1. Home
  2. Amazon
  3. SOA-C02

AWS Certified SysOps Administrator - Associate (SOA-C02)

Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :551 Q&As
  • Last Updated
    :Jul 01, 2025

Amazon Amazon Certifications SOA-C02 Questions & Answers

  • Question 371:

    A SysOps administrator trust manage the security of An AWS account Recently an IAM users access key was mistakenly uploaded to a public code repository. The SysOps administrator must identity anything that was changed by using this access key.

    A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events lo an AWS Lambda function for analysis

    B. Query Amazon EC2 togs by using Amazon CloudWatch Logs Insights for all events Heated with the compromised access key within the suspected timeframe

    C. Search AWS CloudTrail event history tor all events initiated with the compromised access key within the suspected timeframe

    D. Search VPC Flow Logs foe all events initiated with the compromised access key within the suspected Timeframe.

  • Question 372:

    A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

    Which actions does this policy allow? (Select TWO.)

    A. Create an AWS Storage Gateway.

    B. Create an IAM role for an AWS Lambda function.

    C. Delete an Amazon Simple Queue Service (Amazon SQS) queue.

    D. Describe AWS load balancers.

    E. Invoke an AWS Lambda function.

  • Question 373:

    An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS} queues A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues Which solution will meet these requirements in the MOST secure manner?

    A. Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Embed the IAM user's credentials in the application's configuration

    B. Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Export the IAM user's access key and secret access key as environment variables on the EC2 instance

    C. Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows sqs." permissions to the appropriate queues

    D. Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues

  • Question 374:

    A SysOps administrator applies the following policy to an AWS CloudFormation stack:

    What is the result of this policy?

    A. Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command.

    B. Users can update all resources in the stack except for resources that have a logical ID that begins with "Production".

    C. Users can update all resources in the stack except for resources that have an attribute that begins with "Production".

    D. Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command.

  • Question 375:

    A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.

    Which solution will meet these requirements?

    A. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.

    B. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.

    C. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.

    D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server's IP address to Kibana.

  • Question 376:

    A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above

    70%.

    A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of

    instances.

    The SysOps administrator must restore the website's functionality without making changes to the network infrastructure. Which solution will meet these requirements?

    A. Activate unlimited mode for the instances in the Auto Scaling group.

    B. Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.

    C. Move the website to a different AWS Region that is closer to the users.

    D. Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.

  • Question 377:

    A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables

    Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.

    A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.

    Which action will ensure that the CloudWatch alarms function correctly?

    A. Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.

    B. Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.

    C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.

    D. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

  • Question 378:

    An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

    Which entry must a SysOps administrator add to the route table to meet this requirement?

    A. A route for 0.0.0.0/0 that points to a NAT gateway

    B. A route for 0.0.0.0/0 that points to an egress-only internet gateway

    C. A route for 0.0.0.0/0 that points to an internet gateway

    D. A route for 0.0.0.0/0 that points to an elastic network interface

  • Question 379:

    A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.

    Which parameters should be specified to accomplish this in the MOST efficient manner?

    A. Specify '*' as the principal and PrincipalOrgld as a condition.

    B. Specify all account numbers as the principal.

    C. Specify PrincipalOrgld as the principal.

    D. Specify the organization's management account as the principal.

  • Question 380:

    A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket Which of the following does this feature replicate to the destination S3 bucket by default?

    A. Objects in the source S3 bucket for which the bucket owner does not have permissions

    B. Objects that are stored in S3 Glacier

    C. Objects that existed before replication was configured

    D. Object metadata

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.