A company has an encrypted Amazon S3 bucket that is hosted in the ap-southeast-2 Region. Users from the eu-west-2 Region access the S3 bucket over the internet. The users from eu-west-2 need faster transfers to and from the S3 bucket for large files.
Which solution will meet these requirements?
A. Reduce the length of the S3 bucket prefixes within the S3 bucket. B. Change the server-side encryption on the S3 bucket from AES to RSA. C. Create a new S3 bucket that has an identical name in eu-west-2. Use the new S3 bucket endpoint's domain name for access. D. Enable S3 Transfer Acceleration on the S3 bucket. Use the new s3-accelerate endpoint's domain name for access.
D. Enable S3 Transfer Acceleration on the S3 bucket. Use the new s3-accelerate endpoint's domain name for access.
Question 22:
A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data. Which AWS service will mitigate this issue?
A. AWS Shield Standard B. AWS WAF C. Elastic Load Balancing D. Amazon Cognito
B. AWS WAF Explanation Explanation/Reference:https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/
Question 23:
A SysOps administrator is creating an Amazon EC2 Auto Scaling group in a new AWS account. After adding some instances, the SysOps administrator notices that the group has not reached the minimum number of instances. The SysOps administrator receives the following error message:
Which action will resolve this issue?
A. Adjust the account spending limits for Amazon EC2 on the AWS Billing and Cost Management console B. Modify the EC2 quota for that AWS Region in the EC2 Settings section of the EC2 console. C. Request a quota Increase for the Instance type family by using Service Quotas on the AWS Management Console. D. Use the Rebalance action In the Auto Scaling group on the AWS Management Console.
C. Request a quota Increase for the Instance type family by using Service Quotas on the AWS Management Console. Explanation Explanation/Reference:The error message is suggesting that the account has hit its limit on the number of running EC2 instances. Therefore, the solution is to request a limit increase for the number of instances.
Question 24:
To automatically reboot an EC2 instance when disk usage reaches 100%, a solution with minimal operational overhead is needed.
A. Create a CloudWatch alarm for the EC2 instance. Create an Amazon EventBridge event rule that reacts to the CloudWatch alarm and reboots the EC2 instance. B. Create a CloudWatch alarm for the EC2 instance. Create an Amazon Simple Email Service (Amazon SES) notification that reacts to the CloudWatch alarm and reboots the EC2 instance. C. Create an AWS Lambda function to reboot the EC2 instance. Create a CloudWatch alarm that uses Amazon EventBridge to invoke the Lambda function. D. Create an AWS Lambda function to reboot the EC2 instance. Use EC2 health checks to invoke the Lambda function.
A. Create a CloudWatch alarm for the EC2 instance. Create an Amazon EventBridge event rule that reacts to the CloudWatch alarm and reboots the EC2 instance.
Question 25:
A SysOps administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the administrator wants to use a larger instance type with more memory.
What should the administrator use to make this change?
A. Use the ModifycacheCluster API and specify a new cacheNodeType. B. Use the createcacheciuster API and specify a new cacheNodeType. C. Use the Modi fyCacheParameterGcoup API and specify a new CacheNodeType. D. Use the Rebootcacheclustcr API and specify a new CacheNodeType.
A. Use the ModifycacheCluster API and specify a new cacheNodeType. To upgrade the instance type of a Memcached cluster in Amazon ElastiCache due to increased usage and the need for more memory: ModifyCacheCluster API: Utilize the ModifyCacheCluster API call. This API allows you to change various settings of an existing cache cluster, including the instance type, which is referred to as cacheNodeType. Instance Upgrade: Specify a new, larger cacheNodeType that provides more memory. This upgrade will involve a brief interruption as nodes are replaced with the larger type, but it is necessary to accommodate the increased load and memory requirements. Cluster Availability: Ensure that the Memcached cluster is configured for minimal downtime during this change. The upgrade process is handled by ElastiCache, and the new nodes will join the cluster with more memory capacity. This approach enables you to effectively scale up the resources available to your Memcached cluster, enhancing its performance and capacity to handle larger workloads.
Question 26:
A company has users that deploy Amazon EC2 instances that have more disk performance capacity than is required. A SysOps administrator needs to review all Amazon Elastic Block Store (Amazon EBS) volumes that are associated with the instances and create cost optimization recommendations based on IOPS and throughput.
What should the SysOps administrator do to meet these requirements in the MOST operationally efficient way?
A. Use the monitoring graphs in the EC2 console to view metrics for EBS volumes. Review the consumed space against the provisioned space on each volume. Identify any volumes that have low utilization. B. Stop the EC2 instances from the EC2 console. Change the EC2 instance type for Amazon EBS-optimized. Start the EC2 instances. C. Opt in to AWS Compute Optimizer. Allow sufficient time for metrics to be gathered. Review the Compute Optimizer findings for EBS volumes. D. Install the fio tool onto the EC2 instances and create a .cfg file to approximate the required workloads. Use the benchmark results to gauge whether the provisioned EBS volumes are of the most appropriate type.
C. Opt in to AWS Compute Optimizer. Allow sufficient time for metrics to be gathered. Review the Compute Optimizer findings for EBS volumes. https://aws.amazon.com/blogs/storage/cost-optimizing-amazon-ebs-volumes-using-aws-compute-optimizer/
Question 27:
A company recently deployed an application in production. The production environment currently runs on a single Amazon EC2 instance that hosts the application's web application and a MariaDB database. Company policy states that all IT production environments must be highly available.
What should a SysOps administrator do to meet this requirement?
A. Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Run the application on EC2 instances that are in an Auto Scaling group that extends across multiple Availability Zones. Place the EC2 instances behind a load balancer. B. Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Use AWS Application Migration Service to convert the application into an AWS Lambda function. Specify the Multi-AZ option for the Lambda function. C. Copy the database to a different EC2 instance in a different Availability Zone. Use AWS Backup to create Amazon Machine Images (AMIs) of the application EC2 instance and the database EC2 instance. Create an AWS Lambda function that performs health checks every minute. In case of failure, configure the Lambda function to launch a new EC2 instance from the AMIs that AWS Backup created. D. Migrate the database to a different EC2 instance. Place the application EC2 instance in an Auto Scaling group that extends across multiple Availability Zones. Create an Amazon Machine Image (AMI) from the database EC2 instance. Use the AMI to launch a second database EC2 instance in a different Availability Zone. Put the second database EC2 instance in the stopped state. Use the second database EC2 instance as a standby.
A. Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Run the application on EC2 instances that are in an Auto Scaling group that extends across multiple Availability Zones. Place the EC2 instances behind a load balancer.
Question 28:
A company needs to view a list of security groups that are open to the internet on port 3389. What should a SysOps administrator do to meet this requirement?
A. Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389. B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389. C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389. D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.
D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389. Explanation Explanation/Reference:AWS Trusted Advisor is a service that provides best practice recommendations to help optimize your AWS environment. It can detect security-related issues, including security groups with overly permissive rules. In this case, it can help you identify security groups that are open to the internet on port 3389, which is the Remote Desktop Protocol (RDP) port. By using AWS Trusted Advisor, the SysOps administrator can quickly access a list of security groups that have this unrestricted access configuration. This allows them to review and take necessary actions to tighten the security settings and restrict access as needed.
Question 29:
A company is using Amazon Elastic Container Sen/ice (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator needs to monitor only traffic flows between the ECS tasks. Which combination of steps should the SysOps administrator take to meet this requirement? (Select TWO.)
A. Configure Amazon CloudWatch Logs on the elastic network interface of each task. B. Configure VPC Flow Logs on the elastic network interface of each task. C. Specify the awsvpc network mode in the task definition. D. Specify the bridge network mode in the task definition. E. Specify the host network mode in the task definition.
B. Configure VPC Flow Logs on the elastic network interface of each task. C. Specify the awsvpc network mode in the task definition. Explanation Explanation/Reference:The awsvpc network mode also provides greater security for your containers by enabling you to use security groups and network monitoring tools at a more granular level within your tasks. Because each task gets its own elastic network interface (ENI), you can also use other Amazon EC2 networking features such as VPC Flow Logs to monitor traffic to and from your tasks. Additionally, containers that belong to the same task can communicate over the localhost interface.
Question 30:
A company asks a SysOps administrator to provision an additional environment for an application in four additional AWS Regions. The application is running on more than 100 Amazon C2 instances in the us-east-1 Region, using fully configured Amazon Machine Images (AMIs). The company has an AWS CloudFormation template to deploy resources in us-east-1.
What should the SysOps administrator do to provision the application in the MOST operationally efficient manner?
A. Copy the AMI to each Region by using the aws ec2 copy-image command. Update the CloudFormation template to include mappings for the copied AMIs. B. Create a snapshot of the running instance. Copy the snapshot to the other Regions. Create an AMI from the snapshots. Update the CloudFormation template for each Region to use the new AMI. C. Run the existing CloudFormation template in each additional Region based on the success of the template that is used currently in us-east-1. D. Update the CloudF ormation template to include the additional Regions in the Auto Scaling group. Update the existing stack in us-east-1.
A. Copy the AMI to each Region by using the aws ec2 copy-image command. Update the CloudFormation template to include mappings for the copied AMIs. Explanation Explanation/Reference:A. Copy the AMI to each Region by using the aws ec2 copy-image command. Update the CloudFormation template to include mappings for the copied AMIs. This option involves copying the AMI from the us-east-1 Region to the additional Regions using the aws ec2 copy-image command. Once the AMI is available in each of the target Regions, the CloudFormation template can be updated to include mappings for the copied AMIs in each Region. This allows you to use the fully configured AMI in each Region without needing to recreate it from scratch or take snapshots of running instances.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.