SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 91:

    A company uses AWS Organizations to manage multiple AWS accounts. Corporate policy mandates that only specific AWS Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of

    Amazon EC2 instances in unauthorized Regions by anyone in the company.

    What is the MOST operationally efficient solution that meets these requirements?

    A. Configure AWS CloudTrail in all Regions to record all API activity. Create an Amazon EventBridge (Amazon CloudWatch Events) rule in all unauthorized Regions for ec2:RunInstances events. Use AWS Lambda to terminate the launched EC2 instances.
    B. In each AWS account, create a managed IAM policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions. Attach this policy to all IAM groups in each AWS account.
    C. In each AWS account, create an IAM permissions boundary policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions. Attach the permissions boundary policy to all IAM users in each AWS account.
    D. Create a service control policy (SCP) in AWS Organizations to deny the ec2:RunInstances action in all unauthorized Regions. Attach this policy to the root level of the organization.

  • Question 92:

    A SysOps administrator is creating a simple, public-facing website running on Amazon EC2. The SysOps administrator created the EC2 instance in an existing public subnet and assigned an Elastic IP address to the instance. Next, the SysOps administrator created and applied a new security group to the instance to allow incoming HTTP traffic from 0.0.0.0/0. Finally, the SysOps administrator created a new network ACL and applied it to the subnet to allow incoming HTTP traffic from 0.0.0.0/0. However, the website cannot be reached from the internet.

    What is the cause of this issue?

    A. The SysOps administrator did not create an outbound rule that allows ephemeral port return traffic in the new network ACL.
    B. The SysOps administrator did not create an outbound rule in the security group that allows HTTP traffic from port 80.
    C. The Elastic IP address assigned to the EC2 instance has changed.
    D. There is an additional network ACL associated with the subnet that includes a rule that denies inbound HTTP traffic from port 80.

  • Question 93:

    A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3. Which action should a SysOps administrator take to meet this requirement?

    A. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.
    B. Create an Amazon ElastiCache duster and enable caching for the S3 bucket
    C. Set up AWS Global Accelerator and configure it with the S3 bucket
    D. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files

  • Question 94:

    A company has a workload that is sending log data to Amazon CloudWatch Logs. One of the fields includes a measure of application latency. A SysOps administrator needs to monitor the p90 statistic of this field over time.

    What should the SysOps administrator do to meet this requirement?

    A. Create an Amazon CloudWatch Contributor Insights rule on the log data.
    B. Create a metric filter on the log data.
    C. Create a subscription filter on the log data.
    D. Create an Amazon CloudWatch Application Insights rule for the workload.

  • Question 95:

    A company has a stateful, long-running workload on a single xlarge general purpose Amazon EC2 On-Demand Instance Metrics show that the service is always using 80% of its available memory and 40% of its available CPU. A SysOps

    administrator must reduce the cost of the service without negatively affecting performance.

    Which change in instance type will meet these requirements?

    A. Change to one large compute optimized On-Demand Instance.
    B. Change to one large memory optimized On-Demand Instance.
    C. Change to one xlarge general purpose Spot Instance.
    D. Change to two large general purpose On-Demand Instances.

  • Question 96:

    A company uses an AWS Service Catalog portfolio to create and manage resources. A SysOps administrator must create a replica of the company's existing AWS infrastructure in a new AWS account. What is the MOST operationally efficient way to meet this requirement?

    A. Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.
    B. In the new AWS account, manually create an AWS Service Catalog portfolio that duplicates the original portfolio.
    C. Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.
    D. Share the AWS Service Catalog portfolio with the new AWS account. Import the portfolio into the new AWS account.

  • Question 97:

    A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.

    What should the SysOps administrator do to ensure that all traffic is logged?

    A. Create a new flow log that has a filter setting to capture all traffic.
    B. Create a new flow log. Set the log record format to a custom format. Select the proper fields to include in the log.
    C. Edit the existing flow log. Change the filter setting to capture all traffic.
    D. Edit the existing flow log. Set the log record format to a custom format. Select the proper fields to include in the log.

  • Question 98:

    A global company handles a large amount of personally identifiable information (Pll) through an internal web portal. The company's application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the Pll in Amazon S3. According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet.

    What should a SysOps administrator do to meet the compliance requirement?

    A. Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
    B. Configure AWS Network Firewall to redirect traffic to the internal S3 address.
    C. Modify the application to use the S3 path-style endpoint.
    D. Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.

  • Question 99:

    A company has an AWS Lambda function in Account A. The Lambda function needs to read the objects in an Amazon S3 bucket in Account B. A SysOps administrator must create corresponding IAM roles in both accounts. Which solution will meet these requirements?

    A. In Account A, create a Lambda execution role to assume the role in Account B. In Account B. create a role that the function can assume to gain access to the S3 bucket.
    B. In Account A, create a Lambda execution role that provides access to the S3 bucket. In Account B, create a role that the function can assume.
    C. In Account A, create a role that the function can assume. In Account B, create a Lambda execution role that provides access to the S3 bucket.
    D. In Account A. create a role that the function can assume to gain access to the S3 bucket. In Account B, create a Lambda execution role to assume the role in Account A.

  • Question 100:

    A company is running an ecommerce application on AWS. The application maintains many open but idle connections to an Amazon Aurora DB cluster. During times of peak usage, the database produces the following error message: "Too many connections." The database clients are also experiencing errors.

    Which solution will resolve these errors?

    A. Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database.
    B. Configure RDS Proxy. Update the application with the RDS Proxy endpoint.
    C. Turn on enhanced networking for the DB instances.
    D. Modify the DB cluster to use a burstable instance type.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.