A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that
do not contain a department tag. Noncompliant resources must be terminated in near-real time.
Which solution will meet these requirements?
A. Create an AWS Config rule with the required-tags managed rule to identify noncompliant resources. Configure automatic remediation to run the AWS- TerminateEC2Instance automation document to terminate noncompliant resources.
B. Create a new Amazon EventBridge (Amazon CloudWatch Events) rule to monitor when new EC2 instances are created. Send the event to a Simple Notification Service (Amazon SNS) topic for automatic remediation.
C. Ensure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behavior to terminate.
D. Ensure AWS Systems Manager Compliance is configured to manage the EC2 instances. Call the AWS-StopEC2Instances automation document to stop noncompliant resources.
A company runs an application that hosts critical data for several clients. The company uses AWS CloudTrail to track user activities on various AWS resources. To meet new security requirements, the company needs to protect the CloudTrail
log files from being modified, deleted, or forged.
Which solution will meet these requirement?
A. Enable CloudTrail log file integrity validation.
B. Use Amazon S3 MFA Delete on the S3 bucket where the CloudTrail log files are stored.
C. Use Amazon S3 Versioning to keep all versions of the CloudTrail log files.
D. Use AWS Key Management Service (AWS KMS) security keys to secure the CloudTrail log files.
A global company operates out of five AWS Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instances.
The company requires the output to display the instance ID and tags.
What is the MOST operationally efficient way for the SysOps administrator to meet these requirements?
A. Create a tag-based resource group in AWS Resource Groups.
B. Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.
C. Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.
D. Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resource type of AWS::EC2::Instance.
An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked as unhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambda function is invoked in this situation. How should the SysOps administrator meet these requirements?
A. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
B. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon Route 53.
C. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
D. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53.
A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted. How should the SysOps administrator meet these requirements?
A. Enable log file integrity validation. Use the AWS CLI to validate the log files.
B. Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files.
C. Use CloudTrail Insights to monitor the log files for modifications.
D. Use Amazon CloudWatch Logs to monitor the log files for modifications.
A company has a stateful, long-running workload on a single xlarge general purpose Amazon EC2 On-Demand Instance Metrics show that the service is always using 80% of its available memory and 40% of its available CPU. A SysOps
administrator must reduce the cost of the service without negatively affecting performance.
Which change in instance type will meet these requirements?
A. Change to one large compute optimized On-Demand Instance.
B. Change to one large memory optimized On-Demand Instance.
C. Change to one xlarge general purpose Spot Instance.
D. Change to two large general purpose On-Demand Instances.
A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2
instances in eu-central-1 are unable to connect to the database in us-east-1.
What is the MOST operationally efficient solution that will resolve this connectivity issue?
A. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.
B. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.
C. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.
D. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.
A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build
uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?
A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.
A company uses an AWS Service Catalog portfolio to create and manage resources. A SysOps administrator must create a replica of the company's existing AWS infrastructure in a new AWS account. What is the MOST operationally efficient way to meet this requirement?
A. Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.
B. In the new AWS account, manually create an AWS Service Catalog portfolio that duplicates the original portfolio.
C. Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.
D. Share the AWS Service Catalog portfolio with the new AWS account. Import the portfolio into the new AWS account.
A SysOps administrator must manage the security of an AWS account. Recently, an IAM user's access key was mistakenly uploaded to a public code repository.
The SysOps administrator must identify anything that was changed by using this access key.
How should the SysOps administrator meet these requirements?
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events to an AWS Lambda function for analysis.
B. Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe.
C. Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.
D. Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.