1. Home
  2. Amazon
  3. SOA-C02

Amazon SOA-C02 Online Practice Questions and Exam Preparation

SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 301:

    A company has a policy that all Amazon EC2 instance logs must be published to Amazon CloudWatch Logs. A SysOps administrator is troubleshooting an EC2 instance that is running Amazon Linux 2. The EC2 instance is not publishing logs to CloudWatch Logs. The Amazon CloudWatch agent is running on the EC2 instance, and the agent configuration file is correct.

    What should the SysOps administrator do to resolve the issue?

    A. Configure the AWS CLI on the EC2 instance. Create a cron job that calls the PutLogEvents API operation to push the log files to CloudWatch every 5 minutes.
    B. Inspect the retention period of the CloudWatch Logs log group. Ensure that the retention period is set to a value that is greater than 1 day.
    C. Set up an Amazon Kinesis data stream that is running in the same AWS Region as the EC2 instance. Configure the CloudWatch agent on the EC2 instance to send CloudWatch events to the data stream.
    D. Ensure that the IAM role that is attached to the EC2 instance has permissions in CloudWatch Logs for the CreateLogGroup, CreateLogStream, PutLogEvents, and DescribeLogStreams actions.

  • Question 302:

    A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A SysOps administrator must block the public IP address.

    Which solution will meet this requirement?

    A. Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.
    B. Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.
    C. Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.
    D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.

  • Question 303:

    A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.

    What is the MOST operationally efficient solution that will improve the application's responsiveness?

    A. Configure CloudWatch logging on the EC2 instance. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.
    B. Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency.
    C. Create an Auto Scaling group, and assign it to an Application Load Balancer. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group.
    D. Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%. Configure the alarm to invoke an AWS Lambda function that vertically scales the instance.

  • Question 304:

    A company is using an AWS KMS customer master key (CMK) with imported key material The company references the CMK by its alias in the Java application to encrypt data The CMK must be rotated every 6 months What is the process to rotate the key?

    A. Enable automatic key rotation for the CMK and specify a period of 6 months
    B. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
    C. Delete the current key material, and import new material into the existing CMK
    D. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months

  • Question 305:

    The SysOps administrator needs to prevent any account within an AWS Organization from leaving the organization.

    A. Create a service control policy (SCP) that denies the LeaveOrganization action. Apply the SCP to the root organizational unit (OU).
    B. Create a service control policy (SCP) that denies the RemoveAccountFromOrganization action. Apply the SCP to the root organizational unit (OU).
    C. Deploy an AWS Lambda function in each member account to remove any Organizations permissions when a user is created.
    D. Turn on AWS Config. Set up the account-part-of-organizations managed rule. Configure the rule to run every hour.

  • Question 306:

    A SysOps administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%.

    Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select TWO.)

    A. Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings.
    B. Change the Viewer Protocol Policy to use HTTPS only.
    C. Configure the distribution to use presigned cookies and URLs to restrict access to the distribution.
    D. Enable automatic compression of objects in the Cache Behavior Settings.
    E. Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

  • Question 307:

    A company has an Amazon Route 53 private hosted zone in its AWS account. The private hosted zone is connected to the company's on-premises data center by an AWS Direct Connect connection. Virtual machines (VMs) in the on-premises data center need to resolve DNS queries that exist in the private hosted zone.

    What is the MOST operationally efficient solution that meets this requirement?

    A. Create a Route 53 inbound resolver. Configure the on-premises VMs to use the inbound resolver.
    B. Create a Route 53 outbound resolver. Configure the on-premises VMs to use the outbound resolver.
    C. Configure the security group on the Route 53 private hosted zone by adding an inbound rule for the on-premises CIDR range.
    D. Configure a Route 53 public hosted zone. Create an NS record for the private hosted zone. Query the public hosted zone from the on-premises VMs.

  • Question 308:

    A company is hosting a public website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company needs the website to support HTTPS connections.

    Which solution will meet this requirement?

    A. Replace the ALB with a Network Load Balancer.
    B. Use AWS Certificate Manager (ACM) to issue a public SSL/TLS certificate. Configure the ALB to use the certificate.
    C. Import a public SSL/TLS certificate into AWS Key Management Service (AWS KMS). Configure the ALB to retrieve the certificate from AWS KMS.
    D. Attach a public SSL/TLS certificate to the target group that is associated with the ALB.

  • Question 309:

    A company runs a web application that users access using the name www example com. The company manages the domain name example.com using Amazon Route 53. The company created an Amazon CloudFront distribution in front of

    the application and would like www.example.com to access the application through CloudFront.

    What is the MOST cost-effective way to achieve this?

    A. Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL.
    B. Create an ALIAS record in Amazon Route 53 that points to the CioudFront distribution URL.
    C. Create an A record in Amazon Route 53 that points to the public IP address of the web application,
    D. Create a PTR record in Amazon Route 53 that points to the public IP address of the web application.

  • Question 310:

    A SysOps administrator needs to track workload costs across all accounts in an organization in AWS Organizations. All components of each workload have a workload tag. However, the SysOps administrator is unable to view the costs that are associated with the tag.

    Which action should the SysOps administrator take to be able to view the costs of each workload?

    A. Create a cost category for the tag.
    B. Create a cost monitor for the tag.
    C. Enable split cost allocation data in the AWS Cost Management console.
    D. Activate the tag as a user-defined cost allocation tag.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.