SOA-C02 Practice Exam Questions with Answers AWS Certified SysOps Administrator - Associate (SOA-C02) Certification

Change the Amazon EBS volume to Provisioned lOPs

Upgrade to a compute-optimized instance

Add additional t3. large instances to the application

Purchase Reserved Instances

Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.

Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.

Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

Create an A record for each server. Associate the records with the Route 53 HTTP health check.

Create an A record for each server. Associate the records with the Route 53 TCP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

Use the ModifycacheCluster API and specify a new cacheNodeType.

Use the createcacheciuster API and specify a new cacheNodeType.

Use the Modi fyCacheParameterGcoup API and specify a new CacheNodeType.

Use the Rebootcacheclustcr API and specify a new CacheNodeType.

Add an additional CIDR block to the VPC.

Launch the EC2 instances in a different Availability Zone.

Launch new EC2 instances in another VPC.

Use Service Quotas to request an EC2 quota increase.

Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.

Create a scaling policy that will scale the application based on the mem used Amazon CloudWatch metric that is generated from the ELB.

Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections.

Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metric. Create a scaling policy that uses the metric.

Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached.

Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the ALB to the Auto Scaling group.

Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the ALB to the Auto Scaling group.

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.

Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).

Configure an IAM policy that denies the s3:DeleteObject action for all users. Three months after an object is written, remove the policy.

Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.

Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Create automated snapshots of the database on a schedule. Copy the snapshots to the DR Region.

Create a cross-Region read replica for the database.

Create a Multi-AZ read replica for the database.

Schedule AWS Lambda functions to create snapshots of the source database and to copy the snapshots to a DR Region.

Set up each EC2 Instance so that it writes its healthy/unhealthy status into a shared Amazon S3 bucket for the ALB to read

Configure the health check on the ALB and ensure that the HeathCheckPath setting s correct

Set up Amazon ElasticCache to track the EC2 instances as they scale in and out

Configure an Amazon API Gateway health check to ensure custom checks on aw of the EC2 instances

On the default ACL. create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.

On the default ACL, create outbound Allow rules of type MySQL/Aurora (3306). Specify the destinations as the database subnets.

On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.

On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet.

On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.

Amazon Simple Queue Service (Amazon SQS) queue

Application Load Balancer

AWS Global Accelerator

Network Load Balancer

Objects in the source S3 bucket for which the bucket owner does not have permissions

Objects that are stored in S3 Glacier

Objects that existed before replication was configured

Object metadata

Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.

Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.

Create an AWS Cloud Formation template that defines the VPC. Sign in to the AWS Management Console under each account. Create a stack from the template.

Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text file. Create the VPC in every account in the list.

Create an AWS Lambda function that configures the VPC. Store the account information in Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC in every account in the list.

Create an AWS Cloud Formation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set.

Deploy an AWS CloudFormation stack set to the accounts in the organization. Use a template that creates the required Amazon CloudWatch alarms and references an Amazon Simple Notification Service (Amazon SNS) topic in the logging account with publish permissions for all the accounts.

Deploy an AWS CloudFormation stack in each account. Use the stack to deploy the required Amazon CloudWalch alarms and the required Amazon Simple Notification Service (Amazon SNS) topic.

Deploy an AWS Lambda function on a cron job in each account. Configure the Lambda function to read resources that are in the account and to invoke an Amazon Simple Notification Service (Amazon SNS) topic if any metrics cross the defined threshold.

Deploy an AWS CloudFormation change set to the organization. Use a template to create the required Amazon CloudWatch alarms and to send alerts to a verified Amazon Simple Email Service (Amazon SES) identity.

Add an export field to the outputs of the first template and import the values in the second template.

Create a custom resource that queries the stack created by the first template and retrieves the required values.

Create a mapping in the first template that is referenced by the second template.

Input the names of resources in the first template and refer to those names in the second template as a parameter.

Create a CloudFront invalidation, and add the path of the updated files.

Create a CloudFront signed URL to update each object immediately.

Configure an S3 origin access identity (OAI) to display only the updated files to users.

Disable S3 Versioning on the S3 bucket so that the updated files can replace the old files.

Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.

Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.

Create an AWS Config rule that is invoked when CloudTrail configuration changes. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.

Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.

The private IP address of the customer gateway device

The MAC address of the NAT device in front of the customer gateway device

The public IP address of the customer gateway device

The public IP address of the NAT device in front of the customer gateway device

Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.

Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.

Enable termination protection on the AWS Cloud Formation stack.

Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.

Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.

Create a CloudWatch alarm on the ElPCreated metric and send an Amazon SNS notification when the alarm triggers.

Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.

Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.

Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout.

Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.

Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event

The kubeconfig file

The kube-proxy Amazon EKS add-on

The Fargate profile

The eks-connector.yaml file

Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas based on CPU utilization. Ensure that all reporting requests use the read-only connection string.

Create a second Aurora MySQL single-node DB cluster in a second Availability Zone. Ensure that all reporting requests use the connection string for this additional node.

Create an AWS Lambda function that caches reporting requests. Ensure that all reporting requests call the Lambda function.

Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests use the ElastiCache cluster. Use the database if the data is not in the cache.

Store the credentials in AWS Systems Manager Parameter Store as a secure string. Configure automatic rotation with a rotation interval of 30 days.

Store the credentials in AWS Secrets Manager. Configure automatic rotation with a rotation interval of 30 days.

Store the credentials in a file in an Amazon S3 bucket. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Store the credentials in AWS Secrets Manager. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify the application to check the cache before the application issues new queries to the database. Add the results of any queries to the cache.

Deploy an Aurora Replica for the DB cluster. Modify the application to use the reader endpoint for search operations. Use Aurora Auto Scaling to scale the number of replicas based on load. Most Voted

Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.

Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application. Use Aurora Auto Scaling to scale the instance size based on load.

Assume the OrganizationAccountAcccssKolc IAM role from the management account. Deploy the template in each of the accounts

Create an AWS Lambda function to assume a role in each account Deploy the template by using the AWS CloudFormation CreateStack API call

Create an AWS Lambda function to query fc a list of accounts Deploy the template by using the AWS Cloudformation CreateStack API call.

Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts

Convert the Python script to an AWS Lambda (unction. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night.

Convert the Python script to an AWS Lambda function. Use AWS CloudTrail to invoke the function every night.

Deploy the Python script to an Amazon EC2 Instance. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the instance to start and stop every night.

Deploy the Python script to an Amazon EC2 instance. Use AWS Systems Manager to schedule the instance to start and stop every night.

Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.

Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.

Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

Set up an Amazon S3 File Gateway.

Set up an AWS Direct Connect connection.

Use AWS DataSync to automate data transfers between the existing file servers and AWS.

Set up an Amazon FSx File Gateway.

Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.

Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket

Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the s3-bucket-public-read-prohibited rule for the entire organization.

Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.

Use the AWS Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.

Create S3 access points in Regions that are closer to the users.

Create an accelerator in AWS Global Accelerator for the S3 bucket.

Enable S3 Transfer Acceleration on the S3 bucket.

Enable cross-origin resource sharing (CORS) on the S3 bucket.

Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring. Enable an action to restart the instance.

Create a CloudWatch alarm for the EC2 instance with detailed monitoring. Enable an action to restart the instance.

Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes.

Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks.

Create multiple AWS Direct Connect connections between AWS and branch offices in Europe and Australia tor He uploads into the destination S3 bucket

Create multiple AWS Site-to-Site VPN connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket.

Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket.

Use AWS Global Accelerator for file uploads into the destination S3 bucket from the branch offices in Europe and Australia.

Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia.

Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days

Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days

Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days

Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days

Associate the Route 53 private hosted zone with the VPC.

Create a rule in the default security group for the VPC that allows traffic to the Route 53 Resolver.

Ensure the VPC network ACLs allow traffic to the Route 53 Resolver.

Ensure there is a route to the Route 53 Resolver in each of the VPC route tables.

All at once

Immutable

Rebuild

Rolling

Rolling with additional batch

Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.

Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected.

Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected.

Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.

Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.

Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena. Configure an alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the email distribution list to the topic.

Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the email distribution list to the topic.

Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% of the budgeted amount. Configure the budget to send a notification to the email distribution list when costs reach 75% of the threshold.

Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function to analyze data transfer. Configure the Lambda function to send a notification to the email distribution list when costs reach 75% of the threshold.

Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.

Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.

Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.

Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server's IP address to Kibana.

Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.

Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.

Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.

Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.

Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.

Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.

Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Use a cluster of four data nodes across two AWS Regions. Deploy four dedicated master nodes in each Region.

Use a cluster of six data nodes across three Availability Zones. Use three dedicated master nodes.

Use a cluster of six data nodes across three Availability Zones. Use six dedicated master nodes.

Use a cluster of eight data nodes across two Availability Zones. Deploy four master nodes in a failover AWS Region.

Configure the Auto Scaling group to scale based on events.

Configure the Auto Scaling group to scale based on a schedule.

Configure the Auto Scaling group to scale dynamically based on demand.

Configure the Auto Scaling group to use predictive scaling.

Create a permission set and a custom permissions policy in AWS IAM Identity Center (AWS Single Sign-On) for each user to prevent each user from creating resources in unapproved Regions.

Deploy AWS Config rules in each AWS account to govern the account's security compliance and to delete any resources that are created in unapproved Regions.

Deploy AWS Lambda functions to configure security settings across all accounts in the organization and to delete any resources that are created in unapproved Regions.

Implement a service control policy (SCP) to deny any access to AWS based on the requested Region.

Modify the AWS Control Tower landing zone settings to govern the approved Regions.

Provision an Amazon ElasliCache for Redis cluster for the new S3 bucket. Provide the developers with the configuration endpoint of the cluster for use in their API calls.

Add the new S3 bucket to a new Amazon CloudFront distribution. Provide the developers with the domain name of the new distribution for use in their API calls.

Enable S3 Transfer Acceleration for the new S3 bucket. Verify that the developers are using the DOC-EXAMPLE-BUCKET.s3-accelerate.amazonaws.com endpoint name in their API calls.

Use S3 multipart upload for the new S3 bucket. Verify that the developers are using Region-specific S3 endpoint names such as D0C-EXAMPLE-BUCKET.s3. [RegionJ.amazonaws.com in their API calls.

Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket.

Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80.

Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.

Update the S3 bucket policy to allow s3 PurObject access from the private subnet CIDR block.

Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.

Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.

Configure S3 Object Lock in governance mode. Upload all files after 24 hours.

Configure S3 Object Lock in governance mode. Upload all files within 24 hours.

Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Embed the IAM user's credentials in the application's configuration

Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Export the IAM user's access key and secret access key as environment variables on the EC2 instance

Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows sqs." permissions to the appropriate queues

Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues

Extend the file system with operating system-level tools to use the new storage capacity.

Reattach the EBS volume to the EC2 instance.

Reboot the EC2 instance that is attached to the EBS volume.

Take a snapshot of the EBS volume. Replace the original volume with a volume that is created from the snapshot.

Attach an IAM policy to the users or groups that require access to the EC2 instances.

Attach an IAM role to control access to the EC2 instances.

Create a placement group for the EC2 instances and add a specific tag.

Create a service account and attach it to the EC2 instances that need to be controlled.

Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.