SOA-C02 Practice Test

A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization.
The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether
they comply with this requirement.
Which combination of steps should the SysOps administrator take to collect this data?
{Select TWO).

A.

Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator

B.

Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket

C.

Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the s3-bucket-public-read-prohibited rule for the entire organization.

D.

Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.

E.

Use the AWS Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.

A company has a stateful web application that is hosted on Amazon EC2 instances in an
Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has
a single target group. The ALB is configured as the origin in an Amazon CloudFront
distribution. Users are reporting random logouts from the web application.
Which combination of actions should a SysOps administrator take to resolve this problem?
(Select TWO.)

A.

Change to the least outstanding requests algorithm on the ALB target group.

B.

Configure cookie forwarding in the CloudFront distribution cache behavior.

C.

Configure header forwarding in the CloudFront distribution cache behavior.

D.

Enable group-level stickiness on the ALB listener rule.

E.

Enable sticky sessions on the ALB target group.

A company is using Amazon Elastic File System (Amazon EFS) to share a file system
among several Amazon EC2 instances. As usage increases, users report that file retrieval
from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file
system?

A.

Configure the file system for Provisioned Throughput.

B.

Enable encryption in transit on the file system.

C.

Identify any unused files in the file system, and remove the unused files.

D.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB
table. The security team can use the values that are stored in DynamoDB to verify the
integrity of the delivered files.

B.

Create an AWS Lambda function that is invoked each time a new file is delivered to the
CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the
file and store the result as a tag in an Amazon S3 object. The security team can use the
information in the tag to verify the integrity of the delivered files.

C.

Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM
policy that grants the security team access to the file integrity logs that are stored in the S3
bucket.

D.

Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

A company uses an AWS CloudFormation template to provision an Amazon EC2 instance
and an Amazon RDS DB instance A SysOps administrator must update the template to
ensure that the DB instance is created before the EC2 instance is launched
What should the SysOps administrator do to meet this requirement?

A.

Add a wait condition to the template Update the EC2 instance user data script to send a
signal after the EC2 instance is started

B.

Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource

C.

Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource

D.

Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created