Amazon Amazon Certifications SOA-C02 Questions & Answers

• Question 261:

  A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

  Which condition should be used with the alarm?

  A. AWS/ApplicationELB HealthyHostCount <= 0

  B. AWS/ApplicationELB UnhealthyHostCount >= 1

  C. AWS/EC2 StatusCheckFailed <= 0

  D. AWS/EC2 StatusCheckFailed >= 1

  Correct Answer: A

  "all target instances" means zero Healthy, not one Healthy. "<= 0" means less than or equal to zero https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html

• Question 262:

  A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The company does not want to pay for additional unneeded capacity to achieve this performance.

  Which solution will meet these requirements with the LEAST cost?

  A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS

  B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS.

  C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode.

  D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS

  Correct Answer: B

  B - gp3 provides a consistent IOPS baseline performance that is not linearly dependent on the amount of storage we provision. It provides an initial 3000 IOPS baseline regardless and any IOPS above it costs 0.005$.

  As an example, assuming a size of 1TB and 10000 IOPS using a gp3 volume the monthly cost would be ~165$. Using io1 the same would cost 825$.

  Evidently, the most cost effective solution is gp3.

• Question 263:

  A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template should refer to the resources created by the first template.

  How can this be accomplished with the LEAST amount of administrative effort?

  A. Add an export field to the outputs of the first template and import the values in the second template.

  B. Create a custom resource that queries the stack created by the first template and retrieves the required values.

  C. Create a mapping in the first template that is referenced by the second template.

  D. Input the names of resources in the first template and refer to those names in the second template as a parameter.

  Correct Answer: A

  Note: To reference a resource in another AWS CloudFormation stack, you must first create cross-stack references. To create a cross-stack reference, use the export field to flag the value of a resource output for export.

  Ref link: https://repost.aws/knowledge-center/cloudformation-reference-resource Ref link: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-crossstackref.html

• Question 264:

  A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times. Which deployment policies satisfy this requirement? (Select TWO.)

  A. All at once

  B. Immutable

  C. Rebuild

  D. Rolling

  E. Rolling with additional batch

  Correct Answer: BE

  Immutable deployments perform an immutable update to launch a full set of new instances running the new version of the application in a separate Auto Scaling group, alongside the instances running the old version. Immutable deployments can prevent issues caused by partially completed rolling deployments. If the new instances don't pass health checks, Elastic Beanstalk terminates them, leaving the original instances untouched.

  To maintain full capacity during deployments, you can configure your environment to launch a new batch of instances before taking any instances out of service. This option is known as a rolling deployment with an additional batch. When the deployment completes, Elastic Beanstalk terminates the additional batch of instances.

  https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

• Question 265:

  A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future.

  What is the MOST operationally efficient solution that meets these requirements?

  A. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.

  B. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

  C. Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

  D. Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.

  Correct Answer: B

  "A certificate is eligible for automatic renewal subject to the following considerations: ELIGIBLE if associated with another AWS service, such as Elastic Load Balancing or CloudFront. ELIGIBLE if exported since being issued or last renewed. ELIGIBLE if it is a private certificate issued by calling the ACM RequestCertificate API and then exported or associated with another AWS service. ELIGIBLE if it is a private certificate issued through the management console and then exported or associated with another AWS service." https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html

• Question 266:

  A company updates its security policy to clarify cloud hosting arrangements for regulated workloads. Workloads that are identified as sensitive must run on hardware that is not shared with other customers or with other AWS accounts within the company.

  Which solution will ensure compliance with this policy?

  A. Deploy workloads only to Dedicated Hosts.

  B. Deploy workloads only to Dedicated Instances.

  C. Deploy workloads only to Reserved Instances.

  D. Place all instances in a dedicated placement group.

  Correct Answer: A

  The solution that will ensure compliance with the policy is to deploy workloads only to Dedicated Hosts. This is because Dedicated Hosts provide physical isolation between instances that belong to different accounts or different parts of the same account. By deploying workloads to Dedicated Hosts, the company can ensure that sensitive workloads are not sharing hardware with other customers or with other accounts within the company.

  Deploying workloads only to Dedicated Instances, on the other hand, does not provide the same level of isolation as Dedicated Hosts because the underlying hardware is still shared with other instances from the same account.

• Question 267:

  A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the most flexibility.

  What should the company do to MAXIMIZE cost savings while meeting these requirements?

  A. Establish the compute expense by the hour. Purchase a Compute Savings Plan.

  B. Establish the compute expense by the hour. Purchase an EC2 Instance Savings Plan.

  C. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy.

  D. Use EC2 Spot Instances to match the instances that run in each Region.

  Correct Answer: D

• Question 268:

  A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records. What type of record should be set in Route 53 to point the website's apex domain name (for example.company.com to the Application Load Balancer?

  A. CNAME

  B. SOA

  C. TXT

  D. ALIAS

  Correct Answer: D

  An ALIAS record is a Route 53 extension to DNS that provides a Route 53-specific alias for a resource record set. When Route 53 receives a DNS query for a domain name that is associated with an ALIAS record, Route 53 responds with the

  IP address of the resource that is specified in the record. An ALIAS record can be used to map an apex domain name to an Application Load Balancer. In this case, the ALIAS record points to the DNS name of the Application Load Balancer.

  A CNAME record is a type of DNS record that points one domain name to another. However, CNAME records cannot be used to map an apex domain name to an Application Load Balancer.

  An SOA (Start of Authority) record is a DNS record that specifies authoritative information about a DNS zone, such as the email address of the person responsible for managing the zone.

  A TXT record is a type of DNS record that is used to associate some arbitrary text with a DNS record. It is not used to map domain names to IP addresses or to other domain names.

  Reference:

  https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/setting-up-route53-zoneapex-elb.html

• Question 269:

  A SysOps administrator has launched a large general purpose Amazon EC2 instance to regularly process large data files. The instance has an attached 1 TB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBS- optimized. To save costs, the SysOps administrator stops the instance each evening and restarts the instance each morning.

  When data processing is active, Amazon CloudWatch metrics on the instance show a consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O performance while ensuring data integrity.

  Which action will meet these requirements?

  A. Change the instance type to a large, burstable, general purpose instance.

  B. Change the instance type to an extra large general purpose instance.

  C. Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

  D. Move the data that resides on the EBS volume to the instance store.

  Correct Answer: C

• Question 270:

  A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately.

  What should the SysOps administrator do to meet these requirements WITHOUT writing custom code''

  A. Add the AWS account to AWS Organizations Enable CloudTrail in the management account

  B. Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action

  C. Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail

  D. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail

  Correct Answer: B