DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Boost Your Certification Prep with SOA-C02 Mock Tests, AWS Certified Sysops Administrator - Associate | SPOTO

Prepare for success in the AWS Certified SysOps Administrator - Associate (SOA-C02) exam with SPOTO's mock tests. This certification is designed for system administrators specializing in cloud operations on AWS. Our mock tests cover a range of exam topics, including deployment, workload management, and operational tasks on AWS. Access exam questions and answers, practice tests, and sample questions to enhance your exam preparation. SPOTO offers free quizzes and exam materials to help you practice effectively. With our exam simulator and online exam questions, you can simulate real exam conditions and build confidence. Take advantage of SPOTO's mock exams to boost your exam practice and achieve certification success in the AWS SysOps Administrator - Associate exam.
Take other online exams

Question #1
A company’s SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company’s accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account’s Personal Health Dashboard. Which solution will meet this requirement with the LEAST amount of effort?
A. Enable organizational view in AWS Health
B. Configure the Personal Health Dashboard in each account to forward events to a central AWS CloudTrail log
C. Create an AWS Lambda function to query the AWS Health API and to write all events to an Amazon DynamoDB table
D. Use the AWS Health API to write events to an Amazon DynamoDB table
View answer
Correct Answer: C
Question #2
A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket. The company's risk team must receive immediate notification about any delete events. Which solution will meet these requirements?
A. Enable S3 server access logging for audit log
B. Set up an Amazon Simple Notification Service (Amazon SNSJ notification for the S3 bucke
C. Select DeleteObject tor the event type for the alert system
D. Enable S3 server access logging for audit log
E. Launch an Amazon EC2 instance for the alert system
F. Use Amazon CloudWatch Logs for audit log G
View answer
Correct Answer: B
Question #3
An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes. How can this be accomplished?
A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitorin
B. Enable an action to restart the instance
C. Create a CloudWatch alarm for the EC2 instance with detailed monitorin
D. Enable an action to restart the instance
E. Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes
F. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks
View answer
Correct Answer: D
Question #4
A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company’s account. The administrator must be alerted to potential issues. What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?
A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications
B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic
C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic
D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space
View answer
Correct Answer: C
Question #5
A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps administrator must restrict access to certain countries. What is the MOST operationally efficient solution that meets these requirements?
A. Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition
B. Create a secondary origin access identity (OAI)
C. Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries
D. Update the application to generate signed CloudFront URLs only for IP addresses in authorized countries
View answer
Correct Answer: A
Question #6
A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the CloudFront distribution. How should a SysOps administrator create a new record for the subdomain in Route 53?
A. Create a CNAME recor
B. Enter static
C. Enter the CloudFront distribution's public IP address as the value
D. Create a CNAME recor
E. Enter static
F. Enter the CloudFront distribution's private IP address as the value
View answer
Correct Answer: B
Question #7
A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied. Which solution will meet these requirements?
A. Deploy a global-scoped AWS WAF web ACL with an allow default actio
B. Configure an AWS WAF rate-based rule to block matching traffi
C. Associate the web ACL with the CloudFront distribution
D. Deploy an AWS WAF web ACL with an allow default action in us-east-1
E. Associate the web ACL with the S3 bucket
F. Deploy a global-scoped AWS WAF web ACL with a block default actio G
View answer
Correct Answer: C
Question #8
A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system. What should a SysOps administrator do to resolve this issue?
A. In the CPU launch options for the Lambda function, activate hyperthreading
B. Turn off the AWS managed encryption
C. Increase the amount of memory for the Lambda function
D. Load the required code into a custom layer
View answer
Correct Answer: C
Question #9
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups. What should a SysOps administrator do to meet this requirement?
A. Perform a CloudWatch Logs Insights query that uses the stats command and count function
B. Perform a CloudWatch Logs search that uses the groupby keyword and count function
C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords
D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords
View answer
Correct Answer: B
Question #10
A company has attached the following policy to an IAM user: Which of the following actions are allowed for the IAM user?
A. Amazon RDS DescribeDBInstances action in the us-east-1 Region
B. Amazon S3 Putobject operation in a bucket named testbucket
C. Amazon EC2 Describe Instances action in the us-east-1 Region
D. Amazon EC2 AttachNetworkinterf ace action in the eu-west-1 Region
View answer
Correct Answer: D
Question #11
A company uploaded its website files to an Amazon S3 bucket that has S3 Versioning enabled. The company uses an Amazon CloudFront distribution with the S3 bucket as the origin. The company recently modified the tiles, but the object names remained the same. Users report that old content is still appearing on the website. How should a SysOps administrator remediate this issue?
A. Create a CloudFront invalidation, and add the path of the updated files
B. Create a CloudFront signed URL to update each object immediately
C. Configure an S3 origin access identity (OAI) to display only the updated files to users
D. Disable S3 Versioning on the S3 bucket so that the updated files can replace the old files
View answer
Correct Answer: A
Question #12
A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the administrator to alter the application code. The MOST effective way to reduce latency is to relaunch the EC2 instances in:
A. a dedicated VPC
B. a single subnet inside the VPC
C. a placement group
D. a single Availability Zone
View answer
Correct Answer: C
Question #13
A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application. Which log sources contain the status codes? (Choose two.)
A. VPC Flow Logs
B. AWS CloudTrail logs
C. ALB access logs
D. CloudFront access logs
E. RDS logs
View answer
Correct Answer: B
Question #14
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket. Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?
A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location
B. Enable log file integrity validation and use digest files to verify the hash value of the log file
C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys
D. Enable S3 server access logging to track requests made to the log bucket for security audits
View answer
Correct Answer: CD
Question #15
A SysOps administrator has Nocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future. What is the MOST operationally efficient way to meet this requirement?
A. Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket
B. Create a cron script that uses the S3 API to check the public access settings for each S3 bucke
C. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications
D. Enable S3 Event notified tons for each S3 bucke
E. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic
F. Enable the s3-bucket-public-read-prohibited managed rule in AWS Confi G
View answer
Correct Answer: A
Question #16
A company is testing Amazon Elasticsearch Service (Amazon ES) as a solution for analyzing system logs from a fleet of Amazon EC2 instances. During the test phase, the domain operates on a single-node cluster. A SysOps administrator needs to transition the test domain into a highly available production-grade deployment. Which Amazon ES configuration should the SysOps administrator use to meet this requirement?
A. Use a cluster of four data nodes across two AWS Region
B. Deploy four dedicated master nodes in each Region
C. Use a cluster of six data nodes across three Availability Zone
D. Use three dedicated master nodes
E. Use a cluster of six data nodes across three Availability Zone
F. Use six dedicated master nodes
View answer
Correct Answer: A
Question #17
A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure. What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance
B. Create an Amazon RDS for MySQL Multi-AZ DB instanc
C. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new databas
D. Update the connection string in the web application
E. Create an Amazon RDS for MySQL Single-AZ DB instance with a read replic
F. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new databas G
View answer
Correct Answer: B
Question #18
A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized users through Amazon CloudFront. Unauthorized users must be restricted from access. Which solution will meet these requirements?
A. Store the digital content in an Amazon S3 bucket that does not have public access blocke
B. Use signed URLs to access the S3 bucket through CloudFront
C. Store the digital content in an Amazon S3 bucket that has public access blocke
D. Use an origin access identity (OAI) to deliver the content through CloudFron
E. Restrict S3 bucket access with signed URLs in CloudFront
F. Store the digital content in an Amazon S3 bucket that has public access blocke G
View answer
Correct Answer: D
Question #19
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain n
A. Launch EC2 instances in the VP
B. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS serve
C. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers
D. Create an Amazon Route 53 Resolver outbound endpoin
E. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server
F. Set up two AWS Direct Connect connections between the AWS environment and the on-premises networ G
View answer
Correct Answer: C
Question #20
A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest. How should the administrator implement this process?
A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key usedto encrypt the snapshot, then create a new volume in each account
B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts
C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other account
D. Require each account owner to create a new volume from that snapshot and encrypt it
E. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RD
F. export the database contents into a file, then share this file with the other accounts
View answer
Correct Answer: D
Question #21
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?
A. Deny Pos
B. Pu
C. and Delete on the bucket
D. Enable server-side encryption on the bucket
E. Enable Amazon S3 versioning on the bucket
F. Enable snapshots on the bucket
View answer
Correct Answer: D
Question #22
A company uses AWS Organizations to manage multiple AWS accounts. The company's SysOps team has been using a manual process to create and manage 1AM roles. The team requires an automated solution to create and manage the necessary 1AM roles for multiple AWS accounts. What is the MOST operationally efficient solution that meets these requirements?
A. Create AWS CloudFormation template
B. Reuse the templates to create the necessary 1AM roles in each of the AWS accounts
C. Use AWS Directory Service with AWS Organizations to automatically associate the necessary 1AM roles with Microsoft Active Directory users
D. Use AWS Resource Access Manager with AWS Organizations to deploy and manage shared resources across the AWS accounts
E. Use AWS CloudFormation StackSets with AWS Organizations to deploy and manage 1AM roles for the AWS accounts
View answer
Correct Answer: D
Question #23
A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA. What additional step must be taken to ensure that API calls are authenticated using MFA?
A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls
B. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI
C. Restrict the IAM users to use of the console, as MFA is not supported for CLI use
D. Require users to use temporary credentials from the get-session token command to sign API calls
View answer
Correct Answer: B
Question #24
A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises website as a custom origin. The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution. What should a SysOps administrator do to re
A. Examine the expiration date on the certificate on the origin sit
B. Validate that the certificate has not expire
C. Replace the certificate if necessary
D. Examine the hostname on the certificate on the origin sit
E. Validate that the hostname matches one of the hostnames on the CloudFront distributio
F. Replace the certificate if necessary
View answer
Correct Answer: C
Question #25
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it What address should be used to create the customer gateway resource?
A. The private IP address of the customer gateway device
B. The MAC address of the NAT device in front of the customer gateway device
C. The public IP address of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway device
View answer
Correct Answer: A
Question #26
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests Where can the administrator find this information?
A. Auto Scaling logs
B. AWS CloudTrail logs
C. EC2 instance logs
D. Elastic Load Balancer access logs
View answer
Correct Answer: C
Question #27
A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3 Which action should a SysOps administrator take to meet this requirement?
A. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin
B. Create an Amazon ElastiCache duster and enable caching for the S3 bucket
C. Set up AWS Global Accelerator and configure it with the S3 bucket
D. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files
View answer
Correct Answer: A
Question #28
A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically Which combination of steps will meet these requirements with the LEAS
A. Make sure that Systems Manager Inventory Is configure
B. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows
C. Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document
D. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
E. Create a Systems Manager State Manager- association to run the AWS-ConfigureAWSPackage documen
F. Populate the details of the third-party agent packag G
View answer
Correct Answer: A
Question #29
A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs. A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservat
A. Compute Savings Plans for 1 year with the No Upfront payment option
B. Compute Savings Plans for 1 year with the Partial Upfront payment option
C. EC2 Instance Savings Plans for 1 year with the All Upfront payment option
D. EC2 Reserved Instances for 1 year with the Partial Upfront payment option
View answer
Correct Answer: B
Question #30
A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance's public IP address from the remote IP address 203.0.113.12, the response is "request timed out." The flow logs contain the following information: What is one cause of the problem?
A. Inbound security group deny rule
B. Outbound security group deny rule
C. Network ACL inbound rules
D. Network ACL outbound rules
View answer
Correct Answer: C
Question #31
A company's VPC has connectivity to an on-premises data center through an AWS Site-to-Site VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries for example com to the DNS servers in the data center. Which solution will meet these requirements?
A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwarding rule on the on-primes DNS servers to forward DNS requests for example
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on the resolver that sends all queries for example
C. Associate this rule with the VPC
D. Create an Amazon Route 53 Resolver outbound endpoint Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for example
E. Create an Amazon Route 53 Resolver outbound endpoin
F. Create a forwarding rule on the resolver that sends all queries for exarrc4e
View answer
Correct Answer: C
Question #32
A SysOos administrator s tasked with analyzing database performance. The database runs on a single Amazon RDS D6 instance. The SysOps administrator finds that, during times of peak traffic, resources on the database are over utilized due to the amount of read traffic. Which actions should the SysOps administrator take to improve RDS performance? (Select TWO.)
A. Add a read replica
B. Modify the application to use Amazon ElastiCache for Memcached
C. Migrate the database from RDS to Amazon DynamoDB
D. Migrate the database to Amazon EC2 with enhanced networking enabled
E. Upgrade the database to a Multi-AZ deployment
View answer
Correct Answer: C
Question #33
A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket. Which action will solve this problem while adhering to least privilege access?
A. Add a bucket policy to the S3 bucket permitting access from the IAM role
B. Attach an S3 gateway endpoint to the VP
C. Configure the route table for the private subnet
D. Configure the route table to allow the instances on the private subnet access through the internet gateway
E. Create a NAT gateway in a private subnet and configure the route table for the private subnets
View answer
Correct Answer: B
Question #34
A Sysops administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-I Region. The administrator finds that this template has failed to create an EC2 instance in the us-west-2 Region. What is one cause for this failure?
A. Resource tags defined in the CloudFormation template are specific to the us-east-I Region
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region
C. The cfn-init script did not run during resource provisioning in the us-west-2 Region
D. The IAM user was not created in the specified Region
View answer
Correct Answer: AB
Question #35
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts. Which solution will meet these requirements?
A. Purchase RIs in individual member account
B. Disable Rl discount sharing in the management account
C. Purchase RIs in individual member account
D. Disable Rl discount sharing in the member accounts
E. Purchase RIs in the management accoun
F. Disable Rl discount sharing in the management account
View answer
Correct Answer: A
Question #36
A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address. How should the SysOps administrator deploy the application to meet this requirement?
A. Behind an Amazon API Gateway API
B. Behind an Application Load Balancer
C. Behind an internet-facing Network Load Balancer
D. In an Amazon CloudFront distribution
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: