DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your SOA-C02 Exam with Practice Tests 2024 Updated, AWS Certified Sysops Administrator - Associate | SPOTO

Prepare for success in the AWS Certified SysOps Administrator - Associate (SOA-C02) exam with SPOTO's updated practice tests for 2024. This certification is designed for system administrators specializing in cloud operations, verifying their capabilities in deploying, managing, and operating workloads on AWS. SPOTO provides a comprehensive range of resources to help you ace your exam, including exam questions, practice tests, exam dumps, and sample questions. Take advantage of our free quizzes to assess your knowledge and access exam materials for a realistic exam environment. Benefit from detailed exam answers and practice sessions to refine your skills. Utilize our exam simulator and online exam questions to enhance your preparation and excel in mock exams. With SPOTO's updated practice tests, master the SOA-C02 exam and elevate your career in cloud operations.
Take other online exams

Question #1
A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the most flexibility. What should the company do to MAXIMIZE cost savings while meeting these requirements?
A. Establish the compute expense by the hou
B. Purchase a Compute Savings Plan
C. Establish the compute expense by the hou
D. Purchase an EC2 Instance Savings Plan
E. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy
F. Use EC2 Spot Instances to match the instances that run in each Region
View answer
Correct Answer: B
Question #2
A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained. Which solution will meet these requirements?
A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enable
B. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function
C. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enable
D. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function
E. Use AWS Backup to create a backup plan with a backup rule that runs dail
F. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled
View answer
Correct Answer: A
Question #3
A company needs to view a list of security groups that are open to the internet on port 3389. What should a SysOps administrator do to meet this requirement?
A. Configure Amazon GuardDuly to scan security groups and report unrestricted access on port 3389
B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389
C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389
D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389
View answer
Correct Answer: C
Question #4
A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs. Which solution will net these requirements?
A. Create a single AWS Storage Gateway file gateway
B. Create an Amazon FSx for Windows File Server Multi-AZ file system
C. Deploy two AWS Storage Gateway file gateways across two Availability Zone
D. Configure an Application Load Balancer in front of the file gateways
E. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file system
F. Configure Microsoft Distributed File System Replication (DFSR)
View answer
Correct Answer: A
Question #5
A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysops administrator needs to manage the cluster by using the kubect1 command line tool. Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?
A. The kubeconfig file
B. The kube-proxy Amazon EKS add-on
C. The Fargate profile
D. The eks-connector
View answer
Correct Answer: B
Question #6
A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon FC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified Which solution will meet this requirement?
A. Create a new security group to block traffic to the external IP addres
B. Assign the new security group to the EC2 instance
C. Use VPC flow logs with Amazon Athena to block traffic to the external IP address
D. Create a network ACL Add an outbound deny rule tor traffic to the external IP address
E. Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC
View answer
Correct Answer: AE
Question #7
A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected The SysOps administrator configures an Amazon EC2 Auto Scaling Lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 distances When the configuration is complete, the Lambda function calls the complete Lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambd
A. Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule
B. Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout
C. Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure
D. Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event
View answer
Correct Answer: B
Question #8
A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application. Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)
A. Change to the least outstanding requests algorithm on the ALB target group
B. Configure cookie forwarding in the CloudFront distribution cache behavior
C. Configure header forwarding in the CloudFront distribution cache behavior
D. Enable group-level stickiness on the ALB listener rule
E. Enable sticky sessions on the ALB target group
View answer
Correct Answer: A
Question #9
A SysOps administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select TWO.)
A. Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings
B. Change the Viewer Protocol Policy to use HTTPS only
C. Configure the distribution to use presigned cookies and URLs to restrict access to the distribution
D. Enable automatic compression of objects in the Cache Behavior Settings
E. Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings
View answer
Correct Answer: C
Question #10
A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. The database will store data for a demonstration environment. The data must be reset on a daily basis. What is the MOST operationally efficient solution that meets these requirements?
A. Create a manual snapshot of the DB cluster after the data has been populate
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi
C. Configure the function to restore the snapshot and then delete the previous DB cluster
D. Enable the Backtrack feature during the creation of the DB cluste
E. Specify a target backtrack window of 48 hour
F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi G
View answer
Correct Answer: B
Question #11
A company uses an Amazon CloudFront distribution to deliver its website Traffic togs for the website must be centrally stored and all data must be encrypted at rest Which solution will meet these requirements?
A. Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
B. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
C. Create an Amazon S3 bucket that is configured with default server side encryption that uses AES-256 Configure CloudFront to use the S3 bucket as a log destination
D. Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log destination
View answer
Correct Answer: A
Question #12
A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the internet. Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)
A. Add a NAT gateway to a public subnet
B. Attach a private address to the elastic network interface on the EC2 instance
C. Attach an Elastic IP address to the internet gateway
D. Add an entry to the route table for the subnet that points to an internet gateway
E. Create an internet gateway and attach it to a VPC
View answer
Correct Answer: A
Question #13
A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application's performance. A SysOps administrator must scale the application to meet the increased traffic. Which solution meets these requirements?
A. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached
C. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy
D. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy
View answer
Correct Answer: B
Question #14
A SysOps administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account, but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill. How can the administrator identify who is creating the Elastic IP addresses?
A. Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it
B. Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events
C. Create a CloudWatch alarm on the ElPCreated metric and send an Amazon SNS notification when the alarm triggers
D. Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days
View answer
Correct Answer: C
Question #15
A SysOps administrator must configure a resilient tier of Amazon EC2 instances for a high performance computing (HPC) application. The HPC application requires minimum latency between nodes Which actions should the SysOps administrator take to meet these requirements? (Select TWO.)
A. Create an Amazon Elastic File System (Amazon EPS) file system Mount the file system to the EC2 instances by using user data
B. Create a Multi-AZ Network Load Balancer in front of the EC2 instances
C. Place the EC2 instances in an Auto Scaling group within a single subnet
D. Launch the EC2 instances into a cluster placement group
E. Launch the EC2 instances into a partition placement group
View answer
Correct Answer: D
Question #16
A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts. Which AWS feature should the SysOps administrator use to me
A. AWS Config aggregator
B. IAM user permissions boundaries
C. AWS Organizations service control policies (SCPs)
D. AWS Security Hub conformance packs
View answer
Correct Answer: A
Question #17
A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application Into a production VPC. The application consists of an AWS Lambda function an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoDB table. Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?
A. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack
B. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack
C. Enable termination protection on the AWS Cloud Formation stack
D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action
View answer
Correct Answer: A
Question #18
A company has multiple AWS Site-to-Site VPN connections between a VPC and its branch offices. The company manages an Amazon Elasticsearch Service (Amazon ES) domain that is configured with public access. The Amazon ES domain has an open domain access policy. A SysOps administrator needs to ensure that Amazon ES can be accessed only from the branch offices while preserving existing data. Which solution will meet these requirements?
A. Configure an identity-based access policy on Amazon E
B. Add an allow statement to the policy that includes the Amazon Resource Name (ARN) for each branch office VPN connection
C. Configure an IP-based domain access policy on Amazon E
D. Add an allow statement to the policy that includes the private IP CIDR blocks from each branch office network
E. Deploy a new Amazon ES domain in private subnets in a VPC, and import a snapshot from the old domai
F. Create a security group that allows inbound traffic from the branch office CIDR blocks
View answer
Correct Answer: C
Question #19
An application accesses data through a file system interface. The application runs on Amazon EC2 instances in multiple Availability Zones, all of which must share the same data. While the amount of data is currently small, the company anticipates that it will grow to tens of terabytes over the lifetime of the application. What is the MOST scalable storage solution to fulfill this requirement?
A. Connect a large Amazon EBS volume to multiple instances and schedule snapshots
B. Deploy Amazon EFS in the VPC and create mount targets in multiple subnets
C. Launch an EC2 instance and share data using SMB/CIFS or NFS
D. Deploy an AWS Storage Gateway cached volume on Amazon EC2
View answer
Correct Answer: A
Question #20
A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoOB table. Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?
A. Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack
B. Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack
C. Enable termination protection on the AWS Cloud Formation stack
D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action
View answer
Correct Answer: A
Question #21
A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between 6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times. What is the MOST operationally efficient solution that meets these requirements?
A. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times
B. Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times
C. Create a target tracking scaling policy to add more instances when memory utilization is above 70%
D. Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times
View answer
Correct Answer: C
Question #22
A development team recently deployed a new version of a web application to production. After the release penetration testing revealed a cross-site scripting vulnerability that could expose user data. Which AWS service will mitigate this issue?
A. AWS Shield Standard
B. AWS WAF
C. Elastic Load Balancing
D. Amazon Cognito
View answer
Correct Answer: B
Question #23
A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts. Which solution will meet these requirements in the MOST secure manner?
A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM use
B. Share the user credentials with the security administrator
C. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC action
D. Assign the policy to an IAMuse
E. Share the user credentials with the security administrator
F. Create an IAM policy in each developer account that has administrator access related to VPC resources
View answer
Correct Answer: AD
Question #24
A company has launched a social media website that gives users the ability to upload images directly to a centralized Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3 bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed. What should the SysOps administrator do to meet these requirements?
A. Create S3 access points in Regions that are closer to the users
B. Create an accelerator in AWS Global Accelerator for the S3 bucket
C. Enable S3 Transfer Acceleration on the S3 bucket
D. Enable cross-origin resource sharing (CORS) on the S3 bucket
View answer
Correct Answer: D
Question #25
A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM permissions for all users are correct. What could be the cause of this issue?
A. The management/payer account does not have billing alerts turned on
B. The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account
C. Amazon GuardDuty is turned on for all the accounts
D. The company has not configured an AWS Config rule to monitor billing
View answer
Correct Answer: D
Question #26
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB). A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group's activity history. What is the MOST likely reason for the unexpected placemen
A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type
B. The ALB was configured for only two Availability Zones
C. The Auto Scaling group was configured for only two Availability Zones
D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones
View answer
Correct Answer: AB
Question #27
A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region Which solution will solve this problem?
A. Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket
B. Update the EC2 security group to allow outbound traffic to 0
C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint
D. Update the S3 bucket policy to allow s3 PurObject access from the private subnet CIDR block
View answer
Correct Answer: A
Question #28
A company is creating a new multi-account architecture. A Sysops administrator must implement a login solution to centrally manage user access and permissions across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language (SAML) 2.0 identity provider (IdP). What should the SysOps administrator do to meet these requirements?
A. Configure an Amazon Cognito user poo
B. Integrate the user pool with the third-party IdP
C. Enable and configure AWS Single Sign-On with the third-party IdP
D. Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization
E. Integrate the third-party IdP directly with AWS Organizations
View answer
Correct Answer: D
Question #29
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones The application uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests tor dynamic content to the load balancer and requests for static content to an Amazon S3 bucket Site visitors are reporting extremely long loading times. Which actions should be taken to improve the performance of the website? (Select TWO )
A. Add Amazon CloudFront caching for static content
B. Change the load balancer listener from HTTPS to TCP
C. Enable Amazon Route 53 latency-based routing
D. Implement Amazon EC2 Auto Scaling for the web servers
E. Move the static content from Amazon S3 to the web servers
View answer
Correct Answer: C
Question #30
A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability. Which combination of actions will meet these requirements? (Choose two.)
A. Add Auto Discovery to the data store
B. Create an Amazon ElastiCache for Memcached data store
C. Create an Amazon ElastiCache for Redis data store
D. Enable Multi-AZ for the data store
E. Enable Multi-threading for the data store
View answer
Correct Answer: AC
Question #31
A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues. The company needs to proactively monitor the website for such issues in the f
A. Rewrite the application to surface a custom error to the application log when issues occur
B. Create an Amazon CloudWatch alarm to provide alerts when issues are detected
C. Create an AWS Lambda function to test the websit
D. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detecte
E. Configure a CloudWatch alarm to provide alerts when issues are detected
F. Create an Amazon CloudWatch Synthetics canar G
View answer
Correct Answer: A
Question #32
A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more. Which solution will meet this requirement In the MOST operationally efficient manner?
A. Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilizatio
B. Initiate an instance shutdown If CPU utilization is less than 10%
C. Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization
D. Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric se
E. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%
F. Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minute G
View answer
Correct Answer: B
Question #33
A company has a compliance requirement that no security groups can allow SSH ports to be open to all IP addresses. A SysOps administrator must implement a solution that will notify the company's SysOps team when a security group rule violates this requirement. The solution also must remediate the security group rule automatically. Which solution will meet these requirements?
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a security group change
B. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on all ports, and notify the SysOps team if the security group is noncompliant
C. Create an AWS CloudTrail metric filter for security group change
D. Create an Amazon CloudWatch alarm to notify the SysOps team through an Amazon Simple Notification Service (Amazon SNS) topic when (he metric is greater than 0
E. Activate the AWS Config restricted-ssh managed rul
F. Add automatic remediation to the AWS Config rule by using the AWS Systems Manager Automation AWS DisablePublicAccessForSecurityGroup runboo G
View answer
Correct Answer: D
Question #34
A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold. What should the SysOps administrator do to collect this data?
A. Use the ALB’s RequestCount metri
B. Configure a time range of 2 weeks and a period of 1 minute
C. Use Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week perio
D. Sort by a 1-minute interval
E. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances
F. Create an Amazon EventBridge (Amazon CloudWatch Events) rul G
View answer
Correct Answer: B
Question #35
A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account Which combination of steps must the SysOps administrator take to meet this requirement? (Select TWO.)
A. Sign in to the new account by using 1AM credential
B. Change the support plan
C. Sign in to the new account by using root user credential
D. Change the support plan
E. Use the AWS Support API to change the support plan
F. Reset the password of the account root user
View answer
Correct Answer: BE
Question #36
A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources. Which solution will meet these requirements?
A. Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
B. Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
C. Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update
D. Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources
View answer
Correct Answer: D
Question #37
A SysOps administrator is responsible for a legacy. CPU-heavy application The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance The system is showing 90% CPU usage and significant performance latency after a few minutes What change should be made to alleviate the performance problem?
A. Change the Amazon EBS volume to Provisioned lOPs
B. Upgrade to a compute-optimized instance
C. Add additional 12 large instances to the application
D. Purchase Reserved Instances
View answer
Correct Answer: D
Question #38
A company is planning to host its stateful web-based applications on AWS A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances The web applications will run 24 hours a day 7 days a week throughout the year The company must be able to change the instance type within the same instance family later in the year based on the traffic and usage patterns Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
A. Convertible Reserved Instances
B. On-Demand instances
C. Spot instances
D. Standard Reserved instances
View answer
Correct Answer: A
Question #39
An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership What is the BEST method to allow access using current LDAP credentials?
A. Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD
B. Create a Lambda function to read LDAP groups and automate the creation of IAM users
C. Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server
D. Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: