A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A SysOps administrator must block the public IP address.
Which solution will meet this requirement?
A. Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.
B. Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.
C. Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.
D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.
A SysOps administrator is creating resources from an AWS. CloudFbrmation template that defines an Auto Scaling group of Amazon EC2 instances. The Auto Scaling group launch template provisions each EC2 instance by using a user data script. The creation of the Auto Scaling group resource is failing because of an error. The wait condition is not receiving the required number of signals.
How should the SysOps administrator resolve this error?
A. Run cfn-signal at the completion of the user data script.
B. Modify the EC2 instances' security group to allow outgoing traffic on port 443.
C. Reduce the Auto Scaling group's DesiredCapacity value in the CloudFormation template.
D. Set the AssociatePublicIpAddress property to True in the Auto Scaling group launch template.
A company has an existing public web application for www.example.com. The Application Load Balancer (ALB) is configured with a single HTTP 80 listener. A SysOps administrator must ensure that all web requests to www.example.com are encrypted between the client and the ALB.
The SysOps administrator already has requested and validated a public certificate for www.example.com in AWS Certificate Manager (ACM). Existing users of the application must not be required to change the endpoint to which they are connecting.
Which additional set of steps should the SysOps administrator take to meet these requirements?
A. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
B. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. Delete the original HTTP listener on port 80.
C. Modify the ALB default rule for the HTTP port 80 listener. Create a rule in the listener to forward all traffic for the host www example.com to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
D. Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.
A company has migrated its legacy on-premises web application to an Amazon EC2 instance. The web application requires a single static public IP address to accept traffic and process requests. End users must be able to reach the web application through the example.com domain. A SysOps administrator must implement a solution that maintains the web application with the least amount of effort.
Which combination of actions will meet these requirements? (Choose two.)
A. Configure an Application Load Balancer (ALB). Add the EC2 instance to a target group that is associated with the ALB.
B. Create an Amazon Route 53 A record for the associated EC2 IP address.
C. Create an Amazon Route 53 CNAME record for the associated EC2 IP address.
D. Create an Elastic IP address, and associate it with the EC2 instance.
E. Create an Auto Scaling group with a minimum capacity of 1 and a maximum capacity of 2.
A company is using an Amazon DynamoDB table for data. A SysOps administrator must configure replication of the table to another AWS Region for disaster recovery.
What should the SysOps administrator do to meet this requirement?
A. Enable DynamoDB Accelerator (DAX).
B. Enable DynamoDB Streams, and add a global secondary index (GSI).
C. Enable DynamoDB Streams, and add a global table Region.
D. Enable point-in-time recovery.
A company runs its applications on a large number of Amazon EC2 instances. A SysOps administrator must implement a solution to notify the operations team whenever an EC2 instance state changes.
What is the MOST operationally efficient solution that meets these requirements?
A. Create a script that captures instance state changes and publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Systems Manager Run Command to run the script on all EC2 instances.
B. Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set an Amazon Simple Notification Service (Amazon SNS) topic as the target
C. Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set as the target an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.
D. Create an AWS Config custom rule that evaluates instance state changes with automatic remediation. Use the rule to invoke an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.
A company asks a SysOps administrator to provision an additional environment for an application in four additional AWS Regions. The application is running on more than 100 Amazon C2 instances in the us-east-1 Region, using fully configured Amazon Machine Images (AMIs). The company has an AWS CloudFormation template to deploy resources in us-east-1.
What should the SysOps administrator do to provision the application in the MOST operationally efficient manner?
A. Copy the AMI to each Region by using the aws ec2 copy-image command. Update the CloudFormation template to include mappings for the copied AMIs.
B. Create a snapshot of the running instance. Copy the snapshot to the other Regions. Create an AMI from the snapshots. Update the CloudFormation template for each Region to use the new AMI.
C. Run the existing CloudFormation template in each additional Region based on the success of the template that is used currently in us-east-1.
D. Update the CloudF ormation template to include the additional Regions in the Auto Scaling group. Update the existing stack in us-east-1.
A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.
Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)
A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B. Add an AWS Config rule to detect the security groups that allow SSH.
C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH.
D. Call an AWS Systems Manager Automation runbook to close the port.
E. Call AWS Systems Manager Run Command to close the port.
A company runs an application on Amazon EC2 instances that are in an Amazon EC2 Auto Scaling group. Scale-out actions take a long time to become complete because of long-running boot scripts. A SysOps administrator must implement a solution to reduce the required time for scale-out actions without overprovisioning the Auto Scaling group.
Which solution will meet these requirements?
A. Change the launch configuration to use a larger instance size.
B. Increase the minimum number of instances in the Auto Scaling group.
C. Add a predictive scaling policy to the Auto Scaling group.
D. Add a warm pool to the Auto Scaling group.
A company hosts a production MySQL database on an Amazon Aurora single-node DB cluster. The database is queried heavily for reporting purposes. The DB cluster is experiencing periods of performance degradation because of high CPU utilization and maximum connections errors. A SysOps administrator needs to improve the stability of the database.
Which solution will meet these requirements?
A. Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas based on CPU utilization. Ensure that all reporting requests use the read-only connection string
B. Create a second Aurora MySQL single-node DB cluster in a second Availability Zone. Ensure that all reporting requests use the connection string for this additional node
C. Create an AWS Lambda function that caches reporting requests. Ensure that all reporting requests call the Lambda function
D. Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests use the ElastiCache cluster. Use the database if the data is not in the cache.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.