A SysOps administrator is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are issued weekly. The SysOps administrator needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation. What is the MOST operationally efficient solution that meets these requirements?
A. Create a script that uses Packer. Schedule a cron job to run the script.
B. Install the application and its dependencies on an EC2 instance. Create an AMI of the EC2 instance.
C. Use EC2 Image Builder with a custom recipe to install the application and its dependencies.
D. Invoke the EC2 CreateImage API operation by using an Amazon EventBridge scheduled rule.
An AWS CloudFormation template creates an Amazon RDS instance. This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use, even after the CloudFormation stack is deleted.
How can this be achieved in a reliable and efficient way?
A. Write a script to continue backing up the RDS instance every five minutes.
B. Create an AWS Lambda function to take a snapshot of the RDS instance, and manually invoke the function before deleting the stack.
C. Use the Snapshot Deletion Policy in the CloudFormation template definition of the RDS instance.
D. Create a new CloudFormation template to perform backups of the RDS instance, and run this template before deleting the stack.
A SysOps administrator is creating a simple, public-facing website running on Amazon EC2. The SysOps administrator created the EC2 instance in an existing public subnet and assigned an Elastic IP address to the instance. Next, the SysOps administrator created and applied a new security group to the instance to allow incoming HTTP traffic from 0.0.0.0/0. Finally, the SysOps administrator created a new network ACL and applied it to the subnet to allow incoming HTTP traffic from 0.0.0.0/0. However, the website cannot be reached from the internet.
What is the cause of this issue?
A. The SysOps administrator did not create an outbound rule that allows ephemeral port return traffic in the new network ACL.
B. The SysOps administrator did not create an outbound rule in the security group that allows HTTP traffic from port 80.
C. The Elastic IP address assigned to the EC2 instance has changed.
D. There is an additional network ACL associated with the subnet that includes a rule that denies inbound HTTP traffic from port 80.
A SysOps administrator needs to collect the content of log files from a custom application that is deployed across hundreds of Amazon EC2 instances running Ubuntu. The log files need to be stored in Amazon CloudWatch Logs.
How should the SysOps administrator collect the application log files with the LOWEST operational overhead?
A. Configure the syslogd service on each EC2 instance to collect and send the application log files to CloudWatch Logs.
B. Install the CloudWatch agent by using the Amazon Linux package manager on each EC2 instance. Configure each agent to collect the application log files.
C. Install the CloudWatch agent on each EC2 instance by using AWS Systems Manager. Create an agent configuration on each instance by using the CloudWatch configuration wizard. Configure each agent to collect the application log files.
D. Store a CloudWatch agent configuration in the AWS Systems Manager Parameter Store. Install the CloudWatch agent on each EC2 instance by using Systems Manager. Configure each agent to collect the application log files.
A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company's on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.
Which steps should the SysOps administrator take to resolve the issue?
A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
B. Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
C. Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center.
D. Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.
A SysOps administrator needs to design a disaster recovery (DR) plan for an application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database. The recovery time objective (RTO) and recovery point objective (RPO) are 15 minutes each.
Which combination of steps should the SysOps administrator take to meet these requirements MOST cost-effectively? (Choose two.)
A. Configure Aurora backups to be exported to the DR Region.
B. Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.
C. Configure the DR Region with an ALB and an Auto Scaling group. Use the same configuration as in the primary Region.
D. Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scaling group's minimum capacity, maximum capacity, and desired capacity to 1.
E. Manually launch a new ALB and a new Auto Scaling group by using AWS CloudFormation during a failover activity.
A company manages a set of accounts on AWS by using AWS Organizations. The company's security team wants to use a native AWS service to regularly scan all AWS accounts against the Center for Internet Security (CIS) AWS Foundations Benchmark.
What is the MOST operationally efficient way to meet these requirements?
A. Designate a central security account as the AWS Security Hub administrator account. Create a script that sends an invitation from the Security Hub administrator account and accepts the invitation from the member account. Run the script every time a new account is created. Configure Security Hub to run the CIS AWS Foundations Benchmark scans.
B. Run the CIS AWS Foundations Benchmark across all accounts by using Amazon Inspector.
C. Designate a central security account as the Amazon GuardDuty administrator account. Create a script that sends an invitation from the GuardDuty administrator account and accepts the invitation from the member account. Run the script every time a new account is created. Configure GuardDuty to run the CIS AWS Foundations Benchmark scans.
D. Designate an AWS Security Hub administrator account. Configure new accounts in the organization to automatically become member accounts. Enable CIS AWS Foundations Benchmark scans.
A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue. The Auto Scaling group is set to scale based on the number of messages in the queue. Messages can take up to 12 hours to process completely. A SysOps administrator must ensure that instances are not interrupted during message processing.
What should the SysOps administrator do to meet these requirements?
A. Enable instance scale-in protection for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Disable instance scale-in protection after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script.
B. Set the Auto Scaling group's termination policy to OldestInstance.
C. Set the Auto Scaling group's termination policy to OldestLaunchConfiguration.
D. Suspend the Launch and Terminate scaling processes for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Resume the scaling processes after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script.
A company has turned on server access logging for all of its existing Amazon S3 buckets. The company wants to implement a solution to monitor the logging settings for new and existing S3 buckets. The solution must remediate any S3 buckets that do not have logging turned on.
What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?
A. Track the logging information by using AWS CloudTrail. Launch an AWS Lambda function for remediation.
B. Configure automatic remediation in AWS Config by using the s3-bucket-logging-enabled rule.
C. Configure AWS Trusted Advisor to monitor the logging configuration and to turn on access logging if necessary.
D. Track the logging information by using Amazon CloudWatch metrics. Launch an AWS Lambda function for remediation.
A company recently deployed MySQL on an Amazon EC2 instance with a default boot volume. The company intends to restore a 1.75 TB database. A SysOps administrator needs to provision the correct Amazon Elastic Block Store (Amazon EBS) volume. The database will require read performance of up to 10,000 IOPS and is not expected to grow in size.
Which solution will provide the required performance at the LOWEST cost?
A. Deploy a 2 TB Cold HDD (sc1) volume.
B. Deploy a 2 TB Throughput Optimized HDD (st1) volume.
C. Deploy a 2 TB General Purpose SSD (gp3) volume. Set the IOPS to 10,000.
D. Deploy a 2 TB Provisioned IOPS SSD (io2) volume. Set the IOPS to 10,000.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.