SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

Add the instances to an EC2 Auto Scaling group. Configure the scaling policy to scale in when the instances are at low CPU utilization levels.

Create a cron script on each EC2 instance that shuts down the instance at the end of each day.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that triggers an Amazon Simple Notification Service (Amazon SNS) topic to let a SysOps administrator know to start or stop the EC2 instances.

Create Amazon EventBridge (Amazon CloudWatch Events) scheduled rules that trigger an AWS Lambda function to start or stop the EC2 instances.

Use Amazon CloudWatch Events to schedule a billing inquiry on a bi-weekly basis. Use AWS Glue to convert the output to CSV.

Set AWS Cost and Usage Reports to publish bills daily to an Amazon S3 bucket in CSV format.

Use the AWS CLI to output billing data as JSON. Use Amazon SES to email bills on a daily basis.

Use AWS Lambda, triggered by CloudWatch, to query billing data and push to Amazon RDS.

Name each AMI in the new Region exactly the same as the equivalent AMI in the first Region.

Duplicate the stack so unique AMI names can be coded into the appropriate stack.

Create an alias for each AMI so that an AMI can be referenced by a common name across Regions.

Create a Mappings section in the stack, and define the Region to AMI associations.

Use AWS Trusted Advisor to gather operating system log files for analysis.

Use VPC Flow Logs to gather operating system log files for analysis.

Use EC2Rescue to gather operating system log files for analysis.

Use Amazon metrics using Amazon CloudWatch Logs.

Continue the update rollback while skipping the resources that have been manually deleted.

Run the signal-resource command with the 08 instance name to proceed with the stack rollback.

Recreate the DB Instance using the same resource name, and update the stack.

Remove Amazon RDS from the template, and update the stack.

AWS Cost Explorer

AWS Config

AWS Organizations

AWS Budgets

Shut down the EC2 instance. Enable multi-AZ replication within the EC2 instance, then restart the instance.

Launch a secondary EC2 instance running MySQL Configure a cron job that backs up the database on the primary EC2 instance and copies it to the secondary instance every 30 minutes.

Migrate the database to an RDS Aurora DB instance and create a Read Replication in another Availability Zone.

Create an Amazon RDS Microsoft SQL DB instance and enable multi-Az replication. Back up the existing data and import in to the new database.

Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings

Change the Viewer Protocol Policy to use HTTPS only

Configure the distribution to use presigned cookies and URLs to restrict access to the distribution

Enable automatic compression of objects in the Cache Behavior Settings

Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Provisioned IOPS SSD (io1)

Cold HDD (sc1)

Throughput Optimized HDD (st1)

General Purpose SSD (gp2)

A Glacier data retrieval policy.

A Glacier Vault access policy.

A Glacier vault lock policy.

A Glacier vault notification

Modify the Condition operator to include both NotIpAddress and IpAddress to prevent unauthorized access to the S3 bucket.

Modify the Condition element from the IAM policy to aws:StringEquals instead of aws:SourceIp.

Modify the IAM policy instead of the bucket policy to restrict users from accessing the bucket based on their source IP addresses.

Change Effect from Allow to Deny in the second statement of the policy to deny requests not from the source IP range.

Reboot the EC2 instance so it can be launched on a new host

Stop and then start the EC2 instance so that it can be launched on a new host

Terminate the EC2 instance and relaunch it.

View the AWS CloudTrail log to investigate what changed on the EC2 instance

Amazon CloudWatch will not capture the data because it is in the future.

Amazon CloudWatch will accept the custom metric data and record it.

The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.

The Amazon CloudWatch agent will agent check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

Use AWS CloudTrail to review the resource usage history for each component

Use Amazon CloudWatch metrics to examine the resource usage of each component

Use Amazon Inspector to view the resource usage details for each component

Use Amazon CloudWatch Events to examine the high usage events for each component

Change the storage type from EBS to instance stone.

Configure an Amazon CloudWatch Events rule to transfer the logs to Amazon S3 upon an EC2 state change to terminate.

Configure the unified CloudWatch agent to stream the logs to Amazon CloudWatch Logs.

Configure VPC Flow logs for the subnet hosting the EC2 instance.

Launch a single t2.nano Amazon EC2 instance and create a Linux cron job to invoke the Lambda function at the same time every night.

Set up an Amazon CloudWatch metrics alarm to invoke the Lambda function at the same time every night.

Schedule a CloudWatch event to invoke the Lambda function at the same time every night.

Implement a Chef recipe in AWS OpsWorks stack to invoke the Lambda function at the same time every night.

Data partitioning

Multi-threaded processing

Multi-AZ with automatic failover

Multi-region with automatic failover

Online resharding

Create an 1AM managed policy lo deny access to ports 22 and 3389 on any security groups in a VPC.

Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.

Enable AWS Trusted Advisor to remediate public port access.

Use AWS Systems Manager configuration compliance to remediate public port access.

Performing underlying OS updates

Provisioning of storage for database

Scheduling maintenance, patches, and other updates

Executing maintenance, patches, and other updates

Write a AWS lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.

Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.

Redesign the aggregation of logs so that each team’s relevant parts are sent to a separate log group, then subscribe each team to its respective log group.

Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull streams, look for patterns, and send notifications to relevant teams.

AWS Snowball

AWS Direct Connect

AWS Storage Gateway

Amazon S3 Transfer Acceleration

Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

Enable S3 server access logging to track requests made to the log bucket for security audits.

Purchase Reserved Instances for the specific m2 instances

Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances

Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.

Purchase Spot Instances for the specific m2 instances

Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.

Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.

Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.

Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.

Log in to the AWS Billing and Cost Management console of the new account, and use the Cost Allocation Tags manager to create the new user-defined cost allocation tags.

Log in to the AWS Billing and Cost Management console of the payer account, and use Cost Allocation Tags manager to create the new user-defined cost allocation tags.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the new account to mark the tags as cost allocation tags.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the payer account to mark the tags as cost allocation tags.

Activate the createdBy tag in the account

Analyze the usage with Amazon CloudWatch dashboards

Analyze the usage with Cost Explorer

Configure AWS Trusted Advisor to track resource usage

Create a billing alarm in AWS Budgets

Enable log file integrity validation in AWS Config

Enable log file integrity validation in Amazon CloudTrail

Use the Amazon Inspector log file integrity feature

Use AWS KMS to perform log file integrity validation in Amazon CloudTrail

Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.

Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.

Stop the EC2 instance. Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.

Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.

Configure the ALB to send logs to Amazon S3. Write an AWS Lambda function to process the log files and send an email message to the operations team when the number of requests exceeds the threshold.

Create an Amazon CloudWatch rule to monitor the HealthyHostCount metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when HealthyHostCount is equal to zero.

Create an Amazon CloudWatch rule lo monitor the TargetConnectionErrorCount metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when TargetConnectionErrorCount is greater than 1.

Create an Amazon CloudWatch rule to monitor the HTTPCode_Target_5XX_Count metric and send Amazon Simple Notification Service (Amazon SNS) messages to the operations team when HTTPCode_Target_5XX_Count is greater than zero.

Migrate the S3 bucket to a region that is closer to end users’ geographic locations.

Use cross-regions replication to replicate all of the data to another region.

Create an Amazon CloudFront distribution with the S3 bucket as the origin.

Use Amazon ElasticCache to cache data being served from Amazon S3.

Create read replicas for the RDS database and use them in case of a database failure

Create a new RDS instance from the snapshot of the original RDS instance if a failure occurs

Keep a separate RDS database running and switch the endpoint in the web application if a failure occurs

Modify the RDS instance to be a Multi-AZ deployment

Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.

Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.

Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.

Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

The AWS Security team

The Amazon EC2 team

The AWS Premium Support team

The company’s System Administrator

Amazon CloudWatch

AWS CloudTrail

Elastic Load Balancing access logs

VPC Flow Logs

AWS/ApplicationELB HealthyHostCount <= 0

AWS/ApplicationELB UnhealthyHostCount >= 1

AWS/EC2 StatusCheckFailed <= 0

AWS/EC2 StatusCheckFailed >= 1

The IAM user did not have privileges to launch the CloudFormation template.

The t2 medium EC2 instance service limit was reached.

An AWS Budgets threshold was breached.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.