Amazon Amazon Certifications SOA-C02 Questions & Answers

• Question 521:

  A company's SysOps administrator uses AWS IAM Identity Center (AWS Single Sign-On) to connect to an Active Directory. The SysOps administrator creates a new account that all the company's users need to access.

  The SysOps administrator uses the Active Directory Domain Users group for permissions to the new account because all users are already members of the group. When users try to log in, their access is denied.

  Which action will resolve this access issue?

  A. Create a new group. Add users to the new group to provide access.

  B. Correct the time on the Active Directory domain controllers.

  C. Remove the account. Re-add the account to the organization that is integrated with IAM Identity Center.

  D. Correct the permissions on the Active Directory group so that IAM Identity Center has read access.

  Correct Answer: D

• Question 522:

  A company has an Amazon EC2 instance that has high CPU utilization. The EC2 instance is a t3.large instance and is running a test web application. The company discovers that the web application would operate better on a compute optimized large instance.

  What should a SysOps administrator do to make this change?

  A. Migrate the EC2 instance to a compute optimized instance by using AWS VM Import/Export.

  B. Enable hibernation on the EC2 instance. Change the instance type to a compute optimized instance. Disable hibernation on the EC2 instance.

  C. Stop the EC2 instance. Change the instance type to a compute optimized instance. Start the EC2 instance.

  D. Change the instance type to a compute optimized instance while the EC2 instance is running.

  Correct Answer: C

• Question 523:

  A development team created and deployed a new AWS Lambda function 15 minutes ago. Although the function was invoked many times, Amazon CloudWatch Logs are not showing any log messages. What is one cause of this?

  A. The developers did not enable log messages for this Lambda function.

  B. The Lambda function's role does not include permissions to create CloudWatch Logs items.

  C. The Lambda function raises an exception before the first log statement has been reached.

  D. The Lambda functions creates local log files that have to be shipped to CloudWatch Logs first before becoming visible.

  Correct Answer: B

• Question 524:

  A company wants to apply an existing Amazon Route 53 private hosted zone to a new VPC to allow for customized resource name resolution within the VPC. The SysOps administrator created the VPC and added the appropriate resource record sets to the private hosted zone.

  Which step should the SysOps administrator take to complete the setup?

  A. Associate the Route 53 private hosted zone with the VPC.

  B. Create a rule in the default security group for the VPC that allows traffic to the Route 53 Resolver.

  C. Ensure the VPC network ACLs allow traffic to the Route 53 Resolver.

  D. Ensure there is a route to the Route 53 Resolver in each of the VPC route tables.

  Correct Answer: A

• Question 525:

  CORRECT TEXT Update an existing AWS CloudFormation stack. If needed, a copy 0t the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

  1.

  Use the us-east-2 Region for all resources.

  2.

  Unless specified below, use the default configuration settings.

  3.

  update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

  a) Change the EC2 instance type to us-east-t2.nano.

  b) Allow SSH to connect to the EC2 instance from the IP address range 192.168.100.0/30.

  c) Replace the instance profile IAM role with IamRoleB.

  4.

  Deploy the changes by updating the stack using the CFServiceR01e role.

  5.

  Edit the stack options to prevent accidental deletion.

  6.

  Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

  

  A. Check the answer in explanation.

  B. Place Holder

  Correct Answer: A

  Solution as given below.

  

• Question 526:

  CORRECT TEXT

  A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

  1.

  Use the us-east-2 Region for all resources.

  2.

  Unless specified below, use the default configuration settings.

  3.

  There is an existing hosted zone named lab-751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

  4.

  Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

  5.

  For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

  6.

  In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

  7.

  Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

  A. Check the answer in explanation.

  B. Place Holder

  Correct Answer: A

  Solution as given below.

  

  

  

• Question 527:

  CORRECT TEXT

  If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

  If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

  Configure Amazon EventBridge to meet the following requirements.

  1.

  Use the us-east-2 Region for all resources.

  2.

  Unless specified below, use the default configuration settings.

  3.

  Use your own resource naming unless a resource name is specified below.

  4.

  Ensure all Amazon EC2 events in the default event bus are replayable for the past 90 days.

  5.

  Create a rule named RunFunction to send the exact message {"name":"example") every 15 minutes to an existing AWS Lambda function named LogEventFunction

  6.

  Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

  

  Input template:

  " The EC2 Spot Instance has been on account.

  A. Check the answer in explanation.

  B. Place Holder

  Correct Answer: A

  Solution as given below.

  

  

• Question 528:

  CORRECT TEXT

  If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

  If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V. Configure Amazon EventBridge to meet the following requirements.

  1.

  Use the us-east-2 Region for all resources.

  2.

  Unless specified below, use the default configuration settings.

  3.

  Use your own resource naming unless a resource name is specified below.

  4.

  Ensure all Amazon EC2 events in the default event bus are replayable for the past 90 days.

  5.

  Create a rule named RunFunction to send the exact message {"name":"example") every 15 minutes to an existing AWS Lambda function named LogEventFunction

  6.

  Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted. Do NOT create any topic subscriptions.

  The notification must match the following structure:

  Input path:

  {`instance`:`detail.instance-id}

  Input template:

  `The EC2 Spot Instance has been interrupted.`

  Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.

  A. Check the answer in explanation.

  B. Place Holder

  Correct Answer: A

  

  

  

  

  

  

  

  

  

  

  

  

  

• Question 529:

  CORRECT TEXT

  If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

  If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C, Command-V.

  Create a solution to automate Amazon EBS Volume snapshots using Amazon Data Lifecycle Manager.

  1.

  Use the us-east-2 Region for all resources.

  2.

  Unless specified below, use the default configuration settings.

  3.

  Create a snapshot of the existing EBS Volume named OriginalVolume.

  4.

  Create a 1 GB EBS Volume from the snapshot with default encryption.

  5.

  Add the tag Snapshot: true to the new EBS Volume.

  6.

  Ensure that snapshots of all volumes with the tag Snapshot:true are taken every 6 hours and retained for 90 days. Do NOT use a cron expression. Ensure this is the only lifecycle policy that exists. Use the IAM role named DLMRole. Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.

  A. Check the answer in explanation.

  B. Place Holder

  Correct Answer: A

  Explain detail with snapshot attached above based on Simulation Lab based activity.

  Brief -- Select u-east 2 regions, create a snapshot of existing Volume name it OrgianlVolume, Do tagging true, Should be every 6 hrs and implement LAM roles name DLMRole.

  

  

  

  

  

• Question 530:

  CORRECT TEXT

  If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

  If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C, Command-V.

  Use the following configuration requirements to create an Amazon DynamoDB Accelerator (DAX) cluster and modify an existing DynamoDB table.

  1.

  Use the us-east-2 Region for all resources.

  2.

  Use the default configuration settings unless different settings are specified in the following instructions.

  3.

  Configure a DAX cluster to expire cached data items after 240 seconds and to expire cached queries after 120 seconds. ***Note: Configure these values before you finalize creation of the cluster. Otherwise, you will have to wait until cluster creation is complete before you can do this step.

  4.

  Create a three-node DynamoDB DAX cluster that is named DaxLabCluster:

  a.

  Use dax.t3.small instances.

  b.

  Use the LabVPC VPC and the PrimaryPrivateSubnet and FailoverPrivateSubnet subnets.

  c.

  Use the LabDAXSG security group.

  d.

  Configure the DAX cluster to use the DynamoDBAccessRole IAM role.

  5. Modify the LabDynamoDBTable DynamoDB table so that the table uses on-demand capacity.

  Note: Do NOT wait until cluster creation is complete before you submit this exam lab.

  Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.

  A. Check the answer in explanation.

  B. Place Holder

  Correct Answer: A

  Steps mentioned above.

  Select us-east2 region Congure DAX eluser with 240 seconds and create 3 cluster.

  Use LabDAX5G security group to be configured.