Updated Feb 17, 2022 Verified Pass SOA-C02 Exam in First Attempt Guaranteed [Q65-Q84]

Updated Feb 17, 2022 Verified Pass SOA-C02 Exam in First Attempt Guaranteed

Free SOA-C02 Sample Questions and 100% Cover Real Exam Questions (Updated 146 Questions)

NEW QUESTION 65
A company has a new requirement stating that all resources In AWS must be tagged according to a set policy.
Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

• A. AWS Systems Manager
• B. Amazon Inspector
• C. AWS Config
• D. AWS CloudTrail

Answer: C

 

NEW QUESTION 66
A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template should refer to the resources created by the first template.
How can this be accomplished with the LEAST amount of administrative effort?

• A. Add an export field to the outputs of the first template and import the values in the second template.
• B. Input the names of resources in the first template and refer to those names in the second template as a parameter.
• C. Create a custom resource that queries the stack created by the first template and retrieves the required values.
• D. Create a mapping in the first template that is referenced by the second template.

Answer: A

Explanation:
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html

 

NEW QUESTION 67
What protect an Amazon S3 bucket?

• A. Enable Amazon S3 versioning on the bucket.
• B. Enable server-side encryption on the bucket.
• C. Enable snapshots on the bucket.
• D. Deny Post. Put. and Delete on the bucket.

Answer: B

 

NEW QUESTION 68
A SysOps administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing What should the administrator do first to resolve this issue?

• A. Stop and then start the EC2 instance so that it can be launched on a new host
• B. View the AWS CloudTrail log to investigate what changed on the EC2 instance
• C. Reboot the EC2 instance so it can be launched on a new host
• D. Terminate the EC2 instance and relaunch it

Answer: A

Explanation:
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-windows-system-status-check-fail/

 

NEW QUESTION 69
A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance's public IP address from the remote IP address 203.0.113.12, the response is "request timed out." The flow logs contain the following information:

What is one cause of the problem?

• A. Outbound security group deny rule
• B. Network ACL inbound rules
• C. Inbound security group deny rule
• D. Network ACL outbound rules

Answer: D

 

NEW QUESTION 70
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website's apex domain name (for example,
"company.com") to the Application Load Balancer?

• A. CNAME
• B. TXT
• C. SOA
• D. ALIAS

Answer: D

 

NEW QUESTION 71
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

• A. Configure the file system for Provisioned Throughput.
• B. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
• C. Enable encryption in transit on the file system.
• D. Identify any unused files in the file system, and remove the unused files.

Answer: A

 

NEW QUESTION 72
A SysOps administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%.
Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select TWO.)

• A. Enable automatic compression of objects in the Cache Behavior Settings.
• B. Configure the distribution to use presigned cookies and URLs to restrict access to the distribution.
• C. Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings.
• D. Change the Viewer Protocol Policy to use HTTPS only.
• E. Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Answer: C,E

 

NEW QUESTION 73
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.
Which solution will meet this requirement?

• A. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
• B. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.
• C. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.
• D. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.

Answer: A

 

NEW QUESTION 74
A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.)

• A. ALB access logs
• B. AWS CloudTrail logs
• C. VPC Flow Logs
• D. CloudFront access logs
• E. RDS logs

Answer: A,D

Explanation:
Reference:
"C" because Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
"D" because "you can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives"
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

 

NEW QUESTION 75
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?

• A. EBS General Purpose SSD volumes
• B. S3 objects within a bucket
• C. Amazon EFS file systems
• D. RDS PostgreSQL database

Answer: D

 

NEW QUESTION 76
A company uses AWS Cloud Formation templates to deploy cloud infrastructure. An analysis of all the company's templates shows that the company has declared the same components in multiple templates. A SysOps administrator needs to create dedicated templates that have their own parameters and conditions for these common components.
Which solution will meet this requirement?

• A. Develop CloudFormation nested stacks.
• B. Develop a CloudFormaiion change set.
• C. Develop CloudFormation macros.
• D. Develop CloudFormation stack sets.

Answer: A

 

NEW QUESTION 77
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

• A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
• B. The Auto Scaling group was configured for only two Availability Zones.
• C. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.
• D. The ALB was configured for only two Availability Zones.

Answer: D

 

NEW QUESTION 78
A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that some requests are going directly to the S3 bucket by using the website hosting endpoint. A SysOps administrator must secure the S3 bucket to allow requests only from CloudFront.
What should the SysOps administrator do to meet this requirement?

• A. Update the S3 bucket policy to allow access only from the CloudFront distribution. Remove access to and from other principals in the S3 bucket policy. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.
• B. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.
• C. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.
• D. Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Remove access to and from other principals in the S3 bucket policy. Update the S3 bucket policy to allow access only from the OAI.

Answer: D

 

NEW QUESTION 79
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests.
Where can the administrator find this information?

• A. Auto Scaling logs
• B. Elastic Load Balancer access logs
• C. EC2 instance logs
• D. AWS CloudTrail logs

Answer: A

 

NEW QUESTION 80
A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

• A. Add a bucket policy that grants everyone read access to the bucket objects.
• B. Configure cross-origin resource sharing (CORS) on the bucket.
• C. Add a bucket policy that grants everyone read access to the bucket.
• D. Remove the default bucket policy that denies read access to the bucket.

Answer: A

 

NEW QUESTION 81
A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.
What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

• A. Modify the existing EFS file system and activate Provisioned Throughput mode.
• B. Modify the existing EFS file system and activate Max I/O performance mode.
• C. Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.
• D. Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.

Answer: D

 

NEW QUESTION 82
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?

• A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
• B. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
• C. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.
• D. Perform a CloudWatch Logs search that uses the groupby keyword and count function.

Answer: A

 

NEW QUESTION 83
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data.
Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirements?

• A. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.
• B. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.
• C. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.
• D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server's IP address to Kibana.

Answer: A

 

NEW QUESTION 84
......

Download Real Amazon SOA-C02 Exam Dumps Test Engine Exam Questions: https://www.dumpexams.com/SOA-C02-real-answers.html

Verified SOA-C02 Dumps Q&As - SOA-C02 Test Engine with Correct Answers: https://drive.google.com/open?id=1a1T5ShvPxsToHYsJNPyqaAuQ_lIMxNsl