DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master SOA-C02 Exams with Exam Questions & Study Materials, AWS Certified Sysops Administrator - Associate | SPOTO

Prepare to master the AWS Certified SysOps Administrator - Associate (SOA-C02) exam with SPOTO's comprehensive exam questions and study materials. This certification is tailored for cloud system administrators, validating their proficiency in deploying, managing, and operating workloads on AWS. Our resources cover a range of essential topics, including exam questions, practice tests, exam dumps, and sample questions. Dive into our free quizzes to gauge your understanding, and access exam materials that mirror the real exam environment. Benefit from detailed exam answers, exam practice sessions, and thorough exam preparation guides. Utilize our exam simulator to familiarize yourself with online exam questions and excel in mock exams. Empower your SOA-C02 journey with SPOTO's expertly crafted study materials and exam resources.
Take other online exams

Question #1
A company is deploying a third-party unit testing solution that is delivered as an Amazon EC2 Amazon Machine Image (AMI). All system configuration data is stored in Amazon DynamoDB. The testing results are stored in Amazon S3. A minimum of three EC2 instances are required to operate the product. The company's testing team wants to use an additional three EC2 Instances when the Spot Instance prices are at a certain threshold. A SysOps administrator must Implement a highly available solution that provides thi
A. Define an Amazon EC2 Auto Scaling group by using a launch configuratio
B. Use the provided AMI In the launch configuratio
C. Configure three On-Demand Instances and three Spot Instance
D. Configure a maximum Spot Instance price In the launch configuration
E. Define an Amazon EC2 Auto Scaling group by using a launch templat
F. Use the provided AMI in the launch templat G
View answer
Correct Answer: B

View The Updated SOA-C02 Exam Questions

SPOTO Provides 100% Real SOA-C02 Exam Questions for You to Pass Your SOA-C02 Exam!

Question #2
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted. What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?
A. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted
B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts
C. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts
D. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets
View answer
Correct Answer: C
Question #3
A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table. Which solution will meet this requirement?
A. Create access keys to access the DynamoDB tabl
B. Assign the access keys to the EC2 instance profile
C. Create an EC2 key pair to access the DynamoDB tabl
D. Assign the key pair to the EC2 instance profile
E. Create an IAM user to access the DynamoDB tabl
F. Assign the IAM user to the EC2 instance profile
View answer
Correct Answer: A
Question #4
A company uses AWS Organizations to manage its AWS accounts. A SysOps administrator must create a backup strategy for all Amazon EC2 instances across all the company's AWS accounts. Which solution will meet these requirements In the MOST operationally efficient way?
A. Deploy an AWS Lambda function to each account to run EC2 instance snapshots on a scheduled basis
B. Create an AWS CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance
C. Use AWS Backup In the management account to deploy policies for all accounts and resources
D. Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account
View answer
Correct Answer: A
Question #5
A company wants to archive sensitive data on Amazon S3 Glacier. The company's regulatory and compliance requirements do not allow any modifications to the data by any account. Which solution meets these requirements?
A. Attach a vault lock policy to an S3 Glacier vault that contains the archived dat
B. Use the lock ID to validate the vault lock policy after 24 hours
C. Attach a vault lock policy to an S3 Glacier vault that contains the archived dat
D. Use the lock ID to validate the vault lock policy within 24 hours
E. Configure S3 Object Lock in governance mod
F. Upload all files after 24 hours
View answer
Correct Answer: C
Question #6
A company's IT department noticed an increase in the spend of their developer AWS account. There are over 50 developers using the account, and the finance team wants to determine the service costs incurred by each developer. What should a SysOps administrator do to collect this information? (Select TWO.)
A. Activate the createdBy tag in the account
B. Analyze the usage with Amazon CloudWatch dashboards
C. Analyze the usage with Cost Explorer
D. Configure AWS Trusted Advisor to track resource usage
E. Create a billing alarm in AWS Budgets
View answer
Correct Answer: A
Question #7
A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket Which of the following does this feature replicate to the destination S3 bucket by default?
A. Objects in the source S3 bucket for which the bucket owner does not have permissions
B. Objects that are stored in S3 Glacier
C. Objects that existed before replication was configured
D. Object metadata
View answer
Correct Answer: B
Question #8
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket. Which parameters should be specified to accomplish this in the MOST efficient manner?
A. Specify "' as the principal and PrincipalOrgld as a condition
B. Specify all account numbers as the principal
C. Specify PrincipalOrgld as the principal
D. Specify the organization's management account as the principal
View answer
Correct Answer: D
Question #9
A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site. * 1. Use the us-east-2 Region for all resources. * 2. Unless specified below, use the default configuration settings. * 3. There is an existing hosted zone named lab 751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB. * 4. Configure the existing S3 bucket n
A. Mastered
B. Not Mastered
View answer
Correct Answer: B
Question #10
A compliance learn requites all administrator passwords for Amazon RDS DB instances to be changed at least annually. Which solution meets this requirement in the MOST operationally efficient manner?
A. Store the database credentials in AWS Secrets Manage
B. Configure automatic rotation for the secret every 365 days
C. Store the database credentials as a parameter In the RDS parameter grou
D. Create a database trigger to rotate the password every 365 days
E. Store the database credentials in a private Amazon S3 bucke
F. Schedule an AWS Lambda function to generate a new set of credentials every 365 days
View answer
Correct Answer: A
Question #11
A company has two VPC networks named VPC A and VPC
B. The VPC A CIDR block is 10
A. Destination: 10
B. Destination: 172
C. Destination: 10
D. Destination: 172
E. Destination: 10
View answer
Correct Answer: A
Question #12
A SysOps administrator trust manage the security of An AWS account Recently an IAM users access key was mistakenly uploaded to a public code repository. The SysOps administrator must identity anything that was changed by using this access key.
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events lo an AWS Lambda function for analysis
B. Query Amazon EC2 togs by using Amazon CloudWatch Logs Insights for all events Heated with the compromised access key within the suspected timeframe
C. Search AWS CloudTrail event history tor all events initiated with the compromised access key within the suspected timeframe
D. Search VPC Flow Logs foe all events initiated with the compromised access key within the suspected Timeframe
View answer
Correct Answer: B
Question #13
An errant process is known to use an entire processor and run at 100% A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes How can this be accomplished?
A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance
B. Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance
C. Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes
D. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks
View answer
Correct Answer: DE
Question #14
A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error. Which actions should a SysOps administrator take to remediate this issue? (Select TWO.
A. Change the instance type that the company is using
B. Configure the Auto Scaling group in different Availability Zones
C. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes
D. Increase the maximum size of the Auto Scaling group
E. Request an increase in the instance service quota
View answer
Correct Answer: C
Question #15
A company has an application that is running on Amazon EC2 instances in a VPC. The application needs access to download software updates from the internet. The VPC has public subnets and private signets. The company's security policy requires all ECS instances to be deployed in private subnets What should a SysOps administrator do to meet those requirements?
A. Add an internet gateway to the VPC In the route table for the private subnets, odd a route to the interne; gateway
B. Add a NAT gateway to a private subne
C. In the route table for the private subnets, add a route to the NAT gateway
D. Add a NAT gateway to a public subnet in the route table for the private subnets, add a route to the NAT gateway
E. Add two internet gateways to the VP
F. In The route tablet for the private subnets and public subnets, add a route to each internet gateway
View answer
Correct Answer: C
Question #16
A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available. Which action should the SysOps administrator take to meet this requirement?
A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage
B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage
C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region
D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region
View answer
Correct Answer: C
Question #17
A SysOps administrator developed a Python script that uses the AWS SDK to conduct several maintenance tasks. The script needs to run automatically every night. What is the MOST operationally efficient solution that meets this requirement?
A. Convert the Python script to an AWS Lambda (unctio
B. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night
C. Convert the Python script to an AWS Lambda functio
D. Use AWS CloudTrail to invoke the function every night
E. Deploy the Python script to an Amazon EC2 Instanc
F. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the instance to start and stop every night
View answer
Correct Answer: D
Question #18
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resource Name (ARN) to the company for this integration. What should a SysOps administrator do to configure this integration?
A. Create a new KMS ke
B. Add the vendor's IAM role ARN to the KMS key polic
C. Provide the new KMS key ARN to the vendor
D. Create a new KMS ke
E. Create a new IAM use
F. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM use G
View answer
Correct Answer: CD
Question #19
A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions. What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?
A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions
B. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions
C. Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions
D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organizatio
E. Run the script from the organization's management account
View answer
Correct Answer: D
Question #20
A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.)
A. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets
B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket
C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored
D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted
E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets
View answer
Correct Answer: B
Question #21
A software development company has multiple developers who work on the same product. Each developer must have their own development environment, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs. What is the MOST operationally efficient solution that meets these requirements?
A. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessar
B. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero
C. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessar
D. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks
E. Provide developers with CLI commands so that they can provision their own development environment when necessar
F. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance
View answer
Correct Answer: D
Question #22
A company's financial department needs to view the cost details of each project in an AWS account A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer Which solution will meet this requirement?
A. Activate cost allocation tags Add a project tag to the appropriate resources
B. Configure consolidated billing Create AWS Cost and Usage Reports
C. Use AWS Budgets Create AWS Budgets reports
D. Use cost categories to define custom groups that are based on AWS cost and usage dimensions
View answer
Correct Answer: BE
Question #23
A company runs an application on an Amazon EC2 instance A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand However, the EC2 instances are failing tie health check. What should the SysOps administrator do to troubleshoot this issue?
A. Verity that the Auto Scaling group is configured to use all AWS Regions
B. Verily that the application is running on the protocol and the port that the listens is expecting
C. Verify the listener priority in the ALB Change the priority if necessary
D. Verify the maximum number of instances in the Auto Scaling group Change the number if necessary
View answer
Correct Answer: B
Question #24
A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and resources Which action should be taken to meet th
A. Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations
B. Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure
C. Use AWS Config to provision accounts and deploy instances using AWS Service Catalog
D. Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts
View answer
Correct Answer: AC
Question #25
A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation. Which solution will meet these requirements?
A. Create an AWS::SecretsManager::Secret resource in the CloudFormation templat
B. Reference thecredentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference
C. Create an AWS::SecretsManager::Secret resource in the CloudFormation templat
D. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference
E. Create an AWS::SSM::Parameter resource in the CloudFormation templat
F. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference
View answer
Correct Answer: A
Question #26
A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement?
A. Turn on S3 Block Public Access from the account level
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private
C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found
D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private
View answer
Correct Answer: A
Question #27
A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability. What is the MOST cost-effective way to resize the cluster?
A. Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1
B. Deploy a new ElastiCache for Redis cluster that uses large node type
C. Migrate the data from the original cluster to the new cluste
D. After the process is complete, shut down the original duster
E. Deploy a new ElastiCache for Redis cluster that uses large node type
F. Take a backup from the original cluster, and restore the backup in the new cluste G
View answer
Correct Answer: AC
Question #28
A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization. The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether they comply with this requirement. Which combination of steps should the SysOps administrator take to collect this data? {Select TWO).
A. Create an AWS Config aggregator in an aggregator accoun
B. Use the organization as the source
C. Create an AWS Config aggregator in each accoun
D. Use an S3 bucket in an aggregator account as the destinatio
E. Retrieve the compliance data from the S3 bucket
F. Edit the AWS Config policy in AWS Organization G
View answer
Correct Answer: B
Question #29
A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service Which of the following is the cause of this issue?
A. The IAM password is incorrect
B. The server certificate is missing
C. The SSH key pair is incorrect
D. There is no access key
View answer
Correct Answer: B
Question #30
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal. Which action should a SysOps administrator take to improve the performance of the file system?
A. Configure the file system for Provisioned Throughput
B. Enable encryption in transit on the file system
C. Identify any unused files in the file system, and remove the unused files
D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances
View answer
Correct Answer: B
Question #31
A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?
A. Create an AWS Serverless Application Repository and export the Lambda function recommendations
B. Enable AWS Compute Optimizer and export the Lambda function recommendations
C. Enable all features of AWS Organization and export the recommendations from AWS CloudTrailInsights
D. Run AWS Trusted Advisor and export the Lambda function recommendations
View answer
Correct Answer: A
Question #32
A company’s application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company’s IAM policies allow only the permissions that the application requires. How can the SysOps administrator create a policy to meet this requirement?
A. Turn on AWS CloudTrai
B. Generate a policy by using AWS Security Hub
C. Turn on Amazon EventBridge (Amazon CloudWatch Events)
D. Use the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer
E. Turn on AWS CloudTrai
F. Generate a policy by using AWS Identity and Access Management Access Analyzer
View answer
Correct Answer: D
Question #33
A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware. What should the SysOps administrator do to meet these requirements?
A. Launch the instances into a cluster placement group in a single AWS Region
B. Launch the instances into a partition placement group in multiple AWS Regions
C. Launch the instances into a spread placement group in multiple AWS Regions
D. Launch the instances into a spread placement group in single AWS Region
View answer
Correct Answer: D
Question #34
A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company already has configured the database to use the maximum max_connections value that is possible What should a SysOps administrator do to resolve these errors'?
A. Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases
B. Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function
C. Increase the value in the max_connect_errors parameter in the parameter group that the database uses
D. Update the Lambda function's reserved concurrency to a higher value
View answer
Correct Answer: D
Question #35
A company has an AWS Cloud Formation template that creates an Amazon S3 bucket. A user authenticates to the corporate AWS account with their Active Directory credentials and attempts to deploy the Cloud Formation template. However, the stack creation fails. Which factors could cause this failure? (Select TWO.)
A. The user's IAM policy does not allow the cloudformation:CreateStack action
B. The user's IAM policy does not allow the cloudformation:CreateStackSet action
C. The user's IAM policy does not allow the s3:CreateBucket action
D. The user's IAM policy explicitly denies the s3:ListBucket action
E. The user's IAM policy explicitly denies the s3:PutObject action
View answer
Correct Answer: A
Question #36
An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table: Which entry must a SysOps administrator add to the route table to meet this requirement?
A. A route for 0
B. A route for 0
C. A route for 0
D. A route for 0
View answer
Correct Answer: A
Question #37
A company website contains a web tier and a database tier on AWS. The web tier consists of Amazon EC2 instances that run in an Auto Scaling group across two Availability Zones. The database tier runs on an Amazon ROS for MySQL Multi-AZ DB instance. The database subnet network ACLs are restricted to only the web subnets that need access to the database. The web subnets use the default network ACL with the default rules. The company's operations team has added a third subnet to the Auto Scaling group configur
A. On the default AC
B. create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets
C. On the default ACL, create outbound Allow rules of type MySQL/Aurora (3306)
D. On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306)
E. On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet
F. On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306)
View answer
Correct Answer: D
Question #38
A SysOps administrator configuring AWS Client VPN to connect use's on a corporate network to AWS resources mat are running in a VPC According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel. How should the SysOps administrator configure Client VPN to meet these requirements?
A. Associate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway
B. On the Client VPN endpoint, turns on the split-tunnel option
C. On the Client VPN endpoint, specify DNS server IP addresses
D. Select a private certificate to use as the identity certificate tor the VPN client
View answer
Correct Answer: D
Question #39
A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX) Which backup solution will meet these requirements?
A. Configure the backup software to use Amazon S3 as the target for the data backups
B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups
C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes
D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes
View answer
Correct Answer: A
Question #40
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps administrator take to meet these requirements?
A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source
B. Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source
C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket
D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway
View answer
Correct Answer: C
Question #41
A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified. Which solution will meet this requirement?
A. Create a new security group to block traffic to the external IP addres
B. Assign the new security group to the EC2 instance
C. Use VPC flow logs with Amazon Athena to block traffic to the external IP address
D. Create a network AC
E. Add an outbound deny rule for traffic to the external IP address
F. Create a new security group to block traffic to the external IP addres G
View answer
Correct Answer: C
Question #42
A company is undergoing an external audit of its systems, which run wholly on AWS. A SysOps administrator must supply documentation of Payment Card Industry Data Security Standard (PCI DSS) compliance for the infrastructure managed by AWS. Which set of action should the SysOps administrator take to meet this requirement?
A. Download the applicable reports from the AWS Artifact portal and supply these to the auditors
B. Download complete copies of the AWS CloudTrail log files and supply these to the auditors
C. Download complete copies of the AWS CloudWatch logs and supply these to the auditors
D. Provide the auditors with administrative access to the production AWS account so that the auditors can determine compliance
View answer
Correct Answer: D
Question #43
An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted These objects must be encrypted, and all future objects must be encrypted at the time they are written Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO )
A. Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place
B. Edit the properties of the S3 bucket to enable default server-side encryption
C. Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with en cryption enabled
D. Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS"
E. Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found
View answer
Correct Answer: D
Question #44
A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The application's usage varies by season and by day of the week. The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely pe
A. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluste
B. Modify the application to check the cache before the application issues new queries to the databas
C. Add the results of any queries to the cache
D. Deploy an Aurora Replica for the DB cluste
E. Modify the application to use the reader endpoint for search operation
F. Use Aurora Auto Scaling to scale the number of replicas based on loa G
View answer
Correct Answer: B
Question #45
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated. Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metri
B. Add an EC2 action to the alarm to recover the instanc
C. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topi
D. Subscribe the SysOps team email address to the SNS topic
E. Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metri
F. Add an EC2 action to the alarm to recover the instanc G
View answer
Correct Answer: C
Question #46
A SysOps administrator needs to give users the ability to upload objects to an Amazon S3 bucket. The SysOps administrator creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket. Which of the following could be the cause of this problem?
A. The user has not properly configured the AWS CLI with their access key and secret access key
B. The SysOps administrator does not have the necessary permissions to upload the object to the S3 bucket
C. The SysOps administrator must apply a bucket policy to the S3 bucket to allow the user to upload the object
D. The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid
View answer
Correct Answer: BD

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: