Amazon SOA-C02 Exam Questions (Updated 2021) 100% Real Question Answers [Q14-Q35]

Amazon SOA-C02 Exam Questions (Updated 2021) 100% Real Question Answers

Pass Amazon SOA-C02 Exam Quickly With Test4Sure

Amazon SOA-C02 Exam Syllabus Topics:

Topic	Details
Topic 1	Implement networking features and connectivity Validate service control policies and permission boundaries
Topic 2	Implement data and infrastructure protection strategies Implement and manage security and compliance policies
Topic 3	Schedule automated tasks by using AWS services Configure domains, DNS services, and content delivery
Topic 4	Implement Amazon RDS replicas and Amazon Aurora Replicas Remediate issues based on monitoring and availability metrics
Topic 5	Implement backup and restore strategies Create and maintain AWS Auto Scaling plans
Topic 6	Configure Elastic Load Balancer and Amazon Route 53 health checks Configure Amazon EventBridge rules to trigger actions
Topic 7	Provision resources across multiple AWS Regions and accounts Use AWS Systems Manager Automation documents to take action based on AWS Config rules
Topic 8	Implement fault-tolerant workloads Differentiate between the use of a single Availability Zone and Multi-AZ deployments
Topic 9	Troubleshoot or take corrective actions based on notifications and alarms Collect metrics and logs using the CloudWatch agent
Topic 10	Automate snapshots and backups based on use cases Implement high availability and resilient environments
Topic 11	Configure Amazon S3 Cross-Region Replication Select deployment scenarios and services
Topic 12	Implement metrics, alarms, and filters by using AWS monitoring and logging services Differentiate between horizontal scaling and vertical scaling

 

NEW QUESTION 14
A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX) Which backup solution will meet these requirements?

• A. Configure the backup software to use Amazon S3 Glacier as the target for the data backups
• B. Use AWS Storage Gateway, and configure it to use gateway-cached volumes
• C. Configure the backup software to use Amazon S3 as the target for the data backups
• D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes

Answer: D

 

NEW QUESTION 15
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-
85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.
How can this be resolved?

• A. Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
• B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
• C. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
• D. Enable encryption on each host's local drive. Restart each host to encrypt the drive.

Answer: C

 

NEW QUESTION 16
A SysOps administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Select TWO.)

• A. The template requested services that do not exist in eu-west-1.
• B. CloudFormation templates can be used only to update existing services.
• C. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1.
• D. The template did not have the proper level of permissions to deploy the resources.
• E. The template referenced an IAM user that is not available in eu-west-1.

Answer: A,C

 

NEW QUESTION 17
A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs.
Which solution will net these requirements?

• A. Create an Amazon FSx for Windows File Server Multi-AZ file system.
• B. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).
• C. Create a single AWS Storage Gateway file gateway.
• D. Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.

Answer: A

 

NEW QUESTION 18
A company is running an application on premises and wants to use AWS for data backup. All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX).
Which backup solution will meet these requirements?

• A. Configure the backup software to use Amazon S3 Glacier as the target for the data backups.
• B. Use AWS Storage Gateway, and configure it to use gateway-stored volumes.
• C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes.
• D. Configure the backup software to use Amazon S3 as the target for the data backups.

Answer: B

 

NEW QUESTION 19
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests.
Where can the administrator find this information?

• A. EC2 instance logs
• B. Elastic Load Balancer access logs
• C. AWS CloudTrail logs
• D. Auto Scaling logs

Answer: D

 

NEW QUESTION 20
A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the SysOps administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?

• A. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.
• B. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.
• C. Add a route table entry in the public subnet for the SysOps administrator's IP address.
• D. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.

Answer: A

 

NEW QUESTION 21
The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.
Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

• A. Amazon Inspector
• B. AWS Organizations
• C. AWS Config
• D. AWS Trusted Advisor

Answer: D

 

NEW QUESTION 22
A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.
Which solution will meet these requirements?

• A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
• B. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
• C. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the reboot parameter enabled.
• D. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.

Answer: B

Explanation:
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinAMI.html
"NoReboot By default, Amazon EC2 attempts to shut down and reboot the instance before creating the image. If the No Reboot option is set, Amazon EC2 doesn't shut down the instance before creating the image. When this option is used, file system integrity on the created image can't be guaranteed." Besides, we can use AWS EventBridge to invoke Lambda function https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html

 

NEW QUESTION 23
A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more.
Which solution will meet this requirement In the MOST operationally efficient manner?

• A. Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
• B. Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown If CPU utilization is less than 10%.
• C. Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
• D. Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.

Answer: C

 

NEW QUESTION 24
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage dat a. Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirements?

• A. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.
• B. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.
• C. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.
• D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server's IP address to Kibana.

Answer: A

Explanation:
Reference:
https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-aws-single-sign-on/
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cognito-auth.html

 

NEW QUESTION 25
A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are now being served the desktop version of the website.
Which action should a SysOps administrator take to resolve this issue?

• A. Configure the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.
• B. Enable IPv6 on the ALB. Update the CloudFront distribution origin settings to use the dualstack endpoint.
• C. Enable IPv6 on the CloudFront distribution. Update the Route 53 record to use the dualstack endpoint.
• D. Configure the CloudFront distribution behavior to forward the User-Agent header.

Answer: D

Explanation:
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device

 

NEW QUESTION 26
A company has an AWS Cloud Formation template that creates an Amazon S3 bucket. A user authenticates to the corporate AWS account with their Active Directory credentials and attempts to deploy the Cloud Formation template. However, the stack creation fails.
Which factors could cause this failure? (Select TWO.)

• A. The user's IAM policy explicitly denies the s3:PutObject action
• B. The user's IAM policy explicitly denies the s3:ListBucket action.
• C. The user's IAM policy does not allow the cloudformation:CreateStackSet action.
• D. The user's IAM policy does not allow the cloudformation:CreateStack action.
• E. The user's IAM policy does not allow the s3:CreateBucket action.

Answer: D,E

 

NEW QUESTION 27
A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?

• A. AWS/ApplicationELB HealthyHostCount <= 0
• B. AWS/EC2 StatusCheckFailed <= 0
• C. AWS/EC2 StatusCheckFailed >= 1
• D. AWS/ApplicationELB UnhealthyHostCount >= 1

Answer: A

Explanation:
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html

 

NEW QUESTION 28
An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues.
Which solution will meet these requirements in the MOST secure manner?

• A. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
• B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
  Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
• C. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
  Embed the IAM user's credentials in the application's configuration.
• D. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.

Answer: D

 

NEW QUESTION 29
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance in the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.
Which solution will meet these requirements?

• A. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the StatusCheckFailed_Instance metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
• B. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
• C. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).
• D. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.

Answer: A

 

NEW QUESTION 30
A company has a new requirement stating that all resources in AWS must be tagged according to a set policy.
Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?

• A. Amazon Inspector
• B. AWSConfig
• C. AWS Systems Manager
• D. AWS CloudTrail

Answer: B

 

NEW QUESTION 31
A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS records.
Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

• A. Geoproximity routing policy
• B. Geolocation routing policy
• C. Latency routing policy
• D. Multivalue answer routing policy

Answer: B

Explanation:
Reference:
geolocation "Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from. For example, you might want all queries from Europe to be routed to an ELB load balancer in the Frankfurt region." Could be confused with geoproximity - "Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources. You can also optionally choose to route more traffic or less to a given resource by specifying a value, known as a bias. A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource" the use case is not needed as per question.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

 

NEW QUESTION 32
A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.
Which combination of actions will meet these requirements? (Choose two.)

• A. Create an Amazon ElastiCache for Memcached data store.
• B. Create an Amazon ElastiCache for Redis data store.
• C. Add Auto Discovery to the data store.
• D. Enable Multi-threading for the data store.
• E. Enable Multi-AZ for the data store.

Answer: B,E

Explanation:
Reference:
https://aws.amazon.com/elasticache/memcached/
https://aws.amazon.com/elasticache/redis/

 

NEW QUESTION 33
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

• A. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
• B. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
• C. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon S3 object. The security team can use the information in the tag to verify the integrity of the delivered files.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.

Answer: B

Explanation:
Reference:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
"When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. Validated log files are invaluable in security and forensic investigations"

 

NEW QUESTION 34
A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available Which action should the SysOps administrator take to meet this requirement?

• A. Reduce the scaling thresholds so that instances are added before traffic increases
• B. Update the Auto Scaling group to launch instances that have a storage optimized instance type
• C. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group
• D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software

Answer: D

Explanation:
Reference:
automated way to update your image. Have a pipeline to update your image. When you boot from your AMI updates = scrits are already pre-installed, so no need to complete boot scripts in boot process. https://aws.amazon.com/image-builder/

 

NEW QUESTION 35
......

Real Amazon SOA-C02 Exam Questions [Updated 2021]: https://www.test4sure.com/SOA-C02-pass4sure-vce.html

Prepare SOA-C02 Question Answers - SOA-C02 Exam Dumps: https://drive.google.com/open?id=1KKWJVzeS-E6xxfTL2pYQ3dMBuWas0qcO