DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

SOA-C02 Practice Tests, Mock Tests & Study Resources, AWS Certified Sysops Administrator - Associate | SPOTO

Prepare effectively for the AWS Certified SysOps Administrator - Associate (SOA-C02) exam with SPOTO's comprehensive study resources. Our SOA-C02 Practice Tests, Mock Tests & Study Resources provide an in-depth preparation solution for system administrators aspiring to excel in cloud operations. Access exam questions and answers, practice tests, and exam dumps to enhance your understanding of AWS deployment, management, and workload operations. Our sample questions and free quizzes offer valuable insights into key exam topics, while our exam materials and exam simulator help you practice effectively. With SPOTO, you can strengthen your exam preparation, practice with confidence, and succeed in achieving AWS Certified SysOps Administrator - Associate certification.

Take other online exams
Question #1
A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOpsadministrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure.What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance
B. Create an Amazon RDS for MySQL Multi-AZ DB instance
C. Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica
D. Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon Elastic Block Store (Amazon EBS) volume every hour
View answer
Correct Answer: D
Question #2
A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold. What should the SysOps administrator do to meet these requirements? The reason is that it uses the Amazon CloudWatch billing alarm which is a built-in service specifically designed to monitor and alert on cost usage of your AWS account, which makes it a more suitable solutio
A. reate an AWS Cost and Usage Report
B. reate an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold
C. se AWS Budgets to create a cost budget for data transfer costs
D. et up a VPC flow log
View answer
Correct Answer: B
Question #3
A SysOps administrator needs to give users the ability to upload objects to an Amazon S3 bucket. The SysOps administratorcreates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. Thepresigned URL has not expired, and no bucket policy is applied to the S3 bucket.Which of the following could be the cause of this problem?
A. The user has not properly configured the AWS CLI with their access key and secret access key
B. The SysOps administrator does not have the necessary permissions to upload the object to the S3 bucket
C. The SysOps administrator must apply a bucket policy to the S3 bucket to allow the user to upload the object
D. The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid
View answer
Correct Answer: B
Question #4
An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automaterestarting the instance once the problem occurs for more than 2 minutes.How can this be accomplished?
A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring
B. Create a CloudWatch alarm for the EC2 instance with detailed monitoring
C. Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes
D. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks
View answer
Correct Answer: B
Question #5
A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-basedAmazon EC2 instances within a companys account. The administrator must be alerted to potential issues.What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?
A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications
B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic
C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic
D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space
View answer
Correct Answer: C
Question #6
353. A company is managing multiple AWS accounts using AWS Organizations. One of these accounts is used only for retaining logs in an Amazon S3 bucket. The company wants to make sure that compute resources cannot be used in the account. How can this be accomplished with the LEAST administrative effort?
A. Apply an IAM policy to all IAM entities in the account with a statement to explicitly deny NotAction: s3:*
B. Configure AWS Config to terminate compute resources that have been created in the accounts
C. Configure AWS CloudTrail to block any action where the event source is not s3:amazonaws
D. Update the service control policy on the account to deny the unapproved services
View answer
Correct Answer: C
Question #7
A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an AWSSite-to-Site VPN connection between the on-premises network and AWS. The company must monitor the application forchanges that allow network access outside of the corporate network. Any change that exposes the application externallymust be restricted automatically.Which solution meets these requirements in the MOST operationally efficient manner?
A. Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR ranges
B. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public IP addresses on the EC2 instances
C. Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from noncorporate CIDR ranges
D. Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag
View answer
Correct Answer: A
Question #8
A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as atemplate for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumesthat are attached to the EC2 instance are encrypted with AWS managed keys.The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMIwith the company's other AWS accounts. The company requires that all AMIs are encrypted with AW
A. In the account where the AMI was created, create a customer master key (CMK)
B. In the account where the AMI was created, create a customer master key (CMK)
C. In the account where the AMI was created, create a customer master key (CMK)
D. In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with
View answer
Correct Answer: C
Question #9
A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits. Which solution will meet these requirements? To meet the requirements of the workload, a company should store the data in an Amazon S3 Glacier vault and configure a vault lock policy for write-once, read-many (WORM) access. This will ensure that the data is stored securely and cannot be edited in the future. The other solutions (storing the data in an Amazon Elastic Block Store (Amazon EBS) volum
A. tore the data in an Amazon Elastic Block Store (Amazon EBS) volume
B. tore the data in an Amazon S3 Glacier vault
C. tore the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
D. tore the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
View answer
Correct Answer: B
Question #10
A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The companyconfigured an Amazon CloudFront distribution and set the ALB as the origin. The company created an Amazon Route 53CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are nowbeing served the desktop version of the website.Which action should a SysOps administrator take to resolve this issue?
A. Configure the CloudFront distribution behavior to forward the User-Agent header
B. Configure the CloudFront distribution origin settings
C. Enable IPv6 on the ALB
D. Enable IPv6 on the CloudFront distribution
View answer
Correct Answer: C
Question #11
355. A company’s security policy states that connecting to Amazon EC2 instances is not permitted through SSH and RDP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager. Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM g
A. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance
B. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance
C. Configure the SSM Agent to log in with a username of “ubuntu”
D. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users
View answer
Correct Answer: A
Question #12
A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides toimplement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identifyall noncompliant resources.What is the MOST operationally efficient solution that meets these requirements?
A. Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags
B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags
C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags
D. Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags
View answer
Correct Answer: C
Question #13
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs. A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet c
A. se AWS CloudTrail Insights events to identify the top five internet destinations
B. se Amazon CloudFront standard logs (access logs) to identify the top five internet destinations
C. se CloudWatch Logs Insights to identify the top five internet destinations
D. hange the flow log to publish logs to Amazon S3
View answer
Correct Answer: C
Question #14
352. A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load. What are possible causes for this problem? (Choose two.)
A. CloudFront does not have the ALB configured as the origin access identity
B. The DNS is still pointing to the ALB instead of the CloudFront distribution
C. The ALB security group is not permitting inbound traffic from CloudFront
D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution
E. The target groups associated with the ALB are configured for sticky sessions
View answer
Correct Answer: A
Question #15
349. A company has a multi-account AWS environment that includes the following: A central identity account that contains all IAM users and groups Several member accounts that contain IAM roles A SysOps administrator must grant permissions for a particular IAM group to assume a role in one of the member accounts. How should the SysOps administrator accomplish this task?
A. In the member account, add sts:AssumeRole permissions to the role’s policy
C. In the member account, add the group Amazon Resource Name (ARN) to the role’s trust policy
D. In the member account, add the group Amazon Resource Name (ARN) to the role’s inline policy
View answer
Correct Answer: AB
Question #16
A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold. What should the SysOps administrator do to collect this data? Using the ALB's RequestCount metric will allow the SysOps administrat
A. se the ALB's RequestCount metric
B. se Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week period
C. reate Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances
D. reate an Amazon EventBridge (Amazon CloudWatch Events) rule
View answer
Correct Answer: A
Question #17
345. A company is using an Amazon ElastiCache for Redis cluster in a production environment. To align with the company’s technical requirements, a SysOps administrator needs to select a deployment to provide increased availability and fault tolerance. Which action should the SysOps administrator take to accomplish this goal?
A. Deploy the ElastiCache cluster with Memcached as the engine
B. Deploy the Redis cluster within an Auto Scaling group to launch replicas across multiple Availability Zones
C. Verify that cluster mode is disabled
D. Verify that Multi-AZ with automatic failover is enabled
View answer
Correct Answer: C
Question #18
A company is running a website on Amazon EC2 instances that are in an Auto Scaling group. When the website trafficincreases, additional instances take several minutes to become available because of a long-running user data script thatinstalls software. A SysOps administrator must decrease the time that is required for new instances to become available.Which action should the SysOps administrator take to meet this requirement?
A. Reduce the scaling thresholds so that instances are added before traffic increases
B. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group
C. Update the Auto Scaling group to launch instances that have a storage optimized instance type
D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software
View answer
Correct Answer: C
Question #19
354. A company is evaluating solutions for connecting its data centers to a VPC in an AWS Region running a mission-critical application. A secondary Region has already been set up as a disaster recovery solution. The company needs a consistent, low-latency connection of at least 10 Gbps that must be highly resilient and fault tolerant. Which solution meets these requirements?
A. Set up a 10 Gbps AWS Direct Connect connection at two Direct Connect locations
B. Set up a 10 Gbps AWS Direct Connect connection
C. Establish an AWS Direct Connect connection for the primary connection to the VPC with an AWSmanaged VPN connection as a backup
D. Establish 10 VPN connections to the VPC
View answer
Correct Answer: C
Question #20
348. A company wants to reduce costs on jobs that can be completed at any time. The jobs are currently run using multiple On-Demand Instances, and the jobs take just under 2 hours to complete. If a job fails for any reason, it can be restarted from the beginning. Which method is the MOST cost-effective based on these requirements?
A. Purchase Reserved Instances to be used for job execution
B. Submit a request for a one-time Spot Instance for job execution
C. Submit a request for a Spot block to be used for job execution
D. Use a mixture of On-Demand and Spot Instances for job execution
View answer
Correct Answer: CE
Question #21
A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances thatwere launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC,and all security groups allow all outbound traffic.Which solution will provide the EC2 instances in the private subnet with access to the internet?
A. Create a NAT gateway in the public subnet
B. Create a NAT gateway in the public subnet
C. Create a NAT gateway in the private subnet
D. Create a NAT gateway in the private subnet
View answer
Correct Answer: A
Question #22
An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. ASysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues.Which solution will meet these requirements in the MOST secure manner?
A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues
B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues
C. Create and associate an IAM role that allows EC2 instances to call AWS services
D. Create and associate an IAM role that allows EC2 instances to call AWS services
View answer
Correct Answer: D
Question #23
346. The chief financial officer (CFO) of an organization has seen a spike in Amazon S3 storage costs over the last few months. A SysOps administrator suspects that these costs are related to storage for older versions of S3 objects from one of its S3 buckets. What can the administrator do to confirm this suspicion?
A. Enable Amazon S3 inventory and then query the inventory to identify the total storage of previous object versions
B. Use object-level cost allocation tags to identify the total storage of previous object versions
C. Enable the Amazon S3 analytics feature for the bucket to identify the total storage of previous object versions
D. Use Amazon CloudWatch storage metrics for the S3 bucket to identify the total storage of previous object versions
View answer
Correct Answer: A
Question #24
What is the root cause of the problem?
A. SMTP traffic from the network interface was blocked by an outbound network ACL
B. SMTP traffic from the network interface was blocked by an outbound security group
C. SMTP traffic to the network interface was blocked by an inbound network ACL
D. SMTP traffic to the network interface was blocked by an inbound security group
View answer
Correct Answer: C
Question #25
A SysOps administrator has used AWS CloudFormation to deploy a serverless application into a production VPC. Theapplication consists of an AWS Lambda function, an Amazon DynamoDB table, and an Amazon API Gateway API. TheSysOps administrator must delete the AWS CloudFormation stack without deleting the DynamoDB table.Which action should the SysOps administrator take before deleting the AWS CloudFormation stack?
A. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack
B. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack
C. Enable termination protection on the AWS CloudFormation stack
D. Update the application’s IAM policy with a Deny statement for the dynamodb:DeleteTable action
View answer
Correct Answer: A
Question #26
351. A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance. Which of the following are possible causes of this issue? (Choose two.)
A. A network ACL associated with the bastion’s subnet is blocking the network traffic
B. The instance does not have a private IP address
C. The route table associated with the bastion’s subnet does not have a route to the internet gateway
D. The security group for the instance does not have an inbound rule on port 22
E. The security group for the instance does not have an outbound rule on port 3389
View answer
Correct Answer: B
Question #27
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. ASysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.Which solution will meet this requirement?
A. Assess AWS CloudTrail logs to verify that there is no EC2 API activity
B. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period
C. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period
D. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes
View answer
Correct Answer: A
Question #28
357. A company has a three-tier stateful web application. The application is served through an Amazon CloudFront distribution with default configuration options and an Application Load Balancer (ALB) as the origin. Logged-in users get intermittently logged out and see inconsistent content. Which action should the company take to ensure a stable user experience during a session?
A. Enable session affinity (sticky sessions) on the ALB
B. Restrict viewer access to signed cookies in CloudFront
C. Switch from duration-based session affinity (sticky sessions) to application-controlled session affinity (sticky sessions) on the ALB
D. Configure the CloudFront TTL to be equal to or less than the ALB session duration
View answer
Correct Answer: A
Question #29
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references theCMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months.What is the process to rotate the key?
A. Enable automatic key rotation for the CMK, and specify a period of 6 months
B. Create a new CMK with new imported material, and update the key alias to point to the new CMK
C. Delete the current key material, and import new material into the existing CMK
D. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months
View answer
Correct Answer: B
Question #30
350. An image processing system runs asynchronously on AWS Lambda. A SysOps administrator is configuring a Lambda function to notify developers when an image falls to process after three attempts. The SysOps administrator has created an Amazon Simple Notification Service (Amazon SNS) topic to notify the developers. Which additional action should the SysOps administrator take to meet this requirement?
A. Configure an Amazon CloudWatch alarm for errors from the Lambda function, which notifies the Amazon SNS topic
B. Implement a dead-letter queue targeting the Amazon SNS topic
C. Modify the Lambda function code to publish failed orders to the Amazon SNS topic before exiting
D. Subscribe to Lambda function error notifications from the AWS Personal Health Dashboard
View answer
Correct Answer: D
Question #31
362. An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data. A new company policy requires the secondary volume to be encrypted at rest. Which solution will meet this requirement?
A. Create a snapshot of the volume
B. Create an encrypted Amazon Machine Image (AMI) of the EC2 instance
C. Stop the EC2 instance
D. Stop the EC2 instance
View answer
Correct Answer: A
Question #32
347. A company manages more than 1,000 Amazon EC2 instances running Amazon Linux 2 in multiple VPCs. A SysOps administrator must change the statically configured DNS server IP address on all the EC2 instances. Which solution will require the LEAST amount of effort?
A. Develop an AWS Lambda function to update the corporate DNS IP address on all the EC2 instances
B. Run a shell script to update the corporate DNS IP address on each EC2 instance
C. Update the Amazon Machine Images (AMIs) of the EC2 instances to configure the updated corporate DNS IP address
D. Use the AWS Systems Manager Run Command to update the corporate DNS IP address on all the EC2 instances
View answer
Correct Answer: A
Question #33
356. A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both pri
A. Create an A record for each server
B. Create an A record for each server
C. Create an alias record for each server with evaluate target health set to yes
D. Create an alias record for each server with evaluate target health set to yes
View answer
Correct Answer: D
Question #34
A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on AmazonS3. The domain name of the website is www.anycompany.com and the S3 bucket name is anycompany-static. After therecord set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website isnot displayed in the browser.Which of the following is a cause of this?
A. The S3 bucket must be configured with Amazon CloudFront first
B. The Route 53 record set must have an IAM role that allows access to the S3 bucket
C. The Route 53 record set must be in the same region as the S3 bucket
D. The S3 bucket name must match the record set name in Route 53
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.