DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

SOA-C02 Exam Practice Made Easy: Latest Mock Exams, AWS Certified Sysops Administrator - Associate | SPOTO

Prepare effectively for the AWS Certified SysOps Administrator - Associate (SOA-C02) exam with SPOTO's latest mock exams. This certification is crucial for system administrators handling cloud operations, validating skills in deploying, managing, and operating workloads on AWS. SPOTO offers a comprehensive exam practice experience with the latest exam questions and answers, practice tests, exam dumps, sample questions, and free quizzes. Access exam materials and exam answers to enhance your exam preparation. Engage in exam practice sessions and utilize the exam simulator to familiarize yourself with the exam format and improve your performance. With SPOTO's mock exams, mastering the SOA-C02 certification becomes easier and more efficient.
Take other online exams

Question #1
A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances The instances all exist in the same VPC across multiple Availability Zones. There are two instances In each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency. Which solution will meet these requirements?
A. Create a mount target for the EFS file system in the VP
B. Use the mount target to mount the file system on each of the instances
C. Create a mount target for the EFS file system in one Availability Zone of the VP
D. Use the mount target to mount the file system on the instances in that Availability Zon
E. Share the directory with the other instances
F. Create a mount target for each instanc G
View answer
Correct Answer: D

View The Updated SOA-C02 Exam Questions

SPOTO Provides 100% Real SOA-C02 Exam Questions for You to Pass Your SOA-C02 Exam!

Question #2
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created. What should a SysOps administrator do to meet this requirement?
A. Configure an IAM policy that denies the s3:DeleteObject action for all user
B. Three months after an object is written, remove the policy
C. Enable S3 Object Lock on a new S3 bucket in compliance mod
D. Place all backups in the new S3 bucket with a retention period of 3 months
E. Enable S3 Versioning on the existing S3 bucke
F. Configure S3 Lifecycle rules to protect the backups
View answer
Correct Answer: C
Question #3
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance. Which of the following are possible causes of this issue? (Choose two.)
A. A network ACL associated with the bastion's subnet is blocking the network traffic
B. The instance does not have a private IP address
C. The route table associated with the bastion's subnet does not have a route to the internet gateway
D. The security group for the instance does not have an inbound rule on port 22
E. The security group for the instance does not have an outbound rule on port 3389
View answer
Correct Answer: B
Question #4
An environment consists of 100 Amazon EC2 Windows instances The Amazon CloudWatch agent Is deployed and running on at EC2 instances with a baseline configuration file to capture log files There is a new requirement to capture the DHCP tog tiles that exist on 50 of the instances What is the MOST operational efficient way to meet this new requirement?
A. Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file
B. Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch
C. Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process
D. Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail leve
E. This wifi capture the operating system log files
View answer
Correct Answer: C
Question #5
A SysOps administrator receives notification that an application that is running on Amazon EC2 instances has failed to authenticate to an Amazon RDS database To troubleshoot, the SysOps administrator needs to investigate AWS Secrets Manager password rotation Which Amazon CloudWatch log will provide insight into the password rotation?
A. AWS CloudTrail logs
B. EC2 instance application logs
C. AWS Lambda function logs
D. RDS database logs
View answer
Correct Answer: D
Question #6
An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS} queues A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues Which solution will meet these requirements in the MOST secure manner?
A. Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Embed the IAM user's credentials in the application's configuration
B. Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Export the IAM user's access key and secret access key as environment variables on the EC2 instance
C. Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows sqs
D. Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues
View answer
Correct Answer: B
Question #7
A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits. Which solution will meet these requirements?
A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volum
B. Configure AWS Key Management Service (AWS KMS) encryption
C. Store the data in an Amazon S3 Glacier vaul
D. Configure a vault lock policy for write-once, read-many (WORM) access
E. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
F. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
View answer
Correct Answer: D
Question #8
A company uses AWS Cloud Formation templates to deploy cloud infrastructure. An analysis of all the company's templates shows that the company has declared the same components in multiple templates. A SysOps administrator needs to create dedicated templates that have their own parameters and conditions for these common components. Which solution will meet this requirement?
A. Develop a CloudFormaiion change set
B. Develop CloudFormation macros
C. Develop CloudFormation nested stacks
D. Develop CloudFormation stack sets
View answer
Correct Answer: B
Question #9
A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance. The administrator has been tasked with reconfiguring the infrastructure to support this approach. How can the administrator accomplish this with the LEAST administrative overhead?
A. Use Amazon CloudFront to log the URL and forward the request
B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request
C. Use an Application Load Balancer (ALB) and do path-based routing
D. Use a Network Load Balancer (NLB) and do path-based routing
View answer
Correct Answer: C
Question #10
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect the website by using AWS Certificate Manager (ACM) certificates The ELB must automatically redirect any HTTP requests to HTTPS Which solution will meet these requirements?
A. Create an Application Load Balancer that has one HTTPS listener on port 80 Attach an SSLTLS certificate to listener port 80 Create a rule to redirect requests from HTTP to HTTPS
B. Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443 Attach an SSL TLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443
C. Create an Application Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443
D. Create a Network Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443
View answer
Correct Answer: BD
Question #11
A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response. What is the MOST operationally efficient solution that meets these requirements?
A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response
B. Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour
D. Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour
View answer
Correct Answer: CE
Question #12
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On- Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
A. Purchase Compute Savings Plans based on the usage during the past 30 days
B. Purchase Convertible Reserved Instances by calculating the usage baseline
C. Purchase EC2 Instance Savings Plane based on the usage during the past 30 days
D. Purchase Standard Reserved Instances by calculating the usage baseline
View answer
Correct Answer: C
Question #13
A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at rest. Which solution will meet these requirements?
A. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS managed ke
B. Configure CloudFront to use theAmazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
C. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
D. Create an Amazon S3 bucket that Is configured with default server-side encryption that uses AES-256
E. Create an Amazon S3 bucket that is configured with no default encryptio
F. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination
View answer
Correct Answer: B
Question #14
A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS volumes that store the data are encrypted, but some of the EBS volumes are unencrypted. The company needs the backup data from all the EBS volumes to be encrypted. Which solution will meet these requirements with the LEAST management overhead?
A. Configure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enable
B. Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS)
C. Create a point-in-time snapshot of the EBS volume
D. When the snapshot status is COMPLETED, copy the snapshots to another Region and set the Encrypted parameter to False
E. Create a point-in-time snapshot of the EBS volume
F. Copy the snapshots to an Amazon S3 bucket that uses server-side encryptio G
View answer
Correct Answer: C
Question #15
An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy. What is likely to be the problem?
A. The Amazon Machine image used is not available in that region
B. The AWS CloudFormation template needs to be updated to the latest version
C. The VPC configuration parameters have changed and must be updated in the template
D. The account has reached the default limit for VPCs allowed
View answer
Correct Answer: B
Question #16
A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application's availability or design. Which solution will meet these requirements?
A. Reduce the number of application servers
B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size
C. Provision an Application Load Balancer in front of the instances
D. Scale up the instance size of the application servers
View answer
Correct Answer: D
Question #17
A SysOps administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back. Why would this template fail to deploy? (Select TWO.)
A. The template referenced an IAM user that is not available in eu-west-1
B. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1
C. The template did not have the proper level of permissions to deploy the resources
D. The template requested services that do not exist in eu-west-1
E. CloudFormation templates can be used only to update existing services
View answer
Correct Answer: C
Question #18
A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application's performance. A SysOps administrator must scale the application to meet the increased traffic. Which solution meets these requirements?
A. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance If the desired threshold is reached
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached
C. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy
D. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy
View answer
Correct Answer: C
Question #19
A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold. What should the SysOps administrator do to meet these requirements?
A. Create an AWS Cost and Usage Repor
B. Analyze the results in Amazon Athen
C. Configure an alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when costs reach 75% of the threshol
D. Subscribe the email distribution list to the topic
E. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold
F. Subscribe the email distribution list to the topic
View answer
Correct Answer: C
Question #20
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services. Which solution will meet these requirements?
A. Configure Active Directory as an authentication provider in Amazon E
B. Add the Active Directory server's domain name to Amazon E
C. Configure Kibana to use Amazon ES authentication
D. Deploy an Amazon Cognito user poo
E. Configure Active Directory as an external identity provider for the user poo
F. Enable Amazon Cognito authentication for Kibana on Amazon ES
View answer
Correct Answer: B
Question #21
A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic: Which solution will provide the EC2 instances in the private subnet with access to the internet?
A. Create a NAT gateway in the public subne
B. Create a route from the private subnet to the NAT gateway
C. Create a NAT gateway in the public subne
D. Create a route from the public subnet to the NAT gateway
E. Create a NAT gateway in the private subne
F. Create a route from the public subnet to the NAT gateway
View answer
Correct Answer: C
Question #22
A company runs us Infrastructure on Amazon EC2 Instances that run In an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2 fleet. This faulty code caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved. What should a SysOps administrator do to retain the application logs after instances are terminated?
A. Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances
B. Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Log
C. Update the launch template to use the new AMI
D. Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrai
E. Update the launch template to use the new AMI
F. Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch templat G
View answer
Correct Answer: D
Question #23
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime. To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?
A. EBS General Purpose SSD volumes
B. RDS PostgreSQL database
C. Amazon EFS file systems
D. S3 objects within a bucket
View answer
Correct Answer: D
Question #24
A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?
A. Log in to the RDS console and select the encryption box to encrypt the database
B. Create a new encrypted Amazon EBS volume and attach it to the instance
C. Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance
D. Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance
View answer
Correct Answer: C
Question #25
A SysOps administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The administrator has set up AWS Organizations and enabled Consolidated Billing. Which additional steps must the administrator perform to set up the billing alerts?
A. In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers
B. In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers
C. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers
D. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers
View answer
Correct Answer: D
Question #26
A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working In us-east-1. but it is failing In us-west-2 with the error code: How should the administrator ensure that the AWS Cloud Formation template is working in every region?
A. Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID
B. Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID
C. Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control
D. Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings" sectio
E. Refer to the proper mapping within the template for the proper AMI ID
View answer
Correct Answer: D
Question #27
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted How can this be resolved?
A. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
C. Enable encryption on each host's local drive Restart each host to encrypt the drive
D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume
View answer
Correct Answer: C
Question #28
A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC. the administrator is unable to connect to any of the domains that reside on the internet. What additional route destination rule should the administrator add to the route tables?
A. Route ;:/0 traffic to a NAT gateway
B. Route ::/0 traffic to an internet gateway
C. Route 0
D. Route ::/0 traffic to an egress-only internet gateway
View answer
Correct Answer: B
Question #29
A company recently purchased Savings Plans. The company wants to receive email notification when the company’s utilization drops below 90% for a given day. Which solution will meet this requirement?
A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in AWS Trusted Advisor
B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metric under the AWS/SavingsPlans namespace in CloudWatc
C. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day
D. Create a Savings Plans alert to monitor the daily utilization of the Savings Plan
E. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day
F. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of the Savings Plans
View answer
Correct Answer: B
Question #30
A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement?
A. Create one S3 bucket named example
B. Create one S3 bucket with a wildcard named '
C. Create two S3 buckets named example
D. Configure the subdomain bucket to redirect requests to the domain bucket
E. Create two S3 buckets named http//example
F. Configure the wildcard (') bucket to redirect requests to the domain bucket
View answer
Correct Answer: AC
Question #31
If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop. If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V. Configure Amazon EventBridge to meet the following requirements. * 1. use the us-east-2 Region for all resources, * 2. Unless specified below,
A. Mastered
B. Not Mastered
View answer
Correct Answer: B
Question #32
A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that some requests are going directly to the S3 bucket by using the website hosting endpoint. A SysOps administrator must secure the S3 bucket to allow requests only from CloudFront. What should the SysOps administrator do to meet this requirement?
A. Create an origin access identity (OAI) in CloudFron
B. Associate the OAI with the distributio
C. Remove access to and from other principals in the S3 bucket polic
D. Update the S3 bucket policy to allow accessonly from the OAI
E. Create an origin access identity (OAI) in CloudFron
F. Associate the OAI with the distributio G
View answer
Correct Answer: A
Question #33
A company has a mobile app that uses Amazon S3 to store images The images are popular for a week, and then the number of access requests decreases over time The images must be highly available and must be immediately accessible upon request A SysOps administrator must reduce S3 storage costs for the company Which solution will meet these requirements MOST cost-effectively?
A. Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days
B. Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days
C. Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days
D. Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days
View answer
Correct Answer: D
Question #34
A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS resources to be encrypted at rest and in transit. What should a SysOps administrator do to encrypt the database?
A. Configure encryption on the existing DB instance
B. Take a snapshot of the DB instanc
C. Encrypt the snapsho
D. Restore the snapshot to the same DB instance
E. Encrypt the standby replica in a secondary Availability Zon
F. Promote the standby replica to the primary DB instance
View answer
Correct Answer: C
Question #35
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster. Which solution will meet these requirements?
A. Create an Aurora Replic
B. Promote the replica to replace the primary DB instance
C. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster
D. Use backtracking to rewind the existing DB cluster to the desired recovery point
E. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point
View answer
Correct Answer: D
Question #36
A SysOps administrator applies the following policy to an AWS CloudFormation stack: What is the result of this policy?
A. Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command
B. Users can update all resources in the stack except for resources that have a logical ID that begins with "Production"
C. Users can update all resources in the stack except for resources that have an attribute that begins with "Production"
D. Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command
View answer
Correct Answer: B
Question #37
A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS. What is the MOST operationally efficient solution that meets these requirements?
A. Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chefrecipes
B. Use AWS CloudFormation to create a stack and add layers for Chef recipes
C. Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes
D. Use AWS OpsWorks to create a stack and add layers with Chef recipes
View answer
Correct Answer: B
Question #38
A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric. A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were
A. Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics
B. Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics
C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes
D. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance
View answer
Correct Answer: C
Question #39
Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080. To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records: What is the reason for the rejected traffic?
A. The security group of the EC2 instances has no Allow rule for the traffic from the NLB
B. The security group of the NLB has no Allow rule for the traffic from the on-premises environment
C. The ACL of the on-premises environment does not allow traffic to the AWS environment
D. The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range
View answer
Correct Answer: A
Question #40
An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the SysOps administrator notices a large number of evictions. Which of the following actions will reduce these evictions? (Choose two.)
A. Add an additional node to the ElastiCache cluster
B. Increase the ElastiCache time to live (TTL)
C. Increase the individual node size inside the ElastiCache cluster
D. Put an Elastic Load Balancer in front of the ElastiCache cluster
E. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster
View answer
Correct Answer: C
Question #41
A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted. What should a SysOps administrator do to meet this requirement?
A. Allow SSL connections to the database by using an inbound security group rule
B. Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key
C. Enforce SSL connections to the database by using a custom parameter group
D. Patch the database with SSL/TLS by using a custom PostgreSQL extension
View answer
Correct Answer: A
Question #42
A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The company does not want to pay for additional unneeded capacity to achieve this performance. Which solution will meet these requirements with the LEAST cost?
A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10
B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10
C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode
D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10
View answer
Correct Answer: A
Question #43
A company recently its server infrastructure to Amazon EC2 instances. The company wants to use Amazon CloudWatch metrics to track instance memory utilization and available disk space. What should a SysOps administrator do to meet these requirements?
A. Configure CloudWatch from the AWS Management Console tor all the instances that require monitoring by CloudWatc
B. AWS automatically installs and configures the agents far the specified instances
C. Install and configure the CloudWatch agent on all the instance
D. Attach an IAM role to allow theinstances to write logs to CloudWatch
E. Install and configure the CloudWatch agent on all the instance
F. Attach an IAM user to allow the instances to write logs to CloudWatch
View answer
Correct Answer: A
Question #44
A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads. Which solution should the SysOps administrator implement to meet these requirements?
A. Create a second EC2 instance for MySQ
B. Configure the second instance to be a read replica
C. Migrate the database to an Amazon Aurora DB cluste
D. Add an Aurora Replica
E. Migrate the database to an Amazon Aurora multi-master DB cluster
F. Migrate the database to an Amazon RDS for MySQL DB instance
View answer
Correct Answer: AD
Question #45
A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately. What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?
A. Add the AWS account to AWS Organization
B. Enable CloudTrail in the management account
C. Create an AWS Config rule that is invoked when CloudTrail configuration change
D. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action
E. Create an AWS Config rule that is invoked when CloudTrail configuration change
F. Configure the rule to invoke an AWS Lambda function to enable CloudTrail
View answer
Correct Answer: B

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: