Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 311:

  An Amazon CloudFront distribution has a single Amazon S3 bucket as its origin. A SysOps administrator must ensure that users can access the S3 bucket only through requests from the CloudFront endpoint. Which solution will meet these requirements?

  A. Configure S3 Block Public Access on the S3 bucket. Update the S3 bucket policy to allow the GetObject action from only the CloudFront distribution.
  B. Configure Origin Shield in the CloudFront distribution. Update the CloudFront origin to include a custom Origin_Shield header.
  C. Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Update the S3 bucket policy to restrict access to the OAI.
  D. Create an origin access identity (OAI). Assign the OAI to the S3 bucket. Update the CloudFront origin to include a custom Origin header with the OAI value.
  C. Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Update the S3 bucket policy to restrict access to the OAI.

  ---

  https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

• Question 312:

  A SysOps administrator creates a new source AWS account to use with a company's new application. The application will use Amazon CloudWatch for observability from a monitoring account. The company already used an AWS CloudFormation template to turn on CloudWatch cross-account observability for its other application accounts.

  Which combination of steps must the SysOps administrator take to set up the new source account for cross-account observability? (Select THREE.)

  A. Download the CloudFormation template from the new source account.
  B. Download the CloudFormation template from the monitoring account.
  C. Deploy the CloudFormation stack in the new source account.
  D. Deploy the CloudFormation stack in the monitoring account.
  E. Add the new source account ID to the monitoring account's configuration policy.
  F. In the new source account, specify the data that the monitoring account will be able to view.
  C. Deploy the CloudFormation stack in the new source account.
  E. Add the new source account ID to the monitoring account's configuration policy.
  F. In the new source account, specify the data that the monitoring account will be able to view.

• Question 313:

  A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.

  Which log sources contain the status codes? (Choose two.)

  A. VPC Flow Logs
  B. AWS CloudTrail logs
  C. ALB access logs
  D. CloudFront access logs
  E. RDS logs
  C. ALB access logs
  D. CloudFront access logs

  ---

  Explanation Explanation/Reference:"C" because Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html "D" because "you can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives" https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

• Question 314:

  A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement?

  A. Create one S3 bucket named example.com for both the domain and subdomain.
  B. Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.
  C. Create two S3 buckets named example.com and www.exdmpte.com. Configure the subdomain bucket to redirect requests to the domain bucket.
  D. Create two S3 buckets named http//example.com and http//" exampte.com. Configure the wildcard (') bucket to redirect requests to the domain bucket.
  C. Create two S3 buckets named example.com and www.exdmpte.com. Configure the subdomain bucket to redirect requests to the domain bucket.

• Question 315:

  A SysOps administrator is creating resources from an AWS. CloudFbrmation template that defines an Auto Scaling group of Amazon EC2 instances. The Auto Scaling group launch template provisions each EC2 instance by using a user data script. The creation of the Auto Scaling group resource is failing because of an error. The wait condition is not receiving the required number of signals.

  How should the SysOps administrator resolve this error?

  A. Run cfn-signal at the completion of the user data script.
  B. Modify the EC2 instances' security group to allow outgoing traffic on port 443.
  C. Reduce the Auto Scaling group's DesiredCapacity value in the CloudFormation template.
  D. Set the AssociatePublicIpAddress property to True in the Auto Scaling group launch template.
  A. Run cfn-signal at the completion of the user data script.

  ---

  For Amazon EC2 and Auto Scaling resources, we recommend that you use a CreationPolicy attribute instead of wait conditions. Add a CreationPolicy attribute to those resources, and use the cfn-signal helper script to signal when an instance creation process has completed successfully. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-waitcondition.html

• Question 316:

  A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately. What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?

  A. Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.
  B. Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.
  C. Create an AWS Config rule that is invoked when CloudTrail configuration changes. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.
  D. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.
  B. Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.

• Question 317:

  A SysOps administrator is troubleshooting a VPC with public and private subnets that leverage custom network ACLs. Instances in the private subnet are unable to access the internet. There is an internet gateway attached to the public subnet. The private subnet has a route to a NAT gateway that is also attached to the public subnet. The Amazon EC2 instances are associated with the default security group for the VPC.

  What is causing the issue in this scenario?

  A. There is a network ACL on the private subnet set to deny all outbound traffic.
  B. There is no NAT gateway deployed in the private subnet of the VPC.
  C. The default security group for the VPC blocks all inbound traffic to the EC2 instances.
  D. The default security group for the VPC blocks all outbound traffic from the EC2 instances.
  A. There is a network ACL on the private subnet set to deny all outbound traffic.

• Question 318:

  A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available.

  Which action should the SysOps administrator take to meet this requirement?

  A. Reduce the scaling thresholds so that instances are added before traffic increases
  B. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group
  C. Update the Auto Scaling group to launch instances that have a storage optimized instance type
  D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre- installed software
  D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre- installed software

  ---

  Explanation Explanation/Reference:automated way to update your image. Have a pipeline to update your image. When you boot from your AMI updates = scrits are already pre-installed, so no need to complete boot scripts in boot process. https://aws.amazon.com/image-builder/

• Question 319:

  A company has migrated its legacy on-premises web application to an Amazon EC2 instance. The web application requires a single static public IP address to accept traffic and process requests. End users must be able to reach the web application through the example.com domain. A SysOps administrator must implement a solution that maintains the web application with the least amount of effort.

  Which combination of actions will meet these requirements? (Choose two.)

  A. Configure an Application Load Balancer (ALB). Add the EC2 instance to a target group that is associated with the ALB.
  B. Create an Amazon Route 53 A record for the associated EC2 IP address.
  C. Create an Amazon Route 53 CNAME record for the associated EC2 IP address.
  D. Create an Elastic IP address, and associate it with the EC2 instance.
  E. Create an Auto Scaling group with a minimum capacity of 1 and a maximum capacity of 2.
  B. Create an Amazon Route 53 A record for the associated EC2 IP address.
  D. Create an Elastic IP address, and associate it with the EC2 instance.

• Question 320:

  A SysOps administrator wants to monitor the free disk space that is available on a set of Amazon EC2 instances that have Amazon Elastic Block Store (Amazon EBS) volumes attached. The SysOps administrator wants to receive a notification when the used disk space of the EBS volumes exceeds a threshold value, but only when the DiskReadOps metric also exceeds a threshold value. The SysOps administrator has set up an Amazon Simple Notification Service (Amazon SNS) topic.

  How can the SysOps administrator receive notification only when both metrics exceed their threshold values?

  A. Install the Amazon CloudWatch agent on the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.
  B. Install the Amazon CloudWatch agent on the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Configure each alarm to publish a notification to the SNS topic.
  C. Create a metric alarm for the EBSByteBalance% metric and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.
  D. Configure detailed monitoring for the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.
  A. Install the Amazon CloudWatch agent on the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.

  ---

  To receive a notification only when both metrics exceed their threshold values, the SysOps administrator should follow these steps: Install the Amazon CloudWatch agent on the EC2 instances. Configure detailed monitoring for the EC2 instances. Create a metric alarm for the DiskReadOps metric and set a threshold value for it. Create a metric alarm for the free disk space and set a threshold value for it. Create a composite alarm that includes the two metric alarms, and set a threshold value for it. Configure the composite alarm to publish a notification to the SNS topic when it is triggered.