Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 391:

  A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.

  Which combination of actions will meet these requirements? (Choose two.)

  A. Add Auto Discovery to the data store.
  B. Create an Amazon ElastiCache for Memcached data store.
  C. Create an Amazon ElastiCache for Redis data store.
  D. Enable Multi-AZ for the data store.
  E. Enable Multi-threading for the data store.
  C. Create an Amazon ElastiCache for Redis data store.
  D. Enable Multi-AZ for the data store.

  ---

  multi-thread is related to performance. https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html#AutoFailover.Enable https://aws.amazon.com/elasticache/memcached/ https://aws.amazon.com/elasticache/redis/

• Question 392:

  A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

  What are possible causes for this problem? (Choose two.)

  A. CloudFront does not have the ALB configured as the origin access identity.
  B. The DNS is still pointing to the ALB instead of the CloudFront distribution.
  C. The ALB security group is not permitting inbound traffic from CloudFront.
  D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.
  E. The target groups associated with the ALB are configured for sticky sessions.
  B. The DNS is still pointing to the ALB instead of the CloudFront distribution.
  D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

  ---

  Explanation Explanation/Reference:The DNS is still pointing to the ALB instead of the CloudFront distribution. If the DNS is still directing user traffic directly to the ALB instead of the CloudFront distribution, then the requests will not be served through CloudFront, and there won't be any reduction in the web server load. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution. If the Time to Live (TTL) settings are set to 0 seconds, it means that CloudFront will not cache any responses from the ALB and will forward each request directly to the ALB. This will result in the ALB still serving all the requests, and there won't be any offloading of the web server load.

• Question 393:

  A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443.

  The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet.

  Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Choose three.)

  A. Ensure that the inbound rules of the instance's security group allow traffic on ports 80 and 443.
  B. Ensure that the outbound rules of the instance's security group allow traffic on ports 80 and 443.
  C. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of the network ACL that is associated with the instance's subnet.
  D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance's subnet.
  E. Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.
  F. Ensure that AWS WAF is turned on for the instance and is blocking web traffic.
  A. Ensure that the inbound rules of the instance's security group allow traffic on ports 80 and 443.
  D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance's subnet.
  E. Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.

• Question 394:

  An environment consists of 100 Amazon EC2 Windows instances The Amazon CloudWatch agent Is deployed and running on at EC2 instances with a baseline configuration file to capture log files There is a new requirement to capture the DHCP tog tiles that exist on 50 of the instances.

  What is the MOST operational efficient way to meet this new requirement?

  A. Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file
  B. Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch
  C. Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process
  D. Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level. This wifi capture the operating system log files.
  A. Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file

  ---

  Explanation Explanation/Reference:# Append configuration file (Linux) to running agent so metrics and logs listed in file are collected. (see: "Common scenarios with the CloudWatch agent") /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a append-config -m ec2 -s -c file:/tmp/app.json

• Question 395:

  A company has deployed an application on AWS. The application runs on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is configured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.

  A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying files. The solution also must ensure that the data is consistent.

  Which solution will meet these requirements?

  A. Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
  B. Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
  C. Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a lifecycle hook during instance launch to configure the cron job on all the EC2 instances. Rotate out the older EC2 instances.
  D. Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) file system. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
  A. Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances.

• Question 396:

  An application is running on an Amazon EC2 instance in a VPC with the default DHCP option set. The application connects to an on-premises Microsoft SQL Server database with the DNS name mssql.example.com. The application is unable to resolve the database DNS name.

  Which solution will fix this problem?

  A. Create an Amazon Route 53 Resolver inbound endpoint. Add a forwarding rule for the domain example.com. Associate the forwarding rule with the VPC.
  B. Create an Amazon Route 53 Resolver inbound endpoint. Add a system rule for the domain example.com. Associate the system rule with the VPC.
  C. Create an Amazon Route 53 Resolver outbound endpoint. Add a forwarding rule for the domain example.com. Associate the forwarding rule with the VPC.
  D. Create an Amazon Route 53 Resolver outbound endpoint. Add a system rule for the domain example.com. Associate the system rule with the VPC.
  C. Create an Amazon Route 53 Resolver outbound endpoint. Add a forwarding rule for the domain example.com. Associate the forwarding rule with the VPC.

• Question 397:

  A company's AWS accounts are in an organization in AWS Organizations. The organization has all features enabled.

  The accounts use Amazon EC2 instances to host applications. The company manages the EC2 instances manually by using the AWS Management Console. The company applies updates to the EC2 instances by using an SSH connection to each EC2 instance.

  The company needs a solution that uses AWS Systems Manager to manage all the organization's current and future EC2 instances. The latest version of Systems Manager Agent (SSM Agent) is running on the EC2 instances.

  Which solution will meet these requirements?

  A. Configure a home AWS Region in Systems Manager Quick Setup in the organization's management account. Deploy the Systems Manager Default Host Management Configuration Quick Setup from the management account.
  B. Configure a home AWS Region in Systems Manager Quick Setup in the organization's management account. Create a Systems Manager Run Command that attaches the AmazonSSMServiceRolePolicy IAM policy to every IAM role that the EC2 instances use. Invoke the command in every account in the organization.
  C. Create an AWS CloudFormation stack set that contains a Systems Manager parameter to define the Default Host Management Configuration role. Use the organization's management account to deploy the stack set to every account in the organization.
  D. Create an AWS CloudFormation stack set that contains an EC2 instance profile with the AmazonSSMManagedInstanceCore policy IAM policy attached. Use the organization's management account to deploy the stack set to every account in the organization.
  A. Configure a home AWS Region in Systems Manager Quick Setup in the organization's management account. Deploy the Systems Manager Default Host Management Configuration Quick Setup from the management account.

• Question 398:

  A company is concerned that its developers might accidentally schedule AWS Key Management Service (AWS KMS) customer managed keys for deletion. The developers want to maintain agility in their DevOps operating model and have requested that their IAM permissions not be changed. The company's security team must receive notification when a KMS key deletion is scheduled.

  Which combination of steps will meet these requirements? (Select TWO.)

  A. Use Amazon Macie to monitor for KMS key deletion events. Configure Macie to send the events to a target.
  B. Create an Amazon EventBridge rule to detect KMS key deletion events from AWS CloudTrail. Configure the rule to send the events to a target.
  C. Create an Amazon Timestream for LiveAnalytics database to store KMS key deletion events. Configure the database activity stream to send the events to a target.
  D. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target for notifications.
  E. Create an Amazon MQ queue as a target for notifications.
  B. Create an Amazon EventBridge rule to detect KMS key deletion events from AWS CloudTrail. Configure the rule to send the events to a target.
  D. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target for notifications.

• Question 399:

  A company runs an application on an Amazon EC2 instance A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand However, the EC2 instances are failing tie health check.

  What should the SysOps administrator do to troubleshoot this issue?

  A. Verity that the Auto Scaling group is configured to use all AWS Regions.
  B. Verily that the application is running on the protocol and the port that the listens is expecting.
  C. Verify the listener priority in the ALB Change the priority if necessary.
  D. Verify the maximum number of instances in the Auto Scaling group Change the number if necessary
  B. Verily that the application is running on the protocol and the port that the listens is expecting.

• Question 400:

  A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS.

  A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B.

  What should a SysOps administrator do to meet these requirements?

  A. In Account A, create an AWS Systems Manager document that updates the /etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNS resolver for the VPC in Account B.
  B. In Account A, create an AWS CloudFormation template that associates the private hosted zone from Account B with the private hosted zone in Account A.
  C. In Account A, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account B to associate the VPC from Account A with the private hosted zone in Account B.
  D. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A.
  D. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A.