A SysOps administrator needs to configure the Amazon Route 53 hosted zone for example.com and www.example.com to point to an Application Load Balancer (ALB). Which combination of actions should the SysOps administrator take to meet these requirements? (Choose two.)
A. Configure an A record for example.com to point to the IP address of the ALB.
B. Configure an A record for www.example.com to point to the IP address of the ALB.
C. Configure an alias record for example.com to point to the CNAME of the ALB.
D. Configure an alias record for www.example.com to point to the Route 53 example.com record.
E. Configure a CNAME record for example.com to point to the CNAME of the ALB.
A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.
What are possible causes for this problem? (Choose two.)
A. CloudFront does not have the ALB configured as the origin access identity.
B. The DNS is still pointing to the ALB instead of the CloudFront distribution.
C. The ALB security group is not permitting inbound traffic from CloudFront.
D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.
E. The target groups associated with the ALB are configured for sticky sessions.
A company has many accounts in an organization in AWS Organizations. The company must automate resource provisioning from the organization's management account to the member accounts. Which solution will meet this requirement?
A. Create an AWS CloudFormation change set. Deploy the change set to all member accounts.
B. Create an AWS CloudFormation nested stack. Deploy the nested stack to all member accounts.
C. Create an AWS CloudFormation stack set. Deploy the stack set to all member accounts.
D. Create an AWS Serverless Application Model (AWS SAM) template. Deploy the template to all member accounts.
A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.
Which solution will meet these requirements?
A. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3.
B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3.
C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3.
D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.
An Amazon RDS for PostgreSQL DB cluster has automated backups turned on with a 7-day retention period. A SysOps administrator needs to create a new RDS DB cluster by using data that is no more than 24 hours old from the original DB cluster.
Which solutions will meet these requirements with the LEAST operational overhead? (Choose two.)
A. Identify the most recent automated snapshot. Restore the snapshot to a new RDS DB cluster.
B. Back up the database to Amazon S3 by using native database backup tools. Create a new RDS DB cluster and restore the data to the new RDS DB cluster.
C. Create a read replica instance in the original RDS DB cluster. Promote the read replica to a standalone DB cluster.
D. Create a new RDS DB cluster. Use AWS Database Migration Service (AWS DMS) to migrate data from the current RDS DB cluster to the newly created RDS DB cluster.
E. Use the pg_dump utility to export data from the original RDS DB cluster to an Amazon EC2 instance. Create a new RDS DB cluster. Use the pg_restore utility to import the data from the EC2 instance to the new RDS DB cluster.
A SysOps administrator creates a custom Amazon Machine Image (AMI) in the eu-west-2 Region and uses the AMI to launch Amazon EC2 instances. The SysOps administrator needs to use the same AMI to launch EC2 instances in two other Regions: us-east-1 and us-east-2.
What must the SysOps administrator do to use the custom AMI in the additional Regions?
A. Copy the AMI to the additional Regions.
B. Make the AMI public in the Community AMIs section of the AWS Management Console.
C. Share the AMI to the additional Regions. Assign the required access permissions.
D. Copy the AMI to a new Amazon S3 bucket. Assign access permissions to the AMI for the additional Regions.
A SysOps administrator needs to provision a new fleet of Amazon EC2 Spot Instances in an Amazon EC2 Auto Scaling group. The Auto Scaling group will use a wide range of instance types. The configured fleet must come from pools that have the most availability for the number of instances that are launched.
Which solution will meet these requirements?
A. Launch the Spot Instances up to the maximum capacity of the Auto Scaling group.
B. Launch the Spot Instances by using the diversified strategy.
C. Launch the Spot Instances by using the capacity optimized strategy.
D. Use the Spot Instance advisor to help determine the best Spot allocation strategy.
A company has an application that uses an Amazon Elastic File System (Amazon EFS) file system. A recent incident that involved an application logic error corrupted several files. The company wants to improve its ability to back up and recover the EFS file system. The company must be able to recover individual files rapidly.
Which solution meets these requirements MOST cost-effectively?
A. Configure Amazon Data Lifecycle Manager (Amazon DLM) to archive a copy of the data to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.
B. Create a second EFS file system in another AWS Region. Configure AWS DataSync to copy the data to the backup file system. Recover files by copying them from the backup EFS file system.
C. Enable AWS Backup in Amazon EFS to back up the file system to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.
D. Enable AWS Backup in Amazon EFS to back up the file system to a backup vault. Use a partial restore job to retrieve individual files.
A company migrates a write-once, ready-many (WORM) drive to an Amazon S3 bucket that has S3 Object Lock configured in governance mode. During the migration, the company copies unneeded data to the S3 bucket.
A SysOps administrator attempts to delete the unneeded data from the S3 bucket by using the AWS CLI. However, the SysOps administrator receives an error.
Which combination of steps should the SysOps administrator take to successfully delete the unneeded data? (Choose two.)
A. Increase the Retain Until Date.
B. Assume a role that has the s3:BypassLegalRetention permission.
C. Assume a role that has the s3:BypassGovernanceRetention permission.
D. Include the x-amz-bypass-governance-retention:true header in the request when issuing the delete command.
E. Include the x-amz-bypass-legal-retention:true header in the request when issuing the delete command.
A SysOps administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.
What would be the command line necessary to deploy one of the sites' certificates to the load balancer?
A. aws kms modify-listener ?load-balancer-name my-load-balancer -ç’«ertificates CertificateArn=arn:aws:iam::123456789012:server-certifiate/my-new-server-cert
B. aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer ?load-balancer-port 443 ?ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
C. aws ec2 put-ssl-certificate ?load-balancer-name my-load-balancer ?load-balancer-port 443 ?ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
D. aws acm put-ssl-certificate ?load-balancer-name my-load-balancer ?load-balancer-port 443 ?ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.