Amazon Amazon Certifications SOA-C02 Questions & Answers

• Question 171:

  A SysOps administrator is unable to launch Amazon EC2 instances into a VPC because there are no available private IPv4 addresses in the VPC. Which combination of actions must the SysOps administrator take to launch the instances? (Select TWO.)

  A. Associate a secondary IPv4 CIDR block with the VPC

  B. Associate a primary IPv6 CIDR block with the VPC

  C. Create a new subnet for the VPC

  D. Modify the CIDR block of the VPC

  E. Modify the CIDR block of the subnet that is associated with the instances

  Correct Answer: AC

  https://aws.amazon.com/premiumsupport/knowledge-center/subnet-insufficient-ips/

• Question 172:

  A company is running distributed computing software to manage a fleet of 20 Amazon EC2 instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run the calculations. Control nodes can automatically start the task

  nodes.

  Currently, all the nodes run on demand. The control nodes must be available 24 hours a day, 7 days a week. The task nodes run for 4 hours each day. A SysOps administrator needs to optimize the cost of this solution.

  Which combination of actions will meet these requirements? (Choose two.)

  A. Purchase EC2 Instance Savings Plans for the control nodes.

  B. Use Dedicated Hosts for the control nodes.

  C. Use Reserved Instances for the task nodes.

  D. Use Spot Instances for the control nodes. Use On-Demand Instances if there is no Spot availability.

  E. Use Spot Instances for the task nodes. Use On-Demand Instances if there is no Spot availability.

  Correct Answer: AE

• Question 173:

  A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoOB table.

  Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

  A. Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.

  B. Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.

  C. Enable termination protection on the AWS Cloud Formation stack.

  D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

  Correct Answer: A

• Question 174:

  A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure.

  What is the MOST operationally efficient solution that meets these requirements?

  A. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.

  B. Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.

  C. Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.

  D. Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance failure, restore the EBS volume from a snapshot.

  Correct Answer: D

  To me both BandD minimize potential data loss.

  However, the question is not specifying availability (Multi-AZ is B)

  Instead, the question is emphasizing quick recovery from backup (not active/active recovery)

  Therefore, I think only option D meets both criteria for minimizing potential data loss and quick recovery.

  -1 Hour RPO (only D specifies hourly snapshots and hourly RPO)

  - Snapshots (D) have faster RTO than native backup restore from S3 (B)

  In the real world, I've used both backups (regularly/scheduled) and snapshots (prior to scheduled changes, etc.)

• Question 175:

  A SysOps administrator is responsible for a company's security groups. The company wants to maintain a documented trail of any changes that are made to the security groups. The SysOps administrator must receive notification whenever the security groups change.

  Which solution will meet these requirements?

  A. Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SOS) queue for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SQS queue.

  B. Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.

  C. Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.

  D. Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.

  Correct Answer: C

  AWS Config, a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to help enable security and governance. You can create AWS Config rules that automatically check the configuration of AWS resources that are recorded by AWS Config. For this example, I use a Config rule that is invoked whenever a change is made to a security group. Attach the Config rule to an AWS Lambda function that examines the ingress rules of a security group to see if the group remains in compliance with the rules.

• Question 176:

  A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53. and wants to point its domain's zone apex to the website.

  Which type of record should be used to meet these requirements?

  A. A CNAME record for the domain's zone apex

  B. An A record for the domain's zone apex

  C. An AAAA record for the domain's zone apex

  D. An alias record for the domain's zone apex

  Correct Answer: D

  The DNS protocol does not allow you to create a CNAME record for the top node of a DNS namespace, also known as the zone apex. For example, if you register the DNS name example.com, the zone apex is example.com. You cannot create a CNAME record for example.com, but you can create CNAME records for www.example.com, newproduct.example.com, and so on.

  In addition, if you create a CNAME record for a subdomain, you cannot create any other records for that subdomain. For example, if you create a CNAME for www.example.com, you cannot create any other records for which the value of the Name field is www.example.com.

• Question 177:

  A company is planning to host its stateful web-based applications on AWS A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances The web applications will run 24 hours a day 7 days a week throughout the year The company must be able to change the instance type within the same instance family later in the year based on the traffic and usage patterns.

  Which EC2 instance purchasing option will meet these requirements MOST cost- effectively?

  A. Convertible Reserved Instances

  B. On-Demand instances

  C. Spot instances

  D. Standard Reserved instances

  Correct Answer: A

  Convertible Reserved Instances123are a type of AWS Reserved Instances that can be exchanged for other Convertible Reserved Instances currently offered by AWS1. They are associated with a specific Region, which is fixed for the duration of the reservation's term1. There are no restrictions to the number of times that you can exchange the RIs, provided that the target convertible reserved instance has an equal or higher value than the original convertible RI which it replaces2. Convertible Reserved Instances are useful when workloads are likely to change, or when you want to hedge against possible future price drops3

  https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-convertible-exchange.html

• Question 178:

  A company uses AWS Cloud Formation templates to deploy cloud infrastructure. An analysis of all the company's templates shows that the company has declared the same components in multiple templates. A SysOps administrator needs to create dedicated templates that have their own parameters and conditions for these common components.

  Which solution will meet this requirement?

  A. Develop a CloudFormaiion change set.

  B. Develop CloudFormation macros.

  C. Develop CloudFormation nested stacks.

  D. Develop CloudFormation stack sets.

  Correct Answer: C

  Option C (Develop CloudFormation nested stacks) is the correct option for managing common components in multiple templates. Nested stacks allow you to break down complex templates into smaller, more manageable units, where each nested stack can have its own set of parameters, conditions, and resources. This approach promotes code reusability, simplifies template management, and reduces duplication of common components across templates.

  By creating dedicated templates as nested stacks, you can define and maintain the common components in a single location and then reference them from other templates. This helps ensure consistency and makes it easier to update and maintain the infrastructure as changes can be made in one place and propagated to all templates that use the nested stack.

• Question 179:

  A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error. Which actions should a SysOps administrator take to remediate this issue? (Select TWO.)

  A. Change the instance type that the company is using.

  B. Configure the Auto Scaling group in different Availability Zones.

  C. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.

  D. Increase the maximum size of the Auto Scaling group.

  E. Request an increase in the instance service quota.

  Correct Answer: AB

  https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshooting-launch.html#troubleshooting-launch-capacity

  Solution

  To resolve the issue, try the following:

  Wait a few minutes and then submit your request again; capacity can shift frequently.

  Submit a new request with a reduced number of instances. For example, if you're making a single request to launch 15 instances, try making 3 requests for 5 instances, or 15 requests for 1 instance instead.

  ****If you're launching an instance, submit a new request without specifying an Availability Zone.

  ****If you're launching an instance, submit a new request using a different instance type (which you can resize at a later stage). For more information, see Change the instance type.

  If you are launching instances into a cluster placement group, you can get an insufficient capacity error. For more information, see Placement group rules and limitations.

• Question 180:

  A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.

  Which solution will meet these requirements?

  A. Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation

  B. Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation

  C. Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update:*.

  D. Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources

  Correct Answer: C

  https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html