Dumps4free
Home / Amazon Web Services / AWS Certified Associate / SOA-C02 - AWS Certified SysOps Administrator - Associate (SOA-C02)

Latest SOA-C02 Exam Questions


Question # 1



A company has a mobile app that uses Amazon S3 to store images The images are
popular for a week, and then the number of access requests decreases over time The
images must be highly available and must be immediately accessible upon request A
SysOps administrator must reduce S3 storage costs for the company Which solution will
meet these requirements MOST cost-effectively?

A.

Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days

B.

Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent
Access (S3 One Zone-IA) after 7 days

C.

Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days

D.

Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days




D.   

Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days






Question # 2



A SysOps administrator noticed that a large number of Elastic IP addresses are being
created on the company's AWS account, but they are not being associated with Amazon
EC2 instances, and are incurring Elastic IP address charges in the monthly bill.
How can the administrator identify who is creating the Elastic IP addresses?

A.

Attach a cost-allocation tag to each requested Elastic IP address with the IAM user
name of the developer who creates it.

B.

Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.

C.

Create a CloudWatch alarm on the ElPCreated metric and send an Amazon SNS notification when the alarm triggers.

D.

Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.




B.   

Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.






Question # 3



An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes. How can this be accomplished?

A.

Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic
monitoring. Enable an action to restart the instance.

B.

Create a CloudWatch alarm for the EC2 instance with detailed monitoring. Enable an
action to restart the instance.

C.

Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled
basis every 2 minutes.

D.

Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks




B.   

Create a CloudWatch alarm for the EC2 instance with detailed monitoring. Enable an
action to restart the instance.






Question # 4



A SysOps administrator is notified that an Amazon EC2 instance has stopped responding
The AWS Management Console indicates that the system status checks are failing What
should the administrator do first to resolve this issue?

A.

Reboot the EC2 instance so it can be launched on a new host

B.

Stop and then start the EC2 instance so that it can be launched on a new host

C.

Terminate the EC2 instance and relaunch it

D.

View the AWS CloudTrail log to investigate what changed on the EC2 instance




B.   

Stop and then start the EC2 instance so that it can be launched on a new host



Explanation: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-windowssystem-
status-check-fail/




Question # 5



A company has a VPC with public and private subnets. An Amazon EC2 based application
resides in the private subnets and needs to process raw .csv files stored in an Amazon S3
bucket. A SysOps administrator has set up the correct IAM role with the required
permissions for the application to access the S3 bucket, but the application is unable to
communicate with the S3 bucket.
Which action will solve this problem while adhering to least privilege access?

A.

Add a bucket policy to the S3 bucket permitting access from the IAM role.

B.

Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.

C.

Configure the route table to allow the instances on the private subnet access through the internet gateway.

D.

Create a NAT gateway in a private subnet and configure the route table for the private subnets.




B.   

Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.



Explanation: Technology to use is a VPC endpoint - "A VPC endpoint enables private connections between your VPC and supported AWS services and VPC endpoint services
powered by AWS PrivateLink. AWS PrivateLink is a technology that enables you to
privately access services by using private IP addresses. Traffic between your VPC and the
other service does not leave the Amazon network." S3 is an example of a gateway
endpoint. We want to see services in AWS while not leaving the VPC.




Question # 6



A company migrated an I/O intensive application to an Amazon EC2 general purpose
instance. The EC2 instance has a single General Purpose SSD Amazon Elastic Block
Store (Amazon EBS) volume attached.
Application users report that certain actions that require intensive reading and writing to the
disk are taking much longer than normal or are failing completely. After reviewing the
performance metrics of the EBS volume, a SysOps administrator notices that the
VolumeQueueLength metric is consistently high during the same times in which the users
are reporting issues. The SysOps administrator needs to resolve this problem to restore full
performance to the application.
Which action will meet these requirements?

A.

Modify the instance type to be storage optimized.

B.

Modify the volume properties by deselecting Auto-Enable Volume 10.

C.

Modify the volume properties to increase the IOPS.

D.

Modify the instance to enable enhanced networking.




C.   

Modify the volume properties to increase the IOPS.






Question # 7



A company has deployed AWS Security Hub and AWS Config in a newly implemented
organization in AWS Organizations. A SysOps administrator must implement a solution to
restrict all member accounts in the organization from deploying Amazon EC2 resources in
the ap-southeast-2 Region. The solution must be implemented from a single point and
must govern an current and future accounts. The use of root credentials also must be
restricted in member accounts.
Which AWS feature should the SysOps administrator use to meet these requirements?

A.

AWS Config aggregator

B.

IAM user permissions boundaries

C.

AWS Organizations service control policies (SCPs)

D.

AWS Security Hub conformance packs




C.   

AWS Organizations service control policies (SCPs)






Question # 8



A company hosts an internal application on Amazon EC2 instances. All application data
and requests route through an AWS Site-to-Site VPN connection between the on-premises
network and AWS. The company must monitor the application for changes that allow
network access outside of the corporate network. Any change that exposes the application
externally must be restricted automatically.
Which solution meets these requirements in the MOST operationally efficient manner?

A.

Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR ranges. Turn
on VPC Flow Logs, and send the logs to Amazon CloudWatch Logs. Create an Amazon
CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a
message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda
function as a target.

B.

Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that
targets an AWS Systems Manager Automation document to check for public IP addresses
on the EC2 instances. If public IP addresses are found on the EC2 instances, initiate
another Systems Manager Automation document to terminate the instances.

C.

Configure AWS Config and a custom rule to monitor whether a security group allows
inbound requests from noncorporate CIDR ranges. Create an AWS Systems Manager
Automation document to remove any noncorporate CIDR ranges from the application
security groups.

D.

Configure AWS Config and the managed rule for monitoring public IP associations with
the EC2 instances by tag. Tag the EC2 instances with an identifier. Create an AWS
Systems Manager Automation document to remove the public IP association from the EC2
instances.




C.   

Configure AWS Config and a custom rule to monitor whether a security group allows
inbound requests from noncorporate CIDR ranges. Create an AWS Systems Manager
Automation document to remove any noncorporate CIDR ranges from the application
security groups.



Explanation: https://aws.amazon.com/blogs/security/how-to-auto-remediate-internetaccessible-
ports-with-aws-config-and-aws-system-manager/




Question # 9



The security team is concerned because the number of AWS Identity and Access
Management (IAM) policies being used in the environment is increasing. The team tasked
a SysOps administrator to report on the current number of IAM policies in use and the total
available IAM policies.
Which AWS service should the administrator use to check how current IAM policy usage
compares to current service limits?

A.

AWS Trusted Advisor

B.

Amazon Inspector

C.

AWS Config

D.

AWS Organizations




A.   

AWS Trusted Advisor






Question # 10



An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General
Purpose SSD volumes, an Amazon RDS PostgreSQL database, an
Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security
team now mandates that at-rest encryption be turned on immediately for all aspects of the
application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps administrator
enable at-rest encryption on?

A.

EBS General Purpose SSD volumes

B.

RDS PostgreSQL database

C.

Amazon EFS file systems

D.

S3 objects within a bucket




D.   

S3 objects within a bucket



https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html



Get 425 AWS Certified SysOps Administrator - Associate (SOA-C02) questions Access in less then $0.12 per day.

Total Questions Answers: 425
Last Updated: 25-Oct-2024
Available with 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $64

Test Engine: $20 $80

PDF + Engine: $25 $99


Amazon Web Services SOA-C02 Dumps - Real Exam Questions


Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)

  • 90 Days Free Updates
  • Amazon Web Services Experts Verified Answers
  • Printable PDF File Format
  • SOA-C02 Exam Passing Assurance

Get 100% Real SOA-C02 Exam Dumps With Verified Answers As Seen in the Real Exam. AWS Certified SysOps Administrator - Associate (SOA-C02) Exam Questions are Updated Frequently and Reviewed by Industry TOP Experts for Passing AWS Certified Associate Exam Quickly and Hassle Free.

Amazon Web Services SOA-C02 Dumps


Struggling with AWS Certified SysOps Administrator - Associate (SOA-C02) prep? Get the edge you need!

Our carefully created SOA-C02 dumps give you the confidence to pass the exam. We offer:

  • Up-to-date AWS Certified Associate practice questions: Stay current with the latest exam content.
  • PDF and test engine formats: Choose the study tools that work best for you.
  • Realistic Amazon Web Services SOA-C02 practice exam: Simulate the real exam experience and boost your readiness.
Pass your AWS Certified Associate exam with ease. Try our study materials today!

SOA-C02 Practice Test Details

375 Single Choice Questions
47 Multiple Choice Questions
3 Simulations Questions

Ace your AWS Certified Associate exam with confidence!

We provide top-quality SOA-C02 exam dumps materials that are:
  • Accurate and up-to-date: Reflect the latest Amazon Web Services exam changes and ensure you are studying the right content. 
  • Comprehensive: Cover all exam topics so you do not need to rely on multiple sources. 
  • Convenient formats: Choose between PDF files and online AWS Certified SysOps Administrator - Associate (SOA-C02) practice test for easy studying on any device.
Do not waste time on unreliable SOA-C02 practice test. Choose our proven AWS Certified Associate study materials and pass with flying colors.

Try Dumps4free AWS Certified SysOps Administrator - Associate (SOA-C02) 2024 PDFs today!

  • Assurance

    AWS Certified SysOps Administrator - Associate (SOA-C02) practice exam has been updated to reflect the most recent questions from the Amazon Web Services SOA-C02 Exam.

  • Demo

    Try before you buy! Get a free demo of our AWS Certified Associate exam dumps and see the quality for yourself. Need help? Chat with our support team.

  • Validity

    Our Amazon Web Services SOA-C02 PDF contains expert-verified questions and answers, ensuring you're studying the most accurate and relevant material.

  • Success

    Achieve SOA-C02 success! Our AWS Certified SysOps Administrator - Associate (SOA-C02) exam questions give you the preparation edge.

If you have any question then contact our customer support at live chat or email us at support@dumps4free.com.