A SysOps administrator has submitted an AWS Support case. The SysOps administrator needs to receive immediate and automatic notifications in a Slack channel when the case is updated. The SysOps administrator also must be able to use Slack to add comments to the case.
Which solution will meet these requirements?
A. Add the AWS Support App by authorizing the AWS account in Slack. Add the group ID and the required case type in Slack. B. Add the AWS Support App by authorizing the Slack workspace. Add the channel ID and the required case type in the AWS account. C. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the HTTPS URL of the Slack channel to the SNS topic. Create an Amazon EventBridge rule that runs every minute and checks for case updates. Configure the rule to invoke an AWS Lambda function that publishes updates to the SNS topic. D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the HTTPS URL of the Slack channel to the SNS topic. Create an Amazon EventBridge rule that includes an event pattern with a source of aws.support and a detail type of Support Case Update. Specify the SNS topic as the rule's target. Send all comments in Slack to the SNS topic.
B. Add the AWS Support App by authorizing the Slack workspace. Add the channel ID and the required case type in the AWS account.
Question 142:
A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest. How should the administrator implement this process?
A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account. B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts. C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it. D. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP. export the database contents into a file, then share this file with the other accounts.
B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts. Explanation Explanation/Reference:You must first update the key policy use to encrypt the volume, then share it with other accounts.
Question 143:
A company's application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company's IAM policies allow only the permissions that the application requires.
How can the SysOps administrator create a policy to meet this requirement?
A. Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub. B. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS Identity and Access Management Access Analyzer. C. Use the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer. D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management Access Analyzer.
D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management Access Analyzer. Generate a policy by using AWS Identity and Access Management Access Analyzer. AWS CloudTrail is a service that records all API calls made on your account. You can use this data to generate a policy with AWS Identity and Access Management Access Analyzer that only allows the permissions that the application requires. This will ensure that the application only has the necessary permissions and will protect the company from any unauthorized access. https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html#what-is-access-analyzer-policy-generation
Question 144:
A company's AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.
What should a SysOps administrator do to resolve this issue?
A. In the CPU launch options for the Lambda function, activate hyperthreading. B. Turn off the AWS managed encryption. C. Increase the amount of memory for the Lambda function. D. Load the required code into a custom layer.
C. Increase the amount of memory for the Lambda function. Option A (In the CPU launch options for the Lambda function, activate hyperthreading) is not a valid option because AWS Lambda manages the underlying infrastructure, including the CPU configuration. SysOps administrators do not have direct access to adjust hyperthreading settings for Lambda functions. Option B (Turn off the AWS managed encryption) is unrelated to the performance issue caused by CPU-intensive operations. AWS managed encryption refers to the automatic encryption of data at rest for Lambda function code and other resources. Disabling encryption won't improve the Lambda function's performance.
Question 145:
A company has a multi-account environment. Account A has a production application that is hosted on an Amazon EC2 instance. The application needs to query data in an Amazon DynamoDB table that is hosted in Account B.
A SysOps administrator needs to provide the EC2 instance in Account A with access to the DynamoDB table in Account B.
What is the MOST secure solution that will meet these requirements?
A. Update the IAM policy that is attached to the EC2 instance's IAM role to allow the dynamodb:Query permission on the DynamoDB table in Account B. Add a policy in Account A to allow the DynamoDB service principal to use the PassRole action to pass the role to Account B. B. In Account B, create an IAM role that has permission to query the DynamoDB table. Add the EC2 instance's IAM role to the trust policy on the newly created IAM role in Account Update the IAM policy that is attached to the EC2 instance's IAM role to allow the sts:AssumeRole permission on the newly created IAM role in Account B. C. Update the IAM policy that is attached to the EC2 instance's IAM role to allow the dynamodb:Query permission on the DynamoDB table in Account B. Update the DynamoDB table's resource policy to allow the query action from the EC2 instance's IAM role. D. In Account B, create a static IAM key that has the appropriate permissions to query the DynamoDB table. Embed these credentials into the credentials file on the EC2 instance. Reference the credentials every time the application needs to query the table.
B. In Account B, create an IAM role that has permission to query the DynamoDB table. Add the EC2 instance's IAM role to the trust policy on the newly created IAM role in Account Update the IAM policy that is attached to the EC2 instance's IAM role to allow the sts:AssumeRole permission on the newly created IAM role in Account B. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/configure-cross-account-access-to-amazon-dynamodb.html
Question 146:
The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.
A. "kms:ReEncrypt", "kms:GenerateDataKey*", "kms:Encrypt", "kms:DescribeKey" B. "kms:ListAliases", "kms:GetKeyPolicy", "kms:Describe*", "kms:Decrypt" C. "kms:ListAliases", "kms:DescribeKey", "kms:Decrypt" D. "kms:Update*", "kms:TagResource", "kms:Revoke*", "kms:Put*", "kms:List*", "kms:Get*", "kms:Enable*", "kms:Disable*", "kms:Describe*", "kms:Delete*", "kms:Create*", "kms:CancelKeyDeletion"
C. "kms:ListAliases", "kms:DescribeKey", "kms:Decrypt"
Question 147:
A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the most flexibility. What should the company do to MAXIMIZE cost savings while meeting these requirements?
A. Establish the compute expense by the hour. Purchase a Compute Savings Plan. B. Establish the compute expense by the hour. Purchase an EC2 Instance Savings Plan. C. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy. D. Use EC2 Spot Instances to match the instances that run in each Region.
D. Use EC2 Spot Instances to match the instances that run in each Region.
Question 148:
A company runs workloads on 90 Amazon EC2 instances in the eu-west-1 Region in an AWS account. In 2 months, the company will migrate the workloads from eu-west-1 to the eu-west-3 Region.
The company needs to reduce the cost of the EC2 instances. The company is willing to make a 1-year commitment that will begin next week. The company must choose an EC2 Instance purchasing option that will provide discounts for the 90 EC2 Instances regardless of Region during the 1-year period.
Which solution will meet these requirements?
A. Purchase EC2 Standard Reserved Instances. B. Purchase an EC2 Instance Savings Plan. C. Purchase EC2 Convertible Reserved Instances. D. Purchase a Compute Savings Plan.
D. Purchase a Compute Savings Plan. Compute Savings Plans provide the most flexibility and help to reduce your costs by up to 66% (just like Convertible RIs). These plans automatically apply to EC2 instance usage regardless of instance family, size, AZ, Region, operating system, or tenancy, and also apply to Fargate and Lambda usage. For example, with Compute Savings Plans, you can change from C4 to M5 instances, shift a workload from EU (Ireland) to Europe (London), or move a workload from Amazon EC2 to Fargate or Lambda at any time and automatically continue to pay the Savings Plans price.
Question 149:
An AWS CloudFormation template creates an Amazon RDS instance. This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use, even after the CloudFormation stack is deleted.
How can this be achieved in a reliable and efficient way?
A. Write a script to continue backing up the RDS instance every five minutes. B. Create an AWS Lambda function to take a snapshot of the RDS instance, and manually invoke the function before deleting the stack. C. Use the Snapshot Deletion Policy in the CloudFormation template definition of the RDS instance. D. Create a new CloudFormation template to perform backups of the RDS instance, and run this template before deleting the stack.
C. Use the Snapshot Deletion Policy in the CloudFormation template definition of the RDS instance. Explanation Explanation/Reference:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html
Question 150:
A SysOps administrator manages policies for many AWS member accounts in an AWS Organizations structure. Administrators on other teams have access to the account root user credentials of the member accounts. The SysOps administrator must prevent all teams, including their administrators, from using Amazon DynamoDB. The solution must not affect the ability of the teams to access other AWS services.
Which solution will meet these requirements?
A. In all member accounts, configure IAM policies that deny access to all DynamoDB resources for all users, including the root user. B. Create a service control policy (SCP) in the management account to deny all DynamoDB actions. Apply the SCP to the root of the organization C. In all member accounts, configure IAM policies that deny AmazonDynamoDBFullAccess to all users, including the root user. D. Remove the default service control policy (SCP) in the management account. Create a replacement SCP that includes a single statement that denies all DynamoDB actions.
B. Create a service control policy (SCP) in the management account to deny all DynamoDB actions. Apply the SCP to the root of the organization Service Control Policies (SCPs) are a feature of AWS Organizations that allow you to set permissions across all member accounts in the organization. When you apply an SCP at the root of the organization, it affects all member accounts within that organization. In this scenario, by creating an SCP that denies all DynamoDB actions and applying it to the root of the AWS organization, you effectively block access to Amazon DynamoDB for all users, including the root user, in all member accounts within the organization. This solution prevents any team, including their administrators, from using DynamoDB while still allowing access to other AWS services that are not restricted by the SCP.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.