An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy.
What is likely to be the problem?
A. The Amazon Machine image used is not available in that region. B. The AWS CloudFormation template needs to be updated to the latest version. C. The VPC configuration parameters have changed and must be updated in the template. D. The account has reached the default limit for VPCs allowed.
D. The account has reached the default limit for VPCs allowed.
Question 12:
Users of a company's internal web application recently experienced application performance issues for a brief period The application includes frontend web servers that run in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application also includes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.
A SysOps administrator determines that the source of the performance issues was high utilization of the DB cluster. The single writer instance experienced more than 90% utilization for 11 minutes The cause of the high utilization was an automated report that is scheduled to run one time each week
What should the SysOps administrator do to ensure that users do not experience performance Issues each week when the report runs?
A. Increase the size of the DB instance. Monitor the performance during the next scheduled run of the report B. Add a reader instance. Change the database connection string of the report application to use the newly created reader instance. C. Add another writer instance Change the database connection string of the report application to use the newly created writer instance. D. Configure auto scaling for the DB cluster Set the minimum capacity units, maximum capacity units, and target utilization
A. Increase the size of the DB instance. Monitor the performance during the next scheduled run of the report Explanation Explanation/Reference:Adding a reader instance will offload read-heavy operations (such as generating reports) from the writer instance, which is responsible for handling write transactions. This will prevent the report from overloading the writer instance during its execution. Changing the connection string of the report application to use the reader instance ensures that the report runs against the read replica, leaving the primary writer instance available for regular transactional operations without causing high utilization issues.
Question 13:
A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas.
Which solution will meet these requirements?
A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas. B. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas. C. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas. D. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas. Amazon CloudWatch allows you to set up alarms on various metrics, including service quota metrics from AWS Trusted Advisor. In this case, the company wants to monitor five Trusted Advisor service quota metrics in a specific AWS Region and receive email notifications when resource usage exceeds 60% of any of these quotas. Option D is incorrect because it mentions using the AWS Service Health Dashboard to monitor service quota metrics. While the Service Health Dashboard provides information about the overall health of AWS services, it does not provide specific monitoring capabilities for individual service quota metrics as required in this scenario.
Question 14:
A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold.
What should the SysOps administrator do to meet these requirements?
A. Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena. Configure an alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the email distribution list to the topic. B. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the email distribution list to the topic. C. Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% of the budgeted amount. Configure the budget to send a notification to the email distribution list when costs reach 75% of the threshold. D. Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function to analyze data transfer. Configure the Lambda function to send a notification to the email distribution list when costs reach 75% of the threshold.
C. Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% of the budgeted amount. Configure the budget to send a notification to the email distribution list when costs reach 75% of the threshold. Option A (Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena. Configure an alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the email distribution list to the topic.) is a bit complex and not directly related to tracking data transfer costs between AWS Regions. AWS Cost and Usage Reports and Amazon Athena are typically used for analyzing detailed cost and usage data, but they are not the most straightforward solution for this specific requirement. Option B (Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the email distribution list to the topic.) is focused on billing alarms, which can track costs, but it may not specifically address data transfer costs between AWS Regions.
Question 15:
A company uses Amazon S3 to aggregate raw video footage from various media teams across the US. The company recently expanded into new geographies in Europe and Australia. The technical teams located in Europe and Australia reported delays when uploading large video tiles into the destination S3 bucket m toe United States.
What are the MOST cost-effective ways to increase upload speeds into the S3 bucket? (Select TWO.)
A. Create multiple AWS Direct Connect connections between AWS and branch offices in Europe and Australia tor He uploads into the destination S3 bucket B. Create multiple AWS Site-to-Site VPN connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket. C. Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket. D. Use AWS Global Accelerator for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. E. Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia.
C. Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket. E. Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. CandE are the most cost effective solutions to upload objects to S3. In particular, S3 transfer acceleration will only charge you if the upload is indeed accelerated. Multi-part upload is recommended by AWS when object's size exceeds 100MB. Also, it's recommended to maximise the use of available bandwidth.
Question 16:
A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized users through Amazon CloudFront. Unauthorized users must be restricted from access.
Which solution will meet these requirements?
A. Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed URLs to access the S3 bucket through CloudFront. B. Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Restrict S3 bucket access with signed URLs in CloudFront. C. Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Enable field-level encryption. D. Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed cookies for restricted delivery of the content through CloudFront.
B. Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Restrict S3 bucket access with signed URLs in CloudFront. Option B is the correct solution because it uses an origin access identity (OAI) to restrict access to the S3 bucket, ensuring that only CloudFront can access the content. Public access is blocked on the S3 bucket, preventing unauthorized users from accessing the content directly. Signed URLs can also be used to restrict access further within CloudFront. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
Question 17:
A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC.
What is the MOST operationally efficient method to deploy and update the VPCs in each account?
A. Create an AWS CloudFormation template that defines the VPC. Sign in to the AWS Management Console under each account. Create a stack from the template. B. Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text file. Create the VPC in every account in the list. C. Create an AWS Lambda function that configures the VPStore the account information in Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC in every account in the list. D. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set.
D. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set.
Question 18:
The company's ecommerce website running on EC2 instances behind an ALB intermittently returns HTTP 500 errors. The Auto Scaling group is only using EC2 status checks.
A. Replace the ALB with a Network Load Balancer. B. Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group. C. Update the target group configuration on the ALB. Enable session affinity (sticky sessions). D. Install the Amazon CloudWatch agent on all the instances. Configure the agent to reboot the instances.
B. Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.
Question 19:
A media company hosts a public news and video portal on AWS. The portal uses an Amazon DynamoDB table with provisioned capacity to maintain an index of video files that are stored in an Amazon S3 bucket. During a recent event, millions of visitors came to the portal for news. This increase in traffic caused read requests to be throttled in the DynamoDB table. Videos could not be displayed in the portal.
The company's operations team manually increased the provisioned capacity on a temporary basis to meet the demand. The company wants the operations team to receive an alert before the table is throttled in the future. The company has created an Amazon Simple Notification Service (Amazon SNS) topic and has subscribed the operations team's email address to the SNS topic.
What should the company do next to meet these requirements?
A. Create an Amazon CloudWatch alarm that uses the ConsumedReadCapacityUnits metric. Set the alarm threshold to a value that is close to the DynamoDB table's provisioned capacity. Configure the alarm to publish notifications to the SNS topic. B. Turn on auto scaling on the DynamoDB table. Configure an Amazon EventBridge rule to publish notifications to the SNS topic during scaling events. C. Turn on Amazon CloudWatch Logs for the DynamoDB table. Create an Amazon CloudWatch metric filter to pattern match the THROTTLING_EXCEPTION status code from DynamoDB. Create a CloudWatch alarm for the metric. Select the SNS topic for notifications. D. Configure the application to store logs in Amazon CloudWatch Logs. Create an Amazon CloudWatch metric filter to pattern match the THROTTLING_EXCEPTION status code from DynamoDB. Create a CloudWatch alarm for the metric. Select the SNS topic for notifications.
A. Create an Amazon CloudWatch alarm that uses the ConsumedReadCapacityUnits metric. Set the alarm threshold to a value that is close to the DynamoDB table's provisioned capacity. Configure the alarm to publish notifications to the SNS topic.
Question 20:
A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the applications across the AWS accounts.
A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS IAM Identity Center (AWS Single Sign-On) and has set up an AWS Direct Connect connection.
What is the MOST operationally efficient solution that meets these requirements?
A. Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. B. Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. C. Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. D. Use the built-in SSO directory as the identity source for IAM Identity Center. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
C. Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. Centralized Management: An AD Connector provides a centralized way to manage user identities from the existing on-premises Active Directory, reducing the need to create and manage separate user accounts in AWS. Reduced Operational Overhead: Compared to managing a separate AD domain controller on an EC2 instance (Option B) or copying users/groups to the built-in directory (Option D), using an AD Connector simplifies administration. Existing Integration: Since AWS Direct Connect is already established, connecting the on-premises AD through an AD Connector leverages the existing network connectivity.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.