A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps
administrator must restrict access to certain countries.
What is the MOST operationally efficient solution that meets these requirements?
A. Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition.
B. Create a secondary origin access identity (OAI). Configure the S3 bucket policy to prevent access from unauthorized countries.
C. Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries.
D. Update the application to generate signed CloudFront URLs only for IP addresses in authorized countries.
A company applies user-defined tags to resources that are associated with me company's AWS workloads Twenty days after applying the tags, the company notices that it cannot use re tags to filter views in the AWS Cost Explorer console.
What is the reason for this issue?
A. It lakes at least 30 days to be able to use tags to filter views in Cost Explorer.
B. The company has not activated the user-defined tags for cost allocation.
C. The company has not created an AWS Cost and Usage Report
D. The company has not created a usage budget in AWS Budgets
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database.
What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A. Enter the DB instance connection string into the VPC1 route table.
B. Configure VPC peering between the two VPCs.
C. Add the same IPv4 CIDR range for both VPCs.
D. Connect to the DB instance by using the DB instance's public IP address.
A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.
What is the MOST cost-effective way to resize the cluster?
A. Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.
B. Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original duster.
C. Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and restore the backup in the new cluster. After the process is complete, shut down the original cluster.
D. Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to large nodes.
A SysOps administrator developed a Python script that uses the AWS SDK to conduct several maintenance tasks. The script needs to run automatically every night.
What is the MOST operationally efficient solution that meets this requirement?
A. Convert the Python script to an AWS Lambda (unction. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night.
B. Convert the Python script to an AWS Lambda function. Use AWS CloudTrail to invoke the function every night.
C. Deploy the Python script to an Amazon EC2 Instance. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the instance to start and stop every night.
D. Deploy the Python script to an Amazon EC2 instance. Use AWS Systems Manager to schedule the instance to start and stop every night.
A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost.
What should the SysOps administrator do to tag the "No Tagkey" resources?
A. Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.
B. Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.
C. Use Cost Explorer to find and tag all the untagged resources.
D. Use Tag Editor to find and taq all the untaqqed resources.
A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that interact with the database to add, update, and delete items. The Lambda
functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?
A. Store the database password as an environment variable for each Lambda function. Create a new Lambda function that is named PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update the environment variable for each Lambda function.
B. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each Lambda function. Grant each Lambda function access to the KMS key so that the database password can be decrypted when required. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.
C. Use AWS Secrets Manager to store credentials for the database. Create a Secrets Manager secret, and select the database so that Secrets Manager will use a Lambda function to update the database password automatically. Specify an automatic rotation schedule of 30 days. Update each Lambda function to access the database password from SecretsManager.
D. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the database. Create a new Lambda function called PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to update the secret within Parameter Store. Update each Lambda function to access the database password from Parameter Store.
A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?
A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.
B. Create an A record for each server. Associate the records with the Route 53 TCP health check.
C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.
D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.
A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.
Which solution will meet these requirements in the MOST secure manner?
A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user. Share the user credentials with the security administrator.
B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM user. Share the user credentials with the security administrator.
C. Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.
D. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account.
A company has launched a social media website that gives users the ability to upload images directly to a centralized Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3 bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed.
What should the SysOps administrator do to meet these requirements?
A. Create S3 access points in Regions that are closer to the users.
B. Create an accelerator in AWS Global Accelerator for the S3 bucket.
C. Enable S3 Transfer Acceleration on the S3 bucket.
D. Enable cross-origin resource sharing (CORS) on the S3 bucket.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.