1. Home
  2. Amazon
  3. SOA-C02

Amazon SOA-C02 Online Practice Questions and Exam Preparation

SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 281:

    A company wants to archive sensitive data on Amazon S3 Glacier. The company's regulatory and compliance requirements do not allow any modifications to the data by any account.

    Which solution meets these requirements?

    A. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.
    B. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
    C. Configure S3 Object Lock in governance mode. Upload all files after 24 hours.
    D. Configure S3 Object Lock in governance mode. Upload all files within 24 hours.

  • Question 282:

    A SysOps administrator wants to use AWS Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances.

    Which solution will meet these requirements?

    A. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Add an auto-approval delay to each patch group. Create a single maintenance window.
    B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.
    C. Use tags to identity development instances and production instances. In Patch Manager, create two patch groups and one patch baseline, Create two separate maintenance windows, each with an auto-approval delay.
    D. Use tags to identify development instances. In Patch Manager, create one patch group and one patch baseline. Specify auto-approval delays in the patch baseline, Add development instances to the new patch group. Use predefined Patch Manager patch baselines for all remaining instances. Create a single maintenance window.

  • Question 283:

    A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator. Which action will the administrator of the second account be able to perform?

    A. Add a product from the imported portfolio to a local portfolio.
    B. Add new products to the imported portfolio.
    C. Change the launch role for the products contained in the imported portfolio.
    D. Customize the products in the imported portfolio.

  • Question 284:

    The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM

    policies in use and the total available IAM policies.

    Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

    A. AWS Trusted Advisor
    B. Amazon Inspector
    C. AWS Config
    D. AWS Organizations

  • Question 285:

    A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.

    Which solution will meet these requirements?

    A. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.
    B. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.
    C. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.
    D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server's IP address to Kibana.

  • Question 286:

    A company has a production application that runs on large compute optimized Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. The Auto Scaling group has a desired capacity of 2, a maximum capacity of 2. and a minimum capacity of 1.

    The application is CPU-bound. The EC2 instances show consistent CPU utilization of 90% or greater during peak usage periods. These peak usage periods are unpredictable and cause performance issues and latency issues.

    Which solution will automate the resolution of these issues?

    A. Deploy additional instances outside the Auto Scaling group. Create a new target group that includes the existing instances and the additional instances as targets. Reconfigure the ALB to direct traffic to the new target group.
    B. Increase the maximum capacity of the Auto Scaling group. Change the instances to a burstable instance type
    C. Increase the maximum capacity of the Auto Scaling group. Configure a scaling policy to add instances when instance CPU utilization is greater than 80%.
    D. Increase the desired capacity of the Auto Scaling group. Configure a scaling policy to add instances when instance CPU utilization is greater than 80%.

  • Question 287:

    A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com.

    What should the SysOps administrator do to resolve this issue?

    A. Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.
    B. Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.
    C. Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.
    D. Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.

  • Question 288:

    A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated.

    What is the MOST operationally efficient solution that meets these requirements?

    A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is compliant. Terminate any noncompliant instances.
    B. Create an IAM policy that enforces all EC2 instance tag requirements. If the required tags are not in place for an instance, the policy will terminate noncompliant instance.
    C. Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5 minutes.
    D. Create an AWS Config rule to check if the required tags are present. If an EC2 instance is noncompliant, invoke an AWS Systems Manager Automation document to terminate the instance.

  • Question 289:

    A SysOps administrator wants to provide access to AWS services by attaching an IAM policy to multiple IAM users. The SysOps administrator also wants to be able to change the policy and create new versions. Which combination of actions will meet these requirements? (Choose two.)

    A. Add the users to an IAM service-linked role. Attach the policy to the role.
    B. Add the users to an IAM user group. Attach the policy to the group.
    C. Create an AWS managed policy.
    D. Create a customer managed policy.
    E. Create an inline policy.

  • Question 290:

    A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). One of the company's vendors needs a static IP address. The vendor will add this static IP address to its outbound allow list so that the vendor can access the application on the EC2 instances.

    Which solution will provide the static IP address?

    A. Associate an Elastic IP address with the ALB.
    B. Associate an AWS WAF web ACL that has an IP match condition rule with the ALB.
    C. Create a VPC endpoint. Associate the VPC endpoint with the ALB.
    D. Replace the ALB with a Network Load Balancer.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.