A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation.
Which solution will meet these requirements?
A. Create an AWS::SecretsManager::Secret resource in the CloudF ormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
C. Create an AWS::SSM::Parameter resource in he CloudFormation template. Reference the credentias in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.
A company has a core application that must run 24 hours a day, 7 days a week. The application uses Amazon EC2. AWS Fargate, and AWS Lambda. The company uses a combination of operating systems across different AWS Regions.
The company needs to maximize cost savings while committing to a pricing model that offers flexibility to make changes.
What should the company do to meet these requirements?
A. Purchase a Compute Savings Plan that is based on Savings Plans recommendations
B. Purchase an EC2 Instance Savings Plan that covers the EC2 instance types and the Fargate and Lambda vCPU equivalents.
C. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy,
D. Use EC2 Spot Instances that match the type and size of existing instances that run in each Region.
A company's architecture team must receive immediate email notification whenever new Amazon EC2 instances are launched in the company's main AWS production account.
`What should a SysOps administrator do to meet this requirement?
A. Create a user data script that sends an email message through a smart host connector. Include the architecture team's email address in the user data script as the recipient. Ensure that all new EC2 instances include the user data script as part of a standardized build process.
B. Create an Amazon Simple Notification Service (Amazon SNS) topic and a subscription that uses the email protocol. Enter the architecture team's email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SNS topic as the rule's target.
C. Create an Amazon Simple Queue Service (Amazon SQS) queue and a subscription that uses the email protocol. Enter the architecture team's email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SQS queue as the rule's target.
D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure AWS Systems Manager to publish EC2 events to the SNS topic. Create an AWS Lambda function to poll the SNS topic. Configure the Lambda function to send any messages to the architecture team's email address.
A company has a policy that all Amazon EC2 instance logs must be published to Amazon CloudWatch Logs. A SysOps administrator is troubleshooting an EC2 instance that is running Amazon Linux 2. The EC2 instance is not publishing logs to CloudWatch Logs. The Amazon CloudWatch agent is running on the EC2 instance, and the agent configuration file is correct.
What should the SysOps administrator do to resolve the issue?
A. Configure the AWS CLI on the EC2 instance. Create a cron job that calls the PutLogEvents API operation to push the log files to CloudWatch every 5 minutes.
B. Inspect the retention period of the CloudWatch Logs log group. Ensure that the retention period is set to a value that is greater than 1 day.
C. Set up an Amazon Kinesis data stream that is running in the same AWS Region as the EC2 instance. Configure the CloudWatch agent on the EC2 instance to send CloudWatch events to the data stream.
D. Ensure that the IAM role that is attached to the EC2 instance has permissions in CloudWatch Logs for the CreateLogGroup, CreateLogStream, PutLogEvents, and DescribeLogStreams actions.
A company runs a workload on an Amazon EC2 instance. The workload needs a temporary cache that contains data that changes frequently. The workload does not need to retain the cache across instance restarts.
Which storage option will provide the HIGHEST performance for the cache?
A. General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume
B. Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume
C. Throughput Optimized HDD (st1) Amazon Elastic Block Store (Amazon EBS) volume
D. EC2 instance store
A company runs multiple workloads across an organization in AWS Organizations. The company's finance team needs detailed dashboards to track cost changes and provide detailed cost metrics. The finance team needs to track trends as granular as every hour.
What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?
A. Generate Amazon CloudWatch dashboards by using CloudWatch insights and AWS Cost Explorer data.
B. Generate an AWS Cost and Usage Report. Store the report in Amazon S3. Use Amazon Athena to query the data. Use Amazon QuickSight to develop dashbosrds based on the data in the AWS Cost and Usage Report.
C. Create an AWS Lambda function that runs once a day and assumes a role in every account in the organization. Configure the Lambda function to read AWS Cost Explorer data in each account and to store the cost data in an Amazon S3 bucket. Use Amazon Athena to query the data. Use Amazon QuickSight to display the data in dashboards.
D. Create an IAM user for the finance team. Grant permissions to the IAM user to view AWS Cost Explorer data and billing data in the management account.
A SysOps administrator must analyze Amazon CloudWatch logs across 10 AWS Lambda functions for historical errors. The logs are in JSON format and are stored in Amazon S3. Errors sometimes do not appear in the same field, but all errors begin with the same string prefix.
What is the MOST operationally efficient way for the SysOps administrator to analyze the log files?
A. Use S3 Select to write a query to search for errors. Run the query across all log groups of interest.
B. Create an AWS Glue processing job to index the logs of interest. Run a query in Amazon Athena to search for errors.
C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run the query across all log groups of interest.
D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across all log groups of interest.
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files.
A SysOps administrator sets up a new S3 bucket, DOC-EXAMPLE-BUCKET, to support a new workload, The rew S3 bucket also receives regular uploads cf large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing $3 buckets provide
What should the SysOps administrator do to remediate this issue?
A. Provision an Amazon ElastiCache for Redis cluster for the new S3 bucket. Provide the developers with the configuration endpoint of the cluster for use in their API calls
B. Add the new S3 bucket to a new Amazon CloudFront distribution. Provide the developers with the domain name of the new distribution for use in their API calls.
C. Enable S3 Transfer Acceleration for the new S3 bucket. Verify that the developers are using the DOC-EXAMPLE-BUCKET.s3-accelerate.amazonaws.com endpoint name in their API calls.
D. Use S3 multipart upload for the new S3 bucket. Verify that the developers are using Region-specific S3 endpoint names such as DOC-EXAMPLE-BUCKETS3, [Region] amazonaws.com in their API calls.
A SysOps administrator wants to use AWS Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances.
Which solution will meet these requirements?
A. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Add an auto-approval delay to each patch group. Create a single maintenance window.
B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.
C. Use tags to identity development instances and production instances. In Patch Manager, create two patch groups and one patch baseline, Create two separate maintenance windows, each with an auto-approval delay.
D. Use tags to identify development instances. In Patch Manager, create one patch group and one patch baseline. Specify auto-approval delays in the patch baseline, Add development instances to the new patch group. Use predefined Patch Manager patch baselines for all remaining instances. Create a single maintenance window.
A SysOps administrator needs to update an AWS account name.
What should the SysOps administrator do to accomplish this goal?
A. Add the AdministratorAccess policy to the SysOps administrator's IAM user.
B. Add the AWS_ConfigureRole policy to the SysOps administrator's IAM user.
C. Change the AWS account name through the AWS Trusted Advisor interface.
D. Sign in as the AWS account root user to make the change.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.