SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 611:

    A company decides to stop non-production Amazon EC2 instances during the EC2 instances. The company's IT manager must receive notification in near real time whenever an EC2 instance that has an environment type tag value of non-production is started during the night.

    Which solution will meet this requirement with the MOST operational efficiency?

    A. Configure an AWS Lambda function with an SMTP client library. Subscribe the Lambda function to the AWS Health Dashboard to receive notification whenever an EC2 instance is in the running state. Configure the Lambda function to use Amazon Pinpoint to send email notifications to the IT manager. Deploy a second Lambda function to throttle calls from the first Lambda function during the daytime.
    B. Deploy an AWS Lambda function that queries the Amazon EC2 API to determine the state of each EC2 instance. Use the EC2 instance scheduler to configure the Lambda function to run every minute during the night and to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.
    C. Create an Amazon EventBridge rule that includes the EC2 Instance State-change Notification event type. Filter the event to capture only the running state. Create an AWS Lambda function as a target of the rule. Configure the Lambda function to check the current time and the EC2 instances' tags to determine the environment type. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target of the Lambda function for notifications. Subscribe the IT manager's email address to the SNS topic.
    D. Store the EC2 instance metadata, including the environment type, in an Amazon DynamoDB table. Deploy a custom application to an EC2 instance. Configure the custom application to poll the DynamoDB data every minute during the night and to query the Amazon EC2 API to determine the state of each instance. Additionally, configure the custom application to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.

  • Question 612:

    A company's security policy requires incoming SSH traffic to be restricted to a defined set of addresses. The company is using an AWS Config rule to check whether security groups allow unrestricted incoming SSH traffic.

    A SysOps administrator discovers a noncompliant resource and fixes the security group manually. The SysOps administrator wants to automate the remediation of other noncomphant resources.

    What is the MOST operationally efficient solution that meets these requirements?

    A. Create an Amazon CloudWatch alarm for the AWS Config rule's status metric Create an AWS Lambda function that can remove the noncompliant rule from the security group. Configure the alarm action to invoke the Lambda function.
    B. Configure an automatic remediation action on the AWS Config rule Specify the AWS- DisablelncommgSSHOnPort22 remediation action.
    C. Configure an Amazon EventBridge rule for AWS Config configuration item change events. Create an AWS Lambda function that can remove the noncompliant rule from the security group. Configure the rule to invoke the Lambda function.
    D. Create an AWS Lambda function that can analyze a security group's inbound rules to check for unrestricted SSH access. Configure the Lambda function to remove the noncompliant rule from the security group. Configure an Amazon EventBridge rule to invoke the Lambda function every hour.

  • Question 613:

    A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted. How should the SysOps administrator meet these requirements?

    A. Enable log file integrity validation. Use the AWS CLI to validate the log files.
    B. Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files.
    C. Use CloudTrail Insights to monitor the log files for modifications.
    D. Use Amazon CloudWatch Logs to monitor the log files for modifications.

  • Question 614:

    CORRECT TEXT

    If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

    If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V. Configure Amazon EventBridge to meet the following requirements.

    1. Use the us-east-2 Region for all resources.

    2. Unless specified below, use the default configuration settings.

    3. Use your own resource naming unless a resource name is specified below.

    4. Ensure all Amazon EC2 events in the default event bus are replayable for the past 90 days.

    5. Create a rule named RunFunction to send the exact message {"name":"example") every 15 minutes to an existing AWS Lambda function named LogEventFunction

    6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted.

    Do NOT create any topic subscriptions.

    The notification must match the following structure:

    Input path:

    {`instance`:`detail.instance-id}

    Input template:

    `The EC2 Spot Instance has been interrupted.`

    Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.

    A. Check the answer in explanation.
    B. Place Holder

  • Question 615:

    A SysOps administrator needs to configure an Amazon S3 bucket to host a web application. The SysOps administrator has created the S3 bucket and has copied the static files for the web application to the S3 bucket.

    The company has a policy that all $3 buckets must not be public.

    What should the SysOps administrator do to meet these requirements?

    A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with an origin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucket policy.
    B. Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create a DNS CNAME to point to the S3 website endpoint.
    C. Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALB listener configuration. Forward the traffic to the S3 bucket.
    D. Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port 443. Set the endpoint type to forward the traffic to the S3 bucket.

  • Question 616:

    A SysOps administrator needs to deploy a critical update to a web application that runs on Amazon EC2 instances. The SysOps administrator must minimize application downtime during the update. The SysOps administrator also must minimize the risk of a failed deployment of the update.

    Which deployment types will meet these requirements? (Select TWO.)

    A. All-at-once deployment
    B. Blue/green deployment
    C. Canary deployment
    D. Immutable deployment
    E. In-place deployment

  • Question 617:

    A SysOps administrator must ensure that all of a company's current and future Amazon S3 buckets have logging enabled If an S3 bucket does not have logging enabled an automated process must enable logging for the S3 bucket.

    Which solution will meet these requirements?

    A. Use AWS Trusted Advisor 10 perform a check for S3 buckets that do not have logging enabled Configure the check to enable logging for S3 buckets that do not have logging enabled.
    B. Configure an S3 bucket policy that requires all current and future S3 buckets to have logging enabled
    C. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging.
    D. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLoggmg AWS Systems Manager Automation runbook to enable logging.

  • Question 618:

    A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.

    Which solution will meet these requirements?

    A. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3.
    B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3.
    C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3.
    D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.

  • Question 619:

    A company's SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots are deleted.

    Which solution will provide this functionality?

    A. Turn on deletion protection on individual EBS snapshots that need to be kept.
    B. Create an IAM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age Apply the policy to all users
    C. Create a Recycle Bin retention rule for EBS snapshots for the desired retention period.
    D. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.

  • Question 620:

    A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

    Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)

    A. Change to the least outstanding requests algorithm on the ALB target group.
    B. Configure cookie forwarding in the CloudFront distribution's cache behavior settings.
    C. Configure header forwarding in the CloudFront distribution's cache behavior settings.
    D. Enable group-level stickiness on the ALB listener rule for the target groups.
    E. Enable sticky sessions on the ALB target group.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.