Amazon SOA-C02 Online Practice Questions and Exam Preparation

Amazon SOA-C02 Online Questions & Answers

• Question 431:

  A company has launched a social media website that gives users the ability to upload images directly to a centralized Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3 bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed.

  What should the SysOps administrator do to meet these requirements?

  A. Create S3 access points in Regions that are closer to the users.
  B. Create an accelerator in AWS Global Accelerator for the S3 bucket.
  C. Enable S3 Transfer Acceleration on the S3 bucket.
  D. Enable cross-origin resource sharing (CORS) on the S3 bucket.
  C. Enable S3 Transfer Acceleration on the S3 bucket.

  ---

  You might want to use Transfer Acceleration on a bucket for various reasons: ->Your customers upload to a centralized bucket from all over the world. ->You transfer gigabytes to terabytes of data on a regular basis across continents. ->You can't use all of your available bandwidth over the internet when uploading to Amazon S3." https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html

• Question 432:

  A company hosts a static website in an Amazon S3 bucket. The website is accessed globally. The company has configured an Amazon CloudFront distribution and has set the S3 bucket as the distribution's origin. The Cache-Control max-

  age header is set to 1 hour The Maximum TTL is set to 5 minutes.

  A SysOps administrator observes that website performance is lower than expected. CloudFront is not caching objects for the amount of time that is configured.

  What is the reason for this issue?

  A. The Expires header has been set to 3 hours
  B. Cached assets are not expiring in the edge location.
  C. Cache invalidation is missing in the CloudFront configuration.
  D. Cache-duration settings conflict with each other
  D. Cache-duration settings conflict with each other

• Question 433:

  The company needs a solution to provide failover for a Single-AZ RDS for MySQL DB instance to minimize application downtime.

  A. Modify the DB instance to be a Multi-AZ DB instance deployment.
  B. Add a read replica in the same Availability Zone where the DB instance is deployed.
  C. Add the DB instance to an Auto Scaling group that has a minimum capacity of 2 and a desired capacity of 2.
  D. Use RDS Proxy to configure a proxy in front of the DB instance.
  A. Modify the DB instance to be a Multi-AZ DB instance deployment.

• Question 434:

  A company has an application that runs on Amazon EC2 instances. The application stores data on an Amazon RDS for MySQL Single-AZ DB instance. Requests to the DB instance from the application include reads and writes.

  A SysOps administrator must implement a solution that provides failover for the DB instance. The solution must minimize application downtime.

  Which solution will meet these requirements?

  A. Modify the DB instance to be a Multi-AZ DB instance deployment.
  B. Add a read replica in the same Availability Zone where the DB instance is deployed.
  C. Add the DB instance to an Auto Scaling group that has a minimum capacity of 2 and a desired capacity of 2.
  D. Use RDS Proxy to configure a proxy in front of the DB instance.
  A. Modify the DB instance to be a Multi-AZ DB instance deployment.

• Question 435:

  A company manages a set of accounts on AWS by using AWS Organizations. The company's security team wants to use a native AWS service to regularly scan all AWS accounts against the Center for Internet Security (CIS) AWS

  Foundations Benchmark.

  What is the MOST operationally efficient way to meet these requirements?

  A. Designate a central security account as the AWS Security Hub administrator account. Create a script that sends an invitation from the Security Hub administrator account and accepts the invitation from the member account. Run the script every time a new account is created. Configure Security Hub to run the CIS AWS Foundations Benchmark scans.
  B. Run the CIS AWS Foundations Benchmark across all accounts by using Amazon Inspector.
  C. Designate a central security account as the Amazon GuardDuty administrator account. Create a script that sends an invitation from the GuardDuty administrator account and accepts the invitation from the member account. Run the script every time a new account is created. Configure GuardDuty to run the CIS AWS Foundations Benchmark scans.
  D. Designate an AWS Security Hub administrator account. Configure new accounts in the organization to automatically become member accounts. Enable CIS AWS Foundations Benchmark scans.
  D. Designate an AWS Security Hub administrator account. Configure new accounts in the organization to automatically become member accounts. Enable CIS AWS Foundations Benchmark scans.

  ---

  "When you use both Security Hub and AWS Organizations together, you can automatically enable Security Hub for all of your accounts, including new accounts as they are added. This increases the coverage for Security Hub checks and findings, which provides a more comprehensive and accurate picture of your overall security posture." https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-securityhub.html

• Question 436:

  A company is running workloads on Amazon EC2 instances that are in a single AWS Region. The company needs to create daily backups of each EC2 instance.

  A SysOps administrator must implement a solution to automate the backup creation process.

  Which solution will meet this requirement with the LEAST operational overhead?

  A. Create a shell script that uses the AWS CLI. Configure the shell script to list all the instances and to create a snapshot of each instance. Launch a new instance to host the shell script. Set up a cron job to run the shell script every 24 hours.
  B. Use the EC2 console to enable the Auto Recovery option for each instance. Schedule the Auto Recovery option to run every 24 hours.
  C. Create a shell script that creates a daily cron job on the instances. Configure the cron job to use the AWS CLI to create a snapshot of each instance. Ensure that the instance profile has the required permissions to create a snapshot. Add the shell script to run as part of the instance user data.
  D. Use AWS Backup to create a backup plan that uses a daily default template. Specify the EC2 instances as the resources to back up.
  D. Use AWS Backup to create a backup plan that uses a daily default template. Specify the EC2 instances as the resources to back up.

• Question 437:

  A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private

  subnet in the VPC. The EC2 instance runs Microsoft Windows Server.

  A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall

  allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection.

  The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue?

  A. Create Amazon CloudWatch logs for the EC2 instance to check for blocked traffic.
  B. Create Amazon CloudWatch logs for the Site-to-Site VPN connection to check for blocked traffic.
  C. Create VPC flow logs for the EC2 instance's elastic network interface to check for rejected traffic.
  D. Instruct users to use EC2 Instance Connect as a connection method.
  C. Create VPC flow logs for the EC2 instance's elastic network interface to check for rejected traffic.

• Question 438:

  A company has a mobile app that uses Amazon S3 to store images The images are popular for a week, and then the number of access requests decreases over time The images must be highly available and must be immediately accessible upon request A SysOps administrator must reduce S3 storage costs for the company.

  Which solution will meet these requirements MOST cost-effectively?

  A. Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days
  B. Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days
  C. Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days
  D. Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days
  D. Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days

• Question 439:

  A company has set up an IPsec tunnel between its AWS environment and its on-premises data center. The tunnel is reporting as UP, but the Amazon EC2 instances are not able to ping any on-premises resources.

  What should a SysOps administrator do to resolve this issue?

  A. Create a new inbound rule on the EC2 instances' security groups to allow ICMP traffic from the on-premises CIDR.
  B. Create a peering connection between the IPsec tunnel and the subnet of the EC2 instances.
  C. Enable route propagation for the virtual private gateway in the route table that is assigned to the subnet of the EC2 instances.
  D. Modify the VPC's DHCP options set. Add the IPsec tunnel to the VPN section.
  C. Enable route propagation for the virtual private gateway in the route table that is assigned to the subnet of the EC2 instances.

  ---

  C: Enabling route propagation for the virtual private gateway in the route table associated with the subnet of the EC2 instances will allow the VPC route table to learn and propagate the routes for the on-premises network. This ensures that the EC2 instances know how to reach the on-premises resources through the IPsec tunnel.

• Question 440:

  A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic.

  The company also has a static website that is configured in an Amazon S3 bucket.

  A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated.

  Which combination of actions will meet these requirements? (Choose two.)

  A. Create a primary failover routing policy record. Configure the value to be the ALB.
  B. Create an AWS Lambda function to switch from the primary website to the secondary website when the health check fails.
  C. Create a primary failover routing policy record. Configure the value to be the ALB. Associate the record with a Route 53 health check.
  D. Create a secondary failover routing policy record. Configure the value to be the static website. Associate the record with a Route 53 health check.
  E. Create a secondary failover routing policy record. Configure the value to be the static website.
  C. Create a primary failover routing policy record. Configure the value to be the ALB. Associate the record with a Route 53 health check.
  E. Create a secondary failover routing policy record. Configure the value to be the static website.

  ---

  Create the failover endpoint Open the Amazon Route 53 console, and then choose Hosted zones. Choose the hosted zone that you want to create the record for. Choose Create record, and input the following: For Record name, use the same value that you entered for the primary record. For Record type, choose A ?Routes traffic to an IPV4 address and some AWS resources. For Alias, choose Yes. Note: Aliases automatically use a time to live (TTL) that matches the alias target. For Alias Target, choose the S3 bucket that you created previously. For Routing Policy, choose Failover. For Failover Record Type, choose Secondary. For Set ID, enter a name. Note: The name for the Set ID on your failover endpoint must be different from the name of the Set ID on your primary endpoint. For Associate with Health Check, choose No. Choose Create records.