• Home
  • Articles
  • Best Amazon SOA-C02 Exam Practice Material Updated on Dec 26, 2023 [Q224-Q246]

Best Amazon SOA-C02 Exam Practice Material Updated on Dec 26, 2023 [Q224-Q246]

Share

Best Amazon SOA-C02 Exam Practice Material Updated on Dec 26, 2023

New SOA-C02 Actual Exam Dumps,  Amazon Practice Test


Amazon SOA-C02 exam is a valuable certification for professionals working in the sysops administrator role on the AWS platform. It demonstrates their knowledge and skills in managing and operating applications on AWS, and can help them advance their careers in the cloud computing industry.

 

NEW QUESTION # 224
A company must ensure that any objects uploaded to an S3 bucket are encrypted.
Which of the following actions will meet this requirement? (Choose two.)

  • A. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
  • B. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
  • C. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
  • D. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
  • E. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.

Answer: B,C


NEW QUESTION # 225
A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold.
What should the SysOps administrator do to collect this data?

  • A. Use Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week period. Sort by a 1-minute interval.
  • B. Use the ALB's RequestCount metric. Configure a time range of 2 weeks and a period of 1 minute. Examine the chart to determine peak traffic times and volumes.
  • C. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances.
  • D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure an EC2 event matching pattern that creates a metric that is based on EC2 requests. Display the data in a graph.

Answer: B

Explanation:
Using the ALB's RequestCount metric will allow the SysOps administrator to collect information about total requests for a 2-week period and determine when requests exceeded the threshold of 100 requests per second. Configuring a time range of 2 weeks and a period of 1 minute will ensure that the data can be accurately examined to determine peak traffic times and volumes.


NEW QUESTION # 226
A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS volumes that store the data are encrypted, but some of the EBS volumes are unencrypted. The company needs the backup data from all the EBS volumes to be encrypted.
Which solution will meet these requirements with the LEAST management overhead?

  • A. Schedule an AWS Lambda function with the Python runtime. Configure the Lambda function to create the EBS volume snapshots, encrypt the unencrypted snapshots, and copy the snapshots to another Region.
  • B. Configure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enabled. Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS).
  • C. Create a point-in-time snapshot of the EBS volumes. When the snapshot status is COMPLETED, copy the snapshots to another Region and set the Encrypted parameter to False.
  • D. Create a point-in-time snapshot of the EBS volumes. Copy the snapshots to an Amazon S3 bucket that uses server-side encryption. Turn on S3 Cross-Region Replication on the S3 bucket.

Answer: B

Explanation:
Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS). This solution will allow the company to automatically create encrypted snapshots of the EBS volumes and copy them to different AWS Regions with minimal effort.


NEW QUESTION # 227
A company is using an AWS KMS customer master key (CMK) with imported key material The company Reference the CMK by its alias in the Java application to encrypt data The CMK must be rotated every 6 months What is the process to rotate the key?

  • A. Enable automatic key rotation for the CMK and specify a period of 6 months
  • B. Delete the current key material, and import new material into the existing CMK
  • C. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
  • D. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months

Answer: C


NEW QUESTION # 228
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.
Which solution will give the application the ability to resolve the internal domain names?

  • A. Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.
  • B. Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
  • C. Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.
  • D. Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.

Answer: B

Explanation:
https://docs.aws.amazon.com/zh_tw/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html


NEW QUESTION # 229
A company has a simple web application that runs on a set of Amazon EC2 instances behind an Elastic Load Balancer in the eu-west-2 Region. Amazon Route 53 holds a DNS record for the application with a simple touting policy.
Users from all over the world access the application through their web browsers.
The company needs to create additional copies of the application in the us-east-1 Region and in the ap-south-1 Region.
The company must direct users to the Region that provides the fastest response times when the users load the application.
What should a SysOps administrator do to meet these requirements?

  • A. In each new Region, create a copy of the application on new EC2 instances.
    Add these new EC2 instances to the Elastic Load Balancer in eu-west-2.
    Transition to a latency routing policy.
  • B. In each new Region, create a copy of the application on new EC2 instances.
    Add these new EC2 instances to the Elastic Load Balancer in eu-west-2.
    Transition to a multivalue routing policy.
  • C. In each new Region, create a new Elastic Load Balancer and a new set of EC2 instances to run a copy of the application.
    Transition to a latency routing policy.
  • D. In each new Region, create a new Elastic Load Balancer and a new set of EC2 Instances to run a copy of the application.
    Transition to a geolocation routing policy.

Answer: C


NEW QUESTION # 230
An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership What is the BEST method to allow access using current LDAP credentials?

  • A. Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server
  • B. Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions
  • C. Create a Lambda function to read LDAP groups and automate the creation of IAM users
  • D. Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD

Answer: B


NEW QUESTION # 231
An AWS Lambda function is intermittently failing several times a day A SysOps administrator must find out how often this error has occurred in the last 7 days Which action will meet this requirement in the MOST operationally efficient manner?

  • A. Use Amazon Athena to query the Amazon CloudWatch logs that are associated with the Lambda function
  • B. Use Amazon Elasticsearch Service (Amazon ES) to stream the Amazon CloudWatch logs for the Lambda function
  • C. Use Amazon CloudWatch Logs Insights to query the associated Lambda function logs
  • D. Use Amazon Athena to query the AWS CloudTrail logs that are associated with the Lambda function

Answer: C


NEW QUESTION # 232
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

  • A. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
  • B. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.
  • C. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.
  • D. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

Answer: D

Explanation:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html If you're using AWS Organizations, check the service control policies for any statements that explicitly deny Amazon S3 access. In particular, check the service control policies for statements denying the s3:PutBucketPolicy action. https://aws.amazon.com/tw/premiumsupport/knowledge-center/s3-access-denied-bucket-policy/


NEW QUESTION # 233
A SysOps administrator receives notification that an application that is running on Amazon EC2 instances has failed to authenticate to an Amazon RDS database. To troubleshoot, the SysOps administrator needs to investigate AWS Secrets Manager password rotation.
Which Amazon CloudWatch log will provide insight into the password rotation?

  • A. AWS CloudTrail logs
  • B. AWS Lambda function logs
  • C. EC2 instance application logs
  • D. RDS database logs

Answer: C


NEW QUESTION # 234
A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones.
The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.
What is the MOST cost-effective way to resize the cluster?

  • A. Perform an online resizing for the ElastiCache for Redis cluster.
    Change the node types from extralarge nodes to large nodes.
  • B. Deploy a new ElastiCache for Redis cluster that uses large node types.
    Take a backup from the original cluster, and restore the backup in the new cluster.
    After the process is complete, shut down the original cluster.
  • C. Deploy a new ElastiCache for Redis cluster that uses large node types.
    Migrate the data from the original cluster to the new cluster.
    After the process is complete, shut down the original cluster.
  • D. Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.

Answer: A

Explanation:
https://docs.amazonaws.cn/en_us/AmazonElastiCache/latest/red-ug/redis-cluster-vertical-scaling- scaling-down.html#redis-cluster-vertical-scaling-down-console


NEW QUESTION # 235
A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas.
Which solution will meet these requirements?

  • A. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
  • B. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
  • C. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
  • D. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.

Answer: B

Explanation:
CloudWatch alarms allow you to monitor AWS resources, and you can configure an SNS topic to send an email notification each time one of the alarms is triggered. This will ensure that the company receives email notifications each time one of the service quotas is exceeded, allowing the company to take action as needed.


NEW QUESTION # 236
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer. The instances are in an Amazon EC2 Auto Scaling group. The application is accessed with a public URL.
A SysOps administrator needs to implement a monitoring solution that checks the availability of the application and follows the same routes and actions as a customer. The SysOps administrator must receive a notification if less than 95% of the monitoring runs find no errors.
Which solution will meet these requirements?

  • A. Create an AWS Lambda function for each customer path to check whether that specific endpoint is available. Schedule the Lambda functions by using Amazon EventBridge (Amazon CloudWatch Events). Configure each Lambda function to publish a custom metric to Amazon CloudWatch for the endpoint status. Create CloudWatch alarms based on each custom metric to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when an alarm is in the ALARM state.
  • B. Create Amazon Route 53 health checks that monitor the availability of the endpoint. Create Amazon CloudWatch alarms that publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when the HealthCheckPercentageHealthy metric is less than 95%.
  • C. Create an Amazon CloudWatch Synthetics canary with a script that follows customer routes.
    Schedule the canary to run on a recurring schedule. Create a CloudWatch alarm that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic when the SuccessPercent metric is less than 95%.
  • D. Create a single AWS Lambda function to check whether the endpoints are available for each customer path. Schedule the Lambda function by using Amazon EventBridge (Amazon CloudWatch Events). Configure the Lambda function to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when an endpoint returns an error.

Answer: C

Explanation:
You can use Amazon CloudWatch Synthetics to create canaries, configurable scripts that run on a schedule, to monitor your endpoints and APIs. Canaries follow the same routes and perform the same actions as a customer, which makes it possible for you to continually verify your customer experience even when you don't have any customer traffic on your applications. By using canaries, you can discover issues before your customers do.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_ Canaries.html


NEW QUESTION # 237
An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

Which entry must a SysOps administrator add to the route table to meet this requirement?

  • A. A route for 0.0.0.0/0 that points to a NAT gateway
  • B. A route for 0.0.0.0/0 that points to an elastic network interface
  • C. A route for 0.0.0.0/0 that points to an egress-only internet gateway
  • D. A route for 0.0.0.0/0 that points to an internet gateway

Answer: D


NEW QUESTION # 238
A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application.
The application sends messages to the queue with unique message bodies. The company decides to switch to an SQS FIFO queue.
What must the company do to migrate to an SQS FIFO queue?

  • A. Modify the queue type from SQS standard to SQS FIFO.
    Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages.
  • B. Create a new SQS FIFO gueue.
    Turn on content based deduplication on the new FIFO queue.
    Update the application to include a message group ID in the messages.
  • C. Create a new SQS FIFO queue.
    Update the application to include the DelaySeconds parameter in the messages.
  • D. Modify the queue type from SQS standard to SQS FIFO.
    Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages.

Answer: B

Explanation:
Every message sent to a FIFO queue requires a message group ID. If you don't need multiple ordered message groups, specify the same message group ID for all your messages.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO- queues-moving.html


NEW QUESTION # 239
A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service.
Which of the following is the cause of this issue?

  • A. The SSH key pair is incorrect
  • B. The server certificate is missing
  • C. There is no access key
  • D. The IAM password is incorrect

Answer: C

Explanation:
You don't use passwords in AWS CLI. You use access and secret access key.


NEW QUESTION # 240
A company has launched a social media website that gives users the ability to upload images directly to a centralized Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3 bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed.
What should the SysOps administrator do to meet these requirements?

  • A. Create S3 access points in Regions that are closer to the users.
  • B. Enable S3 Transfer Acceleration on the S3 bucket.
  • C. Enable cross-origin resource sharing (CORS) on the S3 bucket.
  • D. Create an accelerator in AWS Global Accelerator for the S3 bucket.

Answer: B

Explanation:
Reference:
You might want to use Transfer Acceleration on a bucket for various reasons: ->Your customers upload to a centralized bucket from all over the world. ->You transfer gigabytes to terabytes of data on a regular basis across continents. ->You can't use all of your available bandwidth over the internet when uploading to Amazon S3." https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html


NEW QUESTION # 241
A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.
Which solution will meet these requirements?

  • A. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.
  • B. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
  • C. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
  • D. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the reboot parameter enabled.

Answer: B

Explanation:
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinAMI.html
"NoReboot By default, Amazon EC2 attempts to shut down and reboot the instance before creating the image. If the No Reboot option is set, Amazon EC2 doesn't shut down the instance before creating the image. When this option is used, file system integrity on the created image can't be guaranteed." Besides, we can use AWS EventBridge to invoke Lambda function https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html


NEW QUESTION # 242
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?

  • A. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
  • B. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
  • C. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
  • D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Answer: C


NEW QUESTION # 243
A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.) Create a Systems Manager Distributor package for the third-party agent.

  • A. Make sure that Systems Manager Inventory Is configured. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows.
  • B. Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsitem. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day.
  • C. Create a Systems Manager State Manager- association to run the AWS-ConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
  • D. Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day

Answer: A,B

Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor-working-with-packages-deploy.html


NEW QUESTION # 244
A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions.
What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?

  • A. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization's management account.
  • B. Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.
  • C. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.
  • D. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.

Answer: B


NEW QUESTION # 245
A SysOps administrator must create a solution that immediately notifies software developers if an AWS Lambda function experiences an error.
Which solution will meet this requirement?

  • A. Verify each developer email address in Amazon Simple Email Service (Amazon SES).
    Create an Amazon CloudWatch rule by using the LambdaError metric and developer email addresses as dimensions.
    Configure the rule to send an email through Amazon SES when the rule state reaches ALARM.
  • B. Create an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer.
    Create an Amazon CloudWatch alarm by using the Errors metric and the Lambda function name as a dimension.
    Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
  • C. Verify each developer mobile phone in Amazon Simple Email Service (Amazon SES).
    Create an Amazon EventBridge (Amazon CloudWatch Events) rule by using Error as the event pattern and the Lambda function name as a resource.
    Configure the rule to send a push notification through Amazon SES when the rule state reaches ALARM.
  • D. Create an Amazon Simple Notification Service (Amazon SNS) topic with a mobile subscription for each developer.
    Create an Amazon EventBridge (Amazon CloudWatch Events) alarm by using the LambdaError as the event pattern and the SNS topic name as a resource.
    Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.

Answer: B

Explanation:
https://aws.amazon.com/blogs/mt/get-notified-specific-lambda-function-error-patterns-using- cloudwatch/


NEW QUESTION # 246
......


The SOA-C02 exam covers a wide range of topics, including AWS services, deployment models, monitoring and logging, security and compliance, and networking. To pass the exam, candidates must demonstrate their ability to design, deploy, and maintain highly available, scalable, and fault-tolerant systems on AWS.

 

Study HIGH Quality SOA-C02 Free Study Guides and Exams Tutorials: https://www.braindumpspass.com/Amazon/SOA-C02-practice-exam-dumps.html

Download Amazon SOA-C02 Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1VvqTfILBD8YrhMkjZ1kx0mfdP0xTqkZ1

Related Articles

more
Amazon SOA-C02 Certification Practice Exam