Amazon SOA-C02 Sample Questions

Question # 51

A company is experiencing issues with legacy software running on Amazon EC2 instances. Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A shortterm solution is required while the software is being rewritten. A SysOps administrator is tasked with creating a solution to restart the instances when the CPU utilization rises above 80%. Which solution meets these requirements with the LEAST operational overhead? 

A. Write a script that monitors the CPU utilization of the EC2 instances and reboots theinstances when utilization exceeds 80%. Run the script as a cron job.
B. Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action toreboot the EC2 instances.
C. Create an Amazon EventBridge rule using the predefined patterns for CPU utilization ofthe EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function torestart the instances.
D. Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS SystemsManager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.


Question # 52

A company has an on-premises DNS solution and wants to resolve DNS records in an Amazon Route 53 private hosted zone for example.com. The company has set up an AWS Direct Connect connection for network connectivity between the on-premises network and the VPC. A SysOps administrator must ensure that an on-premises server can query records in the example.com domain. What should the SysOps administrator do to meet these requirements? 

A. Create a Route 53 Resolver inbound endpoint Attach a security group to the endpoint toallow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
B. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint toallow outbound traffic on TCP/UDP port 53 to the on-premises DNSservers.
C. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpointto allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
D. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpointto allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.


Question # 53

A company is supposed to receive a data file every hour in an Amazon S3 bucket. An S3 event notification invokes an AWS Lambda function each time a file arrives. The function processes the data for use by an application. The application team notices that sometimes the file does not arrive. The application team wants to receive a notification whenever the file does not arrive. What is the MOST operationally efficient solution that meets these requirements? 

A. Add an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects thatwere created in the last hour. Configure another S3 event notification to be invoked by thelifecycle transition when the number of objects transitioned is zero. Publish a message toan Amazon Simple Notification Service (Amazon SNS) topic to notify the application team.
B. Configure another S3 event notification to invoke a Lambda function that posts amessage to an Amazon Simple Queue Service (Amazon SQS) queue. Create an AmazonCloudWatch alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic to notify the application team when theApproximateAgeOfOldestMessage metric of the queue is greater than 1 hour.
C. Create an Amazon CloudWatch alarm to publish a message to an Amazon SimpleNotification Service (Amazon SNS) topic to alert the application team when the Invocationsmetric of the Lambda function is zero for an hour. Configure the alarm to treat missing dataas breaching.
D. Create a new Lambda function to get the timestamp of the newest file in the S3 bucket.If the timestamp is more than 1 hour ago, publish a message to an Amazon SimpleNotification Service (Amazon SNS) topic to notify the application team. Create an AmazonEventBridge (Amazon CloudWatch Events) rule to invoke the new function hourly.


Question # 54

A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near real time. Which solution will meet these requirements? 

A. Create an AWS Config rule with the required-tags managed rule to identify noncompliantresources. Configure automatic remediation to run the AWS-TerminateEC2lnstanceautomation runbook to terminate noncompliant resources.
B. Create a new Amazon EventBridge rule to monitor when new EC2 instances arecreated. Send the event to an Simple Notification Service (Amazon SNS) topic forautomatic remediation.
C. Ensure all users who can create EC2 instances also have the permissions to use theec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behaviorto terminate.
D. Ensure AWS Systems Manager Compliance is configured to manage the EC2instances. Call the AWS-StopEC2lnstances automation runbook to stop noncompliantresources.


Question # 55

A company is running an application on a group of Amazon EC2 instances behind an Application Load Balancer The EC2 instances run across three Availability Zones The company needs to provide the customers with a maximum of two static IP addresses for their applications How should a SysOps administrator meet these requirement? 

A. Add AWS Global Accelerator in front of the Application Load Balancer
B. Add an internal Network Load Balancer behind the Application Load Balancer
C. Configure the Application Load Balancer in only two Availability Zones.
D. Create two Elastic IP addresses and assign them to the Application Load Balancer.


Question # 56

A company wants to reduce costs for jobs that can be completed at any time. The jobs currently run by using multiple Amazon EC2 On-Demand Instances, and the jobs take slightly less than 2 hours to complete. If a job fails for any reason, it must be restarted from the beginning. Which solution will meet these requirements MOST cost-effectively? 

A. Purchase Reserved Instances for the jobs.
B. Submit a request for a one-time Spot Instance for the jobs.
C. Submit a request for Spot Instances with a defined duration for the jobs.
D. Use a mixture of On-Demand Instances and Spot Instances for the jobs.


Question # 57

A SysOps administrator is examining the following AWS CloudFormation template:


Why will the stack creation fail?

A. The Outputs section of the Cloud Formation template was omitted.
B. The Parameters section of the CtoudFormation template was omitted.
C. The PnvateDnsName cannot be set from a CloudFormation template.
D. The VPC was not specified in the CloudFormation template.


Question # 58

A company manages a set of accounts on AWS by using AWS Organizations. The company's security team wants to use a native AWS service to regularly scan all AWS accounts against the Center for Internet Security (CIS) AWS Foundations Benchmark. What is the MOST operationally efficient way to meet these requirements? 

A. Designate a central security account as the AWS Security Hub administrator account.Create a script that sends an invitation from the Security Hub administrator account andaccepts the invitation from the member account. Run the script every time a new account iscreated. Configure Security Hub to run the CIS AWS Foundations Benchmark scans.
B. Run the CIS AWS Foundations Benchmark across all accounts by using AmazonInspector.
C. Designate a central security account as the Amazon GuardDuty administrator account.Create a script that sends an invitation from the GuardDuty administrator account andaccepts the invitation from the member account. Run the script every time a new account iscreated. Configure GuardDuty to run the CIS AWS Foundations Benchmark scans.
D. Designate an AWS Security Hub administrator account. Configure new accounts in theorganization to automatically become member accounts. Enable CIS AWS FoundationsBenchmark scans.


Question # 59

A SysOps administrator must ensure that all of a company's current and future Amazon S3 buckets have logging enabled If an S3 bucket does not have logging enabled an automated process must enable logging for the S3 bucket. Which solution will meet these requirements? 

A. Use AWS Trusted Advisor 10 perform a check for S3 buckets that do not have loggingenabled Configure the check to enable logging for S3 buckets that do not have loggingenabled.
B. Configure an S3 bucket policy that requires all current and future S3 buckets to havelogging enabled
C. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediationaction that uses an AWS Lambda function to enable logging.
D. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediationaction that uses the AWS-ConfigureS3BucketLoggmg AWS Systems Manager Automationrunbook to enable logging.


Question # 60

An application is deployed in a VPC in both the us-east-2 and eu-west-1 Regions. A significant amount of data needs to be transferred between the two Regions. What is the MOST cost-effective way to set up the data transfer? 

A. Establish a VPN connection between the Regions using third-party VPN products from AWS Marketplace.
B. Establish Amazon CloudFront distributions tor the Amazon EC2 instances from both Regions.
C. Establish an inter-Region VPC peering connection between the VPCs.
D. Establish an AWS PrivateLinK connection between the two Regions.


‹ First45678Last ›

Download All Questions PDF Check Customers Feedbacks