DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your SOA-C02 Certification Questions & Practice Tests, AWS Certified Sysops Administrator - Associate | SPOTO

Prepare to excel in your AWS Certified SysOps Administrator - Associate (SOA-C02) certification with SPOTO's comprehensive resources. This certification targets system administrators specializing in cloud operations, validating their skills in deploying, managing, and operating workloads on AWS. Our platform offers a range of valuable tools, including exam questions, practice tests, exam dumps, and sample questions. Dive into our free quizzes to assess your knowledge, access exam materials for a realistic exam experience, and benefit from detailed exam answers to enhance your understanding. Practice extensively with exam simulations and online exam questions to boost your confidence for the real exam. Our mock exams are designed to simulate exam conditions and prepare you effectively. With SPOTO, master your SOA-C02 certification with expertly curated exam resources and practice materials.

Take other online exams
Question #1
A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are needed to meet service requirements. Which action will maintain uptime for the application MOST cost-effectively?
A. Use a Spot Fleet with an On-Demand capacity of 6 instances
B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances
C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances
D. Use a Spot Fleet with a target capacity of 6 instances
View answer
Correct Answer: B
Question #2
A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report. What should the SysOps administrator do to meet this requirement?
A. Activate the tags as AWS generated cost allocation tags
B. Activate the tags as user-defined cost allocation tags
C. Create a new cost categor
D. Select the account billing dimension
E. Create a new AWS Cost and Usage Repor
F. Include the resource IDs
View answer
Correct Answer: A
Question #3
8. A company has an application that is running on an EC2 instance in one Availability Zone. A SysOps Administrator has been tasked with making the application highly available. The administrator created a launch configuration from the running EC2 instance. The administrator also properly configured a load balancer. What step should the administrator complete next to make the application is highly available?
A. Create an Autoscaling group by using the launch configuration across at least 2 availability zones with a minimum size of 1, desired capacity of 1 and a maximum size of 1
B. Create an Autoscaling group by using the launch configuration across at least 3 availability zones with a minimum size of 2, desired capacity of 2 and a maximum size of 2
C. Create an Autoscaling group by using the launch configuration across at least 2 regions with a minimum size of 1, desired capacity of 1 and a maximum size of 1
D. Create an Autoscaling group by using the launch configuration across at least 2 regions with a minimum size of 2, desired capacity of 2 and a maximum size of 2
View answer
Correct Answer: B
Question #4
A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must integrate with Amazon RDS. Which solution will meet these requirements with the LEAST operational overhead?
A. Store the credentials in AWS Systems Manager Parameter Store as a secure strin
B. Configure automatic rotation with a rotation interval of 30 days
C. Store the credentials in AWS Secrets Manage
D. Configure automatic rotation with a rotation interval of 30 days
E. Store the credentials in a file in an Amazon S3 bucke
F. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days
View answer
Correct Answer: A
Question #5
A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application. Which solution will meet these requirements?
A. Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB
B. Create a scaling policy that will scale the application based on the mem used Amazon CloudWatch metric that is generated from the ELB
C. Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections
D. Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metri
E. Create a scaling policy that uses the metric
View answer
Correct Answer: D
Question #6
A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted. What is the MOST operationally efficient solution that meets these requirements?
A. Create a script that runs against the S3 bucket and outputs the status of each object
B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields
C. Provide the security team with an IAM user that has read access to the S3 bucket
D. Use the AWS CLI to output a list of all objects in the S3 bucket
View answer
Correct Answer: C
Question #7
A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any worry groups that urn 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block corresponds with the company's intranet.
A. Create an AWS Config rule to detect noncompliant security group
B. Set up automatic remediation to change the 0
C. Create an IAM policy to deny the creation of security groups that have 0
D. Create an AWS Lambda function to inspect now and existing security groups check for a noncompliant 0
E. Create a service control policy (SCP) for the organizational unit (OU) to deny the creation of security groups that have the 0
F. Set up automatic remediation to change Vie 0
View answer
Correct Answer: BE
Question #8
A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future. What is the MOST operationally efficient solution that meets these requirements?
A. Request a public certificate by using AWS Certificate Manager (ACM)
B. Write a scheduled AWS Lambda function to renew the certificate every 18 months
C. Request a public certificate by using AWS Certificate Manager (ACM)
D. ACM will automatically manage the renewal of the certificate
E. Register a certificate with a third-party certificate authority (CA)
F. ACM will automatically manage the renewal of the certificate
View answer
Correct Answer: A
Question #9
17. Recently several critical files were mistakenly deleted from a shared Amazon S3 bucket. A SysOps Administrator tasked prevent mistaken occuring in the future by enabling MFA Delete. Once enabled, which bucket activities will require MFA authentication? (SELECT TWO)
A. Permanently removing an object version from the bucket
B. Disabling default object encryption for the bucket
C. Listing all versions of deleted objects in the bucket
D. Suspending versioning on the bucket
E. Enable MFA Add on the bucket
View answer
Correct Answer: AD
Question #10
16. A SysOps Administrator has configured a Cloudwatch agent to send custom metrics to Amazon Cloudwatch and is now assembling a cloudwatch dashboard to display these metrics. What steps should the Administrator take to complete this task?
A. Select the AWS Namespace filter by metric name then add to the dashboard
B. Add a text widget, select the appropriate metric from the custom namespace then add to the dashboard
C. Select the appropriate widget and metrics from the custom namespace then add to the dashboard
D. Open the CloudWatch console, from the CloudWatch Events, add all custom metrics
View answer
Correct Answer: C
Question #11
7. A company is concerned about a security vulnerability impacting it Linux operating system. What should the SysOps Administrator do to alleviate this concern?
A. Patch the vulnerability with Amazon Inspector
B. Provide the AWS Trusted Advisor report showing which Amazon EC2 instances have been patched
C. Redeploy the Amazon EC2 instances using AWS Cloudformation
D. Patch the Linux operating system using AWS system manager
View answer
Correct Answer: D
Question #12
9. A company IT security team is performing an audit of the AWS environment to determine which servers need to be patched and where additional security need to be added. The company is responsible for which of the following ? (SELECT TWO)
A. Patching the OS on amazon RDS instances
B. Patching the OS on Amazon EC2 instances
C. Enabling server side encryption with Amazon S3-Managed keys (SSE-S3) on S3 objects
D. Patching database engine on RDS instances
E. Patching Elastic beanstalk managed EC2 application
View answer
Correct Answer: BC
Question #13
A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets. How should a SysOps administrator configure the VPC to meet these requirements?
A. Create and attach a NAT gatewa
B. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gatewa
C. Attach the custom route table to the IPv6-only subnets
D. Create and attach an internet gatewa
E. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gatewa
F. Attach the custom route table to the IPv6-only subnets
View answer
Correct Answer: B
Question #14
13. A Sysops administrator needs to confirm that security best practices are being followed with the AWS root account user. How should the Administrator ensure that this is done?
A. Change the root user password by using the AWS CLI routinely
B. Periodically use the AWS CLI to rotate access keys and secret keys for the root user
C. Use AWS Trusted Advisor security checks to review the configuration of the root user
D. Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration
View answer
Correct Answer: C
Question #15
12. A Company web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC2 auto scaling group across multiple Availability Zones. Data is stored in an Amazon Elastic Cache for Redis cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at mid night on Tuesday. Which resources will need to have a maintenance window configured for midnight on Tuesday? (Select TWO)
A. Elastic Load Balancer
B. EC2 instances
C. RDS DB instances
D. ElastiCache Cluster
E. Auto Scaling Group
View answer
Correct Answer: CD
Question #16
10. The Infosec team has asked the SysOps Administrator to perform some hardening on the company Amazon RDS database instances. Based on the requirement, what actions should be recommended for the start of security review ? ( Select TWO )
A. Use Amazon Inspector to present a detailed report of security vulnerabilities across the RDS database fleet
B. Review the security group inbound access rules for least privilege
C. Export AWS cloudtrail entries detailing all SSH activity on the RDS instances
D. Cat command to enumerate the allowed SSH keys in ~/
E. VPC Settings and ensure that encrypted connections
View answer
Correct Answer: BE
Question #17
A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data. Which AWS service will mitigate this issue?
A. AWS Shield Standard
B. AWS WAF
C. Elastic Load Balancing
D. Amazon Cognito
View answer
Correct Answer: B
Question #18
A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement?
A. Configure S3 bucket metrics to record object access logs
B. Create an AWS CloudTrail trail to log data events tor all S3 objects
C. Enable S3 server access logging for each S3 bucket
D. Use AWS IAM Access Analyzer for Amazon S3 to store object access logs
View answer
Correct Answer: CD
Question #19
A company wants to build a solution for its business-critical Amazon RDS for MySQL database. The database requires high availability across different geographic locations. A SysOps administrator must build a solution to handle a disaster recovery (DR) scenario with the lowest recovery time objective (RTO) and recovery point objective (RPO). Which solution meets these requirements?
A. Create automated snapshots of the database on a schedul
B. Copy the snapshots to the DR Region
C. Create a cross-Region read replica for the database
D. Create a Multi-AZ read replica for the database
E. Schedule AWS Lambda functions to create snapshots of the source database and to copy the snapshots to a DR Region
View answer
Correct Answer: AD
Question #20
15. While setting up an AWS managed VPN connection, a Sysops Administrator creates a customer gateway resources in AWS. The customer gateway device reside in a data center with a Nat gateway in front of it. What address should be used to create customer gateway resource?
A. The private IP address of the customer gateway device
B. The Mac address of the NAT device in front of the customer gateway device
C. The public IP address of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway
View answer
Correct Answer: D
Question #21
6. An application is being developed that will be served access a fleet of EC2 instances, which require a consistent view of persistent data. Items stored vary in size from 1KB to 300MB; the items are read frequently, created occasionally and often require partial changes without conflict. The data is not expected to grow beyond 2TB, and items will be expired according to age and content type. Which AWS solutions meets these requirements?
A. Amazon S3 bucket with lifecycle policies to delete old objects
B. Amazon RDS PostgreSQL and a jobs that delete ROWS based on age and file type columns
C. Amazon EFS and a scheduled process to delete files based on age and extension
D. An EC2 instance store synced on boot from a central Amazon EBS-backed instance
View answer
Correct Answer: A
Question #22
A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket. What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target
C. Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket
D. Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function
View answer
Correct Answer: B
Question #23
A company has a new requirement stating that all resources in AWS must be tagged according to a set policy. Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?
A. AWS CloudTrail
B. Amazon Inspector
C. AWSConfig
D. AWS Systems Manager
View answer
Correct Answer: D
Question #24
14. A SysOps Administrator must provide data to show the overall usage of Amazon EC2 instances within each department and must determine if the purchased Reserved instances are being used effectively. What service should be used to provide the necessary information?
A. AWS Personal Health Dashboard
B. AWS Cost Explorer
C. AWS Service Catalog
D. AWS Application Discovery Service
View answer
Correct Answer: B
Question #25
A company's backend infrastructure contains an Amazon EC2 instance in a private subnet. The private subnet has a route to the internet through a NAT gateway in a public subnet. The instance must allow connectivity to a secure web server on the internet to retrieve data at regular intervals. The client software times out with an error message that indicates that the client software could not establish the TCP connection. What should a SysOps administrator do to resolve this error?
A. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0
B. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0
C. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0
D. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP
E. Destination - 0
View answer
Correct Answer: B
Question #26
A SysOps administrator is helping a development team deploy an application to AWS Trie AWS CloudFormat on temp ate includes an Amazon Linux EC2 Instance an Amazon Aurora DB cluster and a hard coded database password that must be rotated every 90 days What is the MOST secure way to manage the database password?
A. Use the AWS SecretsManager Secret resource with the GenerateSecretString property to automatically generate a password Use the AWS SecretsManager RotationSchedule resource lo define a rotation schedule lor the password Configure the application to retrieve the secret from AWS Secrets Manager access the database
B. Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a password as a CloudFormation parameter Use the AllowedPatteen property of the CloudFormaton parameter to require e minimum length, uppercase and lowercase letters and special characters Configure me application to retrieve the secret from AWS Secrets Manager to access the database
C. Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to store the parameter as a secure sting Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database
D. Use the AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to store the parameter as a string Configure the application to retrieve the parameter from AWS Systems ManagerParameter Store to access the database
View answer
Correct Answer: AC
Question #27
11. A SysOps administrator must take a team’s single AWS Cloudformation template and split into smaller, service specific templates. All of the services in template reference a single, shared Amazon S3 bucket. What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?
A. Include the s3 bucket as a mapping in each template
B. Add the S3 bucket as a resource in each template
C. Create the S3 bucket in its own template and export it
D. Generate the S3 bucket using StackSets
View answer
Correct Answer: C
Question #28
A SysOps administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing What should the administrator do first to resolve this issue?
A. Reboot the EC2 instance so it can be launched on a new host
B. Stop and then start the EC2 instance so that it can be launched on a new host
C. Terminate the EC2 instance and relaunch it
D. View the AWS CloudTrail log to investigate what changed on the EC2 instance
View answer
Correct Answer: D
Question #29
3. An organization finds that a high number of gp2 Amazon EBS volumes are running out of space. Which solution will provide the LEAST disruption with minimal effort?
A. Create a snapshot and restore it to a large gp2 volume
B. Create a RAID 0 with another new gp2 volume to increase capacity
C. Leverage the elastic volumes feature of EBS to increase gp2 volume size
D. Write a script to migrate data to a larger gp2 volume
View answer
Correct Answer: C
Question #30
A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the appropriate permissions for AWS Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager. What must the SysOps administrator do to fix this issue?
A. Ensure that all the EC2 instances have the correct tags for Systems Manager access
B. Configure AWS Identity and Access Management Access Analyzer to determine and automatically remediate the issue
C. Ensure that all the EC2 instances have an instance profile with Systems Manager access
D. Configure Systems Manager to use an interface VPC endpoint
View answer
Correct Answer: A
Question #31
2. After installing and configuring the Amazon Cloudwatch agent on an EC2 instance, the anticipated system logs are not being received by cloudwatch logs. Which the following are likely to be the cause of this problem ? ( SELECT TWO)
A. A custom third-party solution for logs is being used
B. The IAM role attached to the EC2 instance does not have the proper permissions
C. The cloudwatch agent does not support the operation system used
D. A billing constraint is limiting the number of cloudwatch logs within this account
E. The EC2 instance is in a private subnet and the VPC does not have a NAT gateway
View answer
Correct Answer: BE
Question #32
4. A company is planning to expand into additional AWS Region for disaster recovery purposes. The company use AWS Cloudformation and it infrastructure is well-defined as code. The company would like to reuse as much of its existing code as possible when deploying resources to additional regions. A SysOps Administrator is reviewing how AMIs are selected in AWS Cloudformation but is having trouble making the same stack work in new region. Which action would be made it easier to manage multiple Regions ?
A. Name each AMI in the new region exactly the same as the requirement AMI in the first region
B. Duplicate the stack so unique AMI names can be coded into the appreciate stack
C. Create an alias for each AMI so that an AMI can be referenced by a common name across region
D. Create a Mappings section in the stack and define the Region to AMI associations
View answer
Correct Answer: D
Question #33
18. An organizational audit uncovered an existing Amazon RDS Database that is not currently configured for high availability database, it must be configured for high availability as soon as possible. How can this requirement be met?
A. Switch to an active/passive database pair using the create-db-instance-read-replica with the –availability-zone flag
B. Specify high availability when creating a new RDS instance, and live-migrate the data
C. Modify the RDS instance using the console to include the Multi-AZ option
D. Use the modify-db-instance command with the -ha flag
View answer
Correct Answer: C
Question #34
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A. Enter the DB instance connection string into the VPC1 route table
B. Configure VPC peering between the two VPCs
C. Add the same IPv4 CIDR range for both VPCs
D. Connect to the DB instance by using the DB instance’s public IP address
View answer
Correct Answer: C
Question #35
19. The networking team has created a VPC in an AWS account. The application team has asked for access resources in other account. The SysOps Administrator has created the VPC peering connection between both accounts, but the resource in one VPC cannot connect to resources in the other VPC. What could be causing this issue?
A. One of the VPCs is not sized correctly for peering
B. There is no public subnet in one of the VPCs
C. The route table have not been updated
D. One VPC has disabled the peering flag
View answer
Correct Answer: C
Question #36
A company has a simple web application that runs on a set of Amazon EC2 instances behind an Elastic Load Balancer in the eu-west-2 Region. Amazon Route 53 holds a DNS record for the application with a simple touting policy. Users from all over the world access the application through their web browsers. The company needs to create additional copies of the application in the us-east-1 Region and in the ap-south-1 Region. The company must direct users to the Region that provides the fastest response times whe
A. In each new Region, create a new Elastic Load Balancer and a new set of EC2 Instances to run a copy of the applicatio
B. Transition to a geolocation routing policy
C. In each new Region, create a copy of the application on new EC2 instance
D. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2
E. In each new Region, create a copy of the application on new EC2 instance
F. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2
View answer
Correct Answer: A
Question #37
1. An organization would like to set up an option for its Developers to receive an email whenever production Amazon EC2 instances are running over 80% CPU. How can this be accomplished using Amazon Cloudwatch Alarm?
A. Configure the alarm to send emails to subscribers using Amazon SES
B. Configure the alarm to send emails to subscribers using Amazon SNS
C. Configure the alarm to send emails to subscribers using Amazon Inspector
D. Configure the alarm to send emails to subscribers using Amazon Cognito
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.