 instances

Answer: B

NEW QUESTION 76
- (Exam Topic 1)
A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service Which of the following is the cause of this issue?

A. The IAM password is incorrect

B. The server certificate is missing

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

C. The SSH key pair is incorrect

D. There is no access key

Answer: C

NEW QUESTION 77
- (Exam Topic 1)
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level
access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must
set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A. Specify "' as the principal and PrincipalOrgld as a condition.

B. Specify all account numbers as the principal.
C. Specify PrincipalOrgld as the principal.
D. Specify the organization's management account as the principal.

Answer: A

Explanation:
https://aws.amazon.com/blogs/security/control-access-to-aws-resources-by-using-the-aws-organization-of-iam-p

NEW QUESTION 78
- (Exam Topic 1)
A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.)

A. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Answer: CE

Explanation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html
You can set the default encryption behavior on an Amazon S3 bucket so that all objects are encrypted when they are stored in the bucket. The objects are
encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) customer master keys
(CMKs).
https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/ How to Prevent Uploads of Unencrypted Objects to Amazon
S3#
By using an S3 bucket policy, you can enforce the encryption requirement when users upload objects, instead of assigning a restrictive IAM policy to all users.

NEW QUESTION 81
- (Exam Topic 1)
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing
a solution to stop these EC2 instances when they are not in use.
Which solution will meet this requirement?

A. Assess AWS CloudTrail logs to verify that there is no EC2 API activit
B. Invoke an AWS Lambda function to stop the EC2 instances.
C. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
D. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.
E. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.

Answer: B

Explanation:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html#AddingStopActi

NEW QUESTION 86
- (Exam Topic 1)
A SysOps administrator receives notification that an application that is running on Amazon EC2 instances has failed to authenticate to an Amazon RDS database
To troubleshoot, the SysOps administrator needs to investigate AWS Secrets Manager password rotation
Which Amazon CloudWatch log will provide insight into the password rotation?

A. AWS CloudTrail logs

B. EC2 instance application logs
C. AWS Lambda function logs
D. RDS database logs

Answer: B

NEW QUESTION 89
- (Exam Topic 1)
A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows
instance. The change is not reflected in the file system.
What should a SysOps administrator do to resolve this issue?

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

A. Extend the file system with operating system-level tools to use the new storage capacity.
B. Reattach the EBS volume to the EC2 instance.
C. Reboot the EC2 instance that is attached to the EBS volume.
D. Take a snapshot of the EBS volum
E. Replace the original volume with a volume that is created from the snapshot.

Answer: B

NEW QUESTION 92
- (Exam Topic 1)
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report
that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

A. Configure the file system for Provisioned Throughput.

B. Enable encryption in transit on the file system.
C. Identify any unused files in the file system, and remove the unused files.
D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Answer: A

NEW QUESTION 94
- (Exam Topic 1)
A company uses AWS Organizations to manage multiple AWS accounts. The company's SysOps team has been using a manual process to create and manage
1AM roles. The team requires an automated solution to create and manage the necessary 1AM roles for multiple AWS accounts.
What is the MOST operationally efficient solution that meets these requirements?

A. Create AWS CloudFormation template

B. Reuse the templates to create the necessary 1AM roles in each of the AWS accounts.
C. Use AWS Directory Service with AWS Organizations to automatically associate the necessary 1AM roles with Microsoft Active Directory users.
D. Use AWS Resource Access Manager with AWS Organizations to deploy and manage shared resources across the AWS accounts.
E. Use AWS CloudFormation StackSets with AWS Organizations to deploy and manage 1AM roles for the AWS accounts.

Answer: D

NEW QUESTION 95
- (Exam Topic 1)
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an
EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability
Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
B. The ALB was configured for only two Availability Zones.
C. The Auto Scaling group was configured for only two Availability Zones.
D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Answer: C

Explanation:
the autoscaling group is responsable to add the instances in the subnets

NEW QUESTION 96
- (Exam Topic 1)
A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks
a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.
Which solution should the SysOps administrator implement to meet these requirements?

A. Create a second EC2 instance for MySQ

B. Configure the second instance to be a read replica.
C. Migrate the database to an Amazon Aurora DB cluste
D. Add an Aurora Replica.
E. Migrate the database to an Amazon Aurora multi-master DB cluster.
F. Migrate the database to an Amazon RDS for MySQL DB instance.

Answer: C

NEW QUESTION 100

- (Exam Topic 1)
A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company's
security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.
Which solution will meet these requirements in the MOST secure manner?

A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM use
B. Share the user credentials with the security administrator.
C. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC action
D. Assign the policy to an IAMuse

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

E. Share the user credentials with the security administrator.

F. Create an IAM policy in each developer account that has administrator access related to VPC resources.Assign the policy to a cross-account IAM rol
G. Ask the security administrator to assume the role from their account.
H. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the
security administrator to assume the role from their account.

Answer: D

NEW QUESTION 102

- (Exam Topic 1)
A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware
maintenance. Which option would provide this information with the LEAST administrative overhead?

A. Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring

B. List any instances with failed system status checks using the AWS Management Console
C. Monitor AWS CloudTrail for Stopinstances API calls
D. Review the AWS Personal Health Dashboard

Answer: D

Explanation:
https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html

NEW QUESTION 104

- (Exam Topic 1)
An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When
viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the SysOps administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Choose two.)

A. Add an additional node to the ElastiCache cluster.

B. Increase the ElastiCache time to live (TTL).
C. Increase the individual node size inside the ElastiCache cluster.
D. Put an Elastic Load Balancer in front of the ElastiCache cluster.
E. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.

Answer: AC

Explanation:
https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS-Certified-SysOps-Administrator

NEW QUESTION 108

- (Exam Topic 1)
A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users
are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all
users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.
B. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.
C. Restrict the IAM users to use of the console, as MFA is not supported for CLI use.
D. Require users to use temporary credentials from the get-session token command to sign API calls.

Answer: D

NEW QUESTION 109

- (Exam Topic 1)
A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The
company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.
What is the MOST cost-effective way to resize the cluster?

A. Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.
B. Deploy a new ElastiCache for Redis cluster that uses large node type
C. Migrate the data from the original cluster to the new cluste
D. After the process is complete, shut down the original duster.
E. Deploy a new ElastiCache for Redis cluster that uses large node type
F. Take a backup from the original cluster, and restore the backup in the new cluste
G. After the process is complete, shut down the original cluster.
H. Perform an online resizing for the ElastiCache for Redis cluste
I. Change the node types from extra-large nodes to large nodes.

Answer: D

Explanation:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/scaling-redis-cluster-mode-enabled.html As demand on your clusters changes, you might decide
to improve performance or reduce costs by changing the number of shards in your Redis (cluster mode enabled) cluster. We recommend using online horizontal
scaling to do so, because it allows your cluster to continue serving requests during the scaling process.
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/redis-cluster-vertical-scaling-scaling-down.html

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

NEW QUESTION 111

- (Exam Topic 1)
A company stores files on 50 Amazon S3 buckets in the same AWS Region The company wants to connect to the S3 buckets securely over a private connection
from its Amazon EC2 instances The company needs a solution that produces no additional cost
Which solution will meet these requirements?

A. Create a gateway VPC endpoint lor each S3 bucket Attach the gateway VPC endpoints to each subnet inside the VPC
B. Create an interface VPC endpoint (or each S3 bucket Attach the interface VPC endpoints to each subnet inside the VPC
C. Create one gateway VPC endpoint for all the S3 buckets Add the gateway VPC endpoint to the VPC route table
D. Create one interface VPC endpoint for all the S3 buckets Add the interface VPC endpoint to the VPC route table

Answer: C

NEW QUESTION 115

- (Exam Topic 1)
A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The
application's usage varies by season and by day of the week.
The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak
activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple
times.
A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency.
Which solution will meet these requirements?

A. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluste

B. Modify the application to check the cache before the application issues new queries to the databas
C. Add the results of any queries to the cache.
D. Deploy an Aurora Replica for the DB cluste
E. Modify the application to use the reader endpoint for search operation
F. Use Aurora Auto Scaling to scale the number of replicas based on loa
G. Most Voted
H. Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.
I. Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the applicatio
J. Use Aurora Auto Scaling to scale the instance size based on load.

Answer: B

Explanation:
https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/aurora-replicas-adding.html

NEW QUESTION 116

- (Exam Topic 1)
A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes
unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the
ability to manage file permissions by using Windows ACLs.
Which solution will net these requirements?

A. Create a single AWS Storage Gateway file gateway.

B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
C. Deploy two AWS Storage Gateway file gateways across two Availability Zone
D. Configure an Application Load Balancer in front of the file gateways.
E. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file system
F. Configure Microsoft Distributed File System Replication (DFSR).

Answer: B

Explanation:
https://aws.amazon.com/fsx/windows/

NEW QUESTION 120

- (Exam Topic 1)
A SysOps administrator must configure a resilient tier of Amazon EC2 instances for a high performance computing (HPC) application. The HPC application
requires minimum latency between nodes
Which actions should the SysOps administrator take to meet these requirements? (Select TWO.)

A. Create an Amazon Elastic File System (Amazon EPS) file system Mount the file system to the EC2 instances by using user data
B. Create a Multi-AZ Network Load Balancer in front of the EC2 instances
C. Place the EC2 instances in an Auto Scaling group within a single subnet
D. Launch the EC2 instances into a cluster placement group
E. Launch the EC2 instances into a partition placement group

Answer: AD

NEW QUESTION 123

- (Exam Topic 1)
A company has a mobile app that uses Amazon S3 to store images The images are popular for a week, and then the number of access requests decreases over
time The images must be highly available and must be immediately accessible upon request A SysOps administrator must reduce S3 storage costs for the
company Which solution will meet these requirements MOST cost-effectively?

A. Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

B. Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days
C. Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days
D. Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days

Answer: D

NEW QUESTION 128

- (Exam Topic 1)
A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to
deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the
CloudFront distribution.
How should a SysOps administrator create a new record for the subdomain in Route 53?

A. Create a CNAME recor

B. Enter static.cloudfront.net as the record nam
C. Enter the CloudFront distribution's public IP address as the value.
D. Create a CNAME recor
E. Enter static.example.com as the record nam
F. Enter the CloudFront distribution's private IP address as the value.
G. Create an A recor
H. Enter static.cloudfront.net as the record nam
I. Enter the CloudFront distribution's ID as an alias target.
J. Create an A recor
K. Enter static.example.com as the record nam
L. Enter the CloudFront distribution's domain name as an alias target.

Answer: D

Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html

NEW QUESTION 129

- (Exam Topic 1)
A company’s SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company’s accounts. The accounts are part of an
organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts
from each account’s Personal Health Dashboard.
Which solution will meet this requirement with the LEAST amount of effort?

A. Enable organizational view in AWS Health.

B. Configure the Personal Health Dashboard in each account to forward events to a central AWS CloudTrail log.
C. Create an AWS Lambda function to query the AWS Health API and to write all events to an Amazon DynamoDB table.
D. Use the AWS Health API to write events to an Amazon DynamoDB table.

Answer: A

Explanation:
Enabling the organizational view in AWS Health will allow the SysOps administrator to consolidate the alerts from each account’s Personal Health Dashboard. It
will also provide the administrator with a single view of all the accounts in the organization, allowing them to easily monitor the health of all the accounts in the
organization.
Reference:
[1] https://aws.amazon.com/premiumsupport/knowledge-center/organizational-view-health-dashboard/

NEW QUESTION 134

- (Exam Topic 1)
A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of hostl .onprem.private. The other
application runs on an Amazon EC2 instance that has a hostname of hostl.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-
premises network and AWS.
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must
implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?

A. Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zon
B. Associate the resolver with the VPC of the EC2 instanc
C. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
D. Set up an Amazon Route 53 inbound resolver endpoin
E. Associate the resolver with the VPC of the EC2 instanc
F. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
G. Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zon
H. Associate the resolver with the AWS Region of the EC2 instanc
I. Configure theon-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
J. Set up an Amazon Route 53 outbound resolver endpoin
K. Associate the resolver with the AWS Region of the EC2 instanc
L. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.

Answer: C

NEW QUESTION 136

- (Exam Topic 1)
A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately What should the SysOps

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

administrator do to meet these requirements WITHOUT writing custom code''

A. Add the AWS account to AWS Organizations Enable CloudTrail in the management account
B. Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action
C. Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail
D. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to
enable CloudTrail

Answer: B

NEW QUESTION 140

- (Exam Topic 1)
A company wants to archive sensitive data on Amazon S3 Glacier. The company's regulatory and compliance requirements do not allow any modifications to the
data by any account.
Which solution meets these requirements?

A. Attach a vault lock policy to an S3 Glacier vault that contains the archived dat
B. Use the lock ID to validate the vault lock policy after 24 hours.
C. Attach a vault lock policy to an S3 Glacier vault that contains the archived dat
D. Use the lock ID to validate the vault lock policy within 24 hours.
E. Configure S3 Object Lock in governance mod
F. Upload all files after 24 hours.
G. Configure S3 Object Lock in governance mod
H. Upload all files within 24 hours.

Answer: B

NEW QUESTION 143

- (Exam Topic 1)
A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While
discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

A. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
B. Create an origin access identity and grant it permissions to read objects in the S3 bucket.
C. Assign an 1AM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
D. Assign an 1AM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.

Answer: B

Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3

NEW QUESTION 144

- (Exam Topic 1)
A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at that
times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00,7 days a week
How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?

A. Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%
B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is
available at 09:00 Create a second scheduled scaling policy that scales in the fleet at 17:00
C. Set the Auto Scaling group to start with 2 instances by setting the desired instances maximum instances, and minimum instances to 2 Create a scheduled
scaling policy that ensures that the fleet is available at 09:00
D. Create a scheduled scaling policy that ensures that the fleet is available at 09.00. Create a second scheduled scaling policy that scales in the fleet at 17:00

Answer: B

NEW QUESTION 145

- (Exam Topic 1)
A company is creating a new multi-account architecture. A Sysops administrator must implement a login solution to centrally manage user access and permissions
across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language
(SAML) 2.0 identity provider (IdP).
What should the SysOps administrator do to meet these requirements?

A. Configure an Amazon Cognito user poo

B. Integrate the user pool with the third-party IdP.
C. Enable and configure AWS Single Sign-On with the third-party IdP.
D. Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization.
E. Integrate the third-party IdP directly with AWS Organizations.

Answer: A

NEW QUESTION 150

- (Exam Topic 1)
A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a
separate microservice running on a different Amazon EC2 instance. The administrator has been tasked with reconfiguring the infrastructure to support this
approach.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

How can the administrator accomplish this with the LEAST administrative overhead?

A. Use Amazon CloudFront to log the URL and forward the request.
B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request.
C. Use an Application Load Balancer (ALB) and do path-based routing.
D. Use a Network Load Balancer (NLB) and do path-based routing.

Answer: C

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-achieve-path-based-routing-alb/

NEW QUESTION 152

- (Exam Topic 1)
A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon
Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.
According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the
company’s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.
Which action should the SysOps administrator take to meet these requirements?

A. Increase the size of the 1 GiB EBS volumes.

B. Add two additional elastic network interfaces on each EC2 instance.
C. Turn on Transfer Acceleration on the EBS volumes in the Region.
D. Add all the EC2 instances to a cluster placement group.

Answer: A

Explanation:
Increasing the size of the 1 GiB EBS volumes will increase the IOPS capacity of the volumes, which will improve the I/O performance of the EBS volumes. This
option does not require any changes to the instance types or EBS volume types, so it can be done quickly without the need for lengthy acceptance tests to validate
that the company's applications will function properly.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/requesting-ebs-volume-modifications.html

NEW QUESTION 153

- (Exam Topic 1)
A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a
NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be
inaccessible directly from the public internet.

What should be added to the private subnet's route table in order to address this issue, given the information provided?

A. 0.0.0.0/0 IGW
B. 0.0.0.0/0 NAT
C. 10.0.1.0/24 IGW
D. 10.0.1.0/24 NAT

Answer: B

NEW QUESTION 156

- (Exam Topic 1)
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own
Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?

A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.
C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Answer: A

NEW QUESTION 157

- (Exam Topic 1)
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running
on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)

A. A network ACL associated with the bastion's subnet is blocking the network traffic.
B. The instance does not have a private IP address.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

C. The route table associated with the bastion's subnet does not have a route to the internet gateway.
D. The security group for the instance does not have an inbound rule on port 22.
E. The security group for the instance does not have an outbound rule on port 3389.

Answer: AC

NEW QUESTION 159

- (Exam Topic 1)
A SysOps administrator is helping a development team deploy an application to AWS Trie AWS CloudFormat on temp ate includes an Amazon Linux EC2
Instance an Amazon Aurora DB cluster and a hard coded database password that must be rotated every 90 days
What is the MOST secure way to manage the database password?

A. Use the AWS SecretsManager Secret resource with the GenerateSecretString property to automatically generate a password Use the AWS SecretsManager
RotationSchedule resource lo define a rotation schedule lor the password Configure the application to retrieve the secret from AWS Secrets Manager access the
database
B. Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a password as a CloudFormation parameter Use the AllowedPatteen
property of the CloudFormaton parameter to require e minimum length, uppercase and lowercase letters and special characters Configure me application to
retrieve the secret from AWS Secrets Manager to access the database
C. Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to store the parameter as a secure sting Configure the application to
retrieve the parameter from AWS Systems Manager Parameter Store to access the database
D. Use the AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to store the parameter as a string Configure the application to retrieve the
parameter from AWS Systems ManagerParameter Store to access the database

Answer: A

NEW QUESTION 162

- (Exam Topic 1)
A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report
on data that is stored in an Amazon S3 bucket.
What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
C. Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
D. Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

Answer: C

NEW QUESTION 165

- (Exam Topic 1)
A company is using Amazon Elastic Container Sen/ice (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator
needs to monitor only traffic flows between the ECS tasks.
Which combination of steps should the SysOps administrator take to meet this requirement? (Select TWO.)

A. Configure Amazon CloudWatch Logs on the elastic network interface of each task.
B. Configure VPC Flow Logs on the elastic network interface of each task.
C. Specify the awsvpc network mode in the task definition.
D. Specify the bridge network mode in the task definition.
E. Specify the host network mode in the task definition.

Answer: AE

NEW QUESTION 169

- (Exam Topic 1)
A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises
website as a custom origin.
The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users
are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution.
What should a SysOps administrator do to resolve this problem?

A. Examine the expiration date on the certificate on the origin sit

B. Validate that the certificate has not expire
C. Replace the certificate if necessary.
D. Examine the hostname on the certificate on the origin sit
E. Validate that the hostname matches one of the hostnames on the CloudFront distributio
F. Replace the certificate if necessary.
G. Examine the firewall rules that are associated with the origin serve
H. Validate that port 443 is open for inbound traffic from the interne
I. Create an inbound rule if necessary.
J. Examine the network ACL rules that are associated with the CloudFront distributio
K. Validate that port 443 is open for outbound traffic to the origin serve
L. Create an outbound rule if necessary.

Answer: A

Explanation:
HTTP 502 errors from CloudFront can occur because of the following reasons:
There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront.
There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.
The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution. The custom origin is ending the connection to
CloudFront too quickly.
https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-connection-error/

NEW QUESTION 173

- (Exam Topic 1)
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level
access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must
set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A. Specify '*' as the principal and PrincipalOrgld as a condition.

B. Specify all account numbers as the principal.
C. Specify PrincipalOrgld as the principal.
D. Specify the organization's management account as the principal.

Answer: C

NEW QUESTION 176

- (Exam Topic 1)
A company has a stateless application that runs on four Amazon EC2 instances. The application requires tour instances at all times to support all traffic. A SysOps
administrator must design a highly available,
fault-tolerant architecture that continually supports all traffic if one Availability Zone becomes unavailable.
Which configuration meets these requirements?

A. Deploy two Auto Scaling groups in two Availability Zones with a minimum capacity of two instances in each group.
B. Deploy an Auto Scaling group across two Availability Zones with a minimum capacity of four instances.
C. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of four instances.
D. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of six instances.

Answer: C

NEW QUESTION 180

- (Exam Topic 1)
Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same
subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.
To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:

What is the reason for the rejected traffic?

A. The security group of the EC2 instances has no Allow rule for the traffic from the NLB.
B. The security group of the NLB has no Allow rule for the traffic from the on-premises environment.
C. The ACL of the on-premises environment does not allow traffic to the AWS environment.
D. The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.

Answer: A

NEW QUESTION 183

- (Exam Topic 1)
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.
What should a SysOps administrator do to meet this requirement?

A. Configure an IAM policy that denies the s3:DeleteObject action for all user
B. Three months after an object is written, remove the policy.
C. Enable S3 Object Lock on a new S3 bucket in compliance mod
D. Place all backups in the new S3 bucket with a retention period of 3 months.
E. Enable S3 Versioning on the existing S3 bucke
F. Configure S3 Lifecycle rules to protect the backups.
G. Enable S3 Object Lock on a new S3 bucket in governance mod
H. Place all backups in the new S3 bucket with a retention period of 3 months.

Answer: D

Explanation:
To meet the requirements of the workload, a SysOps administrator should enable S3 Object Lock on a new S3 bucket in governance mode and place all backups
in the new S3 bucket with a retention period of 3 months.
This will ensure that the backups are not deleted for at least 3 months after they are created. The other solutions (configuring an IAM policy that denies the
s3:DeleteObject action for all users, enabling S3 Object Lock on a new S3 bucket in compliance mode, or enabling S3 Versioning on the existing S3 bucket and
configuring S3 Lifecycle rules to protect the backups) will not meet the requirements, as they do not provide a way to ensure that the backups are not deleted for at
least 3 months after they are created.

NEW QUESTION 185

- (Exam Topic 1)
A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

rest.
Which solution will meet these requirements?

A. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS
managed ke
B. Configure CloudFront to use theAmazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
C. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure
CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
D. Create an Amazon S3 bucket that Is configured with default server-side encryption that uses AES-256.Configure CloudFront to use the S3 bucket as a log
destination.
E. Create an Amazon S3 bucket that is configured with no default encryptio
F. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination.

Answer: C

NEW QUESTION 187

- (Exam Topic 1)
A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet.
The company requires the application endpoint to have a static pubic IP address.
How should the SysOps administrator deploy the application to meet this requirement?

A. Behind an Amazon API Gateway API

B. Behind an Application Load Balancer
C. Behind an internet-facing Network Load Balancer
D. In an Amazon CloudFront distribution

Answer: C

NEW QUESTION 190

- (Exam Topic 1)
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website’s apex domain name (for example.company.com to the Application Load Balancer?

A. CNAME
B. SOA
C. TXT
D. ALIAS

Answer: D

NEW QUESTION 191

- (Exam Topic 1)
A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website
is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does
not seem to work, and the static website is not displayed in the browser.
Which of the following is a cause of this?

A. The S3 bucket must be configured with Amazon CloudFront first.

B. The Route 53 record set must have an IAM role that allows access to the S3 bucket.
C. The Route 53 record set must be in the same region as the S3 bucket.
D. The S3 bucket name must match the record set name in Route 53.

Answer: D

NEW QUESTION 196

- (Exam Topic 1)
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report
that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

A. Configure the file system for Provisioned Throughput.

B. Enable encryption in transit on the file system.
C. Identify any unused files in the file system, and remove the unused files.
D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Answer: A

NEW QUESTION 198

- (Exam Topic 1)
A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must
integrate with Amazon RDS.
Which solution will meet these requirements with the LEAST operational overhead?

A. Store the credentials in AWS Systems Manager Parameter Store as a secure strin
B. Configure automatic rotation with a rotation interval of 30 days.
C. Store the credentials in AWS Secrets Manage
D. Configure automatic rotation with a rotation interval of 30 days.
E. Store the credentials in a file in an Amazon S3 bucke

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

F. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
G. Store the credentials in AWS Secrets Manage
H. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Answer: B

Explanation:
Storing the credentials in AWS Secrets Manager and configuring automatic rotation with a rotation interval of 30 days is the most efficient way to meet the
requirements with the least operational overhead. AWS Secrets Manager automatically rotates the credentials at the specified interval, so there is no need for an
additional AWS Lambda function or manual rotation. Additionally, Secrets Manager is integrated with Amazon RDS, so the credentials can be easily used with the
RDS database.

NEW QUESTION 200

- (Exam Topic 1)
A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an
email distribution list when transfer costs reach 75% of a specific threshold.
What should the SysOps administrator do to meet these requirements?

A. Create an AWS Cost and Usage Repor

B. Analyze the results in Amazon Athen
C. Configure an alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when costs reach 75% of the threshol
D. Subscribe the email distribution list to the topic.
E. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold.Configure the alarm to publish a message to an Amazon Simple
Notification Service (Amazon SNS) topi
F. Subscribe the email distribution list to the topic.
G. Use AWS Budgets to create a cost budget for data transfer cost
H. Set an alert at 75% of the budgeted amoun
I. Configure the budget to send a notification to the email distribution list when costs reach 75% of the threshold.
J. Set up a VPC flow lo
K. Set up a subscription filter to an AWS Lambda function to analyze data transfer.Configure the Lambda function to send a notification to the email distribution list
when costs reach 75% of the threshold.

Answer: B

Explanation:
The reason is that it uses the Amazon CloudWatch billing alarm which is a built-in service specifically designed to monitor and alert on cost usage of your AWS
account, which makes it a more suitable solution for this use case. The alarm can be configured to detect when costs reach 75% of the threshold and when it is
triggered, it can publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. The email distribution list can be subscribed to the topic, so
that they will receive the alerts when costs reach 75% of the threshold.
AWS Budgets allows you to track and manage your costs, but it doesn't specifically focus on data transfer costs between regions, and it might not provide as much
granularity as CloudWatch Alarms.

NEW QUESTION 205

- (Exam Topic 1)
A company's customers are reporting increased latency while accessing static web content from Amazon S3 A SysOps administrator observed a very high rate of
read operations on a particular S3 bucket
What will minimize latency by reducing load on the S3 bucket?

A. Migrate the S3 bucket to a region that is closer to end users' geographic locations
B. Use cross-region replication to replicate all of the data to another region
C. Create an Amazon CloudFront distribution with the S3 bucket as the origin.
D. Use Amazon ElastiCache to cache data being served from Amazon S3

Answer: C

NEW QUESTION 210

- (Exam Topic 1)
A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The
company does not want to pay for additional unneeded capacity to achieve this performance.
Which solution will meet these requirements with the LEAST cost?

A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS
B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS.
C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode.
D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS

Answer: A

NEW QUESTION 213

- (Exam Topic 1)
A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS
volumes that store the data are encrypted, but some of the EBS volumes are unencrypted. The company needs the backup data from all the EBS volumes to be
encrypted.
Which solution will meet these requirements with the LEAST management overhead?

A. Configure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enable
B. Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS).
C. Create a point-in-time snapshot of the EBS volume
D. When the snapshot status is COMPLETED, copy the snapshots to another Region and set the Encrypted parameter to False.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

E. Create a point-in-time snapshot of the EBS volume

F. Copy the snapshots to an Amazon S3 bucket that uses server-side encryptio
G. Turn on S3 Cross-Region Replication on the S3 bucket.
H. Schedule an AWS Lambda function with the Python runtim
I. Configure the Lambda function to create the EBS volume snapshots, encrypt the unencrypted snapshots, and copy the snapshots to another Region.

Answer: A

Explanation:
Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS). This solution will allow
the company to automatically create encrypted snapshots of the EBS volumes and copy them to different AWS Regions with minimal effort.

NEW QUESTION 217

- (Exam Topic 1)
A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user
logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region
Which solution will solve this problem?

A. Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket.
B. Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80.
C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.
D. Update the S3 bucket policy to allow s3 PurObject access from the private subnet CIDR block.

Answer: C

NEW QUESTION 218

- (Exam Topic 1)
A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling
actions.
However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the
instances launch on time and have fewer interruptions.
Which action will meet these requirements?

A. Specify the capacity-optimized allocation strategy for Spot Instance

B. Add more instance types to the Auto Scaling group.
C. Specify the capacity-optimized allocation strategy for Spot Instance
D. Increase the size of the instances in the Auto Scaling group.
E. Specify the lowest-price allocation strategy for Spot Instance
F. Add more instance types to the Auto Scaling group.
G. Specify the lowest-price allocation strategy for Spot Instance
H. Increase the size of the instances in the Auto Scaling group.

Answer: A

Explanation:
Specifying the capacity-optimized allocation strategy for Spot Instances and adding more instance types to the Auto Scaling group is the best action to meet the
requirements. Increasing the size of the instances in the Auto Scaling group will not necessarily help with the launch time or reduce interruptions, as the Spot
Instances could still be interrupted even with larger instance sizes.

NEW QUESTION 219

- (Exam Topic 1)
A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The
Sysops administrator needs to manage the cluster by using the kubect1 command line tool.
Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?

A. The kubeconfig file

B. The kube-proxy Amazon EKS add-on
C. The Fargate profile
D. The eks-connector.yaml file

Answer: A

Explanation:
The kubeconfig file is a configuration file used to store cluster authentication information, which is required to make requests to the Amazon EKS cluster API
server. The kubeconfig file will need to be configured on the SysOps administrator's machine in order for kubectl to be able to communicate with the cluster API
server.
https://aws.amazon.com/blogs/developer/running-a-kubernetes-job-in-amazon-eks-on-aws-fargate-using-aws-ste

NEW QUESTION 224

- (Exam Topic 1)
A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of
business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts
are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and
resources
Which action should be taken to meet these requirements?

A. Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations
B. Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure
C. Use AWS Config to provision accounts and deploy instances using AWS Service Catalog

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

D. Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts

Answer: D

NEW QUESTION 228

- (Exam Topic 1)
A company plans to migrate several of its high performance computing (MPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator
must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.
Which strategy should the SysOps administrator choose to meet these requirements?

A. Deploy the instances in a cluster placement group in one Availability Zone.

B. Deploy the instances in a partition placement group in two Availability Zones
C. Deploy the instances in a partition placement group in one Availability Zone
D. Deploy the instances in a spread placement group in two Availably Zones

Answer: A

NEW QUESTION 232

- (Exam Topic 1)
A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a
company’s account. The administrator must be alerted to potential issues.
What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications
B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.
C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.
D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space

Answer: C

NEW QUESTION 237

- (Exam Topic 1)
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to
the account's Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
D. Enable S3 server access logging to track requests made to the log bucket for security audits.

Answer: B

Explanation:
When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that
references the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a
public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS region
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

NEW QUESTION 238

- (Exam Topic 1)
A recent organizational audit uncovered an existing Amazon RDS database that is not currently configured for high availability. Given the critical nature of this
database, it must be configured for high availability as soon as possible.
How can this requirement be met?

A. Switch to an active/passive database pair using the create-db-instance-read-replica with the--availability-zone flag.
B. Specify high availability when creating a new RDS instance, and live-migrate the data.
C. Modify the RDS instance using the console to include the Multi-AZ option.
D. Use the modify-db-instance command with the --na flag.

Answer: C

NEW QUESTION 241

- (Exam Topic 1)
A company is managing multiple AWS accounts in AWS Organizations The company is reviewing internal security of Its AWS environment The company's security
administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts
Which solution will meet these requirements in the MOST secure manner?

A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user Share the user
credentials with the security administrator
B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions Assign the policy to an IAM
user Share the user credentials with the security administrator
C. Create an IAM policy in each developer account that has administrator access related to VPC resources Assign the policy to a cross-account IAM role Ask the
security administrator to assume the role from their account
D. Create an IAM policy m each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the
security administrator to assume the role from their account

Answer: D

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

NEW QUESTION 245

- (Exam Topic 1)
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in
VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2
instance needs to connect to the database.
What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?

A. Enter the DB instance connection string into the VPC1 route table.
B. Configure VPC peering between the two VPCs.
C. Add the same IPv4 CIDR range for both VPCs.
D. Connect to the DB instance by using the DB instance’s public IP address.

Answer: B

Explanation:
VPC peering allows two VPCs to communicate with each other securely. By configuring VPC peering between the two VPCs, the SysOps administrator will be able
to give the EC2 instance in VPC1 the ability to connect to the database in VPC2. Once the VPC peering is configured, the EC2 instance will be able to
communicate with the database using the private IP address of the DB instance in the private subnet.

NEW QUESTION 250

- (Exam Topic 1)
A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.
Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for
the event pattern.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call
for the event pattern.
C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific
API call for the event pattern.
D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
E. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Answer: AD

Explanation:
https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-your-iam-configuration-changes/

NEW QUESTION 254

- (Exam Topic 1)
A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator
notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that
reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.
What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

A. Create a new EFS file system that uses Max I/O performance mod
B. Use AWS DataSync to migrate data to the new EFS file system.
C. Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performanc
D. Use AWS DataSync to migrate existing data to IA storage.
E. Modify the existing EFS file system and activate Max I/O performance mode.
F. Modify the existing EFS file system and activate Provisioned Throughput mode.

Answer: A

Explanation:
To support a wide variety of cloud storage workloads, Amazon EFS offers two performance modes, General Purpose mode and Max I/O mode. You choose a file
system's performance mode when you create it, and it cannot be changed. If the PercentIOLimit percentage returned was at or near 100 percent for a significant
amount of time during the test, your application should use the Max I/O performance mode. https://docs.aws.amazon.com/efs/latest/ug/performance.html

NEW QUESTION 255

- (Exam Topic 1)
A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a
patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances. Which additional action must the SysOps administrator perform to
meet this requirement?

A. Add an inbound rule to the instances' security group.

B. Attach an 1AM instance profile with access to Systems Manager to the instances.
C. Create a Systems Manager activation Then activate the fleet of instances.
D. Manually specify the instances to patch Instead of using tag-based selection.

Answer: A

NEW QUESTION 258

- (Exam Topic 1)
A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily
increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company
already has configured the database to use the maximum max_connections value that is possible

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

What should a SysOps administrator do to resolve these errors'?

A. Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases
B. Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function
C. Increase the value in the max_connect_errors parameter in the parameter group that the database uses
D. Update the Lambda function's reserved concurrency to a higher value

Answer: B

Explanation:
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/
RDS Proxy acts as an intermediary between your application and an RDS database. RDS Proxy establishes and manages the necessary connection pools to your
database so that your application creates fewer database connections. Your Lambda functions interact with RDS Proxy instead of your database instance. It
handles the connection pooling necessary for scaling many simultaneous connections created by concurrent Lambda functions. This allows your Lambda
applications to reuse existing connections, rather than creating new connections for every function invocation.
Check "Database proxy for Amazon RDS" section in the link to see how RDS proxy help Lambda handle huge connections to RDS MySQL
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/

NEW QUESTION 263

- (Exam Topic 1)
A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that
interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?

A. Store the database password as an environment variable for each Lambda functio
B. Create a new Lambda function that is named PasswordRotat
C. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update
the environment variable for each Lambda function.
D. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each
Lambda functio
E. Grant each Lambda function access to the KMS key so that the database password can be decrypted when require
F. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.
G. Use AWS Secrets Manager to store credentials for the databas
H. Create a Secrets Manager secret, and select the database so that Secrets Manager will use a Lambda function to update the database password automaticall
I. Specify an automatic rotation schedule of 30 day
J. Update each Lambda function to access the database password from SecretsManager.
K. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the databas
L. Create a new Lambda function called PasswordRotat
M. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to
update the secret within Parameter Stor
N. Update each Lambda function to access the database password from Parameter Store.

Answer: C

Explanation:
When you choose to enable rotation, Secrets Manager supports the following Amazon Relational Database Service (Amazon RDS) databases with AWS written
and tested Lambda rotation function templates, and full configuration of the rotation process:
Amazon Aurora on Amazon RDS MySQL on Amazon RDS PostgreSQL on Amazon RDS Oracle on Amazon RDS MariaDB on Amazon RDS
Microsoft SQL Server on Amazon RDS https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

NEW QUESTION 265

- (Exam Topic 1)
A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users
across the globe.
Which solution will meet these requirements?

A. Create an Amazon S3 bucket, and upload the website content to the S3 bucke
B. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origi
C. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the
request originates.
D. Create an Amazon S3 bucket, and upload the website content to the S3 bucke
E. Create an Amazon CloudFront distribution, and set the S3 bucket as the origi
F. Use Amazon Route 53 to create an alias record that points to the CloudFront distribution.
G. Create an Application Load Balancer (ALB) and a target grou
H. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target grou
I. Store the website content on the EC2 instance
J. Use Amazon Route 53 to create an alias record that points to the ALB.
K. Create an Application Load Balancer (ALB) and a target group in two Region
L. Create an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in each target grou
M. Store the website content on the EC2 instance
N. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct ALB based on where the request originates.

Answer: B

NEW QUESTION 267

- (Exam Topic 1)
A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator
inspects the VPC flow logs and finds the following entry:
2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

What is a possible cause of these failed connections?

A. A security group is denying traffic on port 443.

B. The EC2 instance is shut down.
C. The network ACL is blocking HTTPS traffic.
D. The VPC has no internet gateway attached.

Answer: A

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-accepted
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#
Accepted and rejected traffic: In this example, RDP traffic (destination port 3389, TCP protocol) to network interface eni-1235b8ca123456789 in account
123456789010 was rejected. 2 123456789010
eni-1235b8ca123456789 172.31.9.69 172.31.9.12 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK

NEW QUESTION 270

- (Exam Topic 1)
A company needs to view a list of security groups that are open to the internet on port 3389. What should a SysOps administrator do to meet this requirement?

A. Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.
B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.
C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389

Answer: D

NEW QUESTION 275

- (Exam Topic 1)
A company has a new requirement stating that all resources in AWS must be tagged according to a set policy. Which AWS service should be used to enforce and
continually identify all resources that are not in compliance with the policy?

A. AWS CloudTrail
B. Amazon Inspector
C. AWSConfig
D. AWS Systems Manager

Answer: C

NEW QUESTION 276

- (Exam Topic 1)
A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application Into a production VPC. The application consists of an AWS Lambda
function an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting
the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

A. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack
B. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.
C. Enable termination protection on the AWS Cloud Formation stack.
D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

Answer: A

NEW QUESTION 279

- (Exam Topic 1)
A software development company has multiple developers who work on the same product. Each developer must have their own development environment, and
these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The
development environments should be created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?

A. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessar
B. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.
C. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessar
D. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.
E. Provide developers with CLI commands so that they can provision their own development environment when necessar
F. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB
instance.
G. Provide developers with CLI commands so that they can provision their own development environment when necessar
H. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment
resources.

Answer: B

NEW QUESTION 283

- (Exam Topic 1)
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service.
The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available
across multiple Regions.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

Which configuration will meet these requirements?

A. Deploy a copy of the stack in the us-west-2 Regio

B. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each EL
C. Configure the SOA record with health check
D. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
E. Deploy a copy of the stack in the us-west-2 Regio
F. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias targe
G. Configure the A records with a failover routing policy and health check
H. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
I. Deploy a new group of EC2 instances in the us-west-2 Regio
J. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instance
K. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
L. Deploy a new group of EC2 instances in the us-west-2 Regio
M. Configure EC2 health checks on all EC2 instances in each Regio
N. Configure a peering connection between the VPC
O. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Answer: B

Explanation:
When you create a hosted zone, Route 53 automatically creates a name server (NS) record and a start of authority (SOA) record for the zone.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html#migrate-dns-crea
https://en.wikipedia.org/wiki/SOA_record

NEW QUESTION 288

- (Exam Topic 1)
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC.
The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain
records. After the migration, the application is not able to connect to the customer data because of name resolution errors.
Which solution will give the application the ability to resolve the internal domain names?

A. Launch EC2 instances in the VP

B. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS serve
C. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.
D. Create an Amazon Route 53 Resolver outbound endpoin
E. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
F. Set up two AWS Direct Connect connections between the AWS environment and the on-premises networ
G. Set up a link aggregation group (LAG) that includes the two connection
H. Change the VPC resolver address to point to the on-premises DNS server.
I. Create an Amazon Route 53 public hosted zone for the on-premises domai
J. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Answer: B

Explanation:
https://docs.aws.amazon.com/zh_tw/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html

NEW QUESTION 292

- (Exam Topic 1)
A company's SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because
another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots
are deleted.
Which solution will provide this functionality?

A. Turn on deletion protection on individual EBS snapshots that need to be kept.

B. Create an 1AM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age Apply the policy to all users
C. Create a Recycle Bin retention rule for EBS snapshots for the desired retention period.
D. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.

Answer: B

NEW QUESTION 297

- (Exam Topic 1)
A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection
from its Amazon EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

A. Create a gateway VPC endpoint for each S3 bucke

B. Attach the gateway VPC endpoints to each subnetinside the VPC.
C. Create an interface VPC endpoint for each S3 bucke
D. Attach the interface VPC endpoints to each subnet inside the VPC.
E. Create one gateway VPC endpoint for all the S3 bucket
F. Add the gateway VPC endpoint to the VPC route table.
G. Create one interface VPC endpoint for all the S3 bucket
H. Add the interface VPC endpoint to the VPC route table.

Answer: C

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

NEW QUESTION 298

- (Exam Topic 1)
A company is testing Amazon Elasticsearch Service (Amazon ES) as a solution for analyzing system logs from a fleet of Amazon EC2 instances. During the test
phase, the domain operates on a single-node cluster. A SysOps administrator needs to transition the test domain into a highly available production-grade
deployment.
Which Amazon ES configuration should the SysOps administrator use to meet this requirement?

A. Use a cluster of four data nodes across two AWS Region

B. Deploy four dedicated master nodes in each Region.
C. Use a cluster of six data nodes across three Availability Zone
D. Use three dedicated master nodes.
E. Use a cluster of six data nodes across three Availability Zone
F. Use six dedicated master nodes.
G. Use a cluster of eight data nodes across two Availability Zone
H. Deploy four master nodes in a failover AWS Region.

Answer: B

NEW QUESTION 303

- (Exam Topic 1)
A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is
not running fast enough and is creating bottlenecks in the system.
What should a SysOps administrator do to resolve this issue?

A. In the CPU launch options for the Lambda function, activate hyperthreading.
B. Turn off the AWS managed encryption.
C. Increase the amount of memory for the Lambda function.
D. Load the required code into a custom layer.

Answer: C

Explanation:
Increasing the amount of memory for the Lambda function will help to improve the performance of the function. This is because the Lambda function is CPU-
intensive and increasing the memory will give it access to more CPU resources and help it run faster. The other options (activating hyperthreading in the CPU
launch options for the Lambda function, turning off the AWS managed encryption, and loading the required code into a custom layer) will not help to improve the
performance of the Lambda function and are not the correct solutions for this issue.
https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-con

NEW QUESTION 307

- (Exam Topic 1)
A SysOps administrator uses AWS Systems Manager Session Manager to connect to instances After the SysOps administrator launches a new Amazon EC2
instance the EC2 instance does not appear in the Session Manager list of systems that are available for connection. The SysOps administrator verities that
Systems Manager Agent is installed updated and running on the EC2 instance
What is the reason for this issue?

A. The SysOps administrator does not have access to the key pair that is required for connection
B. The SysOps administrator has not attached a security group to the EC2 instance to allow SSH on port 22.
C. The EC2 instance does not have an attached IAM role that allows Session Manager to connect to the EC2 instance.
D. The EC2 instance ID has not been entered into the Session Manager configuration

Answer: C

NEW QUESTION 311

- (Exam Topic 1)
A company has an organization in AWS Organizations. The company uses shared VPCs to provide networking resources across accounts A SysOps administrator
has been able to successfully launch and manage Amazon EC2 instances in a participant account However the SysOps administrator is now receiving an
InstanceLimitExceeded error when the SysOps administrator tries to launch a new EC2 instance
What should the SysOps administrator do to resolve this error')

A. Request an instance quota increase from the account that owns the VPC
B. Launch additional EC2 instances in a different AWS Region
C. Request an instance quota increase from the parte pant account
D. Launch additional EC2 instances by using a different Amazon Machine image (AMI)

Answer: A

NEW QUESTION 316

- (Exam Topic 1)
An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting the instance once the problem
occurs for more than 2 minutes.
How can this be accomplished?

A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitorin
B. Enable an action to restart the instance.
C. Create a CloudWatch alarm for the EC2 instance with detailed monitorin
D. Enable an action to restart the instance.
E. Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes.
F. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

Answer: B

NEW QUESTION 321

- (Exam Topic 1)
An errant process is known to use an entire processor and run at 100% A SysOps administrator wants to automate restarting the instance once the problem
occurs for more than 2 minutes
How can this be accomplished?

A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance
B. Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance
C. Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes
D. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks

Answer: B

NEW QUESTION 326

- (Exam Topic 1)
A SysOps administrator developed a Python script that uses the AWS SDK to conduct several maintenance tasks. The script needs to run automatically every
night.
What is the MOST operationally efficient solution that meets this requirement?

A. Convert the Python script to an AWS Lambda (unctio

B. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night.
C. Convert the Python script to an AWS Lambda functio
D. Use AWS CloudTrail to invoke the function every night.
E. Deploy the Python script to an Amazon EC2 Instanc
F. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the instance to start and stop every night.
G. Deploy the Python script to an Amazon EC2 instanc
H. Use AWS Systems Manager to schedule the instance to start and stop every night.

Answer: A

NEW QUESTION 328

- (Exam Topic 1)
A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto
Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application.
Which solution will meet these requirements?

A. Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
B. Create a scaling policy that will scale the application based on the mem used Amazon CloudWatch metric that is generated from the ELB.
C. Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections.
D. Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metri
E. Create a scaling policy that uses the metric.

Answer: D

Explanation:
This solution will allow the application to scale based on the number of users that connect to the application. The other solutions (creating a scaling policy that uses
the ActiveConnectionCount Amazon CloudWatch metric generated from the ELB, creating a scaling policy that uses the mem used Amazon CloudWatch metric
generated from the ELB, or creating a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional
connections) will not meet the requirements, as they do not allow the application to scale based on the number of users that connect to the application.

NEW QUESTION 333

- (Exam Topic 1)
A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an
InsufficientlnstanceCapacity error.
Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

A. Change the instance type that the company is using.

B. Configure the Auto Scaling group in different Availability Zones.
C. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.
D. Increase the maximum size of the Auto Scaling group.
E. Request an increase in the instance service quota.

Answer: AB

NEW QUESTION 338

- (Exam Topic 1)
A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed.
The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The
third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically
Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.) Create a Systems Manager Distributor package for the
third-party agent.

A. Make sure that Systems Manager Inventory Is configure

B. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows.
C. Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document.Populate the details of the third-party agent packag
D. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

E. Create a Systems Manager State Manager- association to run the AWS-ConfigureAWSPackage documen
F. Populate the details of the third-party agent packag
G. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
H. Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsite
I. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day.

Answer: AD

Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor-working-with-packages-deploy.html

NEW QUESTION 341

- (Exam Topic 1)
A company is deploying a third-party unit testing solution that is delivered as an Amazon EC2 Amazon Machine Image (AMI). All system configuration data is
stored in Amazon DynamoDB. The testing results are stored in Amazon S3.
A minimum of three EC2 instances are required to operate the product. The company's testing team wants to use an additional three EC2 Instances when the Spot
Instance prices are at a certain threshold. A SysOps administrator must Implement a highly available solution that provides this functionality.
Which solution will meet these requirements with the LEAST operational overhead?

A. Define an Amazon EC2 Auto Scaling group by using a launch configuratio

B. Use the provided AMI In the launch configuratio
C. Configure three On-Demand Instances and three Spot Instance
D. Configure a maximum Spot Instance price In the launch configuration.
E. Define an Amazon EC2 Auto Scaling group by using a launch templat
F. Use the provided AMI in the launch templat
G. Configure three On-Demand Instances and three Spot Instance
H. Configure a maximum Spot Instance price In the launch template.
I. Define two Amazon EC2 Auto Scaling groups by using launch configuration
J. Use the provided AMI in the launch configuration
K. Configure three On-Demand Instances for one Auto Scaling grou
L. Configure three Spot Instances for the other Auto Scaling grou
M. Configure a maximum Spot Instance price in the launch configuration for the Auto Scaling group that has Spot Instances.
N. Define two Amazon EC2 Auto Scaling groups by using launch template
O. Use the provided AMI in the launch template
P. Configure three On-DemandInstances for one Auto Scaling grou
Q. Configure three Spot Instances for the other Auto Scaling grou
R. Configure a maximum Spot Instance price in the launch template for the Auto Scaling group that has Spot Instances.

Answer: A

Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchTemplates.html
https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html

NEW QUESTION 343

- (Exam Topic 1)
A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on
distinct underlying hardware.
What should the SysOps administrator do to meet these requirements?

A. Launch the instances into a cluster placement group in a single AWS Region.
B. Launch the instances into a partition placement group in multiple AWS Regions.
C. Launch the instances into a spread placement group in multiple AWS Regions.
D. Launch the instances into a spread placement group in single AWS Region

Answer: D

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

NEW QUESTION 346

......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

SOA-C02 Practice Exam Features:

* SOA-C02 Questions and Answers Updated Frequently

* SOA-C02 Practice Questions Verified by Expert Senior Certified Staff

* SOA-C02 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* SOA-C02 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The SOA-C02 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)