SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 601:

    A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between 6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.

    What is the MOST operationally efficient solution that meets these requirements?

    A. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
    B. Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
    C. Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
    D. Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.

  • Question 602:

    A company has an Amazon EC2 instance that is deployed in an isolated private subnet in a VPC. The EC2 instance needs to access data that is in an Amazon S3 bucket. The company has an S3 gateway endpoint in the VPC. The connection to the S3 bucket is failing for an unknown reason. A SysOps administrator must investigate this issue while keeping the private subnet isolated.

    Which combination of steps will meet these requirements? (Select TWO.)

    A. Create an internet gateway. Ensure that the private subnet's route table has a route to the internet gateway.
    B. Create a NAT gateway. Ensure that the private subnet's route table has a route to the NAT gateway.
    C. Ensure that the private subnet's route table has a route to the S3 gateway endpoint.
    D. Ensure that the EC2 instance's security group allows inbound traffic from the prefix list for Amazon S3.
    E. Ensure that the EC2 instance's security group allows outbound traffic to the prefix list for Amazon S3.

  • Question 603:

    A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future.

    What is the MOST operationally efficient solution that meets these requirements?

    A. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.
    B. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
    C. Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
    D. Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.

  • Question 604:

    A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket.

    Which action will solve this problem while adhering to least privilege access?

    A. Add a bucket policy to the S3 bucket permitting access from the IAM role.
    B. Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
    C. Configure the route table to allow the instances on the private subnet access through the internet gateway.
    D. Create a NAT gateway in a private subnet and configure the route table for the private subnets.

  • Question 605:

    A company has an application that is deployed 10 two AWS Regions in an active-passive configuration. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling group in each Region. The application uses an Amazon Route 53 hosted zone (or DNS. A SysOps administrator needs to configure automatic failover to the secondary Region.

    What should the SysOps administrator do to meet these requirements?

    A. Configure Route 53 alias records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.
    B. Configure CNAME records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.
    C. Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as targets.
    D. Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as targets.

  • Question 606:

    A company observes that a newly created Amazon CloudWatch alarm is not transitioning out of the INSUFFICIENT_DATA state. The alarm was created to track the mem_used_percent metric from an Amazon EC2 instance that is deployed in a public subnet.

    A review of the EC2 instance shows that the unified CloudWatch agent is installed and is running. However, the metric is not available in CloudWatch. A SysOps administrator needs to implement a solution to resolve this problem

    Which solution will meet these requirements?

    A. Enable CloudWatch detailed monitoring for the EC2 instance.
    B. Create an 1AM instance profile that contains CloudWatch permissions. Add the instance profile to the EC2 instance.
    C. Migrate the EC2 instance into a private subnet
    D. Create an 1AM user that has an access key ID and a secret access key. Update the unified CloudWatch agent configuration file to use those credentials.

  • Question 607:

    A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket. Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

    A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
    B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
    C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
    D. Enable S3 server access logging to track requests made to the log bucket for security audits.

  • Question 608:

    A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any worry groups that urn 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block corresponds with the company's intranet.

    A. Create an AWS Config rule to detect noncompliant security groups. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDK block.
    B. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as the source address Attach this IAM policy to every user in the company.
    C. Create an AWS Lambda function to inspect now and existing security groups check for a noncompliant 0.0.0.0A) source address and change the source address to the approved CIDR block.
    D. Create a service control policy (SCP) for the organizational unit (OU) to deny the creation of security groups that have the 0.0.0.0/0 source address. Set up automatic remediation to change Vie 0.0.0.0/0 source address to the approved CIDR block.

  • Question 609:

    A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users across the globe. Which solution will meet these requirements?

    A. Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the request originates.
    B. Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon Route 53 to create an alias record that points to the CloudFront distribution.
    C. Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create an alias record that points to the ALB.
    D. Create an Application Load Balancer (ALB) and a target group in two Regions. Create an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in each target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct ALB based on where the request originates.

  • Question 610:

    A company is expanding its fleet of Amazon EC2 instances before an expected increase of traffic. When a SysOps administrator attempts to add more instances, an InstanceLimitExceeded error is returned. What should the SysOps administrator do to resolve this error?

    A. Add an additional CIDR block to the VPC.
    B. Launch the EC2 instances in a different Availability Zone.
    C. Launch new EC2 instances in another VPC.
    D. Use Service Quotas to request an EC2 quota increase.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.