Amazon Amazon Certifications SOA-C02 Questions & Answers

• Question 391:

  A company runs workloads on 90 Amazon EC2 instances in the eu-west-1 Region in an AWS account. In 2 months, the company will migrate the workloads from eu-west-1 to the eu-west-3 Region.

  The company needs to reduce the cost of the EC2 instances. The company is willing to make a 1-year commitment that will begin next week. The company must choose an EC2 Instance purchasing option that will provide discounts for the 90 EC2 Instances regardless of Region during the 1-year period.

  Which solution will meet these requirements?

  A. Purchase EC2 Standard Reserved Instances.

  B. Purchase an EC2 Instance Savings Plan.

  C. Purchase EC2 Convertible Reserved Instances.

  D. Purchase a Compute Savings Plan.

  Correct Answer: D

  Compute Savings Plans provide the most flexibility and help to reduce your costs by up to 66% (just like Convertible RIs). These plans automatically apply to EC2 instance usage regardless of instance family, size, AZ, Region, operating system, or tenancy, and also apply to Fargate and Lambda usage. For example, with Compute Savings Plans, you can change from C4 to M5 instances, shift a workload from EU (Ireland) to Europe (London), or move a workload from Amazon EC2 to Fargate or Lambda at any time and automatically continue to pay the Savings Plans price.

• Question 392:

  A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between 6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.

  What is the MOST operationally efficient solution that meets these requirements?

  A. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.

  B. Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.

  C. Create a target tracking scaling policy to add more instances when memory utilization is above 70%.

  D. Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.

  Correct Answer: B

  "Scheduled scaling helps you to set up your own scaling schedule according to predictable load changes. For example, let's say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can configure a schedule for Amazon EC2 Auto Scaling to increase capacity on Wednesday and decrease capacity on Friday." https://docs.aws.amazon.com/autoscaling/ec2/userguide/ schedule_time.html

• Question 393:

  A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement?

  A. Create one S3 bucket named example.com for both the domain and subdomain.

  B. Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.

  C. Create two S3 buckets named example.com and www.exdmpte.com. Configure the subdomain bucket to redirect requests to the domain bucket.

  D. Create two S3 buckets named http//example.com and http//" exampte.com. Configure the wildcard (') bucket to redirect requests to the domain bucket.

  Correct Answer: C

• Question 394:

  A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.

  Which solution will meet these requirements?

  A. Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the CloudFront distribution.

  B. Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3 bucket.

  C. Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.

  D. Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.

  Correct Answer: A

• Question 395:

  A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysops administrator needs to manage the cluster by using the kubect1 command line tool.

  Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?

  A. The kubeconfig file

  B. The kube-proxy Amazon EKS add-on

  C. The Fargate profile

  D. The eks-connector.yaml file

  Correct Answer: A

  The kubeconfig file is a configuration file used to store cluster authentication information, which is required to make requests to the Amazon EKS cluster API server. The kubeconfig file will need to be configured on the SysOps administrator's machine in order for kubectl to be able to communicate with the cluster API server. https://aws.amazon.com/blogs/developer/running-a-kubernetes-job-in-amazon-eks-on-aws-fargate-using-aws-stepfunctions/

• Question 396:

  A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.)

  A. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

  B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.

  C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.

  D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.

  E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

  Correct Answer: CE

  https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html

  You can set the default encryption behavior on an Amazon S3 bucket so that all objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSES3) or AWS Key Management Service (AWS KMS) customer master keys (CMKs).

  https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/

  How to Prevent Uploads of Unencrypted Objects to Amazon S3# By using an S3 bucket policy, you can enforce the encryption requirement when users upload objects, instead of assigning a restrictive IAM policy to all users.

• Question 397:

  A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report. What should the SysOps administrator do to meet this requirement?

  A. Activate the tags as AWS generated cost allocation tags.

  B. Activate the tags as user-defined cost allocation tags.

  C. Create a new cost category. Select the account billing dimension.

  D. Create a new AWS Cost and Usage Report. Include the resource IDs.

  Correct Answer: B

  https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/custom-tags.html "User- defined tags are tags that you define, create, and apply to resources. After you have created and applied the user-defined tags, you can activate by using the Billing and Cost Management console for cost allocation tracking. "

  To meet this requirement, the SysOps administrator should activate the company-defined tags as user-defined cost allocation tags. This will ensure that the tags appear on the billing report and that the resources can be tracked with the specific tags. The other options (activating the tags as AWS generated cost allocation tags, creating a new cost category and selecting the account billing dimension, and creating a new AWS Cost and Usage Report and including the resource IDs) will not meet the requirements and are not the correct solutions for this issue.

• Question 398:

  A company is running an application on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances are launched by an Auto Scaling group and are automatically registered in a target group. A SysOps administrator must set up a notification to alert application owners when targets fail health checks.

  What should the SysOps administrator do to meet these requirements?

  A. Create an Amazon CloudWatch alarm on the UnHealthyHostCount metric. Configure an action to send an Amazon Simple Notification Service (Amazon SNS) notification when the metric is greater than 0.

  B. Configure an Amazon EC2 Auto Scaling custom lifecycle action to send an Amazon Simple Notification Service (Amazon SNS) notification when an instance is in the Pending:Wait state.

  C. Update the Auto Scaling group. Configure an activity notification to send an Amazon Simple Notification Service (Amazon SNS) notification for the Unhealthy event type.

  D. Update the ALB health check to send an Amazon Simple Notification Service (Amazon SNS) notification when an instance is unhealthy.

  Correct Answer: A

• Question 399:

  A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.

  What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

  A. Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.

  B. Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.

  C. Modify the existing EFS file system and activate Max I/O performance mode.

  D. Modify the existing EFS file system and activate Provisioned Throughput mode.

  Correct Answer: A

  To support a wide variety of cloud storage workloads, Amazon EFS offers two performance modes, General Purpose mode and Max I/O mode. You choose a file system's performance mode when you create it, and it cannot be changed. If the PercentIOLimit percentage returned was at or near 100 percent for a significant amount of time during the test, your application should use the Max I/O performance mode. https://docs.aws.amazon.com/efs/latest/ug/performance.html

• Question 400:

  A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.

  However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions.

  Which action will meet these requirements?

  A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

  B. Specify the capacity-optimized allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

  C. Specify the lowest-price allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

  D. Specify the lowest-price allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

  Correct Answer: A

  The correct answer is A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

  By using the capacity-optimized allocation strategy for Spot Instances, Amazon EC2 Auto Scaling will launch instances on the most available Spot Instance pools with the lowest prices. This helps to improve the chances of getting the required capacity at the scheduled times.

  Adding more instance types to the Auto Scaling group also increases the chances of finding available Spot Instances at any given time. It provides flexibility in selecting different instance types based on the availability and cost of Spot Instances in different pools.

  Option B (Specify the capacity-optimized allocation strategy for Spot Instances and increase the size of the instances in the Auto Scaling group) might not be the most efficient approach, as simply increasing the instance size may not necessarily address the issue of instances terminating frequently.