SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 621:

    A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance. Which option would provide this information with the LEAST administrative overhead?

    A. Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring
    B. List any instances with failed system status checks using the AWS Management Console
    C. Monitor AWS CloudTrail for Stopinstances API calls
    D. Review the AWS Personal Health Dashboard

  • Question 622:

    A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS records.

    Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

    A. Geolocation routing policy
    B. Geoproximity routing policy
    C. Latency routing policy
    D. Multivalue answer routing policy

  • Question 623:

    A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account.

    Which combination of steps must the SysOps administrator take to meet this requirement? (Select TWO.)

    A. Sign in to the new account by using IAM credentials. Change the support plan.
    B. Sign in to the new account by using root user credentials. Change the support plan.
    C. Use the AWS Support API to change the support plan.
    D. Reset the password of the account root user.
    E. Create an IAM user that has administrator privileges in the new account.

  • Question 624:

    A company is testing Amazon Elasticsearch Service (Amazon ES) as a solution for analyzing system logs from a fleet of Amazon EC2 instances. During the test phase, the domain operates on a single-node cluster. A SysOps administrator needs to transition the test domain into a highly available production-grade deployment.

    Which Amazon ES configuration should the SysOps administrator use to meet this requirement?

    A. Use a cluster of four data nodes across two AWS Regions. Deploy four dedicated master nodes in each Region.
    B. Use a cluster of six data nodes across three Availability Zones. Use three dedicated master nodes.
    C. Use a cluster of six data nodes across three Availability Zones. Use six dedicated master nodes.
    D. Use a cluster of eight data nodes across two Availability Zones. Deploy four master nodes in a failover AWS Region.

  • Question 625:

    A company's backend infrastructure contains an Amazon EC2 instance in a private subnet. The private subnet has a route to the internet through a NAT gateway in a public subnet. The instance must allow connectivity to a secure web server on the internet to retrieve data at regular intervals.

    The client software times out with an error message that indicates that the client software could not establish the TCP connection.

    What should a SysOps administrator do to resolve this error?

    A. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0.0.0.0/0.
    B. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0.0.0.0/0.
    C. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0.0.0.0/0.
    D. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS. Destination - 0.0.0.0/0.

  • Question 626:

    A company runs an application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application sometimes becomes slow and unresponsive. Amazon CloudWatch metrics show that some EC2 instances are experiencing high CPU load.

    A SysOps administrator needs to create a CloudWatch dashboard that can automatically display CPU metrics of all the EC2 instances. The metrics must include new instances that are launched as part of the Auto Scaling group.

    What should the SysOps administrator do to meet these requirements in the MOST operationally efficient way?

    A. Create a CloudWatch dashboard. Use activity notifications from the Auto Scaling group to invoke a custom AWS Lambda function. Use the Lambda function to update the CloudWatch dashboard to monitor the CPUUtilization metric for the new instance IDs.
    B. Create a CloudWatch dashboard. Run a custom script on each EC2 instance to stream the CPU utilization to the dashboard.
    C. Use CloudWatch metrics explorer to filter by the aws:autoscaling:groupName tag and to create a visualization for the CPUUtilization metric. Add the visualization to a CloudWatch dashboard.
    D. Use CloudWatch metrics explorer to filter by instance state and to create a visualization for the CPUUtilization metric. Add the visualization to a CloudWatch dashboard.

  • Question 627:

    A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

    Which condition should be used with the alarm?

    A. AWS/ApplicationELB HealthyHostCount
    B. AWS/ApplicationELB UnhealthyHostCount >= 1
    C. AWS/EC2 StatusCheckFailed
    D. AWS/EC2 StatusCheckFailed >= 1

  • Question 628:

    A SysOps administrator must ensure that all of a company's Amazon S3 buckets have versioning enabled. Which solution will meet this requirement?

    A. Enable AWS Config. Set up the s3-bucket-versioning-enabled AWS Config managed rule. Specify the configuration changes trigger type. Configure an automatic remediation action that uses an AWS Lambda function to enable versioning on noncompliant S3 buckets.
    B. Enable AWS Config. Set up the s3-bucket-versioning-enabled AWS Config managed rule. Specify the configuration changes trigger type. Configure an automatic remediation action that uses the AWS-ConfigureS3BucketVersioning AWS Systems Manager Automation runbook to enable versioning on noncompliant S3 buckets.
    C. Enable Amazon GuardDuty. Use GuardDuty to identify S3 buckets that have versioning disabled. Create an Amazon EventBridge rule that sends the GuardDuty findings to AWS Systems Manager Automation. Specify the AWSConfigureS3BucketVersioning Systems Manager Automation runbook to enable versioning on noncompliant S3 buckets.
    D. Enable Amazon GuardDuty. Use GuardDuty to identify S3 buckets that have versioning disabled. Create an Amazon EventBridge rule that sends the GuardDuty findings to a target AWS Lambda function. Configure the Lambda function to enable versioning on noncompliant S3 buckets.

  • Question 629:

    The company requires a disaster recovery solution for an Aurora PostgreSQL database with a 20-second RPO.

    A. Reconfigure the database to be an Aurora global database. Set the RPO to 20 seconds.
    B. Reconfigure the database to be an Aurora Serverless v2 database with an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.
    C. Modify the database to use a Multi-AZ cluster that has two readable standby instances in separate Availability Zones. Add an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.

  • Question 630:

    A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code.

    Which solution will meet these requirements?

    A. Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name
    B. Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution.
    C. Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.
    D. Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.