Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 131:

  A SysOps administrator needs to collect the content of log files from a custom application that is deployed across hundreds of Amazon EC2 instances running Ubuntu. The log files need to be stored in Amazon CloudWatch Logs. How should the SysOps administrator collect the application log files with the LOWEST operational overhead?

  A. Configure the syslogd service on each EC2 instance to collect and send the application log files to CloudWatch Logs.
  B. Install the CloudWatch agent by using the Amazon Linux package manager on each EC2 instance. Configure each agent to collect the application log files.
  C. Install the CloudWatch agent on each EC2 instance by using AWS Systems Manager. Create an agent configuration on each instance by using the CloudWatch configuration wizard. Configure each agent to collect the application log files.
  D. Store a CloudWatch agent configuration in the AWS Systems Manager Parameter Store. Install the CloudWatch agent on each EC2 instance by using Systems Manager. Configure each agent to collect the application log files.
  D. Store a CloudWatch agent configuration in the AWS Systems Manager Parameter Store. Install the CloudWatch agent on each EC2 instance by using Systems Manager. Configure each agent to collect the application log files.

  ---

  Explanation Explanation/Reference:https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-cloudwatch-agent-configuration-file.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-cloudwatch-agent-configuration-file-wizard.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance-fleet.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html

• Question 132:

  The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.

  A. Create a Systems Manager Distributor package that includes the auditing software. Store the package in an Amazon S3 bucket. Create a Systems Manager State Manager association in each Region to install the software package on all managed instances in the company's AWS account.
  B. Load the installer for the auditing software into an Amazon S3 bucket. Connect to every instance by using Systems Manager Fleet Manager Remote Desktop. Download the installer by using the AWS CLI. Run the installer manually.
  C. Create an AWS Lambda function that calls the software installer. Merge the auditing software into the Lambda function by using Lambda layers. Run the Lambda function from each instance by using a scheduled Amazon EventBridge rule.
  D. Create an Amazon EventBridge rule to react to Amazon EC2 RunInstances events. Configure the rule to modify the events to include a step that runs the software installer. Reboot all the instances.
  A. Create a Systems Manager Distributor package that includes the auditing software. Store the package in an Amazon S3 bucket. Create a Systems Manager State Manager association in each Region to install the software package on all managed instances in the company's AWS account.

• Question 133:

  A SysOps administrator is examining the following AWS CloudFormation template:

  

  Why will the stack creation fail?

  A. The Outputs section of the CloudFormation template was omitted.
  B. The Parameters section of the CloudFormation template was omitted.
  C. The PrivateDnsName cannot be set from a CloudFormation template.
  D. The VPC was not specified in the CloudFormation template.
  C. The PrivateDnsName cannot be set from a CloudFormation template.

  ---

  Explanation Explanation/Reference:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html Only available is PrivateDnsNameOptions.

• Question 134:

  A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises website as a custom origin.

  The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users are now experiencing HTTP 502 (Bad Gateway) errors when they view

  webpages that include content from the CloudFront distribution.

  What should a SysOps administrator do to resolve this problem?

  A. Examine the expiration date on the certificate on the origin site. Validate that the certificate has not expired. Replace the certificate if necessary.
  B. Examine the hostname on the certificate on the origin site. Validate that the hostname matches one of the hostnames on the CloudFront distribution. Replace the certificate if necessary.
  C. Examine the firewall rules that are associated with the origin server. Validate that port 443 is open for inbound traffic from the internet. Create an inbound rule if necessary.
  D. Examine the network ACL rules that are associated with the CloudFront distribution. Validate that port 443 is open for outbound traffic to the origin server. Create an outbound rule if necessary.
  A. Examine the expiration date on the certificate on the origin site. Validate that the certificate has not expired. Replace the certificate if necessary.

  ---

  HTTP 502 errors from CloudFront can occur because of the following reasons: There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront. There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid. There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin. The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution. The custom origin is ending the connection to CloudFront too quickly. https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-connection-error/

• Question 135:

  A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named pcx-12345 between both VPCs.

  Which rules should appear in the route table of VPC A after configuration? (Select TWO.)

  A. Destination: 10.0.0.0/16, Target: Local
  B. Destination: 172.31.0.0/16, Target: Local
  C. Destination: 10.0.0.0/16, Target: pcx-12345
  D. Destination: 172.31.0.0/16, Target: pcx-12345
  E. Destination: 10.0.0.0/16. Target: 172.31.0.0/16
  A. Destination: 10.0.0.0/16, Target: Local
  D. Destination: 172.31.0.0/16, Target: pcx-12345

  ---

  https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html

• Question 136:

  A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are now being served the desktop version of the website.

  Which action should a SysOps administrator take to resolve this issue?

  A. Configure the CloudFront distribution behavior to forward the User-Agent header.
  B. Configure the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.
  C. Enable IPv6 on the ALB. Update the CloudFront distribution origin settings to use the dualstack endpoint.
  D. Enable IPv6 on the CloudFront distribution. Update the Route 53 record to use the dualstack endpoint.
  A. Configure the CloudFront distribution behavior to forward the User-Agent header.

  ---

  If you want CloudFront to cache different versions of your objects based on the device that a user is using to view your content, we recommend that you configure CloudFront to forward one or more of the following headers to your custom origin: CloudFront-Is-Desktop-Viewer CloudFront-Is-Mobile-Viewer CloudFront-Is-SmartTV-Viewer CloudFront-Is-Tablet-Viewer As you can see based on what comes in the request received by CF, It is going to set the value to true before forwarding the request to your origin. The resume, with origin custom headers you are the one that decide what is going to be on the header, there is no way to match what it comes on the request received on CF and what is going to be sent to the origin. On the other hand with User-Agent header, CF inspects the header and determines what type of device is used (Smart TV, Tablet, Desktop, Mobile).

• Question 137:

  A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.

  According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the company's applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.

  Which action should the SysOps administrator take to meet these requirements?

  A. Increase the size of the 1 GiB EBS volumes.
  B. Add two additional elastic network interfaces on each EC2 instance.
  C. Turn on Transfer Acceleration on the EBS volumes in the Region.
  D. Add all the EC2 instances to a cluster placement group.
  A. Increase the size of the 1 GiB EBS volumes.

  ---

  Increasing the size of the 1 GiB EBS volumes will increase the IOPS capacity of the volumes, which will improve the I/O performance of the EBS volumes. This option does not require any changes to the instance types or EBS volume types, so it can be done quickly without the need for lengthy acceptance tests to validate that the company's applications will function properly. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/requesting-ebs-volume-modifications.html

• Question 138:

  A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs.

  Which solution will net these requirements?

  A. Create a single AWS Storage Gateway file gateway.
  B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
  C. Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.
  D. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).
  B. Create an Amazon FSx for Windows File Server Multi-AZ file system.

  ---

  Explanation Explanation/Reference:https://aws.amazon.com/fsx/windows/ https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html

• Question 139:

  CORRECT TEXT

  If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

  If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

  Configure Amazon EventBridge to meet the following requirements.

  1. Use the us-east-2 Region for all resources.

  2. Unless specified below, use the default configuration settings.

  3. Use your own resource naming unless a resource name is specified below.

  4. Ensure all Amazon EC2 events in the default event bus are replayable for the past 90 days.

  5. Create a rule named RunFunction to send the exact message {"name":"example") every 15 minutes to an existing AWS Lambda function named LogEventFunction

  6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted.

  Do NOT create any topic subscriptions.

  The notification must match the following structure:

  

  Input template: " The EC2 Spot Instance has been on account.

  A. Check the answer in explanation.
  B. Place Holder
  A. Check the answer in explanation.

  ---

  Solution as given below.

  

  

• Question 140:

  A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost.

  What should the SysOps administrator do to sign in?

  A. Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.
  B. Sign in as an IAM user with administrator permissions. Resynchronize the MFA token by using the IAM console.
  C. Sign in as an IAM user with administrator permissions. Reset the MFA device for the root user by adding a new device.
  D. Use the forgot-password process to verify the email address. Set up a new password and MFA device.
  A. Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.

  ---

  The SysOps administrator needs to sign in as the root user to change the AWS Support plan. Since the MFA device is lost, the administrator can sign in by using email and phone verification. After signing in, the administrator should set up a new MFA device and change the root user password for security reasons. It is generally recommended to use IAM users with limited permissions instead of root user accounts. However, in this case, since the support plan needs to be changed, the root user account is necessary. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html