Amazon Amazon Certifications SOA-C02 Questions & Answers

• Question 241:

  CORRECT TEXT

  Update an existing AWS CloudFormation stack. If needed, a copy 0t the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

  1.

  Use the us-east-2 Region for all resources.

  2.

  Unless specified below, use the default configuration settings.

  3.

  update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

  a) Change the EC2 instance type to us-east-t2.nano.

  b) Allow SSH to connect to the EC2 instance from the IP address range 192.168.100.0/30.

  c) Replace the instance profile IAM role with IamRoleB.

  4.

  Deploy the changes by updating the stack using the CFServiceR01e role.

  5.

  Edit the stack options to prevent accidental deletion.

  6.

  Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

  

  Correct Answer: Check the answer in explanation.

  Solution as given below.

  

• Question 242:

  CORRECT TEXT

  A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

  1.

  Use the us-east-2 Region for all resources.

  2.

  Unless specified below, use the default configuration settings.

  3.

  There is an existing hosted zone named lab-751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

  4.

  Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

  5.

  For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

  6.

  In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

  7.

  Create a new secondary failover alias record for the domain lab-751906329398- 26023898.com that routes traffic to the existing 53 bucket.

  Correct Answer: Check the answer in explanation.

  Solution as given below.

  

  

  

  

• Question 243:

  CORRECT TEXT

  If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

  If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

  Configure Amazon EventBridge to meet the following requirements.

  1.

  use the us-east-2LRegion for all resources,

  2.

  Unless specified below, use the default configuration settings.

  3.

  Use your own resource naming unless a resource name is specified below.

  4.

  Ensure all Amazon EC2 events in the default event bus are replayable for the past 90 days.

  5.

  Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

  6.

  Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

  

  Input template:

  " The EC2 Spot Instance has been on account.

  Correct Answer: Check the answer in explanation.

  Solution as given below.

  

  

• Question 244:

  A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements?

  A. Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.

  B. Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.

  C. Purchase Reserved Instances through the Amazon EC2 console.

  D. Use AWS Compute Optimizer and take action on the provided recommendations.

  Correct Answer: D

• Question 245:

  A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

  A. Create an AWS Serverless Application Repository and export the Lambda function recommendations.

  B. Enable AWS Compute Optimizer and export the Lambda function recommendations

  C. Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights.

  D. Run AWS Trusted Advisor and export the Lambda function recommendations

  Correct Answer: B

  https://aws.amazon.com/blogs/compute/optimizing-aws-lambda-cost-and-performance-using-aws-compute-optimizer/

• Question 246:

  A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

  

  What should be added to the private subnet's route table in order to address this issue, given the information provided?

  A. 0.0.0.0/0 IGW

  B. 0.0.0.0/0 NAT

  C. 10.0.1.0/24 IGW

  D. 10.0.1.0/24 NAT

  Correct Answer: B

  To enable instances in a private subnet to connect to the internet, you can create a NAT gateway or launch a NAT instance in a public subnet. Then add a route for the private subnet's route table that routes IPv4 internet traffic (0.0.0.0/0) to the NAT device.

  https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-nat

• Question 247:

  A company's backend infrastructure contains an Amazon EC2 instance in a private subnet. The private subnet has a route to the internet through a NAT gateway in a public subnet. The instance must allow connectivity to a secure web server on the internet to retrieve data at regular intervals.

  The client software times out with an error message that indicates that the client software could not establish the TCP connection.

  What should a SysOps administrator do to resolve this error?

  A. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0.0.0.0/0.

  B. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0.0.0.0/0.

  C. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0.0.0.0/0.

  D. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS. Destination - 0.0.0.0/0.

  Correct Answer: D

• Question 248:

  A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make

  the application highly available.

  Which action should the SysOps administrator take to meet this requirement?

  A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

  B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

  C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.

  D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

  Correct Answer: C

  "An Auto Scaling group can contain EC2 instances in one or more Availability Zones within the same Region. However, Auto Scaling groups cannot span multiple Regions". As stated in https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.htm

• Question 249:

  A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC. the administrator is unable to connect to any of the domains that reside on the internet.

  What additional route destination rule should the administrator add to the route tables?

  A. Route ;:/0 traffic to a NAT gateway

  B. Route ::/0 traffic to an internet gateway

  C. Route 0.0.0.0/0 traffic to an egress-only internet gateway

  D. Route ::/0 traffic to an egress-only internet gateway

  Correct Answer: D

  IPv6 addresses are globally unique, and are therefore public by default. If you want your instance to be able to access the internet, but you want to prevent resources on the internet from initiating communication with your instance, you can use an egress-only internet gateway. To do this, create an egress-only internet gateway in your VPC, and then add a route to your route table that points all IPv6 traffic (::/0) or a specific range of IPv6 address to the egress-only internet gateway. IPv6 traffic in the subnet that's associated with the route table is routed to the egress-only internet gateway.

  https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html

• Question 250:

  A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.

  What should the SysOps administrator do to ensure that all traffic is logged?

  A. Create a new flow tog that has a titter setting to capture all traffic

  B. Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog

  C. Edit the existing flow log Change the fitter setting to capture all traffic

  D. Edit the existing flow log. Set the log record format to a custom format Select the proper fields to include in the tog

  Correct Answer: A