Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 261:

  A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must integrate with Amazon RDS. Which solution will meet these requirements with the LEAST operational overhead?

  A. Store the credentials in AWS Systems Manager Parameter Store as a secure string. Configure automatic rotation with a rotation interval of 30 days.
  B. Store the credentials in AWS Secrets Manager. Configure automatic rotation with a rotation interval of 30 days.
  C. Store the credentials in a file in an Amazon S3 bucket. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
  D. Store the credentials in AWS Secrets Manager. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
  B. Store the credentials in AWS Secrets Manager. Configure automatic rotation with a rotation interval of 30 days.

  ---

  Explanation Explanation/Reference:Storing the credentials in AWS Secrets Manager and configuring automatic rotation with a rotation interval of 30 days is the most efficient way to meet the requirements with the least operational overhead. AWS Secrets Manager automatically rotates the credentials at the specified interval, so there is no need for an additional AWS Lambda function or manual rotation. Additionally, Secrets Manager is integrated with Amazon RDS, so the credentials can be easily used with the RDS database.

• Question 262:

  A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the

  user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response.

  What is the MOST operationally efficient solution that meets these requirements?

  A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.
  B. Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.
  C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
  D. Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
  A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.

  ---

  This is the most operationally efficient solution that meets the requirements, as it will allow the company to monitor the number of times that the web server returns an HTTP 404 response in real-time. The other solutions (creating a CloudWatch Logs subscription filter, an AWS Lambda function, or a script) will require additional steps and resources to monitor the number of times that the web server returns an HTTP 404 response. A metric filter allows you to search for specific terms, phrases, or values in your log events, and then to create a metric based on the number of occurrences of those search terms. This allows you to create a CloudWatch Metric that can be used to create alarms and dashboards, which can be used to monitor the number of HTTP 404 responses returned by the web server.

• Question 263:

  A SysOps administrator must configure a resilient tier of Amazon EC2 instances for a high performance computing (HPC) application. The HPC application requires minimum latency between nodes. Which actions should the SysOps administrator take to meet these requirements? (Select TWO.)

  A. Create an Amazon Elastic File System (Amazon EPS) file system Mount the file system to the EC2 instances by using user data
  B. Create a Multi-AZ Network Load Balancer in front of the EC2 instances
  C. Place the EC2 instances in an Auto Scaling group within a single subnet
  D. Launch the EC2 instances into a cluster placement group
  E. Launch the EC2 instances into a partition placement group
  C. Place the EC2 instances in an Auto Scaling group within a single subnet
  D. Launch the EC2 instances into a cluster placement group

  ---

  Explanation Explanation/Reference:Cluster ?packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of high-performance computing (HPC) applications. Ref link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

• Question 264:

  A company that uses AWS Organizations has an organization that contains several AWS accounts. A SysOps administrator needs to implement controls to prevent an account from leaving the organization.

  Which solution will meet these requirements?

  A. Create a service control policy (SCP) that denies the LeaveOrganization action. Apply the SCP to the root organizational unit (OU).
  B. Create a service control policy (SCP) that denies the RemoveAccountFromOrganization action. Apply the SCP to the root organizational unit (OU).
  C. Deploy an AWS Lambda function in each member account to remove any Organizations permissions when a user is created.
  D. Turn on AWS Config. Set up the account-part-of-organizations managed rule. Configure the rule to run every hour.
  A. Create a service control policy (SCP) that denies the LeaveOrganization action. Apply the SCP to the root organizational unit (OU).

• Question 265:

  A company has a new requirement stating that all resources in AWS must be tagged according to a set policy.

  Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?

  A. AWS CloudTrail
  B. Amazon Inspector
  C. AWSConfig
  D. AWS Systems Manager
  C. AWSConfig

• Question 266:

  A SysOps administrator notices that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. The SysOps administrator needs to increase the cache hit ratio for the distribution, improve network performance, and reduce the load on the origin.

  Which combination of actions should the SysOps administrator take to meet these requirements? (Choose two.)

  A. Enable CloudFront Origin Shield for the required AWS Regions.
  B. Change the viewer protocol policy to use HTTPS only.
  C. Add a second origin. Create an origin group that includes both origins. Activate CloudFront origin failover.
  D. Turn on automatic compression of objects in the cache behavior settings.
  E. Increase the CloudFront TTL values in the cache behavior settings.
  A. Enable CloudFront Origin Shield for the required AWS Regions.
  E. Increase the CloudFront TTL values in the cache behavior settings.

• Question 267:

  A company's financial department needs to view the cost details of each project in an AWS account. A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer.

  Which solution will meet this requirement?

  A. Activate cost allocation tags. Add a project tag to the appropriate resources.
  B. Configure consolidated billing. Create AWS Cost and Usage Reports.
  C. Use AWS Budgets. Create AWS Budgets reports.
  D. Use cost categories to define custom groups that are based on AWS cost and usage dimensions.
  A. Activate cost allocation tags. Add a project tag to the appropriate resources.

  ---

  Cost allocation tags are used to track AWS costs on a detailed level. By activating cost allocation tags and adding a project tag to the appropriate resources, the financial department will be able to view the cost details of each project in Cost Explorer. https://wa.aws.amazon.com/wat.concept.costalloctag.en.html#:~:text=You%20can%20use%20tags%20to,and%20track%20your%20AWS%20costs.

• Question 268:

  A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted. Which approach will resolve the encryption requirement?

  A. Log in to the RDS console and select the encryption box to encrypt the database
  B. Create a new encrypted Amazon EBS volume and attach it to the instance
  C. Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
  D. Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance
  D. Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance

• Question 269:

  A company has a large on-premises tape backup solution. The company has started to use AWS Storage Gateway. The company created a Tape Gateway to replace the existing on-premises hardware. The company's backup engineer noticed that some of the backup jobs that were supposed to write to AWS failed to run because of a "Not Enough Space" error.

  The company does not want these failures to happen again. The company also wants to consistently have enough tape available on AWS.

  What is the MOST operationally efficient way for a SysOps administrator to meet these requirements?

  A. Create an AWS Lambda function that runs on an hourly basis and checks how many tapes have available space. If the available tapes are below a certain threshold, provision more.
  B. Install the Amazon CloudWatch agent on the on-premises system. Push the log files to a CloudWatch log group. Create an AWS Lambda function that creates more tapes when the "Not Enough Space" error appears. Create a metric filter and a metric alarm that launches the Lambda function.
  C. Create an additional Tape Gateway with its own set of tapes. Configure Amazon Simple Notification Service (Amazon SNS) to send a notification to the backup engineer if the tapes that are associated with the primary Tape Gateway do not have available space.
  D. Configure tape auto-create on the Tape Gateway. In the auto-create settings, configure a minimum number of tapes, an appropriate barcode prefix, and a tape pool.
  D. Configure tape auto-create on the Tape Gateway. In the auto-create settings, configure a minimum number of tapes, an appropriate barcode prefix, and a tape pool.

  ---

  The Tape Gateway automatically creates new virtual tapes to maintain the minimum number of available tapes that you configure. It then makes these new tapes available for import by the backup application so that your backup jobs can run without interruption. Automatic tape creation removes the need for custom scripting in addition to the manual process for creating new virtual tapes. https://docs.aws.amazon.com/storagegateway/latest/tgw/managing-automatic-tape-creation.html

• Question 270:

  A company has attached the following policy to an IAM user:

  

  Which of the following actions are allowed for the IAM user?

  A. Amazon RDS DescribeDBInstances action in the us-east-1 Region
  B. Amazon S3 Putobject operation in a bucket named testbucket
  C. Amazon EC2 Describe Instances action in the us-east-1 Region
  D. Amazon EC2 AttachNetworkinterf ace action in the eu-west-1 Region
  C. Amazon EC2 Describe Instances action in the us-east-1 Region