Make success possible with our Latest and Unique AWS Sysops Administrator SOA-C02 Practice Exam!
Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Exam Code: SOA-C02
Certification: AWS Sysops Administrator
Vendor: Amazon
Total Questions: 556
Last Updated: September 08, 2025
444 Satisfied Customers
Success is simply the result of the efforts you put into the preparation. We at Dumpsgroup wish to make that preparation a lot easier. The AWS Certified SysOps Administrator - Associate (SOA-C02) SOA-C02 Practice Exam we offer is solely for best results. Our IT experts put in their blood and sweat into carefully selecting and compiling these unique Practice Questions. So, you can achieve your dreams of becoming a AWS Sysops Administrator professional. Now is the time to press that big buy button and take the first step to a better and brighter future.
Passing the Amazon SOA-C02 exam is simpler if you have globally valid resources and Dumpsgroup provides you just that. Millions of customers come to us daily, leaving the platform happy and satisfied. Because we aim to provide you with AWS Sysops Administrator Practice Questions aligned with the latest patterns of the AWS Certified SysOps Administrator - Associate (SOA-C02) Exam. And not just that, our reliable customer services are 24 hours at your beck and call to support you in every way necessary. Order now to see the SOA-C02 Exam results you always desired.
You must have heard about candidates failing in a large quantity and perhaps tried yourself and fail to pass AWS Certified SysOps Administrator - Associate (SOA-C02). It is best to try Dumpsgroup’s SOA-C02 Practice Questions this time around. Dumpsgroup not only provides an authentic, valid, and accurate resource for your preparation. They simplified the training by dividing it into two different formats for ease and comfort. Now you can get the Amazon SOA-C02 in both PDF and Online Test Engine formats. Choose whichever or both to start your AWS Sysops Administrator certification exam preparation.
Furthermore, Dumpsgroup gives a hefty percentage off on these Spoto SOA-C02 Practice Exam by applying a simple discount code; when the actual price is already so cheap. The updates for the first three months, from the date of your purchase, are FREE. Our esteemed customers cannot stop singing praises of our Amazon SOA-C02 Practice Questions. That is because we offer only the questions with the highest possibility of appearing in the actual exam. Download the free demo and see for yourself.
We know you have been struggling to compete with your colleagues in your workplace. That is why we provide the SOA-C02 Practice Questions to let you gain the upper hand that you always wanted. These questions and answers are a thorough guide in a simple and exam-like format! That makes understanding and excelling in your field way lot easier. Our aim is not just to help to pass the AWS Sysops Administrator Exam but to make a Amazon professional out of you. For that purpose, our SOA-C02 Practice Exams are the best choice.
There are many resources available online for the preparation of the AWS Certified SysOps Administrator - Associate (SOA-C02) Exam. But that does mean that all of them are reliable. When your future as a AWS Sysops Administrator certified is at risk, you have got to think twice while choosing Amazon SOA-C02 Practice Questions. Dumpsgroup is not only a verified source of training material but has been in this business for years. In those years, we researched on SOA-C02 Practice Exam and came up with the best solution. So, you can trust that we know what we are doing. Moreover, we have joined hands with Amazon experts and professionals who are exceptional in their skills. And these experts approved our SOA-C02 Practice Questions for AWS Certified SysOps Administrator - Associate (SOA-C02) preparation.
Users of a company's internal web application recently experienced applicationperformance issues for a brief period The application includes frontend web servers thatrun in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application alsoincludes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.A SysOps administrator determines that the source of the performance issues was highutilization of the DB cluster. The single writer instance experienced more than 90%utilization for 11 minutes The cause of the high utilization was an automated report that isscheduled to run one time each weekWhat should the SysOps administrator do to ensure that users do not experienceperformance Issues each week when the report runs?
A. Increase the size of the DB instance. Monitor the performance during the nextscheduled run of the report
B. Add a reader instance. Change the database connection string of the report applicationto use the newly created reader instance.
C. Add another writer instance Change the database connection string of the reportapplication to use the newly created writer instance.
D. Configure auto scaling for the DB cluster Set the minimum capacity units, maximumcapacity units, and target utilization
ANSWER : A
A company has developed a service that is deployed on a fleet of Linux-based AmazonEC2 instances that are in an Auto Scaling group. The service occasionally failsunexpectedly because of an error in the application code. The company's engineering teamdetermines that resolving the underlying cause of the service failure could take severalweeks.A SysOps administrator needs to create a solution to automate recovery if the servicecrashes on any of the EC2 instances.Which solutions will meet this requirement? (Select TWO.)
A. Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatchagent to monitor the service. Set the CloudWatch action to restart if the service healthcheck fails.
B. Tag the EC2 instances. Create an AWS Lambda function that uses AWS SystemsManager Session Manager to log in to the tagged EC2 instances and restart the service.Schedule the Lambda function to run every 5 minutes.
C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create anassociation that uses the AWS-RunSheIIScript document. Configure the associationcommand with a script that checks if the service is running and that starts the service if theservice is not running. For targets, specify the EC2 instance tag. Schedule the associationto run every 5 minutes.
D. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto include a script that runs on a cron schedule every 5 minutes.
E. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto ensure that the service runs during startup. Redeploy all the EC2 instances in the AutoScaling group with the updated launch template.
ANSWER : A,C
A company's SysOps administrator maintains a highly available environment. Theenvironment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database.The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.Recently, the company conducted a failover test. The SysOps administrator needs todecrease the failover time of the RDS database by at least 10%.Which solution will meet this requirement?
A. Increase the RDS instance size.
B. Modify the RDS cluster to run in a single Availability Zone.
C. Create a read replica in another AWS Region. Promote the read replica in case offailure.
D. Create an RDS proxy. Point the application to the proxy endpoint.
ANSWER : A
ASysOps administrator configures an application to run on Amazon EC2 instances behindan Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the defaultsettings. The Auto Scaling group is configured to use the RequestCountPerTarget metricfor scaling. The SysOps administrator notices that the RequestCountPerTarget metricexceeded the specified limit twice in 180 seconds.How will the number of EC2 instances in this Auto Scaling group be affected in thisscenario?
A. The Auto Scaling group will launch an additional EC2 instance every time theRequestCountPerTarget metric exceeds the predefined limit.
B. The Auto Scaling group will launch one EC2 instance and will wait for the defaultcooldown period before launching another instance.
C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not addnew EC2 instances until the load is normalized.
D. The Auto Scaling group will try to distribute the traffic among all EC2 instances beforelaunching another instance.
ANSWER : B
A company runs a web application on three Amazon EC2 instances behind an ApplicationLoad Balancer (ALB). Web traffic increases significantly during the same 9-hour periodevery day and causes a decrease in the application's performance. A SysOps administratormust scale the application ahead of the changes in demand to accommodate the increasedtraffic.Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm to monitor application latency. Configure an alarmaction to increase the size of each EC2 instance if the latency threshold is reached.
B. Create an Amazon EventBridge rule to monitor application latency. Configure the rule toadd an EC2 instance to the ALB if the latency threshold is reached
C. Deploy the application to an EC2 Auto Scaling group that uses a target tracking scalingpolicy. Attach the ALB to the Auto Scaling group.
D. Deploy the application to an EC2 Auto Scaling group that uses a scheduled scalingpolicy. Attach the ALB to the Auto Scaling group.
ANSWER : D
A Sysops administrator wants to share a copy of a production database with a migrationaccount. The production database is hosted on an Amazon RDS DB instance and isencrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias ofWhat must the Sysops administrator do to meet these requirements with the LEAST administrative overhead?
A. Take a snapshot of the RDS DB instance in the production account. Amend the KMSkey policy of the production-rds-key KMS key to give access to the migration account's rootuser. Share the snapshot with the migration account.
B. Create an RDS read replica in the migration account. Configure the KMS key policy toreplicate the production-rds-key KMS key to the migration account.
C. Take a snapshot of the RDS DB instance in the production account. Share the snapshotwith the migration account. In the migration account, create a new KMS key that has anidentical alias.
D. Use native database toolsets to export the RDS DB instance to Amazon S3. Create anS3 bucket and an S3 bucket policy for cross-account access between the productionaccount and the migration account. Use native database toolsets to import the databasefrom Amazon S3 to a new RDS DB instance.
ANSWER : A
A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances.These EC2 instances upload build artifacts to a third-party service. The third-party servicerecently implemented a strict IP allow list that requires all build uploads to come from asingle IP address.What change should the systems administrator make to the existing build fleet to complywith this new requirement?
A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IPaddress to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IPaddress to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the AvailabilityZone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to theservice.
ANSWER : A
A SysOps administrator is responsible for more than 50 Amazon EC2 instances mat aredeployed in a single production AWS account The EC2 instances are running severaldifferent operating systems The company's standards require patching to be completed atleast once a month.The SysOps administrator wants to use AWS Systems Manager to reduce the number ofhours the company spends on operating system patching each month.Which combination of steps should the SysOps administrator take to meet theserequirements? (Select THREE.)
A. Group similar EC2 instances together into resource groups by using AWS ResourceGroups
B. Create a schedule in Systems Manager Patch Manager. Specify the appropriateresource group as the target
C. Specify Systems Manager Automation runbooks to patch the operating systems.Register the runbooks as tasks in the maintenance window. Specify the appropriateresource group as the target
D. Create a Systems Manager Automation runbook to monitor and control the state of thepatches required. Apply the runbook to Systems Manager Patch Manager
E. Create a single Systems Manager maintenance window for each resource group
F. Configure Systems Manager Fleet Manager to apply a Systems Manager Automationrunbook to the appropriate resource group.
ANSWER : A,B,E
A company is using an Amazon CloudWatch alarm lo monitor the FreeLocalStorage metricfor an Amazon Aurora PostgreSQL production database The alarm goes into ALARM stateand indicates that the database is running low on temporary storage. A SysOpsadministrator discovers that a weekly report is using most of the temporary storage that iscurrently allocated.What should the SysOps administrator do to solve this problem?
A. Turn on Aurora PostgreSQL query plan management.
B. Modify the configuration of the DB cluster to turn on storage auto scaling.
C. Add an Aurora read replica to the DB cluster. Modify the report lo use the new read replica.
D. Modify the DB instance class for each DB instance In the DB cluster to increase the instance size.
ANSWER : B
A company has a policy that requires all Amazon EC2 instances to have a specific set oftags. If an EC2 instance does not have the required tags, the noncompliant instance shouldbe terminated.What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2instance state changes to an AWS Lambda function to determine if each instance iscompliant. Terminate any noncompliant instances.
B. Create an IAM policy that enforces all EC2 instance tag requirements. If the requiredtags are not in place for an instance, the policy will terminate noncompliant instance.
C. Create an AWS Lambda function to determine if each EC2 instance is compliant andterminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5minutes.
D. Create an AWS Config rule to check if the required tags are present. If an EC2 instanceis noncompliant, invoke an AWS Systems Manager Automation document to terminate theinstance.
ANSWER : D
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS accountThe SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys anAmazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a privatesubnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect tothe database?
A. Enter the DB instance connection string into the VPC1 route table.
B. Configure VPC peering between the two VPCs.
C. Add the same IPv4 CIDR range for both VPCs.
D. Connect to the DB instance by using the DB instance’s public IP address.
ANSWER : B
A SysOps administrator manages a company's Amazon S3 buckets. The SysOpsadministrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in thecompany's AWS account. The SysOps administrator needs to reduce the number ofincomplete multipart upload objects in the S3 bucket.Which solution will meet this requirement?
A. Create an S3 Lifecycle rule on the S3 bucket to delete expired markers or incompletemultipart uploads
B. Require users that perform uploads of files into Amazon S3 to use the S3 TransferUtility.
C. Enable S3 Versioning on the S3 bucket that contains the incomplete multipart uploads.
D. Create an S3 Object Lambda Access Point to delete incomplete multipart uploads.
ANSWER : A
A company has a compliance requirement that no security groups can allow SSH ports tobe open to all IP addresses. A SysOps administrator must implement a solution that willnotify the company's SysOps team when a security group rule violates this requirement.The solution also must remediate the security group rule automatically.Which solution will meet these requirements?
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes anAWS Lambda function when a security group changes. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on allports, and notify the SysOps team if the security group is noncompliant.
B. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm to notify the SysOps team through an Amazon Simple NotificationService (Amazon SNS) topic when (he metric is greater than 0. Subscribe an AWS Lambdafunction to the SNS topic to remediate the security group rule by removing the rule.
C. Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to theAWS Config rule by using the AWS Systems Manager Automation AWSDisablePublicAccessForSecurityGrouprunbook. Create an Amazon EventBridge (AmazonCloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.
D. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manageraction to the CloudWatch alarm to suspend the security group by using the SystemsManager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarmis in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as asecond target to notify the SysOps team.
ANSWER : C
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances onAWS. A SysOps administrator needs to keep the instances and all of the instances’ data,even if someone deletes the stack.Which solution will meet these requirements?
A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in theCloudFormation template.
B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
C. Create a backup plan in AWS Backup.
D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in theCloudFormation template.
ANSWER : D
A company wants to monitor the security groups of its Amazon EC2 instances to ensurethat SSH is not open to the public. If the port is opened, the company needs to close theport as soon as possible.Which combination of actions should a SysOps administrator take to meet theserequirements? (Select TWO.)
A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B. Add an AWS Config rule to detect the security groups that allow SSH.
C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH
D. Call an AWS Systems Manager Automation runbook to close the port.
E. Call AWS Systems Manager Run Command to close the port.
ANSWER : B,D
A company is using AWS Certificate Manager (ACM) to manage public SSL/TLScertificates. A SysOps administrator needs to send an email notification when a certificatehas less than 14 days until expiration.Which solution will meet this requirement with the LEAST operational overhead?
A. Create an Amazon CloudWatch custom metric to monitor certificate expiration for allACM certificates. Create an Amazon EventBridge rule that has an event source of a ws.cloud watch Configure the rule to send an event to a target Amazon Simple NotificationService (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe theappropriate email addresses to the SNS topic.
B. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry melric for all ACM certificates.Configure the rule to send an event to a target Amazon Simple Notification Service(Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate emailaddresses to the SNS topic.
C. Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for allACM certificates. If DaysToExpiry is less than 14, send an emailmessage to the appropriate email addresses. Send the email message by running apredefined CLI command to publish to an Amazon Simple Notification Service (AmazonSNS) topic.
D. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMSidentity that uses a predefined email template. Configure the rule to send an event to thetarget SMS identity if DaysToExpiry is less than 14.
ANSWER : B
A company hosts a web application on Amazon EC2 instances behind an Application LoadBalancer (ALB). The company uses Amazon Route 53 to route traffic.The company also has a static website that is configured in an Amazon S3 bucket.A SysOps administrator must use the static website as a backup to the web application.The failover to the static website must be fully automated.Which combination of actions will meet these requirements? (Choose two.)
A. Create a primary failover routing policy record. Configure the value to be the ALB.
B. Create an AWS Lambda function to switch from the primary website to the secondarywebsite when the health check fails.
C. Create a primary failover routing policy record. Configure the value to be the ALB.Associate the record with a Route 53 health check.
D. Create a secondary failover routing policy record. Configure the value to be the staticwebsite. Associate the record with a Route 53 health check.
E. Create a secondary failover routing policy record. Configure the value to be the staticwebsite.
ANSWER : A,C
A company stores its data in an Amazon S3 bucket. The company is required to classifythe data and find any sensitive personal information in its S3 files. Which solution will meet these requirements?
A. Create an AWS Config rule to discover sensitive personal information in the S3 files andmark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline toclassify sensitive personal information by using Amazon Recognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.
ANSWER : D
A Sysops administrator launches an Amazon EC2 instance from a Windows AmazonMachine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store(Amazon EBS) volumes. When the instance is launched, none of the additional AmazonElastic Block Store (Amazon EBS) volumes are initialized and ready for use through a driveletter. The SysOps administrator needs to automate the EBS volume initialization.Which solution will meet these requirements in the MOST operationally efficient way?
A. Create an Amazon EventBridge rule. Configure an AWS Systems Manager Automationrunbook as a target of the EventBridge rule to initialize the disks after an EC2 instancelaunch event.
B. Create an AmazolkventBridge rule. Configure an AWS Lambda function as a target ofthe EventBridge rule to initialize the drives after the AMI is launched.
C. Create an AWS Config rule to automatically initialize the EBS volumes on Windows EC2instances.
D. Add the secondary volume configuration to the DriveLetterMappingConfig.json file.Configure the InitializeDisks.ps1 Windows PowerShell script to run at launch. Create a newAMI from the running EC2 instance.
ANSWER : D
A SysOps administrator manages policies for many AWS member accounts in an AWSOrganizations structure. Administrators on other teams have access to the account rootuser credentials of the member accounts. The SysOps administrator must prevent allteams, including their administrators, from using Amazon DynamoDB. The solution mustnot affect the ability of the teams to access other AWS services.Which solution will meet these requirements?
A. In all member accounts, configure 1AM policies that deny access to all DynamoDBresources for all users, including the root user.
B. Create a service control policy (SCP) in the management account to deny allDynamoDB actions. Apply the SCP to the root of the organization
C. In all member accounts, configure 1AM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.
D. Remove the default service control policy (SCP) in the management account. Create areplacement SCP that includes a single statement that denies all DynamoDB actions.
ANSWER : B
A company has a cluster of Linux Amazon EC2 Spot Instances that read many files fromand write many files to attached Amazon Elastic Block Store (Amazon EBS) volumes. TheEC2 instances are frequently started and stopped. As part of the process when an EC2instance starts, an EBS volume is restored from a snapshot.EBS volumes that are restored from snapshots are experiencing initial performance that islower than expected. The company's workload needs almost all the provisioned IOPS onthe attached EBS volumes. The EC2 instances are unable to support the workload whenthe performance of the EBS volumes is too low. A SysOps administrator must implement asolution to ensure that the EBS volumes provide the expected performance when they arerestored from snapshots.Which solution will meet these requirements?
A. Configure fast snapshot restore (FSR) on the snapshots that are used.
B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
C. Format the EBS volumes as XFS file systems before restoring the snapshots.
D. Increase the Linux read-ahead buffer to 1 MiB.
ANSWER : A
A company runs an application on hundreds of Amazon EC2 instances in three AvailabilityZones The application calls a third-parly API over the public internet A SysOpsadministrator must provide the third party with a list of static IP addresses so that the thirdparty can allow traffic from the applicationWhich solution will meet these requirements?
A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NATgateway the default route of all private subnets In those Availability Zones.
B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IPaddress with all the instances in the Availability Zone
C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to theinterne! through the private IP address of the NLB
D. Update the main route table to send the traffic to the internet through an Elastic IPaddress that is assigned to each instance.
ANSWER : A
A company receives an alert from an Amazon CloudWatch alarm The alarm indicates that a web application that Is running on Amazon EC2 instances is not responding to requestsThe EC2 instances have a Red Hat Enterprise Linux operating system and are in an AutoScaling group. The Auto Scaling group has a minimum capacity of 2 and a maximumcapacity of 5.An Investigation reveals that the web application is experiencing oul-of-memory errors. Thecompany adds memory lo the web application and wants to track operating systemmemory utilization. A CloudWatch memory metric does not currently exist tor the EC2Instances in the Auto Scaling groupWhat should a SysOps administrator do to provide a CloudWatch memory metric for theEC2 instances?
A. Use an Amazon Machine Image (AMI) that includes the CloudWatch agent.
B. Turn on CloudWatch detailed monitoring
C. Turn on Instance Metadata Service Version 2 (IMOSv2).
D. Use an Amazon Machine Image (AMI) that is based on Amazon Linux.
ANSWER : A
A company has an application that is deployed 10 two AWS Regions in an active-passiveconfiguration. The application runs on Amazon EC2 instances behind an Application LoadBalancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling groupin each Region. The application uses an Amazon Route 53 hosted zone (or DNS. ASysOps administrator needs to configure automatic failover to the secondary Region.What should the SysOps administrator do to meet these requirements
A. Configure Route 53 alias records that point to each ALB. Choose a failover routingpolicy. Set Evaluate Target Health to Yes.
B. Configure CNAME records that point to each ALB. Choose a failover routing policy. SetEvaluate Target Health to Yes.
C. Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondaryRegion astargets.
D. Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALBin the primary Region. Include the EC2 instances in the secondary Region as targets.
ANSWER : A
A company has a secure website running on Amazon EC2 instances behind an ApplicationLoad Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used onthe ALB. Users with legacy web browsers are experiencing issues with the website.How should the SysOps administrator resolve these issues in the MOST operationallyefficient manner?
A. Create a new SSL certificate in ACM and install the new certificate on the ALB tosupport legacy web browsers.
B. Create a second ALB and install a custom SSL certificate with a different domain nameon the second ALB to support legacy web browsers.
C. Remove the ALB from the configuration and install a custom SSL certificate on eachweb server.
D. Update the SSL negotiation configuration of the ALB with a security policy that containsciphers for legacy web browsers.
ANSWER : D
A company migrates a write-once, read-many (WORM) drive to an Amazon S3 bucket thathas S3 Object Lock configured in governance mode. During the migration, the companycopies unneeded data to the S3 bucket.A SysOps administrator attempts to delete the unneeded data from the S3 bucket by usingthe AWS CLI. However, the SysOps administrator receives an error.Which combination of steps should the SysOps administrator take to successfully deletethe unneeded data? (Select TWO.)
A. Increase the Retain Until Date.
B. Assume a role that has the s3:BypassLegalRetention permission.
C. Assume a role that has the s3:BypassGovernanceRetention permission.
D. Include the x-amz-bypass-governance-retention:true header in the request when issuingthe delete command.
E. Include the x-amz-bypass-legal-retention:true header in the request when issuing thedelete command.
ANSWER : C,D
A SysOps administrator wants to securely share an object from a private Amazon S3bucket with a group of users who do not have an AWS account. What is the MOSToperationally efficient solution that will meet this requirement?
A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.
B. Create an 1AM role that has access to the object. Instruct the users to assume the role.
C. Create an 1AM user that has access to the object. Share the credentials with the users.
D. Generate a presigned URL for the object. Share the URL with the users.
ANSWER : D
A company runs a high performance computing (HPC) application on an Amazon EC2instance The company needs to scale this architecture to two or more EC2 instances. TheEC2 instances wilt need to communicate with each other at high speeds with low latency tosupport the application.The company wants to ensure that the network performance can support the requiredcommunication between the EC2 instances.What should a SysOps administrator do to meet these requirements?
A. Create a cluster placement group. Back up the existing EC2 instance to an AmazonMachine Image (AMI). Restore the EC2 instance from the AMI into the placement groupLaunch the additional EC2 instances into the placement group
B. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launchtemplate from the existing EC2 instance by specifying the AMI. Create an Auto Scalinggroup and configure the desired instance count.
C. Create a Network Load Balancer (NLB) and a target group. Launch the new EC2instances and register them with the target group Register the existing EC2 instance withthe target group. Pass all application traffic through the NLB.
D. Back up the existing EC2 Instance to an Amazon Machine Image (AMI). Createadditional clones of the EC2 instance from the AMI in the same Availability Zone where theexisting EC2 instance is located.
ANSWER : A
A company is creating a new multi-account environment in AWS Organizations. The company will use AWS Control Tower to deploy the environment. Users must be able tocreate resources in approved AWS Regions only. The company must configure and governall accounts by using a standard baseline configuration Which combination of steps willmeet these requirements in the MOST operationally efficient way? (Select TWO.)
A. Create a permission set and a custom permissions policy in AWS IAM Identity Center(AWS Single Sign-On) for each user to prevent each user from creating resources inunapproved Regions.
B. Deploy AWS Config rules in each AWS account to govern the account's securitycompliance and to delete any resources that are created in unapproved Regions.
C. Deploy AWS Lambda functions to configure security settings across all accounts in theorganization and to delete any resources that are created in unapproved Regions.
D. Implement a service control policy (SCP) to deny any access to AWS based on therequested Region.
E. Modify the AWS Control Tower landing zone settings to govern the approved Regions.
ANSWER : D,E
A company hosts an application on Amazon EC2 instances The instances are in anAmazon EC2 Auto Scaling group that uses a launch template The amount of applicationtraffic changes throughout the day. Scaling events happen frequently.A SysOps administrator needs to help developers troubleshoot the application. When ascaling event removes an instance. EC2 Auto Scaling terminates the instance before thedevelopers can log in to the instance to diagnose issues.Which solution will prevent termination of the instance so that the developers can log in tothe instance?
A. Ensure that the Delete on termination setting is turned off in the UserData section of thelaunch template
B. Update the Auto Scaling group by enabling instance scale-in protection for newlylaunched instances.
C. Use Amazon Inspector to configure a rules package to protect the instances fromtermination.
D. Use Amazon GuardDuty to configure rules to protect the instances from termination.
ANSWER : B
A SysOps administrator is investigating a company's web application for performanceproblems The application runs on Amazon EC2 instances that are in an Auto Scalinggroup. The application receives large traffic increases at random times throughout the day.During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fastenough. As a result, users are experiencing poor performance.The company wants to minimize costs without adversely affecting the user experiencewhen web traffic surges quickly. The company needs a solution that adds more capacity tome Auto Scaling group for larger traffic increases than for smaller traffic increases.How should the SysOps administrator configure the Auto Scaling group to meet theserequirements?
A. Create a simple scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load
B. Create a step scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load.
C. Create a target tracking scaling policy with settings to make larger adjustments incapacity when the system is under heavy load
D. Use Amazon EC2 Auto Scaling lifecycle hooks Adjust the Auto Scaling group'smaximum number of instances after every scaling event
ANSWER : B
A company uses AWS Organizations to host several applications across multiple AWSaccounts. Several teams are responsible for building and maintaining the infrastructure ofthe applications across the AWS accounts.A SysOps administrator must implement a solution to ensure that user accounts andpermissions are centrally managed. The solution must be integrated with the company'sexisting on-premises Active Directory environment. The SysOps administrator already hasenabled AWS 1AM Identity Center (AWS Single Sign-On) and has set up an AWS DirectConnect connection.What is the MOST operationally efficient solution that meets these requirements?
A. Create a Simple AD domain, and establish a forest trust relationship with the onpremisesActive Directory domain. Set the Simple AD domain as the identity source for1AM Identity Center. Create the required role-based permission sets. Assign each group ofusers to the AWS accounts that the group will manage.
B. Create an Active Directory domain controller on an Amazon EC2 instance that is joinedto the on-premises Active Directory domain. Set the Active Directory domain controller asthe identity source for 1AM Identity Center. Create the required role-based permission sets.Assign each group of users to the AWS accounts that the group will manage.
C. Create an AD Connector that is associated with the on-premises Active Directorydomain. Set the AD Connector as the identity source for 1AM Identity Center. Create therequired role-based permission sets. Assign each group of users to the AWS accounts thatthe group will manage.
D. Use the built-in SSO directory as the identity source for 1AM Identity Center. Copy theusers and groups from the on-premises Active Directory domain. Create the required rolebasedpermission sets. Assign each group of users to the AWS accounts that the group willmanage.
ANSWER : C
A SysOps administrator needs to configure an Amazon S3 bucket to host a webapplication. The SysOps administrator has created the S3 bucket and has copied the staticfiles for the web application to the S3 bucket.The company has a policy that all S3 buckets must not be public. What should the SysOps administrator do to meet these requirements?
A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with anorigin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucketpolicy.
B. Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create aDNS CNAME to point to the S3 website endpomt.
C. Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALBlistener configuration. Forward the traffic to the S3 bucket.
D. Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port443. Set the endpoint type to forward the traffic to the S3 bucket.
ANSWER : A
Dumpsgroup is a verified platform for certification preparation. Our expert professionals are working day and night to create the perfect Practice Exam so you can pass your exam with flying colors. We provide only the authentic and valid Practice Questions approved by IT Experts. Start your certification journey now!
www.dumpsgroup.com
support@dumpsgroup.com
1104 Long Street, NY, 11206, USA
Feel free to contact us, we are available 24/7.