An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted.
How can this be resolved?
A. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
C. Enable encryption on each host's local drive Restart each host to encrypt the drive
D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume
A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the internet. Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)
A. Add a NAT gateway to a public subnet.
B. Attach a private address to the elastic network interface on the EC2 instance.
C. Attach an Elastic IP address to the internet gateway.
D. Add an entry to the route table for the subnet that points to an internet gateway.
E. Create an internet gateway and attach it to a VPC.
A company uses AWS Organizations to manage multiple AWS accounts. The company's SysOps team has been using a manual process to create and manage 1AM roles. The team requires an automated solution to create and manage the necessary 1AM roles for multiple AWS accounts.
What is the MOST operationally efficient solution that meets these requirements?
A. Create AWS CloudFormation templates. Reuse the templates to create the necessary 1AM roles in each of the AWS accounts.
B. Use AWS Directory Service with AWS Organizations to automatically associate the necessary 1AM roles with Microsoft Active Directory users.
C. Use AWS Resource Access Manager with AWS Organizations to deploy and manage shared resources across the AWS accounts.
D. Use AWS CloudFormation StackSets with AWS Organizations to deploy and manage 1AM roles for the AWS accounts.
A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted. What is the MOST operationally efficient solution that meets these requirements?
A. Create a script that runs against the S3 bucket and outputs the status of each object.
B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.
C. Provide the security team with an IAM user that has read access to the S3 bucket.
D. Use the AWS CLI to output a list of all objects in the S3 bucket.
A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address.
How should the SysOps administrator deploy the application to meet this requirement?
A. Behind an Amazon API Gateway API
B. Behind an Application Load Balancer
C. Behind an internet-facing Network Load Balancer
D. In an Amazon CloudFront distribution
A SysOps administrator is responsible for a legacy. CPU-heavy application The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance The system is showing 90% CPU usage and significant performance latency after a few minutes.
What change should be made to alleviate the performance problem?
A. Change the Amazon EBS volume to Provisioned lOPs
B. Upgrade to a compute-optimized instance
C. Add additional t2.large instances to the application.
D. Purchase Reserved Instances
A company needs to view a list of security groups that are open to the internet on port 3389. What should a SysOps administrator do to meet this requirement?
A. Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.
B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.
C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.
A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions.
What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?
A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.
B. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.
C. Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.
D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization's management account.
A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator. Which action will the administrator of the second account be able to perform?
A. Add a product from the imported portfolio to a local portfolio.
B. Add new products to the imported portfolio.
C. Change the launch role for the products contained in the imported portfolio.
D. Customize the products in the imported portfolio.
A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched
What should the SysOps administrator do to meet this requirement?
A. Add a wait condition to the template Update the EC2 instance user data script to send a signal after the EC2 instance is started
B. Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource
C. Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource
D. Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.