SOA-C02 Practice Test

While setting up an AWS managed VPN connection, a SysOps administrator creates a
customer gateway resource in AWS The customer gateway device resides in a data center
with a NAT gateway in front of it
What address should be used to create the customer gateway resource?

A.

The private IP address of the customer gateway device

B.

The MAC address of the NAT device in front of the customer gateway device

C.

The public IP address of the customer gateway device

D.

The public IP address of the NAT device in front of the customer gateway device

A company's IT department noticed an increase in the spend of their developer AWS account. There are over 50 developers using the account, and the finance team wants to
determine the service costs incurred by each developer.
What should a SysOps administrator do to collect this information? (Select TWO.)

A.

Activate the createdBy tag in the account.

B.

Analyze the usage with Amazon CloudWatch dashboards.

C.

Analyze the usage with Cost Explorer.

D.

Configure AWS Trusted Advisor to track resource usage.

E.

Create a billing alarm in AWS Budgets.

A company monitors its account activity using AWS CloudTrail. and is concerned that some
log files are being tampered with after the logs have been delivered to the account's
Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been
modified after being delivered to the S3 bucket?

A.

Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

A SysOps administrator is setting up an automated process to recover an Amazon EC2
instance In the event of an underlying hardware failure. The recovered instance must have
the same private IP address and the same Elastic IP address that the original instance had.
The SysOps team must receive an email notification when the recovery process is initiated.
Which solution will meet these requirements?

A.

Create an Amazon CloudWatch alarm for the EC2 instance, and specify the
SiatusCheckFailedjnstance metric. Add an EC2 action to the alarm to recover the instance.
Add an alarm notification to publish a message to an Amazon Simple Notification Service
(Amazon SNS> topic. Subscribe the SysOps team email address to the SNS topic.

B.

Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the
StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance.
Add an alarm notification to publish a message to an Amazon Simple Notification Service
(Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.

C.

Create an Auto Scaling group across three different subnets in the same Availability
Zone with a minimum, maximum, and desired size of 1. Configure the Auto Seating group
to use a launch template that specifies the private IP address and the Elastic IP address.
Add an activity notification for the Auto Scaling group to send an email message to the

D.

Create an Auto Scaling group across three Availability Zones with a minimum,
maximum, and desired size of 1. Configure the Auto Scaling group to use a launch
template that specifies the private IP address and the Elastic IP address. Add an activity
notification for the Auto Scaling group to publish a message to an Amazon Simple
Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the
SNS topic.

A company website contains a web tier and a database tier on AWS. The web tier consists
of Amazon EC2 instances that run in an Auto Scaling group across two Availability Zones.
The database tier runs on an Amazon ROS for MySQL Multi-AZ DB instance. The
database subnet network ACLs are restricted to only the web subnets that need access to
the database. The web subnets use the default network ACL with the default rules.
The company's operations team has added a third subnet to the Auto Scaling group
configuration. After an Auto Scaling event occurs, some users report that they intermittently
receive an error message. The error message states that the server cannot connect to the
database. The operations team has confirmed that the route tables are correct and that the
required ports are open on all security groups.
Which combination of actions should a SysOps administrator take so that the web servers
can communicate with the DB instance? (Select TWO.)

A.

On the default ACL. create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.

B.

On the default ACL, create outbound Allow rules of type MySQL/Aurora (3306). Specify
the destinations as the database subnets.

C.

On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.

D.

On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet.

E.

On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.