1. Home
  2. Amazon
  3. SOA-C02

Amazon SOA-C02 Online Practice Questions and Exam Preparation

SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 201:

    A company wants to prohibit its developers from using a particular family of Amazon EC2 instances. The company uses AWS Organizations and wants to apply the restriction across multiple accounts. What is the MOST operationally efficient way for the company to apply service control policies (SCPs) to meet these requirements?

    A. Add the accounts to an organizational unit (OU). Apply the SCPs to the OU.
    B. Add the accounts to resource groups in AWS Resource Groups. Apply the SCPs to the resource groups.
    C. Apply the SCPs to each developer account
    D. Enroll the accounts with AWS Control Tower. Apply the SCPs to the AWS Control Tower management account.

  • Question 202:

    A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer in use. The CloudFormation stack is in the DELETE_FAILED state. The SysOps administrator has validated the permissions that are required to delete the Cloud Formation stack.

    A. The configured timeout to delete the stack was too low for the delete operation to complete.
    B. The stack contains nested stacks that must be manually deleted fast.
    C. The stack was deployed with the -disable rollback option.
    D. There are additional resources associated with a security group in the stack
    E. There are Amazon S3 buckets that still contain objects in the stack.

  • Question 203:

    A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation. Which solution will meet these requirements?

    A. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
    B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
    C. Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
    D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.

  • Question 204:

    A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

    What should be added to the private subnet's route table in order to address this issue, given the information provided?

    A. 0.0.0.0/0 IGW
    B. 0.0.0.0/0 NAT
    C. 10.0.1.0/24 IGW
    D. 10.0.1.0/24 NAT

  • Question 205:

    A SysOps administrator needs to delete an AWS CloudFormation stack that is in the DELETE_FAILED state. CloudFormation was unable to delete an Amazon EC2 security group.

    What should the SysOps administrator do to delete the stack?

    A. Turn off stack termination protection. Retry the DeleteStack operation.
    B. Retry the DeleteStack operation with exponential backoff until the operation succeeds.
    C. Use the DeleteStack operation with the RetainResources parameter. Specify the security group.
    D. Modify the stack template to remove the security group. Update the stack by using the modified template.

  • Question 206:

    A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When

    looking at the web server logs, the following error is repeated multiple times:

    "** Error Establishing a Database Connection

    Which of the following may be causes of the connectivity problems? (Select TWO.)

    A. The security group for the database does not have the appropriate egress rule from the database to the web server.
    B. The certificate used by the web server is not trusted by the RDS instance.
    C. The security group for the database does not have the appropriate ingress rule from the web server to the database.
    D. The port used by the application developer does not match the port specified in the RDS configuration.
    E. The database is still being created and is not available for connectivity.

  • Question 207:

    A company needs to enforce tagging requirements for Amazon DynamoDB tables in its AWS accounts. A SysOps administrator must implement a solution to identify and remediate all DynamoDB tables that do not have the appropriate tags.

    Which solution will meet these requirements with the LEAST operational overhead?

    A. Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.
    B. Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an AWS Config custom rule to invoke the Lambda function.
    C. Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWS Systems Manager Automation custom runbook.
    D. Create an Amazon EventBridge managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure the EventBridge rule to run an AWS Systems Manager Automation custom runbook for remediation.

  • Question 208:

    A company has a core application that must run 24 hours a day, 7 days a week. The application uses Amazon EC2. AWS Fargate, and AWS Lambda. The company uses a combination of operating systems across different AWS Regions.

    The company needs to maximize cost savings while committing to a pricing model that offers flexibility to make changes.

    What should the company do to meet these requirements?

    A. Purchase a Compute Savings Plan that is based on Savings Plans recommendations
    B. Purchase an EC2 Instance Savings Plan that covers the EC2 instance types and the Fargate and Lambda vCPU equivalents.
    C. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy,
    D. Use EC2 Spot Instances that match the type and size of existing instances that run in each Region.

  • Question 209:

    A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that some requests are going directly to the S3 bucket by using the website hosting endpoint. A SysOps administrator must secure the S3 bucket to allow requests only from CloudFront.

    What should the SysOps administrator do to meet this requirement?

    A. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Remove access to and from other principals in the S3 bucket policy. Update the S3 bucket policy to allow access only from the OAI.
    B. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.
    C. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.
    D. Update the S3 bucket policy to allow access only from the CloudFront distribution. Remove access to and from other principals in the S3 bucket policy. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

  • Question 210:

    A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement?

    A. Turn on S3 Block Public Access from the account level.
    B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
    C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
    D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.