SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 631:

    A SysOps administrator manages the caching of an Amazon CloudFront distribution that serves pages of a website, The SysOps administrator needs to configure the distribution so that the TTL of individual pages can vary. The TTL of the individual pages must remain within the maximum TLL and the minimum TTL that are set for the distribution.

    Which solution will meet these requirements?

    A. Create an AWS Lambda function that calls the Createlnvalidation API operation when a change in cache time is necessary.
    B. Add a Cache-Control: max-age directive to the object at the origin when content is being returned to CloudFront.
    C. Add a no-cache header through a Lambda@Edge function in response to the Viewer response.
    D. Add.an Expires header through a CloudFront function in response to the Viewer response.

  • Question 632:

    A company's SysOps administrator manages a fleet of hundreds of Amazon EC2 instances that run Windows-based workloads and Linux-based workloads. Each EC2 instance has a tag that identifies its operating system. All the EC2 instances run AWS Systems Manager Session Manager.

    A zero-day vulnerability is reported, and no patches are available. The company's security team provides code for all the relevant operating systems to reduce the risk of the vulnerability. The SysOps administrator needs to implement the code on the EC2 instances and must provide a report that shows that the code has successfully run on all the instances.

    What should the SysOps administrator do to meet these requirements as quickly as possible?

    A. Use Systems Manager Run Command. Choose either the AWS-RunShellScript document or the AWS-RunPowerShellScript document. Configure Run Command with the code from the security team. Specify the operating system tag in the Targets parameter. Run the command. Provide the command history's evidence to the security team.
    B. Create an AWS Lambda function that connects to the EC2 instances through Session Manager. Configure the Lambda function to identify the operating system, run the code from the security team, and return the results to an Amazon RDS DB instance. Query the DB instance for the results. Provide the results as evidence to the security team.
    C. Log on to each EC2 instance. Run the code from the security team on each EC2 instance. Copy and paste the results of each run into a single spreadsheet. Provide the spreadsheet as evidence to the security team.
    D. Update the launch templates of the EC2 instances to include the code from the security team in the user data. Relaunch the EC2 instances by using the updated launch templates. Retrieve the EC2 instance logs of each instance. Provide the EC2 instance logs as evidence to the security team.

  • Question 633:

    A company receives an alert from an Amazon CloudWatch alarm The alarm indicates that a web application that Is running on Amazon EC2 instances is not responding to requests The EC2 instances have a Red Hat Enterprise Linux operating system and are in an Auto Scaling group. The Auto Scaling group has a minimum capacity of 2 and a maximum capacity of 5.

    An Investigation reveals that the web application is experiencing oul-of-memory errors. The company adds memory lo the web application and wants to track operating system memory utilization. A CloudWatch memory metric does not currently exist tor the EC2 Instances in the Auto Scaling group

    What should a SysOps administrator do to provide a CloudWatch memory metric for the EC2 instances?

    A. Use an Amazon Machine Image (AMI) that includes the CloudWatch agent.
    B. Turn on CloudWatch detailed monitoring
    C. Turn on Instance Metadata Service Version 2 (IMOSv2).
    D. Use an Amazon Machine Image (AMI) that is based on Amazon Linux.

  • Question 634:

    ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds.

    How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?

    A. The Auto Scaling group will launch an additional EC2 instance every time the RequestCountPerTarget metric exceeds the predefined limit.
    B. The Auto Scaling group will launch one EC2 instance and will wait for the default cooldown period before launching another instance.
    C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not add new EC2 instances until the load is normalized.
    D. The Auto Scaling group will try to distribute the traffic among all EC2 instances before launching another instance.

  • Question 635:

    A SysOps administrator is configuring Amazon CloudWatch alarms. A particular is constantly in the ALARM state.

    What could be the reason for this issue?

    A. Alarms continue to evaluate metrics against configured thresholds, even after they are triggered.
    B. After alarms are triggered, they remain in the ALARM state until they are manually disabled.
    C. After an alarm is triggered and an action is performed, the application logic must reset the alarm to its normal state.
    D. The alarm is not receiving appropriate metrics.

  • Question 636:

    A company is implementing a monitoring solution that is based on machine learning. The monitoring solution consumes Amazon EventBridge (Amazon CloudWatch Events) events that are generated by Amazon EC2 Auto Scaling. The monitoring solution provides detection of anomalous behavior such as unanticipated scaling events and is configured as an EventBridge (CloudWatch Events) API destination.

    During initial testing, the company discovers that the monitoring solution is not receiving events. However, Amazon CloudWatch is showing that the EventBridge (CloudWatch Events) rule is being invoked. A SysOps administrator must implement a solution to retrieve client error details to help resolve this issue. Which solution will meet these requirements with the LEAST operational effort?

    A. Create an EventBridge (CloudWatch Events) archive for the event pattern to replay the events. Increase the logging on the monitoring solution. Use replay to invoke the monitoring solution. Examine the error details.
    B. Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letter queue for the target. Process the messages in the dead-letter queue to retrieve error details.
    C. Create a second EventBridge (CloudWatch Events) rule for the same event pattern to target an AWS Lambda function. Configure the Lambda function to invoke the monitoring solution and to record the results to Amazon CloudWatch Logs. Examine the errors in the logs.
    D. Configure the EventBridge (CloudWatch Events) rule to send error messages to an Amazon Simple Notification Service (Amazon SNS) topic.

  • Question 637:

    An ecommerce company has built a web application that uses an Amazon Aurora DB cluster. The DB cluster includes memory optimized instance types with both a writer node and a reader node. Traffic volume changes throughout the day.

    During sudden traffic surges, Amazon CloudWatch metrics for the DB cluster indicate high RAM consumption and an increase in select latency.

    A SysOps administrator must implement a configuration change to improve the performance of the DB cluster. The change must minimize downtime and must not result in the loss of data.

    Which change will meet these requirements?

    A. Add an Aurora Replica to the DB cluster.
    B. Modify the DB cluster to convert the DB cluster into a multi-master DB cluster.
    C. Take a snapshot of the DB cluster. From that snapshot, create a new DB cluster that has larger memory optimized instances.
    D. Increase the disk storage capacity of the DB cluster to double the existing disk capacity.

  • Question 638:

    A company has an application that runs behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon Route 53 record set contains an alias record for app.anycompany.com that references the ALB in us-west-2 and uses a simple routing policy. The application is experiencing an increase in users from other locations in the world. These users are experiencing high latency.

    Most of the new users are close to the ap-southeast-2 Region. The company deploys a copy of the application to ap-southeast-2. A SysOps administrator must implement a solution that automatically routes requests to the lowest latency endpoint for users without changing the URL.

    Which solution will meet these requirements?

    A. Add a new value to the existing alias record for app.anycompany.com with the DNS name of the new ALB in ap-southeast-2.
    B. Change the existing alias record to use a geolocation routing policy. Create two geolocation records, one record that references each ALSelect the location that is closest to each Region.
    C. Change the existing alias record to use a latency routing policy. Create two latency records, one record that references each ALB.
    D. Change the existing alias record to use a multivalue routing policy Add the DNS name of each ALB to the record.

  • Question 639:

    A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon FC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified.

    Which solution will meet this requirement?

    A. Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance
    B. Use VPC flow logs with Amazon Athena to block traffic to the external IP address
    C. Create a network ACL Add an outbound deny rule tor traffic to the external IP address
    D. Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC

  • Question 640:

    A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the management account.

    What could be the reason for this issue?

    A. All features have not been enabled in the organization.
    B. Consolidated billing has not been enabled.
    C. The member accounts do not have tags enabled for cost allocation.
    D. The member accounts have not manually enabled trusted access for Compute Optimizer.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.