Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 271:

  A SysOps administrator is responsible for managing a company's cloud infrastructure with AWS CloudFormation. The SysOps administrator needs to create a single resource that consists of multiple AWS services. The resource must support

  creation and deletion through the CloudFormation console.

  Which CloudFormation resource type should the SysOps administrator create to meet these requirements?

  A. AWS::EC2::Instance with a cfn-init helper script
  B. AWS::OpsWorks::Instance
  C. AWS::SSM::Document
  D. Custom::MyCustomType
  D. Custom::MyCustomType

  ---

  Custom resources enable you to write custom provisioning logic in templates that AWS CloudFormation runs anytime you create, update (if you changed the custom resource), or delete stacks. For example, you might want to include resources that aren't available as AWS CloudFormation resource types. You can include those resources by using custom resources. That way you can still manage all your related resources in a single stack. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html

• Question 272:

  A data storage company provides a service that gives users the ability to upload and download files as needed. The files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently during

  the first 30 days after the files are stored. Users rarely access files after 30 days.

  The company's SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object availability and minimizes cost.

  Which solution will meet these requirements?

  A. Move objects to S3 Glacier after 30 days.
  B. Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
  C. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
  D. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.
  C. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

  ---

  Explanation Explanation/Reference:https://aws.amazon.com/s3/storage-classes/

• Question 273:

  A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket

  Which of the following does this feature replicate to the destination S3 bucket by default?

  A. Objects in the source S3 bucket for which the bucket owner does not have permissions
  B. Objects that are stored in S3 Glacier
  C. Objects that existed before replication was configured
  D. Object metadata
  D. Object metadata

  ---

  Explanation Explanation/Reference:By default, Amazon S3 replicates the following: Objects created after you add a replication configuration. Unencrypted objects. Objects encrypted using customer provided keys (SSE-C), objects encrypted at rest under an Amazon S3 managed key (SSE-S3) or a KMS key stored in AWS Key Management Service (SSE-KMS). For more information, see Replicating objects created with server-side encryption (SSE-C, SSE-S3, SSE-KMS, DSSE-KMS). Object metadata from the source objects to the replicas. For information about replicating metadata from the replicas to the source objects, see Replicating metadata changes with Amazon S3 replica modification sync. Only objects in the source bucket for which the bucket owner has permissions to read objects and access control lists (ACLs).

• Question 274:

  A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts.

  Which AWS feature should the SysOps administrator use to meet these requirements?

  A. AWS Config aggregator
  B. IAM user permissions boundaries
  C. AWS Organizations service control policies (SCPs)
  D. AWS Security Hub conformance packs
  C. AWS Organizations service control policies (SCPs)

• Question 275:

  A company has a workload that runs on several Amazon EC2 instances. The company must retain the workload's system logs and application logs for 13 months. The logs must be available for the entire 13 months. The termination of an EC2 instance must not result in the loss of log information.

  Which solution will meet these requirements?

  A. Create an Amazon S3 bucket Apply a bucket policy to expire objects after 13 months. Schedule a shell script to periodically copy the logs to the S3 bucket Ensure that the attached instance profile has permissions to copy logs to the S3 bucket.
  B. Create a log group in Amazon CloudWatch Logs. Specify an Expire Events After value of 13 months. Configure the syslog protocol on the EC2 instances to push the logs to the log group. Ensure that the attached instance profile has permissions to push logs to the log group.
  C. Create an Amazon S3 bucket. Apply a bucket policy to expire objects after 13 months. Deploy the unified Amazon CloudWatch agent onto the EC2 instances. Configure the agent to store the logs in the S3 bucket. Ensure that the attached instance profile has permissions to store objects in the S3 bucket,
  D. Create a log group in Amazon CloudWatch Logs. Specify an Expire Events After value of 13 months Deploy the unified CloudWatch agent onto the EC2 instances. Configure the agent to push the logs to the log group. Ensure that the attached instance profile has permissions to push logs to the log group.
  D. Create a log group in Amazon CloudWatch Logs. Specify an Expire Events After value of 13 months Deploy the unified CloudWatch agent onto the EC2 instances. Configure the agent to push the logs to the log group. Ensure that the attached instance profile has permissions to push logs to the log group.

• Question 276:

  A company is implementing security and compliance by using AWS Trusted Advisor. The company's SysOps team is validating the list of Trusted Advisor checks that it can access. Which factor will affect the quantity of available Trusted Advisor checks?

  A. Whether at least one Amazon EC2 instance is in the running state
  B. The AWS Support plan
  C. An AWS Organizations service control policy (SCP)
  D. Whether the AWS account root user has multi-factor authentication (MFA) enabled
  B. The AWS Support plan

  ---

  AWS Basic Support and AWS Developer Support customers get access to 6 security checks (S3 Bucket Permissions, Security Groups - Specific Ports Unrestricted, IAM Use, MFA on Root Account, EBS Public Snapshots, RDS Public Snapshots) and 50 service limit checks. AWS Business Support, AWS Enterprise On-Ramp, and AWS Enterprise Support customers get access to all 115 Trusted Advisor checks (14 cost optimization, 17 security, 24 fault tolerance, 10 performance, and 50 service limits) and recommendations."

• Question 277:

  A company manages its multi-account environment by using AWS Organizations. The company needs to automate the creation of daily incremental backups of any Amazon Elastic Block Store (Amazon EBS) volume that is marked with a

  Lifecycle: Production tag in one of its primary AWS accounts.

  The company wants to prevent users from using Amazon EC2 * permissions to delete any of these production snapshots.

  What should a SysOps administrator do to meet these requirements?

  A. Create a daily snapshot of all EBS volumes by using Amazon Data Lifecycle Manager. Specify Lifecycle as the tag key. Specify Production as the tag value.
  B. Associate a service control policy (SCP) with the account to deny users the ability to delete EBS snapshots. Create an Amazon EventBridge rule with a 24-hour cron schedule. Configure EBS Create Snapshot as the target. Target all EBS volumes with the specified tags.
  C. Create a daily snapshot of all EBS volumes by using AWS Backup. Specify Lifecycle as the tag key. Specify Production as the tag value.
  D. Create a daily Amazon Machine Image (AMI) of every production EC2 instance within the AWS account by using Amazon Data Lifecycle Manager.
  A. Create a daily snapshot of all EBS volumes by using Amazon Data Lifecycle Manager. Specify Lifecycle as the tag key. Specify Production as the tag value.

  ---

  In this scenario, the objective is to automate the creation of daily incremental backups for EBS volumes marked with a specific tag and prevent users from deleting these snapshots using EC2 permissions. Amazon Data Lifecycle Manager (DLM) is a service that can automate the creation, retention, and deletion of EBS snapshots based on policies. By creating a DLM policy with a daily schedule and configuring it to target EBS volumes with the "Lifecycle: Production" tag, you can achieve the automated backup requirement.

• Question 278:

  An application runs on Amazon EC2 instances that are in an Auto Scaling group. A SysOps administrator needs to implement a solution that provides a central storage location for errors that the application logs to disk. The solution must provide an alert when the application logs an error.

  What should the SysOps administrator do to meet these requirements?

  A. Deploy and configure the Amazon CloudWatch agent on the EC2 instances to log to a CloudWatch Log group. Create a metric filter on the target CloudWatch Log group. Create a CloudWatch alarm that publishes to an Amazon Simple Notification Service (Amazon SNS) topic that has an email subscription.
  B. Create a cron job on the EC2 instances to identify errors and push the errors to an Amazon CloudWatch metric filter. Configure the filter to publish to an Amazon Simple Notification Service (Amazon SNS) topic that has an SMS subscription.
  C. Deploy an AWS Lambda function that pushes the errors directly to Amazon CloudWatch Logs. Configure the Lambda function to run every time the log file is updated on disk.
  D. Create an Auto Scaling lifecycle hook that invokes an EC2 based script to identify errors. Configure the script to push the error messages to an Amazon CloudWatch log group when the EC2 instances scale in. Create a CloudWatch alarm that publishes to an Amazon Simple Notification Service (Amazon SNS) topic that has an email subscription when the number of error messages exceeds a threshold.
  A. Deploy and configure the Amazon CloudWatch agent on the EC2 instances to log to a CloudWatch Log group. Create a metric filter on the target CloudWatch Log group. Create a CloudWatch alarm that publishes to an Amazon Simple Notification Service (Amazon SNS) topic that has an email subscription.

• Question 279:

  A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.

  Which solution will meet these requirements?

  A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
  B. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
  C. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.
  D. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the reboot parameter enabled.
  B. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.

  ---

  https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinA MI.html "NoReboot By default, Amazon EC2 attempts to shut down and reboot the instance before creating the image. If the No Reboot option is set, Amazon EC2 doesn't shut down the instance before creating the image. When this option is used, file system integrity on the created image can't be guaranteed." Besides, we can use AWS EventBridge to invoke Lambda function https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html

• Question 280:

  A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is configured to use a simple scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue.

  Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the instances to accommodate the increased number of messages.

  Which solution will meet these requirements?

  A. Use CloudWatch to create a metric math expression to calculate the approximate age of the oldest message in the SQS queue. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.
  B. Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.
  C. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a target tracking scaling policy for the ALBRequestCountPerTarget metric to modify the Auto Scaling group.
  D. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a scheduled scaling policy for the Auto Scaling group.
  B. Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.