1. Home
  2. Amazon
  3. SOA-C02

Amazon SOA-C02 Online Practice Questions and Exam Preparation

SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 481:

    A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resource Name (ARN) to the company for this integration.

    What should a SysOps administrator do to configure this integration?

    A. Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
    B. Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
    C. Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.
    D. Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

  • Question 482:

    A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.

    What is the MOST operationally efficient solution to control the production account?

    A. Create a customer managed policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production account.
    B. Create a job function policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production OU.
    C. Create a service control policy (SCP). Apply the SCP to the production OU.
    D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

  • Question 483:

    A company has a cluster of Linux Amazon EC2 Spot Instances that read many files from and write many files to attached Amazon Elastic Block Store (Amazon EBS) volumes. The EC2 instances are frequently started and stopped. As part of the process when an EC2 instance starts, an EBS volume is restored from a snapshot.

    EBS volumes that are restored from snapshots are experiencing initial performance that is lower than expected. The company's workload needs almost all the provisioned IOPS on the attached EBS volumes. The EC2 instances are unable to support the workload when the performance of the EBS volumes is too low. A SysOps administrator must implement a solution to ensure that the EBS volumes provide the expected performance when they are restored from snapshots.

    Which solution will meet these requirements?

    A. Configure fast snapshot restore (FSR) on the snapshots that are used.
    B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
    C. Format the EBS volumes as XFS file systems before restoring the snapshots.
    D. Increase the Linux read-ahead buffer to 1 MiB.

  • Question 484:

    A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements?

    A. Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.
    B. Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.
    C. Purchase Reserved Instances through the Amazon EC2 console.
    D. Use AWS Compute Optimizer and take action on the provided recommendations.

  • Question 485:

    A company wants to reduce costs for jobs that can be completed at any time. The jobs currently run by using multiple Amazon EC2 On-Demand Instances and the jobs take slightly less than 2 hours to complete. If a job falls for any reason it

    must be restarted from the beginning.

    Which solution will meet these requirements MOST cost-effectively?

    A. Purchase Reserved Instances for the jobs.
    B. Submit a request for a one-time Spot Instance for the jobs.
    C. Submit a request for Spot Instances with a defined duration for the jobs.
    D. Use a mixture of On-Demand Instances and Spot Instances for the jobs.

  • Question 486:

    A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and ROP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.

    Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances.

    What should a SysOps administrator do to resolve this issue?

    A. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.
    B. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
    C. Configure the SSM Agent to log in with a user name of "ubuntu".
    D. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.

  • Question 487:

    A SysOps administrator created an AWS CloudFormation template that provisions an Amazon EventBridge rule that invokes an AWS Lambda function. The Lambda function is designed to write event details to an Amazon CloudWatch log group. The function has permissions to write events to Amazon CloudWatch Logs. However, the SysOps administrator discovered that the Lambda function is not running.

    How should the SysOps administrator resolve the problem?

    A. Update the CloudFormation stack to include an AWS::IAM::Role resource with the required IAM permissions for EventBridge to invoke the function. Assign the role to the EventBridge rule.
    B. Update the CloudFormation stack to include an AWS::IAM::Role resource with the required IAM permissions for the function. Assign the role as the function execution role.
    C. Update the CloudFormation stack with an AWS::Lambda::Permission resource to ensure events.amazonaws.com has permissions to invoke the function.
    D. Update the CloudFormation stack with an AWS::Lambda::Permission resource to ensure lambda.amazonaws.com has permissions to invoke the function.

  • Question 488:

    A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The company uses Amazon Route 53 for its website's DNS solution. Which configuration will meet these requirements?

    A. Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.
    B. Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.
    C. Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.
    D. Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.

  • Question 489:

    A development team recently deployed a new version of a web application to production. After the release penetration testing revealed a cross-site scripting vulnerability that could expose user data.

    Which AWS service will mitigate this issue?

    A. AWS Shield Standard
    B. AWS WAF
    C. Elastic Load Balancing
    D. Amazon Cognito

  • Question 490:

    A SysOps administrator has noticed millions of LIST requests on an Amazon S3 bucket.

    Which services or features can the administrator use to investigate where the requests are coming from? (Choose two.)

    A. AWS CloudTrail data events
    B. Amazon EventBridge
    C. AWS Health Dashboard
    D. Amazon S3 server access logging
    E. AWS Trusted Advisor

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.