Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 221:

  The SysOps administrator needs to configure a website for CloudFront when the DNS CNAME record points to an S3 URL instead of CloudFront.

  A. Disable S3 Block Public Access on the S3 bucket.
  B. Create an S3 access point in the same AWS Region where the S3 bucket is located. Configure the access point policy to allow CloudFront to read from the S3 bucket. Point the CNAME record to the S3 access point name.
  C. Modify the value of the DNS CNAME record to be arn:aws:s3:::example-com-website- files instead of the S3 URI.
  D. Modify the value of the DNS CNAME record to be dllllllabcdef8.cloudfront.net instead of the S3 URI.
  D. Modify the value of the DNS CNAME record to be dllllllabcdef8.cloudfront.net instead of the S3 URI.

• Question 222:

  A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.

  Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

  A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.
  B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.
  C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.
  D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
  E. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.
  A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.
  D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.

  ---

  https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-your-iam-configuration-changes/

• Question 223:

  A company recently purchased Savings Plans. The company wants to receive email notification when the company's utilization drops below 90% for a given day.

  Which solution will meet this requirement?

  A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in AWS Trusted Advisor. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.
  B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metric under the AWS/SavingsPlans namespace in CloudWatch. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.
  C. Create a Savings Plans alert to monitor the daily utilization of the Savings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.
  D. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of the Savings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.
  D. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of the Savings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.

  ---

  AWS Budgets can be used to create a Savings Plans budget and track the daily utilization of the company's Savings Plans. By creating a budget, it will trigger an action when the utilization drops below 90%, which in this case will be to send an email notification via an Amazon SNS topic. This will ensure that the company is notified when their Savings Plans utilization drops below 90%, allowing them to take action if necessary. Reference: [1] https://docs.aws.amazon.com/savingsplans/latest/userguide/sp-usingBudgets.html

• Question 224:

  A SysOps administrator needs to create an Amazon S3 bucket as a resource in an AWS CloudFormation template. The bucket name must be randomly generated, and the bucket must be encrypted. Other resources in the template will reference the bucket.

  Which CloudFormation resource definition should the SysOps administrator use to meet these requirements?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  B. Option B

• Question 225:

  A SysOps administrator is investigating a company's web application for performance problems. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application receives large traffic increases at random times throughout the day. During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fast enough. As a result, users are experiencing poor performance.

  The company wants to minimize costs without adversely affecting the user experience when web traffic surges quickly. The company needs a solution that adds more capacity to the Auto Scaling group for larger traffic increases than for smaller traffic increases.

  How should the SysOps administrator configure the Auto Scaling group to meet these requirements?

  A. Create a simple scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.
  B. Create a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.
  C. Create a target tracking scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.
  D. Use Amazon EC2 Auto Scaling lifecycle hooks. Adjust the Auto Scaling group's maximum number of instances after every scaling event.
  B. Create a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.

  ---

  Explanation Explanation/Reference:The correct answer is B. Create a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load. Step scaling policies are suitable for scenarios where you want to add more capacity to the Auto Scaling group as the traffic increases. With step scaling policies, you can define specific thresholds for different levels of traffic and configure the scaling adjustments accordingly. This allows you to add more capacity during larger traffic increases while minimizing costs during smaller traffic increases. Option A (Create a simple scaling policy) might not be the best choice as it does not provide the granularity needed to handle larger traffic increases differently from smaller ones.

• Question 226:

  A company has created an AWS CloudFormation template that consists of the AWS: EC2 Instance resource and a custom Cloud Formation resource The custom CloudFormation resource is an AWS Lambda function that attempts to run automation on the Amazon EC2 instance.

  During testing, the Lambda function fails because the Lambda function tries to run before the EC2 instance is launched

  Which solution will resolve this issue?

  A. Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.
  B. Update the custom resource's service token to point to a valid Lambda function
  C. Update the Lambda function to use the cfn-response module to send a response to the custom resource.
  D. Use the Fn::lf intrinsic function to check for the EC2 instance before the custom resource runs.
  A. Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.

  ---

  DependsOn Attribute in CloudFormation: The DependsOn attribute in AWS CloudFormation ensures that one resource is created only after another resource has been successfully created. In this case, it ensures that the EC2 instance is fully launched before the custom resource (the Lambda function) is executed. Steps: Resources: MyEC2Instance: Type: AWS::EC2::Instance Properties: # EC2 properties MyCustomResource: Type: Custom::MyCustomResource DependsOn: MyEC2Instance Properties: ServiceToken: !GetAtt MyLambdaFunction.Arn # Other properties AWS CloudFormation DependsOn Attribute

• Question 227:

  A company has an on-premises DNS solution and wants to resolve DNS records in an Amazon Route 53 private hosted zone for example.com. The company has set up an AWS Direct Connect connection for network connectivity between the on-premises network and the VPC. A SysOps administrator must ensure that an on-premises server can query records in the example.com domain.

  What should the SysOps administrator do to meet these requirements?

  A. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint to allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
  B. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint to allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.
  C. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpoint to allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
  D. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpoint to allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.
  A. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint to allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.

• Question 228:

  A company deploys a new application on three Amazon EC2 instances across three Availability Zones The company uses a Network Load Balancer (NLB) to route traffic lo the EC2 instances. A SysOps administrator must implement a solution so that the EC2 instances allow traffic from only the NLB.

  What should the SysOps administrator do to meet these requirements with the LEAST operational overhead?

  A. Configure the security group that is associated with the EC2 instances to allow traffic from only the security group that is associated with the NLB.
  B. Configure the security group that is associated with the EC2 instances to allow traffic from only the elastic network interfaces that are associated with the NLB.
  C. Create a network ACL. Associate the network ACL with the application subnets. Configure the network ACL to allow inbound traffic from only the CIDR ranges of the NLB.
  D. Use a third-party firewall solution that is installed on a separate EC2 instance. Configure a firewall rule that allows traffic to the application's EC2 instances from only the subnets where the NLB is deployed
  A. Configure the security group that is associated with the EC2 instances to allow traffic from only the security group that is associated with the NLB.

• Question 229:

  A SysOps administrator must create a solution that immediately notifies software developers if an AWS Lambda function experiences an error.

  Which solution will meet this requirement?

  A. Create an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer. Create an Amazon CloudWatch alarm by using the Errors metric and the Lambda function name as a dimension. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
  B. Create an Amazon Simple Notification Service (Amazon SNS) topic with a mobile subscription for each developer. Create an Amazon EventBridge (Amazon CloudWatch Events) alarm by using LambdaError as the event pattern and the SNS topic name as a resource. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
  C. Verify each developer email address in Amazon Simple Email Service (Amazon SES). Create an Amazon CloudWatch rule by using the LambdaError metric and developer email addresses as dimensions. Configure the rule to send an email through Amazon SES when the rule state reaches ALARM.
  D. Verify each developer mobile phone in Amazon Simple Email Service {Amazon SES). Create an Amazon EventBridge (Amazon CloudWatch Events) rule by using Errors as the event pattern and the Lambda function name as a resource. Configure the rule to send a push notification through Amazon SES when the rule state reaches ALARM.
  A. Create an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer. Create an Amazon CloudWatch alarm by using the Errors metric and the Lambda function name as a dimension. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.

  ---

  https://aws.amazon.com/blogs/mt/get-notified-specific-lambda-function-error-patterns-using-cloudwatch/

• Question 230:

  To address recurring application crashes due to a memory leak, the SysOps administrator needs to implement a temporary reboot solution outside of business hours.

  A. Create an Amazon EventBridge rule that is scheduled to run outside of business hours. Configure the rule to invoke the StartInstances operation on the EC2 instances.
  B. Use AWS Systems Manager to create a daily maintenance window that is outside of business hours. Register the EC2 instances as a target. Assign the AWS- RestartEC2Instance runbook to the maintenance window.
  C. Configure an additional CloudWatch alarm to monitor the StatusCheckFailed_System metric for the EC2 instances. Configure an EC2 action on the additional alarm to reboot the instances.
  D. Configure an additional CloudWatch alarm that is triggered every time the application crashes. Configure an EC2 action on the additional alarm to restart the application on the EC2 instances.
  B. Use AWS Systems Manager to create a daily maintenance window that is outside of business hours. Register the EC2 instances as a target. Assign the AWS- RestartEC2Instance runbook to the maintenance window.