SOA-C02 Exam Questions

Total 149 Questions

Last Updated Exam : 16-Dec-2024

An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

Which entry must a SysOps administrator add to the route table to meet this requirement?


A.

A route for 0.0.0.0/0 that points to a NAT gateway


B.

A route for 0.0.0.0/0 that points to an egress-only internet gateway


C.

A route for 0.0.0.0/0 that points to an internet gateway


D.

A route for 0.0.0.0/0 that points to an elastic network interface





C.
  

A route for 0.0.0.0/0 that points to an internet gateway



An AWS Lambda function is intermittently failing several times a day A SysOps
administrator must find out how often this error has occurred in the last 7 days Which action will meet this requirement in the MOST operationally efficient manner?


A.

Use Amazon Athena to query the Amazon CloudWatch logs that are associated with the Lambda function


B.

Use Amazon Athena to query the AWS CloudTrail logs that are associated with the Lambda function


C.

Use Amazon CloudWatch Logs Insights to query the associated Lambda function logs


D.

Use Amazon Elasticsearch Service (Amazon ES) to stream the Amazon CloudWatch logs for the Lambda function





C.
  

Use Amazon CloudWatch Logs Insights to query the associated Lambda function logs



A company is using an AWS KMS customer master key (CMK) with imported key material
The company references the CMK by its alias in the Java application to encrypt data The
CMK must be rotated every 6 months
What is the process to rotate the key?


A.

Enable automatic key rotation for the CMK and specify a period of 6 months


B.

Create a new CMK with new imported material, and update the key alias to point to the new CMK.


C.

Delete the current key material, and import new material into the existing CMK


D.

Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months





B.
  

Create a new CMK with new imported material, and update the key alias to point to the new CMK.



A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available Which action should the SysOps administrator take to meet this requirement?


A.

Reduce the scaling thresholds so that instances are added before traffic increases


B.

Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group


C.

Update the Auto Scaling group to launch instances that have a storage optimized instance type


D.

Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has preinstalled software





D.
  

Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has preinstalled software



Explanation: automated way to update your image. Have a pipeline to update your image.
When you boot from your AMI updates = scrits are already pre-installed, so no need to
complete boot scripts in boot process. https://aws.amazon.com/image-builder/

A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.
What is the MOST operationally efficient solution that will improve the application's
responsiveness?


A.

Configure CloudWatch logging on the EC2 instance. Configure a CloudWatch alarm for
CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.


B.

Configure an AWS Client VPN connection to allow the application users to connect
directly to the EC2 instance private IP address to reduce latency.


C.

Create an Auto Scaling group, and assign it to an Application Load Balancer. Configure
a target tracking scaling policy that is based on the average CPU utilization of the Auto
Scaling group.


D.

Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes
above 80%. Configure the alarm to invoke an AWS Lambda function that vertically scales
the instance.





C.
  

Create an Auto Scaling group, and assign it to an Application Load Balancer. Configure
a target tracking scaling policy that is based on the average CPU utilization of the Auto
Scaling group.



A company runs us Infrastructure on Amazon EC2 Instances that run In an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2 fleet. This faulty code
caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved. What should a SysOps administrator do to retain the application logs after instances are terminated?


A.

Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage
upon termination of the instances.


B.

Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.


C.

Create a new Amazon Machine Image (AMI) that has a custom script configured to send
logs to AWS CloudTrail. Update the launch template to use the new AMI.


D.

Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch template. Configure the CloudWatch agent to back up the logs to ephemeral storage.





B.
  

Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.



A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data Which AWS service will mitigate this issue?


A.

AWS Shield Standard


B.

AWS WAF


C.

Elastic Load Balancing


D.

Amazon Cognito





B.
  

AWS WAF



A company is running a serverless application on AWS Lambda The application stores
data in an Amazon RDS for MySQL DB instance Usage has steadily increased and
recently there have been numerous "too many connections" errors when the Lambda
function attempts to connect to the database The company already has configured the
database to use the maximum max_connections value that is possible
What should a SysOps administrator do to resolve these errors'?


A.

Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases


B.

Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function


C.

Increase the value in the max_connect_errors parameter in the parameter group that the database uses


D.

Update the Lambda function's reserved concurrency to a higher value





B.
  

Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function



Explanation: https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-awslambda/
RDS Proxy acts as an intermediary between your application and an RDS database. RDS
Proxy establishes and manages the necessary connection pools to your database so that
your application creates fewer database connections. Your Lambda functions interact with
RDS Proxy instead of your database instance. It handles the connection pooling necessary
for scaling many simultaneous connections created by concurrent Lambda functions. This
allows your Lambda applications to reuse existing connections, rather than creating new
connections for every function invocation.
Check "Database proxy for Amazon RDS" section in the link to see how RDS proxy help
Lambda handle huge connections to RDS MySQL
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/

A company is running a flash sale on its website. The website is hosted on burstable
performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is
configured to launch instances when the CPU utilization is above 70%.
A couple of hours into the sale, users report slow load times and error messages for
refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and
notices that the CPU utilization is at 20% across the entire fleet of instances.

The SysOps administrator must restore the website's functionality without making changes
to the network infrastructure.
Which solution will meet these requirements?


A.

Activate unlimited mode for the instances in the Auto Scaling group.


B.

Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling
group.


C.

Move the website to a different AWS Region that is closer to the users.


D.

Reduce the desired size of the Auto Scaling group to artificially increase CPU average
utilization.





B.
  

Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling
group.



Explanation: Implement an Amazon CloudFront distribution to offload the traffic from the
Auto Scaling group does not breach the requirement of no changes in the network
infrastructure. Reason is that cloudfront is a distribution that allows you to distribute content
using a worldwide network of edge locations that provide low latency and high data transfer
speeds. It plug in to existing setup, not changes to it.

An organization with a large IT department has decided to migrate to AWS With different
job functions in the IT department it is not desirable to give all users access to all AWS
resources Currently the organization handles access via LDAP group membership
What is the BEST method to allow access using current LDAP credentials?


A.

Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD


B.

Create a Lambda function to read LDAP groups and automate the creation of IAM users


C.

Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server


D.

Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions





D.
  

Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions




Page 4 out of 15 Pages
Previous