DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

SOA-C02 Exam Questions 2024 Updated: Get Ready for Exams, AWS Certified Sysops Administrator - Associate | SPOTO

The AWS Certified SysOps Administrator - Associate (SOA-C02) exam is a vital certification for cloud system administrators. It assesses skills in deploying, managing, and operating workloads on AWS, ensuring candidates are well-equipped for cloud operations roles. Our 2024 updated SOA-C02 Exam Questions offer a comprehensive preparation solution, including exam questions and answers, practice tests, and exam dumps. Access sample questions and free quizzes to enhance your understanding of AWS services and best practices. Our exam materials provide valuable insights, and our exam simulator allows you to simulate real exam scenarios for effective preparation. Get ready for your exams with SPOTO's professional resources and succeed in becoming an AWS Certified SysOps Administrator - Associate.
Take other online exams

Question #1
A SysOps administrator wants to upload a file that is 1 TB in size from on-premises to an Amazon S3 bucket using multipart uploads. What should the SysOps administrator do to meet this requirement?
A. Upload the file using the S3 console
B. Use the s3api copy-object command
C. Use the s3api put-object command
D. Use the s3 cp command
View answer
Correct Answer: A

View The Updated SOA-C02 Exam Questions

SPOTO Provides 100% Real SOA-C02 Exam Questions for You to Pass Your SOA-C02 Exam!

Question #2
A company has a stateless application that runs on four Amazon EC2 instances. The application requires tour instances at all times to support all traffic. A SysOps administrator must design a highly available, fault-tolerant architecture that continually supports all traffic if one Availability Zone becomes unavailable. Which configuration meets these requirements?
A. Deploy two Auto Scaling groups in two Availability Zones with a minimum capacity of two instances in each group
B. Deploy an Auto Scaling group across two Availability Zones with a minimum capacity of four instances
C. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of four instances
D. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of six instances
View answer
Correct Answer: A
Question #3
A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out. Which action should the SysOps administrator take to meet these requirements?
A. Enable instance scale-in protection
B. Place the instance into the Standby stale
C. Remove the listener from the ALB
D. Suspend the Launch and Terminate process types
View answer
Correct Answer: D
Question #4
A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost. What should the SysOps administrator do to tag the "No Tagkey" resources?
A. Add the accounts to AWS Organization
B. Use a service control policy (SCP) to tag all the untagged resources
C. Use an AWS Config rule to find the untagged resource
D. Set the remediation action to terminate the resources
E. Use Cost Explorer to find and tag all the untagged resources
F. Use Tag Editor to find and taq all the untaqqed resources
View answer
Correct Answer: D
Question #5
A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost. What should the SysOps administrator do to sign in?
A. Sign in as a root user by using email and phone verificatio
B. Set up a new MFA devic
C. Change the root user password
D. Sign in as an 1AM user with administrator permission
E. Resynchronize the MFA token by using the 1AM console
F. Sign in as an 1AM user with administrator permission G
View answer
Correct Answer: C
Question #6
A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time. Which solution should a SysOps administrator choose to meet these requirements?
A. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instanc
B. Use RDS Proxy to handle the increases in database connections
C. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instanc
D. Use RDS read replicas to handle the increases in database connections
E. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instanc
F. Use RDS Proxy to handle the increases in database connections
View answer
Correct Answer: A
Question #7
A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system. What should the SysOps administrator do to remediate t
A. Create a new EFS file system that uses Max I/O performance mod
B. Use AWS DataSync to migrate data to the new EFS file system
C. Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performanc
D. Use AWS DataSync to migrate existing data to IA storage
E. Modify the existing EFS file system and activate Max I/O performance mode
F. Modify the existing EFS file system and activate Provisioned Throughput mode
View answer
Correct Answer: C
Question #8
A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS records. Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?
A. Geolocation routing policy
B. Geoproximity routing policy
C. Latency routing policy
D. Multivalue answer routing policy
View answer
Correct Answer: D
Question #9
A compliance team requires all administrator passwords tor Amazon RDS DB instances to be changed at toast annually Which solution meets this requirement in the MOST operationally efficient manned
A. Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days
B. Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days
C. Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days
D. Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days
View answer
Correct Answer: D
Question #10
A company needs to ensure strict adherence to a budget for 25 applications deployed on AWS Separate teams are responsible for storage compute, and database costs. A SysOps administrator must implement an automated solution to alert each team when their projected spend will exceed a quarterly amount mat has been set by the finance department. The solution cannot additional compute, storage, or database costs.
A. Configure AWS Cost and Usage Reports to send a daily report to an Amazon S3 bucke
B. Create an AWS Lambda function that will evaluate Spend by service and nobly each team by using Amazon Simple Notification Service (Amazon SNS) notification
C. Invoke the Lambda function when a report is placed in the S3 bucket
D. Configure AWS Cost and Usage Reports to send a dairy report to an Amazon S3 bucke
E. Create a rule In Amazon EventBridge (Amazon CloudWatch Events) to evaluate the spend by service and notify each team by using Amazon Simple Queue Service (Amazon SOS) when the cost threshold i6 exceeded
F. Use AWS Budgets :o create one cost budget and select each of the services in use Specify the budget amount defined by the finance department along with the forecasted cost threshold Enter the appropriate email recipients for the budget
View answer
Correct Answer: C
Question #11
A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet. What should be added to the private subnet's route table in order to address this issue, given the information provided?
A. 0
B. 0
C. 10
D. 10
View answer
Correct Answer: C
Question #12
The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies. Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. AWS Organizations
View answer
Correct Answer: C
Question #13
A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The company uses Amazon Route 53 for its website's DNS solution. Which configuration will meet these requirements?
A. Create a failover routing polic
B. Within the policy, configure 80% of the website traffic to be sent to the original resourc
C. Configure the remaining 20% of traffic as the failover record that points to the new resource
D. Create a multivalue answer routing polic
E. Within the policy, create 4 records with the name and IP address of the original resourc
F. Configure 1 record with the name and IP address of the new resource
View answer
Correct Answer: B
Question #14
A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at that times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00,7 days a week How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?
A. Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%
B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%
C. Set the Auto Scaling group to start with 2 instances by setting the desired instances maximum instances, and minimum instances to 2 Create a scheduled scaling policy that ensures that the fleet is available at 09:00
D. Create a scheduled scaling policy that ensures that the fleet is available at 09
View answer
Correct Answer: DE
Question #15
A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account. Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern
C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern
D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription
E. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription
View answer
Correct Answer: A
Question #16
A company is managing multiple AWS accounts in AWS Organizations The company is reviewing internal security of Its AWS environment The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts Which solution will meet these requirements in the MOST secure manner?
A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user Share the user credentials with the security administrator
B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions Assign the policy to an IAM user Share the user credentials with the security administrator
C. Create an IAM policy in each developer account that has administrator access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account
D. Create an IAM policy m each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account
View answer
Correct Answer: D
Question #17
A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution. Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?
A. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
B. Create an origin access identity and grant it permissions to read objects in the S3 bucket
C. Assign an 1AM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy
D. Assign an 1AM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy
View answer
Correct Answer: C
Question #18
A company updates its security policy to clarify cloud hosting arrangements for regulated workloads. Workloads that are identified as sensitive must run on hardware that is not shared with other customers or with other AWS accounts within the company. Which solution will ensure compliance with this policy?
A. Deploy workloads only to Dedicated Hosts
B. Deploy workloads only to Dedicated Instances
C. Deploy workloads only to Reserved Instances
D. Place all instances in a dedicated placement group
View answer
Correct Answer: A
Question #19
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups. What should a SysOps administrator do to meet this requirement?
A. Perform a CloudWatch Logs Insights query that uses the stats command and count function
B. Perform a CloudWatch Logs search that uses the groupby keyword and count function
C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords
D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords
View answer
Correct Answer: D
Question #20
A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code Which solution will meet these requirements?
A. Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name
B. Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution
C. Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403
D. Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403
View answer
Correct Answer: A
Question #21
A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files. Which solution will meet these requirements?
A. Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Recognition
C. Enable Amazon GuardDut
D. Configure S3 protection to monitor all data inside Amazon S3
E. Enable Amazon Maci
F. Create a discovery job that uses the managed data identifier
View answer
Correct Answer: CD
Question #22
A company's customers are reporting increased latency while accessing static web content from Amazon S3 A SysOps administrator observed a very high rate of read operations on a particular S3 bucket What will minimize latency by reducing load on the S3 bucket?
A. Migrate the S3 bucket to a region that is closer to end users' geographic locations
B. Use cross-region replication to replicate all of the data to another region
C. Create an Amazon CloudFront distribution with the S3 bucket as the origin
D. Use Amazon ElastiCache to cache data being served from Amazon S3
View answer
Correct Answer: A
Question #23
A global company handles a large amount of personally identifiable information (Pll) through an internal web portal. The company's application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the Pll in Amazon S3. According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet. What should a SysOps administrator do to meet the compliance requirement?
A. Provision an interface VPC endpoint for Amazon S3
B. Configure AWS Network Firewall to redirect traffic to the internal S3 address
C. Modify the application to use the S3 path-style endpoint
D. Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address
View answer
Correct Answer: B
Question #24
A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch. The SysOps administrator must give Systems Manager the ability to access the EC2 instances. Which additional action must the SysOps administrator perform to meet this requirement?
A. Add an inbound rule to the instances' security group
B. Attach an 1AM instance profile with access to Systems Manager to the instances
C. Create a Systems Manager activation Then activate the fleet of instances
D. Manually specify the instances to patch Instead of using tag-based selection
View answer
Correct Answer: D
Question #25
A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys. The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted wit
A. In the account where the AMI was created, create a customer master key (CMK)
B. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with
C. In the account where the AMI was created, create a customer master key (CMK)
D. Create a copy of the AM
E. and specify the CM
F. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with
View answer
Correct Answer: AC
Question #26
A company uses an Amazon S3 bucket to store data files. The S3 bucket contains hundreds of objects. The company needs to replace a tag on all the objects in the S3 bucket with another tag. What is the MOST operationally efficient way to meet this requirement?
A. Use S3 Batch Operation
B. Specify the operation to replace all object tags
C. Use the AWS CLI to get the tags for each objec
D. Save the tags in a lis
E. Use S3 Batch Operations
F. Use the AWS CLI and the list to retag the objects
View answer
Correct Answer: C
Question #27
A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an AWS Site-to-Site VPN connection between the on-premises network and AWS. The company must monitor the application for changes that allow network access outside of the corporate network. Any change that exposes the application externally must be restricted automatically. Which solution meets these requirements in the MOST operationally efficient manner?
A. Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR range
B. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Log
C. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a target
D. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public IP addresses on the EC2 instance
E. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances
F. Configure AWS Config and a custom rule to monitor whether a security group allows inbound requestsfrom noncorporate CIDR range G
View answer
Correct Answer: CD
Question #28
A global gaming company is preparing to launch a new game on AWS. The game runs in multiple AWS Regions on a fleet of Amazon EC2 instances. The instances are in an Auto Scaling group behind an Application Load Balancer (ALB) in each Region. The company plans to use Amazon Route 53 tor DNS services. The DNS configuration must direct users to the Region that is closest to mem and must provide automated failover. Which combination of steps should a SysOps administrator take to configure Route 53 to meet these
A. Create Amazon CloudWatch alarms that monitor the health of the ALB m each Region Configure Route 53 DNS failover by using a health check that monitors the alarms
B. Create Amazon CloudWatch alarms that monitor the hearth of the EC2 instances in each Region
C. Configure Route 53 DNS failover by using a health check that monitors the private address of an EC2 instance in each Region
D. Configure Route 53 geoproximity routing Specify the Regions that are used for the infrastructure
E. Configure Route 53 simple routing Specify the continent, country, and state or province that are used for the infrastructure
View answer
Correct Answer: AD
Question #29
A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors. The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back. Based on these requirem
A. Conditions with a timeout set to 4 hours
B. CreationPolicy with timeout set to 4 hours
C. DependsOn a timeout set to 4 hours
D. Metadata with a timeout set to 4 hours
View answer
Correct Answer: D
Question #30
A SysOps administrator needs to develop a solution that provides email notification and inserts a record into a database every time a file is put into an Amazon S3 bucket. What is the MOST operationally efficient solution that meets these requirements?
A. Set up an S3 event notification that targets an Amazon Simple Notification Service (Amazon SNS) topic Create two subscriptions for the SNS topic Use one subscription to send the email notification Use the other subscription to invoke an AWS Lambda function that inserts the record into the database
B. Set up an Amazon CloudWatch alarm that enters ALARM state whenever an object is created in the S3 bucket Configure the alarm to invoke an AWS Lambda (unction that sends the email notification and inserts the record into the database
C. Create an AWS Lambda function to send the email notification and insert the record into the database whenever a new object is detected in the S3 bucket invoke the function every minute with an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule
D. Set up two S3 event notifications Target a separate AWS Lambda function with each notification Configure one function to send the email notification Configure the other function to insert the record into the database
View answer
Correct Answer: A
Question #31
A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available Which action should the SysOps administrator take to meet this requirement?
A. Reduce the scaling thresholds so that instances are added before traffic increases
B. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group
C. Update the Auto Scaling group to launch instances that have a storage optimized instance type
D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software
View answer
Correct Answer: B
Question #32
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations. Which solution will meet this requirement?
A. Configure Amazon Cognito to detect any compromised 1AM credentials
B. Set up Amazon Inspecto
C. Scan and monitor resources for unauthorized logins
D. Set up AWS Confi
E. Add the iam-policy-blacklisted-check managed rule to the account
F. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding
View answer
Correct Answer: C
Question #33
A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements?
A. Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings
B. Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget
C. Purchase Reserved Instances through the Amazon EC2 console
D. Use AWS Compute Optimizer and take action on the provided recommendations
View answer
Correct Answer: D
Question #34
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions. Which configuration will meet these requirements?
A. Deploy a copy of the stack in the us-west-2 Regio
B. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each EL
C. Configure the SOA record with health check
D. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record
E. Deploy a copy of the stack in the us-west-2 Regio
F. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias targe G
View answer
Correct Answer: D
Question #35
A company needs to view a list of security groups that are open to the internet on port 3389. What should a SysOps administrator do to meet this requirement?
A. Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389
B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389
C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389
D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389
View answer
Correct Answer: B
Question #36
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket. Which parameters should be specified to accomplish this in the MOST efficient manner?
A. Specify '*' as the principal and PrincipalOrgld as a condition
B. Specify all account numbers as the principal
C. Specify PrincipalOrgld as the principal
D. Specify the organization's management account as the principal
View answer
Correct Answer: D
Question #37
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it. What address should be used to create the customer gateway resource?
A. The private IP address of the customer gateway device
B. The MAC address of the NAT device in front of the customer gateway device
C. The public IP address of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway device
View answer
Correct Answer: D
Question #38
A company’s reporting job that used to run in 15 minutes is now taking an hour to run. An application generates the reports. The application runs on Amazon EC2 instances and extracts data from an Amazon RDS for MySQL database. A SysOps administrator checks the Amazon CloudWatch dashboard for the RDS instance and notices that the Read IOPS metrics are high, even when the reports are not running. The SysOps administrator needs to improve the performance and the availability of the RDS instance. Which solution
A. Configure an Amazon ElastiCache cluster in front of the RDS instanc
B. Update the reporting job to query the ElastiCache cluster
C. Deploy an RDS read replic
D. Update the reporting job to query the reader endpoint
E. Create an Amazon CloudFront distributio
F. Set the RDS instance as the origi G
View answer
Correct Answer: B
Question #39
A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies The company decides to switch to an SQS FIFO queue What must the company do to migrate to an SQS FIFO queue?
A. Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages
B. Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages
C. Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages
D. Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages
View answer
Correct Answer: C
Question #40
A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary
A. Create an A record for each serve
B. Associate the records with the Route 53 HTTP health check
C. Create an A record for each serve
D. Associate the records with the Route 53 TCP health check
E. Create an alias record for each server with evaluate target health set to ye
F. Associate the records withthe Route 53 HTTP health check
View answer
Correct Answer: A
Question #41
A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated. What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is complian
B. Terminate any noncompliant instances
C. Create an IAM policy that enforces all EC2 instance tag requirement
D. If the required tags are not in place for an instance, the policy will terminate noncompliant instance
E. Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncomplian
F. Schedule the Lambda function to invoke every 5 minutes
View answer
Correct Answer: C
Question #42
A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi-AZ database for data storage. Which configuration approach will meet these requirements?
A. Enable Transparent Data Encryption (TDE) in the MySQL configuration fil
B. Manually rotate the key every 12 months
C. Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS
D. Create a new AWS Key Management Service (AWS KMS) customer managed ke
E. Enable automatic key rotatio
F. Enable RDS encryption on the database at creation time by using the KMS key
View answer
Correct Answer: D
Question #43
A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours. What is the MOST operationally efficient solution that will improve the application's responsiveness?
A. Configure CloudWatch logging on the EC2 instanc
B. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%
C. Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency
D. Create an Auto Scaling group, and assign it to an Application Load Balance
E. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group
F. Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%
View answer
Correct Answer: B
Question #44
A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the togs the SysOps administrator notices that rejected traffic is not listed. What should the SysOps administrator do to ensure that all traffic is logged?
A. Create a new flow tog that has a titter setting to capture all traffic
B. Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog
C. Edit the existing flow log Change the fitter setting to capture all traffic
D. Edit the existing flow lo
E. Set the log record format to a custom format Select the proper fields to include in the tog
View answer
Correct Answer: B
Question #45
A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails. What is the default behavior of CloudFormation in this scenario?
A. CloudFormation will roll back the stack and delete the stack
B. CloudFormation will roll back the stack but will not delete the stack
C. CloudFormation will prompt the user to roll back the stack or continue
D. CloudFormation will successfully complete the stack but will report a failed status for the DB instance
View answer
Correct Answer: D
Question #46
A company has a new requirement stating that all resources In AWS must be tagged according to a set policy. Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?
A. AWS CloudTrail
B. Amazon Inspector
C. AWS Config
D. AWS Systems Manager
View answer
Correct Answer: D
Question #47
A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method. How should the SysOps administrator implement this solution?
A. Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days Run an AWS Lambda function when a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users
B. Configure an AWS Config rule to identify IAM users that have not been active for 90 days Set up an automatic weekly batch process on an Amazon EC2 instance to disable the AWS access keys and passwords for these IAM users
C. Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days Automatically delete these 1AM users
D. Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days Set up an AWS Systems Manager automation runbook to disable the AWS access keys for these IAM users
View answer
Correct Answer: B

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: