New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

Questions 4

A company is running an application on Amazon EC2 instances. The company needs to stop all development instances during non-business hours to reduce costs. The instances must be started again at trie beginning of each business day.

Which solution meets these requirements with the LEAST administrative overhead?

Options:

A.

Add the instances to an EC2 Auto Scaling group. Configure the scaling policy to scale in when the instances are at low CPU utilization levels.

B.

Create a cron script on each EC2 instance that shuts down the instance at the end of each day.

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that triggers an Amazon Simple Notification Service (Amazon SNS) topic to let a SysOps administrator know to start or stop the EC2 instances.

D.

Create Amazon EventBridge (Amazon CloudWatch Events) scheduled rules that trigger an AWS Lambda function to start or stop the EC2 instances.

Buy Now
Questions 5

The Accounting department would like to receive billing updates more than once a month. They would like the updates to be in a format that can easily be viewed with a spreadsheet application.

How can this request be fulfilled?

Options:

A.

Use Amazon CloudWatch Events to schedule a billing inquiry on a bi-weekly basis. Use AWS Glue to convert the output to CSV.

B.

Set AWS Cost and Usage Reports to publish bills daily to an Amazon S3 bucket in CSV format.

C.

Use the AWS CLI to output billing data as JSON. Use Amazon SES to email bills on a daily basis.

D.

Use AWS Lambda, triggered by CloudWatch, to query billing data and push to Amazon RDS.

Buy Now
Questions 6

A company is planning to expand into an additional AWS region for disaster recovery purposes. the company uses AWS CloudFormation, and its infrastructure is well-defined as code. The company would like to reuse as much of its existing code as possible when deploying resources to additional Regions.

A SysOps Administrator is reviewing how Amazon Machine Images (AMIs) are selected in AWS CloudFormation, but is having trouble making the same stack work in the new Region.

Which action would make it easier to manage multiple Regions?

Options:

A.

Name each AMI in the new Region exactly the same as the equivalent AMI in the first Region.

B.

Duplicate the stack so unique AMI names can be coded into the appropriate stack.

C.

Create an alias for each AMI so that an AMI can be referenced by a common name across Regions.

D.

Create a Mappings section in the stack, and define the Region to AMI associations.

Buy Now
Questions 7

After launching a new Amazon EC2 instance from a Microsoft Windows 2012 Amazon Machine Image (AMI), the SysOps Administrator is unable to connect to the instance using Remote Desktop Protocol (RDP). The instance is also unreachable. As part of troubleshooting, the Administrator deploys a second instance from a different AMI using the same configuration and is able to connect to the instance.

What should be the next logical step in troubleshooting the first instance?

Options:

A.

Use AWS Trusted Advisor to gather operating system log files for analysis.

B.

Use VPC Flow Logs to gather operating system log files for analysis.

C.

Use EC2Rescue to gather operating system log files for analysis.

D.

Use Amazon metrics using Amazon CloudWatch Logs.

Questions 8

A company uses AWS CloudFotmatlon to provision ils VPC. Amazon EC2 instances, and Amazon RDS DB instance The DB instance was deleted manually. When the stack was updated, it (ailed. During rollback, the stack returned the UPDATE_ROLLBACK_FAILEO state. A SysOps administrator must return the AWS Cloud Formation stack to a working state without interrupting existing resources.

Which solution will meet this requirement?

Options:

A.

Continue the update rollback while skipping the resources that have been manually deleted.

B.

Run the signal-resource command with the 08 instance name to proceed with the stack rollback.

C.

Recreate the DB Instance using the same resource name, and update the stack.

D.

Remove Amazon RDS from the template, and update the stack.

Buy Now
Questions 9

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?

Options:

A.

AWS Cost Explorer

B.

AWS Config

C.

AWS Organizations

D.

AWS Budgets

Buy Now
Questions 10

A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.

How should the company these requirements?

Options:

A.

Shut down the EC2 instance. Enable multi-AZ replication within the EC2 instance, then restart the instance.

B.

Launch a secondary EC2 instance running MySQL Configure a cron job that backs up the database on the primary EC2 instance and copies it to the secondary instance every 30 minutes.

C.

Migrate the database to an RDS Aurora DB instance and create a Read Replication in another Availability Zone.

D.

Create an Amazon RDS Microsoft SQL DB instance and enable multi-Az replication. Back up the existing data and import in to the new database.

Buy Now
Questions 11

A SysOps Administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select two.)

Options:

A.

Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings

B.

Change the Viewer Protocol Policy to use HTTPS only

C.

Configure the distribution to use presigned cookies and URLs to restrict access to the distribution

D.

Enable automatic compression of objects in the Cache Behavior Settings

E.

Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Buy Now
Questions 12

A SysOps Administrator needs an Amazon EBS volume type for a big data application. The application data is accessed infrequently and stored sequentially.

What EBS volume type will be the MOST cost-effective solution?

Options:

A.

Provisioned IOPS SSD (io1)

B.

Cold HDD (sc1)

C.

Throughput Optimized HDD (st1)

D.

General Purpose SSD (gp2)

Buy Now
Questions 13

An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.

What Amazon Glacier configuration option should be used to meet this compliance requirements?

Options:

A.

A Glacier data retrieval policy.

B.

A Glacier Vault access policy.

C.

A Glacier vault lock policy.

D.

A Glacier vault notification

Buy Now
Questions 14

A SysOps administrator implemented the following bucket policy to allow only the corporate IP address range of 54.240.143.0/24 to access objects in an Amazon S3 bucket.

Some employees are reporting that they are able to access the S3 bucket from IP addresses outside the corporate IP address range.

How can the Administrator address this issue?

Options:

A.

Modify the Condition operator to include both NotIpAddress and IpAddress to prevent unauthorized access to the S3 bucket.

B.

Modify the Condition element from the IAM policy to aws:StringEquals instead of aws:SourceIp.

C.

Modify the IAM policy instead of the bucket policy to restrict users from accessing the bucket based on their source IP addresses.

D.

Change Effect from Allow to Deny in the second statement of the policy to deny requests not from the source IP range.

Buy Now
Questions 15

A SysOps Administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing What should the SysOps Administrator do first to resolve this issue?

Options:

A.

Reboot the EC2 instance so it can be launched on a new host

B.

Stop and then start the EC2 instance so that it can be launched on a new host

C.

Terminate the EC2 instance and relaunch it.

D.

View the AWS CloudTrail log to investigate what changed on the EC2 instance

Buy Now
Questions 16

A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.

What will be the result of this configuration?

Options:

A.

Amazon CloudWatch will not capture the data because it is in the future.

B.

Amazon CloudWatch will accept the custom metric data and record it.

C.

The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.

D.

The Amazon CloudWatch agent will agent check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

Buy Now
Questions 17

Website users report that an application's pages are loading slowly at the beginning of the workday The application runs on Amazon EC2 instances and data is stored in an Amazon RDS database The SysOps Administrator suspects the issue is related to high CPU usage on a component of this application

How can the Administrator find out which component is causing the performance bottleneck?

Options:

A.

Use AWS CloudTrail to review the resource usage history for each component

B.

Use Amazon CloudWatch metrics to examine the resource usage of each component

C.

Use Amazon Inspector to view the resource usage details for each component

D.

Use Amazon CloudWatch Events to examine the high usage events for each component

Buy Now
Questions 18

A SysOps administrator is maintaining an application running on Amazon EBS-backed Amazon EC2 instances in an Amazon EC2 Auto scaling group. The application is set to automatically terminate unhealthy instances. The administrator wants to preserve application logs from these instances for failure analysis.

Which action will accomplish this?

Options:

A.

Change the storage type from EBS to instance stone.

B.

Configure an Amazon CloudWatch Events rule to transfer the logs to Amazon S3 upon an EC2 state change to terminate.

C.

Configure the unified CloudWatch agent to stream the logs to Amazon CloudWatch Logs.

D.

Configure VPC Flow logs for the subnet hosting the EC2 instance.

Buy Now
Questions 19

A sysops administrator has an AWS Lambda function that performs maintenance on various AWS resources. This function must be run nightly. Which is the MOST cost-effective solution?

Options:

A.

Launch a single t2.nano Amazon EC2 instance and create a Linux cron job to invoke the Lambda function at the same time every night.

B.

Set up an Amazon CloudWatch metrics alarm to invoke the Lambda function at the same time every night.

C.

Schedule a CloudWatch event to invoke the Lambda function at the same time every night.

D.

Implement a Chef recipe in AWS OpsWorks stack to invoke the Lambda function at the same time every night.

Buy Now
Questions 20

A popular auctioning platform requires near-real-time access to dynamic bidding information. The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during the weekend auction and can no longer be resized. To improve application performance, a sysops administrator is evaluating Amazon ElastiCache and has chosen Redis (cluster mode enabled) instead of Memcached

What are reasons for making this choice? (Select TWO.)

Options:

A.

Data partitioning

B.

Multi-threaded processing

C.

Multi-AZ with automatic failover

D.

Multi-region with automatic failover

E.

Online resharding

Buy Now
Questions 21

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all. introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.

What should the administrator do to meet these requirements?

Options:

A.

Create an 1AM managed policy lo deny access to ports 22 and 3389 on any security groups in a VPC.

B.

Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.

C.

Enable AWS Trusted Advisor to remediate public port access.

D.

Use AWS Systems Manager configuration compliance to remediate public port access.

Buy Now
Questions 22

Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?

Options:

A.

Performing underlying OS updates

B.

Provisioning of storage for database

C.

Scheduling maintenance, patches, and other updates

D.

Executing maintenance, patches, and other updates

Buy Now
Questions 23

A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.

What is the MOST efficient approach to accomplish this?

Options:

A.

Write a AWS lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.

B.

Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.

C.

Redesign the aggregation of logs so that each team’s relevant parts are sent to a separate log group, then subscribe each team to its respective log group.

D.

Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull streams, look for patterns, and send notifications to relevant teams.

Buy Now
Questions 24

An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3. With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.

Which service would be the MOST efficient way to transfer this data to Amazon S3?

Options:

A.

AWS Snowball

B.

AWS Direct Connect

C.

AWS Storage Gateway

D.

Amazon S3 Transfer Acceleration

Buy Now
Questions 25

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

Options:

A.

Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

Buy Now
Questions 26

An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.

What should the organization do to reduce costs?

Options:

A.

Purchase Reserved Instances for the specific m2 instances

B.

Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances

C.

Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.

D.

Purchase Spot Instances for the specific m2 instances

Buy Now
Questions 27

A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.

What should the Administrator do to restore the user's file from the snapshot?

Options:

A.

Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.

B.

Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.

C.

Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.

D.

Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.

Buy Now
Questions 28

A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.

What should the Administrator do to enable user-defined cost allocation tags?

Options:

A.

Log in to the AWS Billing and Cost Management console of the new account, and use the Cost Allocation Tags manager to create the new user-defined cost allocation tags.

B.

Log in to the AWS Billing and Cost Management console of the payer account, and use Cost Allocation Tags manager to create the new user-defined cost allocation tags.

C.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the new account to mark the tags as cost allocation tags.

D.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the payer account to mark the tags as cost allocation tags.

Buy Now
Questions 29

A company's IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.

What should a SysOps Administrator do to collect this information? (Select TWO)

Options:

A.

Activate the createdBy tag in the account

B.

Analyze the usage with Amazon CloudWatch dashboards

C.

Analyze the usage with Cost Explorer

D.

Configure AWS Trusted Advisor to track resource usage

E.

Create a billing alarm in AWS Budgets

Buy Now
Questions 30

A company has enabled AWS CloudTrail to monitor all actions across its AWS infrastructure The company would now like to add functionality to validate the file integrity of the collected AWS CloudTrail logs

How should the SysOps Administrator implement this requirement?

Options:

A.

Enable log file integrity validation in AWS Config

B.

Enable log file integrity validation in Amazon CloudTrail

C.

Use the Amazon Inspector log file integrity feature

D.

Use AWS KMS to perform log file integrity validation in Amazon CloudTrail

Buy Now
Questions 31

An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data A new company policy requires the secondary volume to be encrypted at rest. Which solution will meet this requirement?

Options:

A.

Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.

B.

Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.

C.

Stop the EC2 instance. Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.

D.

Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.

Buy Now
Questions 32

An application is running on Amazon EC2 Instances behind an Application Load Balancer (ALB). An operations team wants to be notified in near-teal time when the ALB has issues connecting to backend EC2 instances.

Which solution will meet these requirements with the LEAST amount of effort?

Options:

A.

Configure the ALB to send logs to Amazon S3. Write an AWS Lambda function to process the log files and send an email message to the operations team when the number of requests exceeds the threshold.

B.

Create an Amazon CloudWatch rule to monitor the HealthyHostCount metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when HealthyHostCount is equal to zero.

C.

Create an Amazon CloudWatch rule lo monitor the TargetConnectionErrorCount metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when TargetConnectionErrorCount is greater than 1.

D.

Create an Amazon CloudWatch rule to monitor the HTTPCode_Target_5XX_Count metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when HTTPCode_Target_5XX_Count is greater than zero.

Buy Now
Questions 33

A company’s customers are reporting increased latency while accessing static web content from Amazon S3. A SysOps Administrator observed a very high rate of read operations on a particular S3 bucket.

What will minimize latency by reducing load on the S3 bucket?

Options:

A.

Migrate the S3 bucket to a region that is closer to end users’ geographic locations.

B.

Use cross-regions replication to replicate all of the data to another region.

C.

Create an Amazon CloudFront distribution with the S3 bucket as the origin.

D.

Use Amazon ElasticCache to cache data being served from Amazon S3.

Buy Now
Questions 34

A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.

How can these requirements be met?

Options:

A.

Create read replicas for the RDS database and use them in case of a database failure

B.

Create a new RDS instance from the snapshot of the original RDS instance if a failure occurs

C.

Keep a separate RDS database running and switch the endpoint in the web application if a failure occurs

D.

Modify the RDS instance to be a Multi-AZ deployment

Buy Now
Questions 35

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

Options:

A.

Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.

B.

Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.

C.

Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.

D.

Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Buy Now
Questions 36

An environment company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and Expressures (CVE) report. The Security tea, requests that all these instances be upgraded.

Who is responsible for upgrading the EC2 instances?

Options:

A.

The AWS Security team

B.

The Amazon EC2 team

C.

The AWS Premium Support team

D.

The company’s System Administrator

Buy Now
Questions 37

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.

Which of the following tools or services provides this information?

Options:

A.

Amazon CloudWatch

B.

AWS CloudTrail

C.

Elastic Load Balancing access logs

D.

VPC Flow Logs

Buy Now
Questions 38

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

Options:

A.

AWS/ApplicationELB HealthyHostCount <= 0

B.

AWS/ApplicationELB UnhealthyHostCount >= 1

C.

AWS/EC2 StatusCheckFailed <= 0

D.

AWS/EC2 StatusCheckFailed >= 1

Buy Now
Questions 39

An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.

What is a possible cause of this failure?

Options:

A.

The IAM user did not have privileges to launch the CloudFormation template.

B.

The t2 medium EC2 instance service limit was reached.

C.

An AWS Budgets threshold was breached.

D.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Dec 30, 2024
Questions: 263

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99