Go Back on SOA-C02 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

SOA-C02 Practice Test


Page 6 out of 30 Pages

A company is trying to connect two applications. One application runs in an on-premises
data center that has a hostname of hostl .onprem.private. The other application runs on an
Amazon EC2 instance that has a hostname of hostl.awscloud.private. An AWS Site-to-Site
VPN connection is in place between the on-premises network and AWS.
The application that runs in the data center tries to connect to the application that runs on
the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS
resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?


A.

Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.


B.

Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.


C.

Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2
instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries
to the outbound resolver endpoint.


D.

Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint





C.
  

Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2
instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries
to the outbound resolver endpoint.



A company's backend infrastructure contains an Amazon EC2 instance in a private subnet.
The private subnet has a route to the internet through a NAT gateway in a public subnet.
The instance must allow connectivity to a secure web server on the internet to retrieve data
at regular intervals.
The client software times out with an error message that indicates that the client software
could not establish the TCP connection.
What should a SysOps administrator do to resolve this error?


A.

Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0.0.0.0/0.


B.

Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0.0.0.0/0.


C.

Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0.0.0.0/0.


D.

Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS. Destination - 0.0.0.0/0.





D.
  

Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS. Destination - 0.0.0.0/0.



A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability. What is the MOST cost-effective way to resize the cluster?


A.

Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.


B.

Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original duster.


C.

Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and restore the backup in the new cluster. After the process is complete, shut down the original cluster.


D.

Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to large nodes.





B.
  

Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original duster.



A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts. Which solution will meet these requirements?



A.

Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.


B.

Purchase RIs in individual member accounts. Disable Rl discount sharing in the member accounts.


C.

Purchase RIs in the management account. Disable Rl discount sharing in the
management account.


D.

Purchase RIs in the management account. Disable Rl discount sharing in the member
accounts.





A.
  

Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.



Explanation: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-riconsolidated-
billing/
RI discounts apply to accounts in an organization's consolidated billing family depending
upon whether RI sharing is turned on or off for the accounts. By default, RI sharing for all
accounts in an organization is turned on. The management account of an organization can
change this setting by turning off RI sharing for an account. The capacity reservation for an
RI applies only to the account the RI was purchased on, no matter whether RI sharing is
turned on or off.

A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that some requests are
going directly to the S3 bucket by using the website hosting endpoint. A SysOps
administrator must secure the S3 bucket to allow requests only from CloudFront.
What should the SysOps administrator do to meet this requirement?


A.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the
distribution. Remove access to and from other principals in the S3 bucket policy. Update the S3 bucket policy to allow access only from the OAI.


B.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the
distribution. Update the S3 bucket policy to allow access only from the OAI. Create a new
origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use
the new origin. Remove the existing origin.


C.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the
distribution. Update the S3 bucket policy to allow access only from the OAI. Disable
website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update
the distribution behavior to use the new origin. Remove the existing origin.


D.

Update the S3 bucket policy to allow access only from the CloudFront distribution.
Remove access to and from other principals in the S3 bucket policy. Disable website
hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the
distribution behavior to use the new origin. Remove the existing origin.





A.
  

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the
distribution. Remove access to and from other principals in the S3 bucket policy. Update the S3 bucket policy to allow access only from the OAI.




Page 6 out of 30 Pages
Previous