Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 111:

  A SysOps administrator needs to update an AWS account name.

  What should the SysOps administrator do to accomplish this goal?

  A. Add the AdministratorAccess policy to the SysOps administrator's IAM user.
  B. Add the AWS_ConfigureRole policy to the SysOps administrator's IAM user.
  C. Change the AWS account name through the AWS Trusted Advisor interface.
  D. Sign in as the AWS account root user to make the change.
  D. Sign in as the AWS account root user to make the change.

  ---

  "To edit your AWS account name, root user password, or root user email address" "Minimum permissions" "To perform the following steps, you must have at least the following IAM permissions:" "You must sign in as the AWS account root user, which requires no additional IAM permissions. You can't perform these steps as an IAM user or role." https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-rootuser.html

• Question 112:

  A company hosts a Windows-based file server on a fleet of Amazon EC2 instances across multiple Availability Zones. The current setup does not allow application servers to access files simultaneously from the EC2 fleet.

  Which solution will allow this access in the MOST operationally efficient way?

  A. Create an Amazon Elastic File System (Amazon EFS) Multi-AZ file system. Copy the files to the EFS file system. Connect the EFS file system to mount points on the application servers.
  B. Create an Amazon FSx for Windows File Server Multi-AZ file system. Copy the files to the Amazon FSx file system. Adjust the connections from the application servers to use the share that the Amazon FSx file system exposes.
  C. Create an Amazon Elastic Block Store (Amazon EBS) volume that has EBS Multi-Attach enabled. Create an Auto Scaling group for the Windows file server. Use a script in the file server's user data to attach the SharedFileAccess tag to the EBS volume during launch.
  D. Create two Amazon FSx for Windows File Server file systems. Configure Distributed File System (DFS) replication between the file systems. Copy the files to the Amazon FSx file systems. Adjust the connections from the application servers to use the shares that the Amazon FSx file systems expose.
  B. Create an Amazon FSx for Windows File Server Multi-AZ file system. Copy the files to the Amazon FSx file system. Adjust the connections from the application servers to use the share that the Amazon FSx file system exposes.

  ---

  https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html

• Question 113:

  A company wants to store sensitive financial data within Amazon S3 buckets. The company has a corporate policy that does not allow public read or write access to the buckets. A SysOps administrator must create a solution to automatically

  remove S3 permissions that allow public read or write access.

  Which AWS service should the SysOps administrator use to meet these requirements in the MOST operationally efficient manner?

  A. AWS Config
  B. AWS Security Hub
  C. AWS Trusted Advisor
  D. Amazon Inspector
  A. AWS Config

• Question 114:

  A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:

  

  What is a possible cause of these failed connections?

  A. A security group deny rule is blocking traffic on port 443.
  B. The EC2 instance is shut down.
  C. The network ACL is blocking HTTPS traffic.
  D. The VPC has no internet gateway attached.
  C. The network ACL is blocking HTTPS traffic.

• Question 115:

  A company has an Amazon EC2 instance that runs Windows Server 2019. An encrypted Amazon Elastic Block Store (Amazon EBS) volume is attached to the instance as the main boot volume. The company has lost the ability to use Remote Desktop Protocol (RDP) to connect to the instance.

  The company needs to back up the instance. Before the backup, a SysOps administrator must change local Windows Firewall settings to fix the RDP connectivity issue.

  The SysOps administrator stops the instance.

  What should the SysOps administrator do next to regain access to the instance?

  A. Detach the main boot volume from the instance. Disable encryption on the main boot volume. Reattach the main boot volume to the instance. Create a new key pair. Assign the new key pair to the instance Reboot the instance. Connect to the instance by using RDP.
  B. Detach the mam boot volume from the instance. Use Amazon Inspector to reconfigure the Windows Firewall settings to allow RDP connectivity.
  C. Disable encryption for the main boot volume. Use Amazon Inspector to reconfigure the Windows Firewall settings to allow RDP connectivity. Re-enable encryption for the main boot volume.
  D. Detach the main boot volume from the instance. Attach the main boot volume to a working instance that has EC2Rescue installed. Use EC2Rescue to reconfigure the Windows Firewall settings to allow RDP connectivity. Detach the main boot volume from the working instance. Reattach the main boot volume to the initial instance.
  D. Detach the main boot volume from the instance. Attach the main boot volume to a working instance that has EC2Rescue installed. Use EC2Rescue to reconfigure the Windows Firewall settings to allow RDP connectivity. Detach the main boot volume from the working instance. Reattach the main boot volume to the initial instance.

• Question 116:

  A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.

  Which action should the SysOps administrator take to meet this requirement?

  A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
  B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
  C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
  D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
  C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.

  ---

  "An Auto Scaling group can contain EC2 instances in one or more Availability Zones within the same Region. However, Auto Scaling groups cannot span multiple Regions". As stated in https://docs.aws.amazon.com/autoscaling/ec2/ userguide/auto-scaling-benefits.htm

• Question 117:

  The application is experiencing high VolumeQueueLength on an EC2 instance with a gp3 EBS volume, causing slow performance during I/O-intensive tasks.

  A. Attach an Amazon ElastiCache cluster to the EBS volume.
  B. Modify the EBS volume properties by enabling the Auto-Enabled IO volume attribute.
  C. Modify the EBS volume properties to increase the IOPS.
  D. Modify the EC2 instance to enable enhanced networking. Reboot the EC2 instance.
  C. Modify the EBS volume properties to increase the IOPS.

• Question 118:

  A company hosts an application on Amazon EC2 instances The instances are in an Amazon EC2 Auto Scaling group that uses a launch template The amount of application traffic changes throughout the day. Scaling events happen frequently.

  A SysOps administrator needs to help developers troubleshoot the application. When a scaling event removes an instance. EC2 Auto Scaling terminates the instance before the developers can log in to the instance to diagnose issues.

  Which solution will prevent termination of the instance so that the developers can log in to the instance?

  A. Ensure that the Delete on termination setting is turned off in the UserData section of the launch template
  B. Update the Auto Scaling group by enabling instance scale-in protection for newly launched instances.
  C. Use Amazon Inspector to configure a rules package to protect the instances from termination.
  D. Use Amazon GuardDuty to configure rules to protect the instances from termination.
  B. Update the Auto Scaling group by enabling instance scale-in protection for newly launched instances.

  ---

  Enabling Instance Scale-In Protection: Instance scale-in protection prevents Auto Scaling from terminating specific instances. Steps:This ensures that instances are not terminated during troubleshooting. Instance Scale-In Protection

• Question 119:

  A company is using Amazon EventBridge to deliver events to an Amazon Simple Queue Service (Amazon SQS) queue. The solution was fully functional until the company enabled AWS Key Management Service (AWS KMS) encryption with a customer managed key on the SQS queue.

  A SysOps administrator must add KMS permissions to allow EventBridge to publish to the KMS-encrypted SQS queue. The SysOps administrator must add the permissions to the Action section of the following KMS key policy:

  

  Which two permissions will allow EventBridge to publish to the KMS encrypted SQS queue?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

• Question 120:

  A SysOps administrator is using AWS CloudFormation StackSets to create AWS resources in two AWS Regions in the same AWS account. A stack operation fails in one Region and returns the stack instance status of OUTDATED. What is the cause of this failure?

  A. The CloudFormation template changed on the local disk and has not been submitted to CloudFormation.
  B. The CloudFormation template is trying to create a global resource that is not unique.
  C. The stack has not yet been deployed to the Region.
  D. The SysOps administrator is using an old version of the CloudFormation API.
  B. The CloudFormation template is trying to create a global resource that is not unique.

  ---

  https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-troubleshooting.html