New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

SOA-C01 Questions and Answers

Question # 6

Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user “arn:aws:iam::111111111111:user/application”. The following S3 bucket policy is in use:

How should a SysOps Administrator modify the S3 bucket policy to fix the issue?

A.

Change the “Effect” from “Allow” to “Deny”

B.

Change the “Action” from “s3:List*” to “s3:ListBucket”

C.

Change the “Resource” from “arn:aws:s3:::bucketname/*” to “arn:aws:s3:::bucketname”

D.

Change the “Principal” from “arn:aws:iam::111111111111:user/application” to “arn:aws:iam::111111111111: role/application”

Full Access
Question # 7

A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.

What will be the result of this configuration?

A.

Amazon CloudWatch will not capture the data because it is in the future.

B.

Amazon CloudWatch will accept the custom metric data and record it.

C.

The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.

D.

The Amazon CloudWatch agent will agent check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

Full Access
Question # 8

A company uses multiple accounts for its applications. Account A manages the company’s Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the company’s web servers.

How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?

A.

Create an Amazon EC2 proxy in Account A that forwards requests to Account B.

B.

Create a load balancer in Account A that points to the load balancer in Account B.

C.

Create a CNAME record in Account A pointing to an alias record to the load balancer in Account B.

D.

Create an alias record in Account A pointing to the load balancer in Account B.

Full Access
Question # 9

A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.

What should the Administrator do to enable user-defined cost allocation tags?

A.

Log in to the AWS Billing and Cost Management console of the new account, and use the Cost Allocation Tags manager to create the new user-defined cost allocation tags.

B.

Log in to the AWS Billing and Cost Management console of the payer account, and use Cost Allocation Tags manager to create the new user-defined cost allocation tags.

C.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the new account to mark the tags as cost allocation tags.

D.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the payer account to mark the tags as cost allocation tags.

Full Access
Question # 10

A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.

What is the MOST efficient approach to accomplish this?

A.

Write a AWS lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.

B.

Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.

C.

Redesign the aggregation of logs so that each team’s relevant parts are sent to a separate log group, then subscribe each team to its respective log group.

D.

Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull streams, look for patterns, and send notifications to relevant teams.

Full Access
Question # 11

Which component of an Ethernet frame is used to notify a host that traffic is coming?

A.

Type field

B.

preamable

C.

Data field

D.

start of frame delimiter

Full Access
Question # 12

An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.

What is a possible cause of this failure?

A.

The IAM user did not have privileges to launch the CloudFormation template.

B.

The t2 medium EC2 instance service limit was reached.

C.

An AWS Budgets threshold was breached.

D.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

Full Access
Question # 13

A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.

How should the company these requirements?

A.

Shut down the EC2 instance. Enable multi-AZ replication within the EC2 instance, then restart the instance.

B.

Launch a secondary EC2 instance running MySQL Configure a cron job that backs up the database on the primary EC2 instance and copies it to the secondary instance every 30 minutes.

C.

Migrate the database to an RDS Aurora DB instance and create a Read Replication in another Availability Zone.

D.

Create an Amazon RDS Microsoft SQL DB instance and enable multi-Az replication. Back up the existing data and import in to the new database.

Full Access
Question # 14

A SysOps Administrator is responsible for a large fleet of EC2 instances and must know whether any

instances will be affected by upcoming hardware maintenance.

Which option would provide this information with the LEAST administrative overhead?

A.

Monitor AWS CloudTrail for StopInstances API calls related to upcoming maintenance.

B.

Review the Personal Health Dashboard for any scheduled maintenance.

C.

From the AWS Management Console, list any instances with failed system status checks.

D.

Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring.

Full Access
Question # 15

After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.

What should the SysOps Administrator analyze?

A.

VPC Flow Logs

B.

Elastic Load Balancing logs

C.

Amazon CloudFront logs

D.

Amazon RDS MySQL error logs

Full Access
Question # 16

A SysOps administrator needs to register targets for a Network Load Balancer (NL8) using IP addresses Which prerequisite should the SysOps administrator validate to perform this task?

A.

Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04

B.

Ensure the heath check setting on the NLB for the Matcher configuration is between 200 and 399

C.

Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r 100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).

D.

Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses

Full Access
Question # 17

An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.

What should the organization do to reduce costs?

A.

Purchase Reserved Instances for the specific m2 instances

B.

Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances

C.

Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.

D.

Purchase Spot Instances for the specific m2 instances

Full Access
Question # 18

A SysOps Administrator at an ecommerce company discovers that several 404 errors are being sent to one IP address every minute. The Administrator suspects a bot is collecting information about products listed on the company’s website.

Which service should be used to block this suspected malicious activity?

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWS Shield Standard

D.

AWS WAF

Full Access
Question # 19

A SysOps Administrator is creating additional Amazon EC2 instances and receives an InstanceLimitExceeded error.

What is the cause of the issue and how can it be resolved?

A.

The Administrator has requested too many instances at once and must request fewer instances in batches.

B.

The concurrent running instance limit has been reached, and an EC2 limit increase request must be filed with AWS Support.

C.

AWS does not currently have enough available capacity and a different instance type must be used.

D.

The Administrator must specify the maximum number of instances to be created while provisioning EC2 instances.

Full Access
Question # 20

An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.

How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?

A.

Deploy a second CloudFormation stack and use Amazon Route 53 to redirect traffic to the new stack.

B.

Run the awa cloudformation update-attack command with the —rollback-configuration option.

C.

Set an AutoScal ingRollingUpdate policy in the CloudFormation template to update the stack.

D.

Update the CloudFormation template with the new AMI ID. then reboot the EC2 instances.

Full Access
Question # 21

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

A.

Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway

B.

Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.

C.

Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.

D.

Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Full Access
Question # 22

A sysops administrator created an AWS Lambda function within a VPC with no access to the internet. The Lambda function pulls messages from an Amazon SOS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.

Which of the following are possible causes for this? (Select TWO.)

A.

A VPC endpoint has not been created for Amazon RDS.

B.

A VPC endpoint has not been created for Amazon SQS.

C.

The RDS security group is not allowing connections from the Lambda function.

D.

The subnet associated with the Lambda function does not have an internet gateway attached

E.

The subnet associated with the Lambda function has a NAT gateway

Full Access
Question # 23

A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.

Which actions will restore the objects? (Choose two.)

A.

Use the AWS Management Console to delete the object delete markers.

B.

Create a new lifecycle rule to delete the object delete markers that were created.

C.

Use the AWS CLI to delete the object delete markers while specifying the version IDs of the delete markers.

D.

Modify the existing lifecycle rule to delete the object delete markers that were created.

E.

Use the AWS CLI to delete the object delete markers while specifying the name of the objects only.

Full Access
Question # 24

A sysops administrator is writing an AWS Cloud Formation template. The template will create a new Amazon S3 bucket and copy objects from an existing Amazon S3 bucket into the new bucket. The objects include data files, images, and scripts.

How should the CIoudFormation template be configured to perform this copy operation?

A.

Configure an AWS Data Pipeline resource with a CopyActivity activity object. Specify the input and output bucket names and a list of object keys.

B.

Configure the S3 bucket resource to activate cross-Region replication. Point to the existing S3 bucket and specify a list of object keys to replicate.

C.

Create an AWS Lambda function that can perform the copy operation. Add the Lambda function to the template as a custom resource.

D.

Specify the commands to copy the objects in the user data field of the template's S3 bucket resource.

Full Access
Question # 25

A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company’s account. The Administrator must be alerted to potential issues. What should the Administrator do to receive email alerts before low storage space affects EC2 instance performance?

A.

Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications

B.

Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic

C.

Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic

D.

Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space

Full Access
Question # 26

A SySOps Administrator is managing an AWS account where Developers are authorized to launch Amazon EC2 instances to test new code. To limit costs, the Administrator must ensure that the EC2 instances in the account are terminated 24 hours after launch.

How should the Administrator meet these requirements?

A.

Create an Amazon CloudWatch alarm based on the CPUUtilization metric. When the metric is 0% for 24 hours, trigger an action to terminate the EC2 instance when the alarm is triggered.

B.

Create an AWS Lambda function to check all EC2 instances and terminate instances running more than 24 hours. Trigger the function with an Amazon CloudWatch Events event every 15 minutes.

C.

Add an action to AWS Trusted Advisor to turn off EC2 instances based on the Low Utilization Amazon EC2 Instances check, terminating instances identified by Trusted Advisor as running for more than 24 hours.

D.

Install the unified Amazon CloudWatch agent on every EC2 instance. Configure the agent to terminate instances after they have been running for 24 hours.

Full Access
Question # 27

A SysOps Administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the Internet.

Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

A.

Add a NAT gateway to a public subnet

B.

Attach a private address to the elastic network interface on the EC2 instance

C.

Attach an Elastic IP address to the internet gateway

D.

Add an entry to the route table for the subnet that points to an internet gateway

E.

Create an internet gateway and attach it to a VPC

Full Access
Question # 28

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

A.

Create and run an Amazon Inspector assessment template.

B.

Manually SSH into each instance and check the software version.

C.

Use AWS CloudTrail to verify Amazon EC2 activity in the account.

D.

Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

Full Access
Question # 29

A company's application running on Amazon EC2 Linux recently crashed because it ran out ot available memory. Management wants to be alerted if this ever happens again. Which combination of steps will accomplish this? (Select TWO.)

A.

Create an Amazon CloudWatch dashboard to monitor the memory usage metrics on the Instance over time.

B.

Create an alarm on the dashboard that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

C.

Create an alarm on the metric that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

D.

Create an alarm on the AWS Personal Health Dashboard that publishes an Amazon SNS notification to alert the CIO when the system is out of memory.

E.

Configure the Amazon CloudWatch agent to collect and push memory usage metrics on the instance.

Full Access
Question # 30

A medical imaging company needs lo process large amounts of imaging data in real time using a specific instance type. The company wants to guarantee sufficient resource capacity for 1 year

Which action will meet these requirements in the MOST cost-effective manner?

A.

Create 1-year On-Demand Capacity Reservations in the specific Availability Zones

B.

Launch Amazon EC2 instances with termination protection enabled

C.

Purchase 1 -year Reserved Instances in the specific Availability Zones

D.

Use a Spot Fleet across multiple Availability Zones

Full Access
Question # 31

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?

A.

Use Amazon CloudFront to log the URL and forward the request

B.

Use Amazon CloudFront to rewrite the header based on the microservice and forward the request

C.

Use a Network Load Balancer (NLB) and do path-based routing

D.

Use an Application Load Balancer (ALB) and do path-based routing

Full Access
Question # 32

A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months

What is the process to rotate the key?

A.

Enable automatic key rotation tor the CMK and specify a period of 6 months

B.

Create a new CMK with new imported material and update the key alias to point to the new CMK

C.

Delete the current key material and import new material into the existing CMK

D.

Import a copy of the existing key material into a new CMK as a backup and set the rotation schedule for 6 months

Full Access
Question # 33

A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.

How should the Administrator accomplish this?

A.

Use the set-alarm-state command in AWS CloudTrail to invoke the Amazon SNS notification

B.

Use CloudWatch custom metrics to set the alarm state in AWS CloudTrail and enable Amazon SNS notifications

C.

Use EC2 instance metadata to manually set the CPU utilization to 75% and invoke the alarm state

D.

Use the set-alarm-state command in the AWS CLI for CloudWatch

Full Access
Question # 34

A company has a sales department and a marketing department. The company uses one AWS account. There Is a need to determine what charges are incurred on the AWS platform by each department. There is also a need to receive notifications when a specified cost level is approached or exceeded.

Which actions must a SysOps administrator take to achieve both requirements with the LEAST amount of administrative overhead? (Select TWO.)

A.

Use AWS Trusted Advisor to obtain a report containing the checked items in the Cost Optimization pillar

B.

Download the detailed billing report, upload it to a database, and match the line items with a list of known resources by department.

C.

Create a script by using the AWS CLI to automatically apply tags to existing resources (or each department. Schedule the script to run weekly.

D.

Use AWS Organizations to create a department Organizational Unit and allow only authorized personnel in each department to create resources.

E.

Create a Budget from the Billing and Cost Management console. Specify the budget type as Cost, assign tags for each department, define notifications, and specify any other options as required.

Full Access
Question # 35

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead''

A.

Create a role for each department within AWS 1AM and assign each role the necessary permissions.

B.

Create a user for each department within AWS 1AM and assign each user the necessary permissions.

C.

Implement service control policies within AWS Organizations to determine which resources each department can access

D.

Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

Full Access
Question # 36

An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.

What is the MOST cost-effective way to run this workload?

A.

Run the application on On-Demand EC2 instances. Run the jobs on Spot Instances with a specified duration.

B.

Run the application on Reserved Instance EC2 instances. Run the jobs on AWS Lambda.

C.

Run the application on On-Demand EC2 instances. Run the jobs on On-Demand EC2 instances.

D.

Run the application on Reserved instance EC2 instances. Run the jobs on Spot Instances with a specified duration.

Full Access
Question # 37

A company’s static website hosted on Amazon S3 was launched recently, and is being used by tens of thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.

Why are these errors occurring?

A.

The request rate to Amazon S3 is too high.

B.

There is an error with the Amazon RDS database.

C.

The requests to Amazon S3 do not have the proper permissions.

D.

The users are in different geographical region and Amazon Route 53 is restricting access.

Full Access
Question # 38

A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.

Which solution will meet these requirements?

A.

Set up an AWS Config rule to alert based on changes to any Cloud Formation stack. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.

B.

Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.

C.

Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update:*

D.

Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource names (ARNs) of the protected resources.

Full Access
Question # 39

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all. introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.

What should the administrator do to meet these requirements?

A.

Create an 1AM managed policy lo deny access to ports 22 and 3389 on any security groups in a VPC.

B.

Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.

C.

Enable AWS Trusted Advisor to remediate public port access.

D.

Use AWS Systems Manager configuration compliance to remediate public port access.

Full Access