[2022] Verified SOA-C02 Dumps Q&As - 1 Year Free & Quickly Updates

Latest 2022 Realistic Verified SOA-C02 Dumps - 100% Free SOA-C02 Exam Dumps

NEW QUESTION 20
A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company already has configured the database to use the maximum max_connections value that is possible What should a SysOps administrator do to resolve these errors'?

• A. Increase the value in the max_connect_errors parameter in the parameter group that the database uses
• B. Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function
• C. Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases
• D. Update the Lambda function's reserved concurrency to a higher value

Answer: C

 

NEW QUESTION 21
A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.
Which AWS service will mitigate this issue?

• A. Amazon Cognito
• B. AWS Shield Standard
• C. AWS WAF
• D. Elastic Load Balancing

Answer: B

 

NEW QUESTION 22
A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.
How should the administrator implement this process?

• A. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP. export the database contents into a file, then share this file with the other accounts.
• B. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
• C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
• D. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.

Answer: D

 

NEW QUESTION 23
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

• A. The Auto Scaling group was configured for only two Availability Zones.
• B. The ALB was configured for only two Availability Zones.
• C. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
• D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Answer: A

Explanation:
Reference:
the autoscaling group is responsable to add the instances in the subnets

 

NEW QUESTION 24
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?

• A. Create an Aurora Replica. Promote the replica to replace the primary DB instance.
• B. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.
• C. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
• D. Use backtracking to rewind the existing DB cluster to the desired recovery point.

Answer: B

 

NEW QUESTION 25
A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts.
Which AWS feature should the SysOps administrator use to meet these requirements?

• A. IAM user permissions boundaries
• B. AWS Config aggregator
• C. AWS Organizations service control policies (SCPs)
• D. AWS Security Hub conformance packs

Answer: C

 

NEW QUESTION 26
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

• A. Enable encryption in transit on the file system.
• B. Identify any unused files in the file system, and remove the unused files.
• C. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
• D. Configure the file system for Provisioned Throughput.

Answer: D

 

NEW QUESTION 27
A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?

• A. The instances are still in the boot process
• B. The instances are included in a different set of metrics
• C. The instances have not been attached to the Auto Scaling group
• D. The warm-up period has not expired

Answer: A

 

NEW QUESTION 28
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.
Which solution will meet this requirement?

• A. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
• B. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.
• C. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.
• D. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.

Answer: A

Explanation:
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html#AddingStopActions

 

NEW QUESTION 29
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.
Which solution will meet these requirements?

• A. Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
• B. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Seating group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).
• C. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topic. Subscribe the SysOps team email address to the SNS topic.
• D. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.

Answer: A

Explanation:
Reference:
You can create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically recovers the instance if it becomes impaired due to an underlying hardware failure or a problem that requires AWS involvement to repair. Terminated instances cannot be recovered. A recovered instance is identical to the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata. If the impaired instance has a public IPv4 address, the instance retains the public IPv4 address after recovery. If the impaired instance is in a placement group, the recovered instance runs in the placement group. When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you selected when you created the alarm and associated the recover action. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html

 

NEW QUESTION 30
A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working In us-east-1. but it is failing In us-west-2 with the error code:

How should the administrator ensure that the AWS Cloud Formation template is working in every region?

• A. Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings" section. Refer to the proper mapping within the template for the proper AMI ID.
• B. Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control.
• C. Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.
• D. Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID.

Answer: C

 

NEW QUESTION 31
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it What address should be used to create the customer gateway resource?

• A. The public IP address of the customer gateway device
• B. The private IP address of the customer gateway device
• C. The public IP address of the NAT device in front of the customer gateway device
• D. The MAC address of the NAT device in front of the customer gateway device

Answer: C

 

NEW QUESTION 32
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's dat a. The vendor has provided an IAM role Amazon Resource Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

• A. Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
• B. Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.
• C. Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
• D. Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.

Answer: D

 

NEW QUESTION 33
A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.
What should the SysOps administrator do to meet these requirements?

• A. Launch the instances into a cluster placement group in a single AWS Region.
• B. Launch the instances into a spread placement group in single AWS Region.
• C. Launch the instances into a partition placement group in multiple AWS Regions.
• D. Launch the instances into a spread placement group in multiple AWS Regions.

Answer: C

 

NEW QUESTION 34
A software development company has multiple developers who work on the same product. Each developer must have their own development environment, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?

• A. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.
• B. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment resources.
• C. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance.
• D. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.

Answer: A

 

NEW QUESTION 35
A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately What should the SysOps administrator do to meet these requirements WITHOUT writing custom code''

• A. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail
• B. Add the AWS account to AWS Organizations Enable CloudTrail in the management account
• C. Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action
• D. Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail

Answer: C

 

NEW QUESTION 36
A company runs us Infrastructure on Amazon EC2 Instances that run In an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2 fleet. This faulty code caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved.
What should a SysOps administrator do to retain the application logs after instances are terminated?

• A. Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrail. Update the launch template to use the new AMI.
• B. Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
• C. Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch template. Configure the CloudWatch agent to back up the logs to ephemeral storage.
• D. Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.

Answer: D

 

NEW QUESTION 37
An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy.
What is likely to be the problem?

• A. The account has reached the default limit for VPCs allowed.
• B. The VPC configuration parameters have changed and must be updated in the template.
• C. The AWS CloudFormation template needs to be updated to the latest version.
• D. The Amazon Machine image used is not available in that region.

Answer: A

 

NEW QUESTION 38
A company has multiple AWS Site-to-Site VPN connections between a VPC and its branch offices. The company manages an Amazon Elasticsearch Service (Amazon ES) domain that is configured with public access. The Amazon ES domain has an open domain access policy. A SysOps administrator needs to ensure that Amazon ES can be accessed only from the branch offices while preserving existing data.
Which solution will meet these requirements?

• A. Configure an identity-based access policy on Amazon ES. Add an allow statement to the policy that includes the Amazon Resource Name (ARN) for each branch office VPN connection.
• B. Configure an IP-based domain access policy on Amazon ES. Add an allow statement to the policy that includes the private IP CIDR blocks from each branch office network.
• C. Deploy a new Amazon ES domain in private subnets in a VPC, and import a snapshot from the old domain. Create a security group that allows inbound traffic from the branch office CIDR blocks.

Answer: B

Explanation:
D.
Reconfigure the Amazon ES domain in private subnets in a VPC. Create a security group that allows inbound traffic from the branch office CIDR blocks.

 

NEW QUESTION 39
A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above 70%.
A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of instances.
The SysOps administrator must restore the website's functionality without making changes to the network infrastructure.
Which solution will meet these requirements?

• A. Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.
• B. Activate unlimited mode for the instances in the Auto Scaling group.
• C. Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.
• D. Move the website to a different AWS Region that is closer to the users.

Answer: C

Explanation:
Reference:
Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group does not breach the requirement of no changes in the network infrastructure. Reason is that cloudfront is a distribution that allows you to distribute content using a worldwide network of edge locations that provide low latency and high data transfer speeds. It plug in to existing setup, not changes to it.

 

NEW QUESTION 40
A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.
What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

• A. Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.
• B. Modify the existing EFS file system and activate Max I/O performance mode.
• C. Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.
• D. Modify the existing EFS file system and activate Provisioned Throughput mode.

Answer: C

Explanation:
Reference:
To support a wide variety of cloud storage workloads, Amazon EFS offers two performance modes, General Purpose mode and Max I/O mode. You choose a file system's performance mode when you create it, and it cannot be changed. If the PercentIOLimit percentage returned was at or near 100 percent for a significant amount of time during the test, your application should use the Max I/O performance mode. https://docs.aws.amazon.com/efs/latest/ug/performance.html

 

NEW QUESTION 41
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?

• A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
• B. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
• C. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
• D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Answer: C

 

NEW QUESTION 42
A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?

• A. Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.
• B. Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.
• C. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.
• D. Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.

Answer: C

 

NEW QUESTION 43
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted How can this be resolved?

• A. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
• B. Enable encryption on each host's local drive Restart each host to encrypt the drive
• C. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
• D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume

Answer: D

Explanation:
Reference:
https://docs.aws.amazon.com/efs/latest/ug/encryption.html
Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. You can enable encryption of data at rest when creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system.

 

NEW QUESTION 44
A SysOps administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account, but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.
How can the administrator identify who is creating the Elastic IP addresses?

• A. Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
• B. Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.
• C. Create a CloudWatch alarm on the ElPCreated metric and send an Amazon SNS notification when the alarm triggers.
• D. Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.

Answer: A

 

NEW QUESTION 45
......

Amazon SOA-C02 Exam Syllabus Topics:

Topic	Details
Topic 1	Configure Elastic Load Balancer and Amazon Route 53 health checks Configure Amazon EventBridge rules to trigger actions
Topic 2	Implement metrics, alarms, and filters by using AWS monitoring and logging services Differentiate between horizontal scaling and vertical scaling
Topic 3	Implement fault-tolerant workloads Differentiate between the use of a single Availability Zone and Multi-AZ deployments
Topic 4	Schedule automated tasks by using AWS services Configure domains, DNS services, and content delivery
Topic 5	Implement backup and restore strategies Create and maintain AWS Auto Scaling plans
Topic 6	Configure Amazon S3 Cross-Region Replication Select deployment scenarios and services
Topic 7	Implement data and infrastructure protection strategies Implement and manage security and compliance policies
Topic 8	Implement Amazon RDS replicas and Amazon Aurora Replicas Remediate issues based on monitoring and availability metrics
Topic 9	Implement networking features and connectivity Validate service control policies and permission boundaries
Topic 10	Automate snapshots and backups based on use cases Implement high availability and resilient environments
Topic 11	Provision resources across multiple AWS Regions and accounts Use AWS Systems Manager Automation documents to take action based on AWS Config rules

 

SOA-C02 Dumps PDF and Test Engine Exam Questions: https://www.braindumpsit.com/SOA-C02_real-exam.html

Get 2022 Updated Free Amazon SOA-C02 Exam Questions & Answer: https://drive.google.com/open?id=1TdG7U0oS6dl6mEM48EzGO8uoQ7mlN2mW