A company requires the rotation of administrative credentials for production workloads on a regular basis. A SysOps administrator must implement this policy for an Amazon RDS DB instance's master user password. Which solution will meet this requirement with the LEAST operational effort?
A. Create an AWS Lambda function to change the RDS master user password. Create an Amazon EventBridge scheduled rule to invoke the Lambda function. B. Create a new SecureString parameter in AWS Systems Manager Parameter Store. Encrypt the parameter with an AWS Key Management Service (AWS KMS) key. Configure automatic rotation. C. Create a new String parameter in AWS Systems Manager Parameter Store. Configure automatic rotation. D. Create a new RDS database secret in AWS Secrets Manager. Apply the secret to the RDS DB instance. Configure automatic rotation.
D. Create a new RDS database secret in AWS Secrets Manager. Apply the secret to the RDS DB instance. Configure automatic rotation.
Question 102:
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal. Which action should a SysOps administrator take to improve the performance of the file system?
A. Configure the file system for Provisioned Throughput. B. Enable encryption in transit on the file system. C. Identify any unused files in the file system, and remove the unused files. D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
A. Configure the file system for Provisioned Throughput.
Question 103:
A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the CloudFront distribution.
How should a SysOps administrator create a new record for the subdomain in Route 53?
A. Create a CNAME record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's public IP address as the value. B. Create a CNAME record. Enter static.example.com as the record name. Enter the CloudFront distribution's private IP address as the value. C. Create an A record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's ID as an alias target. D. Create an A record. Enter static.example.com as the record name. Enter the CloudFront distribution's domain name as an alias target.
D. Create an A record. Enter static.example.com as the record name. Enter the CloudFront distribution's domain name as an alias target. Explanation Explanation/Reference:https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html
Question 104:
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?
A. The private IP address of the customer gateway device B. The MAC address of the NAT device in front of the customer gateway device C. The public IP address of the customer gateway device D. The public IP address of the NAT device in front of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway device https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html
Question 105:
A company that uses AWS Organizations recently implemented AWS Control Tower The company now needs to centralize identity management A SysOps administrator must federate AWS IAM Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all the company's accounts and cloud applications
Which prerequisites must the SysOps administrator have so that the SysOps administrator can connect to the external IdP? (Select TWO.)
A. A copy of the IAM Identity Center SAML metadata B. The IdP metadata, including the public X.509 certificate C. The IP address of the IdP D. Root access to the management account E. Administrative permissions to the member accounts of the organization
A. A copy of the IAM Identity Center SAML metadata B. The IdP metadata, including the public X.509 certificate Explanation Explanation/Reference:IAM Identity Center SAML Metadata: This metadata is required to establish the trust relationship between AWS IAM Identity Center and the external SAML 2.0 identity provider. Steps: IdP Metadata: The metadata from the IdP, including the public X.509 certificate, is needed to configure the trust relationship. Steps: Configuring SAML 2.0 Federation with AWS IAM Identity Center
Question 106:
An Amazon RDS for PostgreSQL DB cluster has automated backups turned on with a 7-day retention period. A SysOps administrator needs to create a new RDS DB cluster by using data that is no more than 24 hours old from the original DB cluster.
Which solutions will meet these requirements with the LEAST operational overhead? (Choose two.)
A. Identify the most recent automated snapshot. Restore the snapshot to a new RDS DB cluster. B. Back up the database to Amazon S3 by using native database backup tools. Create a new RDS DB cluster and restore the data to the new RDS DB cluster. C. Create a read replica instance in the original RDS DB cluster. Promote the read replica to a standalone DB cluster. D. Create a new RDS DB cluster. Use AWS Database Migration Service (AWS DMS) to migrate data from the current RDS DB cluster to the newly created RDS DB cluster. E. Use the pg_dump utility to export data from the original RDS DB cluster to an Amazon EC2 instance. Create a new RDS DB cluster. Use the pg_restore utility to import the data from the EC2 instance to the new RDS DB cluster.
A. Identify the most recent automated snapshot. Restore the snapshot to a new RDS DB cluster. C. Create a read replica instance in the original RDS DB cluster. Promote the read replica to a standalone DB cluster. Explanation Explanation/Reference:Option A - Automated Snapshot: Since automated backups are enabled with a 7-day retention period, you can easily identify the most recent automated snapshot taken within the last 24 hours. You can use this snapshot to restore a new RDS DB cluster. This process is straightforward and does not require much operational overhead. Option C - Read Replica and Promotion: By creating a read replica in the original RDS DB cluster, you ensure that the replica stays up-to-date with the source database in near real-time. To meet the requirement of having data no more than 24 hours old, you can promote the read replica to a standalone DB cluster within the desired time frame. This option leverages the replication mechanism and is also relatively simple to implement.
Question 107:
A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out.
Which action should the SysOps administrator take to meet these requirements?
A. Enable instance scale-in protection. B. Place the instance into the Standby stale. C. Remove the listener from the ALB D. Suspend the Launch and Terminate process types.
D. Suspend the Launch and Terminate process types. Placing the instance into the Standby state (answer B) would remove the instance from the ALB target group, which would prevent it from receiving traffic. The answer is D, because you need Suspend the Launch and Terminate process so that you can troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out. # Suspend ALB Launch and Terminate processes to inhibit scale-in/scale-out while debugging root cause of high CPU utilization aws autoscaling suspend-processes --auto-scaling-group-name my-asg --scaling-processes Launch Terminate https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
Question 108:
A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company has configured an Amazon CloudWatch alarm to monitor the HTTPCode_Target_5XX_Count metric. The application crashes every few days during business hours. The crashes trigger the CloudWatch alarm and result in service disruption.
The cause of the crashes is a memory leak in the application. While developers work to fix the problem, a SysOps administrator needs to implement a temporary solution. The solution must automatically reboot the EC2 instances every day and must minimize application disruption during business hours.
Which solution will meet these requirements?
A. Create an Amazon EventBridge rule that is scheduled to run outside of business hours. Configure the rule to invoke the StartInstances operation on the EC2 instances. B. Use AWS Systems Manager to create a daily maintenance window that is outside of business hours. Register the EC2 instances as a target. Assign the AWS- RestartEC2Instance runbook to the maintenance window. C. Configure an additional CloudWatch alarm to monitor the StatusCheckFailed_System metric for the EC2 instances. Configure an EC2 action on the additional alarm to reboot the instances. D. Configure an additional CloudWatch alarm that is triggered every time the application crashes. Configure an EC2 action on the additional alarm to restart the application on the EC2 instances.
B. Use AWS Systems Manager to create a daily maintenance window that is outside of business hours. Register the EC2 instances as a target. Assign the AWS- RestartEC2Instance runbook to the maintenance window.
Question 109:
A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted. What is the MOST operationally efficient solution that meets these requirements?
A. Create a script that runs against the S3 bucket and outputs the status of each object. B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields. C. Provide the security team with an IAM user that has read access to the S3 bucket. D. Use the AWS CLI to output a list of all objects in the S3 bucket.
B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields. Explanation Explanation/Reference:The S3 Inventory feature provides a detailed report of objects and their metadata for an S3 bucket, which includes encryption status. By creating an S3 Inventory configuration on the S3 bucket and including the appropriate status fields, the security team can efficiently verify that all current objects in the S3 bucket are encrypted.
Question 110:
An application is deployed in a VPC in both the us-east-2 and eu-west-1 Regions. A significant amount of data needs to be transferred between the two Regions. What is the MOST cost-effective way to set up the data transfer?
A. Establish a VPN connection between the Regions using third-party VPN products from AWS Marketplace. B. Establish Amazon CloudFront distributions tor the Amazon EC2 instances from both Regions. C. Establish an inter-Region VPC peering connection between the VPCs. D. Establish an AWS PrivateLinK connection between the two Regions.
C. Establish an inter-Region VPC peering connection between the VPCs. To efficiently transfer a significant amount of data between VPCs in different regions, establishing an inter-region VPC peering connection is the most cost-effective method. This setup allows direct network connectivity between two VPCs in different regions, which can handle large data transfers without the need for intermediate devices or services. Option C is the most straightforward and economical choice for this requirement. Further details can be found in the AWS documentation on VPC Peering VPC Peering.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.