A company stores critical data in Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement?
A. Configure S3 bucket metrics to record object access logs. B. Create an AWS CloudTrail trail to log data events for all S3 objects. C. Enable S3 server access logging for each S3 bucket. D. Use AWS IAM Access Analyzer for Amazon S3 to store object access logs.
B. Create an AWS CloudTrail trail to log data events for all S3 objects. Amazon S3 is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Amazon S3. CloudTrail captures a subset of API calls for Amazon S3 as events, including calls from the Amazon S3 console and code calls to the Amazon S3 APIs. https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging.html
Question 2:
A company's SysOps administrator maintains a highly available environment. The environment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.
Recently, the company conducted a failover test. The SysOps administrator needs to decrease the failover time of the RDS database by at least 10%.
Which solution will meet this requirement?
A. Increase the RDS instance size. B. Modify the RDS cluster to run in a single Availability Zone. C. Create a read replica in another AWS Region. Promote the read replica in case of failure. D. Create an RDS proxy. Point the application to the proxy endpoint.
D. Create an RDS proxy. Point the application to the proxy endpoint. Option D (Create an RDS proxy. Point the application to the proxy endpoint) is the correct solution for decreasing failover time. An RDS proxy acts as an intermediate layer between the application and the RDS database. It allows for fast and automated failover during Multi-AZ database failover scenarios. When a failover occurs, the RDS proxy automatically connects the application to the new primary instance, reducing the time it takes for the application to be back online. By using an RDS proxy, the failover time is reduced because the proxy maintains connections to both the primary and standby database instances. It also automatically routes the connections to the healthy instance, making the failover process seamless for the application.
Question 3:
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.
What actions should the SysOps administrator take to meet these requirements?
A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source. B. Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source. C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket. D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
B. Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source. While IAM policy (letter A) also can be used, it does not enforce everyone. The only option that enforces everyone is policy configured directly in the bucket S3.
Question 4:
A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has
used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances.
Which additional action must the SysOps administrator perform to meet this requirement?
A. Add an inbound rule to the instances' security group. B. Attach an IAM instance profile with access to Systems Manager to the instances. C. Create a Systems Manager activation Then activate the fleet of instances. D. Manually specify the instances to patch Instead of using tag-based selection.
B. Attach an IAM instance profile with access to Systems Manager to the instances. Explanation Explanation/Reference:By default, AWS Systems Manager doesn't have permission to perform actions on your instances. Grant access by using an AWS Identity and Access Management (IAM) instance profile. An instance profile is a container that passes IAM role information to an Amazon Elastic Compute Cloud (Amazon EC2) instance at launch. You can create an instance profile for Systems Manager by attaching one or more IAM policies that define the necessary permissions to a new role or to a role you already created. https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html
Question 5:
A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhe company now needs to centruito Scaling group is configured with two similar scaling policies dP) to centrally manage access to One scaling policy adds 5 instances when CPU utilization reaches 80%. The other sctrator can connect to the extemahen CPU utilization leaches 80%.
What will happen when CPU utilization reaches the 80% threshold?
A. Amazon EC2 Auto Scaling will add 5 instances B. Amazon EC2 Auto Scaling will add 10 instances C. Amazon EC2 Auto Scaling will add 15 instances. D. The Auto Scaling group will not scale because of conflicting policies
B. Amazon EC2 Auto Scaling will add 10 instances Scaling Policies in Auto Scaling: Steps to Configure and Verify Scaling Policies: Scaling Policies for Amazon EC2 Auto Scaling
Question 6:
A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application's availability or design.
Which solution will meet these requirements?
A. Reduce the number of application servers. B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size. C. Provision an Application Load Balancer in front of the instances. D. Scale up the instance size of the application servers.
B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size. For what it's worth, since the app servers are installed in three different AZ's, you could drop an app server in one AZ and meet the HA requirement. However, this does make some presumptions on the utilization. However, I do believe B is probably the right answer (from researching AWS documentation) "The rightsizing recommendations feature in Cost Explorer helps you identify cost-saving opportunities by downsizing or terminating instances in Amazon Elastic Compute Cloud (Amazon EC2). Rightsizing recommendations analyze your Amazon EC2 resources and usage to show opportunities for how you can lower your spending. You can see all of your underutilized Amazon EC2 instances across member accounts in a single view to immediately identify how much you can save. After you identify your recommendations, you can take action on the Amazon EC2 console." https://docs.aws.amazon.com/cost-management/latest/userguide/ce-rightsizing.html
Question 7:
A SysOps administrator manages a company's Amazon S3 buckets. The SysOps administrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in the company's AWS account. The SysOps administrator needs to reduce the number of incomplete multipart upload objects in the S3 bucket.
Which solution will meet this requirement?
A. Create an S3 Lifecycle rule on the S3 bucket to delete expired markers or incomplete multipart uploads. B. Require users that perform uploads of files into Amazon S3 to use the S3 TransferUtility. C. Enable S3 Versioning on the S3 bucket that contains the incomplete multipart uploads. D. Create an S3 Object Lambda Access Point to delete incomplete multipart uploads.
A. Create an S3 Lifecycle rule on the S3 bucket to delete expired markers or incomplete multipart uploads. S3 Lifecycle rules allow you to define actions that Amazon S3 should take on objects in the bucket over time. This includes transitioning objects between storage classes and deleting objects when they meet certain criteria. To reduce the number of incomplete multipart upload objects in the S3 bucket, you can create an S3 Lifecycle rule that targets incomplete multipart uploads and specifies a deletion action for them. This will help in automatically cleaning up the incomplete multipart uploads after a certain period.
Question 8:
A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region.
Which solution will solve this problem?
A. Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket. B. Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80. C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint. D. Update the S3 bucket policy to allow s3 PurObject access from the private subnet CIDR block.
C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint. https://repost.aws/knowledge-center/connect-s3-vpc-endpoint#:~:text=An%20outbound%20rule%20allowing%20traffic%20to%20the%20ID%20of%20the%20prefix%20list%20associated%20with%20the%20gateway%20VPC%20endpoint.
Question 9:
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?
A. Perform a CloudWatch Logs Insights query that uses the stats command and count function. B. Perform a CloudWatch Logs search that uses the groupby keyword and count function. C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords. D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.
A. Perform a CloudWatch Logs Insights query that uses the stats command and count function. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html CloudWatch Logs Insights includes a purpose-built query language with a few simple but powerful commands. CloudWatch Logs Insights provides sample queries, command descriptions, query autocompletion, and log field discovery to help you get started. Sample queries are included for several types of AWS service logs.
Question 10:
A SysOps administrator trust manage the security of An AWS account Recently an IAM users access key was mistakenly uploaded to a public code repository. The SysOps administrator must identity anything that was changed by using this access key.
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events lo an AWS Lambda function for analysis B. Query Amazon EC2 togs by using Amazon CloudWatch Logs Insights for all events Heated with the compromised access key within the suspected timeframe C. Search AWS CloudTrail event history tor all events initiated with the compromised access key within the suspected timeframe D. Search VPC Flow Logs foe all events initiated with the compromised access key within the suspected Timeframe.
C. Search AWS CloudTrail event history tor all events initiated with the compromised access key within the suspected timeframe
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.