SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 101:

    A company requires the rotation of administrative credentials for production workloads on a regular basis. A SysOps administrator must implement this policy for an Amazon RDS DB instance's master user password. Which solution will meet this requirement with the LEAST operational effort?

    A. Create an AWS Lambda function to change the RDS master user password. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.
    B. Create a new SecureString parameter in AWS Systems Manager Parameter Store. Encrypt the parameter with an AWS Key Management Service (AWS KMS) key. Configure automatic rotation.
    C. Create a new String parameter in AWS Systems Manager Parameter Store. Configure automatic rotation.
    D. Create a new RDS database secret in AWS Secrets Manager. Apply the secret to the RDS DB instance. Configure automatic rotation.

  • Question 102:

    A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal. Which action should a SysOps administrator take to improve the performance of the file system?

    A. Configure the file system for Provisioned Throughput.
    B. Enable encryption in transit on the file system.
    C. Identify any unused files in the file system, and remove the unused files.
    D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

  • Question 103:

    A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the CloudFront distribution.

    How should a SysOps administrator create a new record for the subdomain in Route 53?

    A. Create a CNAME record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's public IP address as the value.
    B. Create a CNAME record. Enter static.example.com as the record name. Enter the CloudFront distribution's private IP address as the value.
    C. Create an A record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's ID as an alias target.
    D. Create an A record. Enter static.example.com as the record name. Enter the CloudFront distribution's domain name as an alias target.

  • Question 104:

    While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.

    What address should be used to create the customer gateway resource?

    A. The private IP address of the customer gateway device
    B. The MAC address of the NAT device in front of the customer gateway device
    C. The public IP address of the customer gateway device
    D. The public IP address of the NAT device in front of the customer gateway device

  • Question 105:

    A company that uses AWS Organizations recently implemented AWS Control Tower The company now needs to centralize identity management A SysOps administrator must federate AWS IAM Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all the company's accounts and cloud applications

    Which prerequisites must the SysOps administrator have so that the SysOps administrator can connect to the external IdP? (Select TWO.)

    A. A copy of the IAM Identity Center SAML metadata
    B. The IdP metadata, including the public X.509 certificate
    C. The IP address of the IdP
    D. Root access to the management account
    E. Administrative permissions to the member accounts of the organization

  • Question 106:

    An Amazon RDS for PostgreSQL DB cluster has automated backups turned on with a 7-day retention period. A SysOps administrator needs to create a new RDS DB cluster by using data that is no more than 24 hours old from the original DB cluster.

    Which solutions will meet these requirements with the LEAST operational overhead? (Choose two.)

    A. Identify the most recent automated snapshot. Restore the snapshot to a new RDS DB cluster.
    B. Back up the database to Amazon S3 by using native database backup tools. Create a new RDS DB cluster and restore the data to the new RDS DB cluster.
    C. Create a read replica instance in the original RDS DB cluster. Promote the read replica to a standalone DB cluster.
    D. Create a new RDS DB cluster. Use AWS Database Migration Service (AWS DMS) to migrate data from the current RDS DB cluster to the newly created RDS DB cluster.
    E. Use the pg_dump utility to export data from the original RDS DB cluster to an Amazon EC2 instance. Create a new RDS DB cluster. Use the pg_restore utility to import the data from the EC2 instance to the new RDS DB cluster.

  • Question 107:

    A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out.

    Which action should the SysOps administrator take to meet these requirements?

    A. Enable instance scale-in protection.
    B. Place the instance into the Standby stale.
    C. Remove the listener from the ALB
    D. Suspend the Launch and Terminate process types.

  • Question 108:

    A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company has configured an Amazon CloudWatch alarm to monitor the HTTPCode_Target_5XX_Count metric. The application crashes every few days during business hours. The crashes trigger the CloudWatch alarm and result in service disruption.

    The cause of the crashes is a memory leak in the application. While developers work to fix the problem, a SysOps administrator needs to implement a temporary solution. The solution must automatically reboot the EC2 instances every day and must minimize application disruption during business hours.

    Which solution will meet these requirements?

    A. Create an Amazon EventBridge rule that is scheduled to run outside of business hours. Configure the rule to invoke the StartInstances operation on the EC2 instances.
    B. Use AWS Systems Manager to create a daily maintenance window that is outside of business hours. Register the EC2 instances as a target. Assign the AWS- RestartEC2Instance runbook to the maintenance window.
    C. Configure an additional CloudWatch alarm to monitor the StatusCheckFailed_System metric for the EC2 instances. Configure an EC2 action on the additional alarm to reboot the instances.
    D. Configure an additional CloudWatch alarm that is triggered every time the application crashes. Configure an EC2 action on the additional alarm to restart the application on the EC2 instances.

  • Question 109:

    A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted. What is the MOST operationally efficient solution that meets these requirements?

    A. Create a script that runs against the S3 bucket and outputs the status of each object.
    B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.
    C. Provide the security team with an IAM user that has read access to the S3 bucket.
    D. Use the AWS CLI to output a list of all objects in the S3 bucket.

  • Question 110:

    An application is deployed in a VPC in both the us-east-2 and eu-west-1 Regions. A significant amount of data needs to be transferred between the two Regions. What is the MOST cost-effective way to set up the data transfer?

    A. Establish a VPN connection between the Regions using third-party VPN products from AWS Marketplace.
    B. Establish Amazon CloudFront distributions tor the Amazon EC2 instances from both Regions.
    C. Establish an inter-Region VPC peering connection between the VPCs.
    D. Establish an AWS PrivateLinK connection between the two Regions.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.