• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • SOA-C02 Dumps PDF
  • 305 Questions
  • Updated On March 16, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • SOA-C02 Question Answers
  • 305 Questions
  • Updated On March 16, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • SOA-C02 Practice Questions
  • 305 Questions
  • Updated On March 16, 2024
Check Our Free Amazon SOA-C02 Online Test Engine Demo.

How to pass Amazon SOA-C02 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Amazon SOA-C02 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Amazon SOA-C02 Dumps are Worth it?

Did we mention our latest SOA-C02 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Amazon Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our AWS Certified SysOps Administrator - Associate (SOA-C02) Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using AWS Certified SysOps Administrator - Associate (SOA-C02) Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get SOA-C02 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the SOA-C02 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Amazon SOA-C02 Sample Question Answers

Question # 1

A company needs to archive all audit logs for 10 years. The company must protect the logsfrom any future edits.Which solution will meet these requirements?

A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWSKey Management Service (AWS KMS) encryption.
B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for writeonce,read-many (WORM) access.
C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configureserver-side encryption.
D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configuremulti-factor authentication (MFA).

Question # 2

A SysOps administrator has successfully deployed a VPC with an AWS Cloud Formationtemplate The SysOps administrator wants to deploy me same template across multipleaccounts that are managed through AWS Organizations.Which solution will meet this requirement with the LEAST operational overhead?

A. Assume the OrganizationAccountAcccssKolc IAM role from the management account.Deploy the template in each of the accounts
B. Create an AWS Lambda function to assume a role in each account Deploy the templateby using the AWS CloudFormation CreateStack API call
C. Create an AWS Lambda function to query fc a list of accounts Deploy the template byusing the AWS Cloudformation CreateStack API call.
D. Use AWS CloudFormation StackSets from the management account to deploy thetemplate in each of the accounts

Question # 3

A company has a memory-intensive application that runs on a fleet of Amazon EC2instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scalinggroup. A Sysops administrator must ensure that the application can scale based on thenumber of users that connect to the application.Which solution will meet these requirements?

A. Create a scaling policy that will scale the application based on theActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
B. Create a scaling policy that will scale the application based on the mem used AmazonCloudWatch metric that is generated from the ELB.
C. Create a scheduled scaling policy to increase the number of EC2 instances in the AutoScaling group to support additional connections.
D. Create and deploy a script on the ELB to expose the number of connected users as acustom Amazon CloudWatch metric. Create a scaling policy that uses the metric.

Question # 4

A company needs to automatically monitor an AWS account for potential unauthorizedAWS Management Console logins from multiple geographic locations.Which solution will meet this requirement?

A. Configure Amazon Cognito to detect any compromised 1AM credentials.
B. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
C. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
D. Configure Amazon GuardDuty to monitor theUnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Question # 5

A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish aVPC peering connection named pcx-12345 between both VPCs.Which rules should appear in the route table of VPC A after configuration? (Select TWO.)

A. Destination: 10.0.0.0/16, Target: Local
B. Destination: 172.31.0.0/16, Target: Local
C. Destination: 10.0.0.0/16, Target: pcx-12345
D. Destination: 172.31.0.0/16, Target: pcx-12345
E. Destination: 10.0.0.0/16. Target: 172.31.0.0/16

Question # 6

A company needs to implement a managed file system to host Windows file shares forusers on premises. Resources in the AWS Cloud also need access to the data on these fileshares. A SysOps administrator needs to present the user file shares on premises andmake the user file shares available on AWS with minimum latency. What should the SysOps administrator do to meet these requirements?

A. Set up an Amazon S3 File Gateway.
B. Set up an AWS Direct Connect connection.
C. Use AWS DataSync to automate data transfers between the existing file servers andAWS.
D. Set up an Amazon FSx File Gateway.

Question # 7

A company has created a NAT gateway in a public subnet in a VPC. The VPC alsocontains a private subnet that includes Amazon EC2 instances. The EC2 instances use theNAT gateway to access the internet to download patches and updates. The company hasconfigured a VPC flow log for the elastic network interface of the NAT gateway. Thecompany is publishing the output to Amazon CloudWatch Logs.A SysOps administrator must identify the top five internet destinations that the EC2instances in the private subnet communicate with for downloads.What should the SysOps administrator do to meet this requirement in the MOSToperationally efficient way?

A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internetdestinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the logfiles in Amazon S3.

Question # 8

A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer inuse. The CloudFormation stack is in the DELETE_FAILED state. The SysOps administratorhas validated the permissions that are required to delete the Cloud Formation stack.

A. The configured timeout to delete the stack was too low for the delete operation tocomplete.
B. The stack contains nested stacks that must be manually deleted fast.
C. The stack was deployed with the -disable rollback option.
D. There are additional resources associated with a security group in the stack
E. There are Amazon S3 buckets that still contain objects in the stack.

Question # 9

A SysOps administrator needs to track the costs of data transfer between AWS Regions.The SysOps administrator must implement a solution to send alerts to an email distributionlist when transfer costs reach 75% of a specific threshold.What should the SysOps administrator do to meet these requirements?

A. Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena.Configure an alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the emaildistribution list to the topic.
B. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of thethreshold. Configure the alarm to publish a message to an Amazon Simple NotificationService (Amazon SNS) topic. Subscribe the email distribution list to the topic.
C. Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% ofthe budgeted amount. Configure the budget to send a notification to the email distributionlist when costs reach 75% of the threshold.
D. Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function toanalyze data transfer. Configure the Lambda function to send a notification to the emaildistribution list when costs reach 75% of the threshold.

Question # 10

A company hosts a web application on an Amazon EC2 instance. The web server logs arepublished to Amazon CloudWatch Logs. The log events have the same structure andinclude the HTTP response codes that are associated with the user requests. Thecompany needs to monitor the number of times that the web server returns an HTTP 404response. What is the MOST operationally efficient solution that meets these requirements?

A. Create a CloudWatch Logs metric filter that counts the number of times that the webserver returns an HTTP 404 response.
B. Create a CloudWatch Logs subscription filter that counts the number of times that theweb server returns an HTTP 404 response.
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query thatcounts the number of 404 codes in the log events during the past hour.
D. Create a script that runs a CloudWatch Logs Insights query that counts the number of404 codes in the log events during the past hour.

Question # 11

A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are needed tomeet service requirements.Which action will maintain uptime for the application MOST cost-effectively?

A. Use a Spot Fleet with an On-Demand capacity of 6 instances.
B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and amaximum of 10 On-Demand Instances.
C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and amaximum of 6 On-Demand Instances.
D. Use a Spot Fleet with a target capacity of 6 instances.

Question # 12

A company runs an application on Amazon EC2 instances. The EC2 instances are in anAuto Scaling group and run behind an Application Load Balancer (ALB). The applicationexperiences errors when total requests exceed 100 requests per second. A SysOpsadministrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold.What should the SysOps administrator do to collect this data?

A. Use the ALB’s RequestCount metric. Configure a time range of 2 weeks and a period of1 minute. Examine the chart to determine peak traffic times and volumes.
B. Use Amazon CloudWatch metric math to generate a sum of request counts for all theEC2 instances over a 2-week period. Sort by a 1-minute interval.
C. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templatesto create aggregated request metrics across all the EC2 instances.
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure an EC2event matching pattern that creates a metric that is based on EC2 requests. Display thedata in a graph.

Question # 13

A company’s AWS Lambda function is experiencing performance issues. The Lambdafunction performs many CPU-intensive operations. The Lambda function is not running fastenough and is creating bottlenecks in the system.What should a SysOps administrator do to resolve this issue?

A. In the CPU launch options for the Lambda function, activate hyperthreading.
B. Turn off the AWS managed encryption.
C. Increase the amount of memory for the Lambda function.
D. Load the required code into a custom layer.

Question # 14

A company plans to migrate several of its high performance computing (MPC) virtualmachines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identifya placement group for this deployment. The strategy must minimize network latency andmust maximize network throughput between the HPC VMs.Which strategy should the SysOps administrator choose to meet these requirements?

A. Deploy the instances in a cluster placement group in one Availability Zone.
B. Deploy the instances in a partition placement group in two Availability Zones
C. Deploy the instances in a partition placement group in one Availability Zone
D. Deploy the instances in a spread placement group in two Availably Zones

Question # 15

A company is using Amazon CloudFront to serve static content for its web application to itsusers. The CloudFront distribution uses an existing on-premises website as a customorigin.The company requires the use of TLS between CloudFront and the origin server. Thisconfiguration has worked as expected for several months. However, users are nowexperiencing HTTP 502 (Bad Gateway) errors when they view webpages that includecontent from the CloudFront distribution.What should a SysOps administrator do to resolve this problem?

A. Examine the expiration date on the certificate on the origin site. Validate that thecertificate has not expired. Replace the certificate if necessary.
B. Examine the hostname on the certificate on the origin site. Validate that the hostnamematches one of the hostnames on the CloudFront distribution. Replace the certificate ifnecessary.
C. Examine the firewall rules that are associated with the origin server. Validate that port443 is open for inbound traffic from the internet. Create an inbound rule if necessary.
D. Examine the network ACL rules that are associated with the CloudFront distribution.Validate that port 443 is open for outbound traffic to the origin server. Create an outboundrule if necessary.

Question # 16

A Sysops administrator has created an Amazon EC2 instance using an AWSCloudFormation template in the us-east-I Region. The administrator finds that thistemplate has failed to create an EC2 instance in the us-west-2 Region.What is one cause for this failure?

A. Resource tags defined in the CloudFormation template are specific to the us-east-IRegion.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template couldnot be found in the us-west-2 Region.
C. The cfn-init script did not run during resource provisioning in the us-west-2 Region.
D. The IAM user was not created in the specified Region.

Question # 17

A company has a public website that recently experienced problems. Some links led tomissing webpages, and other links rendered incorrect webpages. The applicationinfrastructure was running properly, and all the provisioned resources were healthy.Application logs and dashboards did not show any errors, and no monitoring alarms wereraised. Systems administrators were not aware of any problems until end users reportedthe issues.The company needs to proactively monitor the website for such issues in the future andmust implement a solution as soon as possible.Which solution will meet these requirements with the LEAST operational overhead?

A. Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to providealerts when issues are detected.
B. Create an AWS Lambda function to test the website. Configure the Lambda function toemit an Amazon CloudWatch custom metric when errors are detected. Configure aCloudWatch alarm to provide alerts when issues are detected.
C. Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch SyntheticsRecorder plugin to generate the script for the canary run. Configure the canary in line withrequirements. Create an alarm to provide alerts when issues are detected.

Question # 18

A company's VPC has connectivity to an on-premises data center through an AWS Site-to-Site VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries forexample com to the DNS servers in the data center.Which solution will meet these requirements?

A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwardingrule on the on-primes DNS servers to forward DNS requests for example.com to theinbound endpoints.
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on theresolver that sends all queries for example.com to the on-premises DNS servers. Associatethis rule with the VPC.
C. Create an Amazon Route 53 Resolver outbound endpoint Create a conditionalforwarding rule on the on-premises DNS servers to forward DNS requests for example.comto the outbound endpoints
D. Create an Amazon Route 53 Resolver outbound endpoint. Create a forwarding rule onthe resolver that sends all queries for exarrc4e.com to the on-premises DNS serversAssociate this rule with the VPC.

Question # 19

A company plans to launch a static website on its domain example com and subdomainwww example.com using Amazon S3. How should the SysOps administrator meet thisrequirement?

A. Create one S3 bucket named example.com for both the domain and subdomain.
B. Create one S3 bucket with a wildcard named '.example.com tor both the domain andsubdomain.
C. Create two S3 buckets named example.com and www.exdmpte.com. Configure thesubdomain bucket to redirect requests to the domain bucket.
D. Create two S3 buckets named http//example.com and http//" exampte.com. Configurethe wildcard (') bucket to redirect requests to the domain bucket.

Question # 20

A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS)cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysopsadministrator needs to manage the cluster by using the kubect1 command line tool.Which of the following must be configured on the Sysops administrator's machine so thatkubect1 can communicate with the cluster API server?

A. The kubeconfig file
B. The kube-proxy Amazon EKS add-on
C. The Fargate profile
D. The eks-connector.yaml file

Question # 21

A company is attempting to manage its costs in the AWS Cloud. A SysOps administratorneeds specific company-defined tags that are assigned to resources to appear on thebilling report.What should the SysOps administrator do to meet this requirement?

A. Activate the tags as AWS generated cost allocation tags.
B. Activate the tags as user-defined cost allocation tags.
C. Create a new cost category. Select the account billing dimension.
D. Create a new AWS Cost and Usage Report. Include the resource IDs.

Question # 22

A company has an application that runs only on Amazon EC2 Spot Instances. Theinstances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.However, the capacity does not always increase at the scheduled times, and instancesterminate many times a day. A Sysops administrator must ensure that the instances launchon time and have fewer interruptions. Which action will meet these requirements?

A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instancetypes to the Auto Scaling group.
B. Specify the capacity-optimized allocation strategy for Spot Instances. Increase the sizeof the instances in the Auto Scaling group.
C. Specify the lowest-price allocation strategy for Spot Instances. Add more instance typesto the Auto Scaling group.
D. Specify the lowest-price allocation strategy for Spot Instances. Increase the size of theinstances in the Auto Scaling group.

Question # 23

A company is storing backups in an Amazon S3 bucket. The backups must not be deletedfor at least 3 months after the backups are created.What should a SysOps administrator do to meet this requirement?

A. Configure an IAM policy that denies the s3:DeleteObject action for all users. Threemonths after an object is written, remove the policy.
B. Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups inthe new S3 bucket with a retention period of 3 months.
C. Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protectthe backups.
D. Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Question # 24

A company hosts a web portal on Amazon EC2 instances. The web portal uses an ElasticLoad Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and theEC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.Which configuration will meet these requirements?

A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority(SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOArecord with health checks. Use the ELB in us-east-1 as the primary record and the ELB inus-west-2 as the secondary record.
B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record inRoute 53 that includes the ELB in us-west-2 as an alias target. Configure the A recordswith a failover routing policy and health checks. Use the ELB in us-east-1 as the primaryrecord and the ELB in us-west-2 as the secondary record.
C. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2instances with the existing ELB, and configure load balancer health checks on all EC2instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 failhealth checks.
D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 healthchecks on all EC2 instances in each Region. Configure a peering connection between theVPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as thesecondary record.

Question # 25

A company wants to create an automated solution for all accounts managed by AWSOrganizations to detect any worry groups that urn 0.0.0.0/0 as the source address forinbound traffic. The company also wants to automatically remediate any noncompliantsecurity groups by restricting access to a specific CIDR block corresponds with thecompany's intranet.

A. Create an AWS Config rule to detect noncompliant security groups. Set up automaticremediation to change the 0.0.0.0/0 source address to the approved CIDK block.
B. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as thesource address Attach this 1AM policy to every user in the company.
C. Create an AWS Lambda function to inspect now and existing security groups check for anoncompliant 0.0.0.0A) source address and change the source address to the approvedCIDR block.
D. Create a service control policy (SCP) for the organizational unit (OU) to deny thecreation of security groups that have the 0.0.0.0/0 source address. Set up automaticremediation to change Vie 0.0.0.0/0 source address to the approved CIDR block.

Question # 26

A company’s SysOps administrator regularly checks the AWS Personal Health Dashboardin each of the company’s accounts. The accounts are part of an organization in AWSOrganizations. The company recently added 10 more accounts to the organization. TheSysOps administrator must consolidate the alerts from each account’s Personal HealthDashboard.Which solution will meet this requirement with the LEAST amount of effort?

A. Enable organizational view in AWS Health.
B. Configure the Personal Health Dashboard in each account to forward events to a centralAWS CloudTrail log.
C. Create an AWS Lambda function to query the AWS Health API and to write all events toan Amazon DynamoDB table.
D. Use the AWS Health API to write events to an Amazon DynamoDB table.

Question # 27

A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store(Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on theEBS volumes.According to company policy, the company cannot change instance types or EBS volumetypes without completing lengthy acceptance tests to validate that the company’sapplications will function properly. A SysOps administrator needs to increase the I/Operformance of the EBS volumes as quickly as possible.Which action should the SysOps administrator take to meet these requirements?

A. Increase the size of the 1 GiB EBS volumes.
B. Add two additional elastic network interfaces on each EC2 instance.
C. Turn on Transfer Acceleration on the EBS volumes in the Region.
D. Add all the EC2 instances to a cluster placement group.

Question # 28

A company recently purchased Savings Plans. The company wants to receive emailnotification when the company’s utilization drops below 90% for a given day.Which solution will meet this requirement?

A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in AWSTrusted Advisor. Configure an Amazon Simple Queue Service (Amazon SQS) queue foremail notification when the utilization drops below 90% for a given day.
B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metricunder the AWS/SavingsPlans namespace in CloudWatch. Configure an Amazon SimpleQueue Service (Amazon SQS) queue for email notification when the utilization drops below90% for a given day.
C. Create a Savings Plans alert to monitor the daily utilization of the Savings Plans.Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notificationwhen the utilization drops below 90% for a given day.
D. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of theSavings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic foremail notification when the utilization drops below 90% for a given day.

Question # 29

A company’s application currently uses an IAM role that allows all access to all AWSservices. A SysOps administrator must ensure that the company’s IAM policies allow onlythe permissions that the application requires.How can the SysOps administrator create a policy to meet this requirement?

A. Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub.
B. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy byusing AWS Identity and Access Management Access Analyzer.
C. Use the AWS CLI to run the get-generated-policy command in AWS Identity and AccessManagement Access Analyzer.
D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and AccessManagement Access Analyzer.

Question # 30

A company is managing many accounts by using a single organization in AWSOrganizations. The organization has all features enabled. The company wants to turn onAWS Config in all the accounts of the organization and in all AWS Regions.What should a Sysops administrator do to meet these requirements in the MOSToperationally efficient way?

A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWSConfig in all accounts and in all Regions.
B. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Configin all accounts and in all Regions.
C. Use service control policies (SCPs) to configure AWS Config in all accounts and in allRegions.
D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in theorganization. Run the script from the organization's management account.

Question # 31

A company hosts an application on an Amazon EC2 instance in a single AWS Region. Theapplication requires support for non-HTTP TCP traffic and HTTP traffic.The company wants to deliver content with low latency by leveraging the AWS network.The company also wants to implement an Auto Scaling group with anElastic Load Balancer.How should a SysOps administrator meet these requirements?

A. Create an Auto Scaling group with an Application Load Balancer (ALB). Add an AmazonCloudFront distribution with the ALB as the origin.
B. Create an Auto Scaling group with an Application Load Balancer (ALB). Add anaccelerator with AWS Global Accelerator with the ALB as an endpoint.
C. Create an Auto Scaling group with a Network Load Balancer (NLB). Add an AmazonCloudFront distribution with the NLB as the origin.
D. Create an Auto Scaling group with a Network Load Balancer (NLB). Add an acceleratorwith AWS Global Accelerator with the NLB as an endpoint.

Question # 32

A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. Thedatabase will store data for a demonstration environment. The data must be reset on adaily basis. What is the MOST operationally efficient solution that meets these requirements?

A. Create a manual snapshot of the DB cluster after the data has been populated. Createan Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambdafunction on a daily basis. Configure the function to restore the snapshot and then delete theprevious DB cluster.
B. Enable the Backtrack feature during the creation of the DB cluster. Specify a targetbacktrack window of 48 hours. Create an Amazon EventBridge (Amazon CloudWatchEvents) rule to invoke an AWS Lambda function on a daily basis. Configure the function toperform a backtrack operation.
C. Export a manual snapshot of the DB cluster to an Amazon S3 bucket after the data hasbeen populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule toinvoke an AWS Lambda function on a daily basis. Configure the function to restore thesnapshot from Amazon S3.
D. Set the DB cluster backup retention period to 2 days. Create an Amazon EventBridge(Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis.Configure the function to restore the DB cluster to a point in time and then delete theprevious DB cluster.

Question # 33

A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation. Which solution will meet these requirements?

A. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference. 
B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference. 
C. Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference. 
D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource. 

Question # 34

A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement? 

A. Configure S3 bucket metrics to record object access logs
 B. Create an AWS CloudTrail trail to log data events tor all S3 objects 
C. Enable S3 server access logging for each S3 bucket 
D. Use AWS IAM Access Analyzer for Amazon S3 to store object access logs. 

Question # 35

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

A. Create an AWS Serverless Application Repository and export the Lambda function recommendations. 
B. Enable AWS Compute Optimizer and export the Lambda function recommendations 
C. Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights. 
D. Run AWS Trusted Advisor and export the Lambda function recommendations 

Question # 36

A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost. What should the SysOps administrator do to sign in? 

A. Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password. 
B. Sign in as an 1AM user with administrator permissions. Resynchronize the MFA token by using the 1AM console. 
C. Sign in as an 1AM user with administrator permissions. Reset the MFA device for the root user by adding a new device. 
D. Use the forgot-password process to verify the email address. Set up a new password and MFA device. 

Question # 37

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOpe administrator notices that some of these EC2 instances show up as heathy in the Auto Scaling g-out but show up as unhealthy in the ALB target group. What is a possible reason for this issue? 

A. Security groups ate rot allowing traffic between the ALB and the failing EC2 instances 
B. The Auto Seating group health check is configured for EC2 status checks 
C. The EC2 instances are failing to launch and failing EC2 status checks. 
D. The target group health check is configured with an incorrect port or path 

Question # 38

A company uses Amazon S3 to aggregate raw video footage from various media teams across the US. The company recently expanded into new geographies in Europe and Australia. The technical teams located in Europe and Australia reported delays when uploading large video tiles into the destination S3 bucket m toe United States. What are the MOST cost-effective ways to increase upload speeds into the S3 bucket? (Select TWO.) 

A. Create multiple AWS Direct Connect connections between AWS and branch offices in Europe and Australia tor He uploads into the destination S3 bucket 
B. Create multiple AWS Site-to-Site VPN connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket. 
C. Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket. 
D. Use AWS Global Accelerator for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. 
E. Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. 

Question # 39

A company uses an Amazon S3 bucket to store data files. The S3 bucket contains hundreds of objects. The company needs to replace a tag on all the objects in the S3 bucket with another tag. What is the MOST operationally efficient way to meet this requirement? 

A. Use S3 Batch Operations. Specify the operation to replace all object tags. 
B. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use S3 Batch Operations. Specify the operation to delete all object tags. Use the AWS CLI and the list to retag the objects. 
C. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use the AWS CLI and the list to remove the object tags. Use the AWS CLI and the list to retag the objects.
 D. Use the AWS CLI to copy the objects to another S3 bucket. Add the new tag to the copied objects. Delete the original objects. 

Question # 40

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets. How should a SysOps administrator configure the VPC to meet these requirements?

A. Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.
 B. Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets. 
C. Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets. 
D. Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets. 

Question # 41

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement? 

A. Turn on S3 Block Public Access from the account level. 
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private. 
C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found. 
D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private. 

Question # 42

A SysOps administrator configuring AWS Client VPN to connect use's on a corporate network to AWS resources mat are running in a VPC According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel. How should the SysOps administrator configure Client VPN to meet these requirements?

 A. Associate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway. 
B. On the Client VPN endpoint, turns on the split-tunnel option. 
C. On the Client VPN endpoint, specify DNS server IP addresses
 D. Select a private certificate to use as the identity certificate tor the VPN client. 

Question # 43

A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address. How should the SysOps administrator deploy the application to meet this requirement? 

A. Behind an Amazon API Gateway API 
B. Behind an Application Load Balancer 
C. Behind an internet-facing Network Load Balancer 
D. In an Amazon CloudFront distribution 

Question # 44

A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east1 Region. The web portal must be highly available across multiple Regions. Which configuration will meet these requirements? 

A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record. 
B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record. 
C. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks. 
D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Question # 45

A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.) Create a Systems Manager Distributor package for the third-party agent.  

A. Make sure that Systems Manager Inventory Is configured. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows. 
B. Create a Systems Manager State Manager association to run the AWSRunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day 
C. Create a Systems Manager State Manager- association to run the AWSConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
 D. Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsitem. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day. 

Question # 46

A company's SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company's web application. The web application does not use any Elastic IP addresses. Users must access the web application by using the company's domain name. The SysOps administrator needs to configure Amazon Route 53 to route traffic to the NLB. Which solution will meet these requirements MOST cost-effectively? 

A. Create a Route 53 AAAA record for the NLB. 
B. Create a Route 53 alias record for the NLB. 
C. Create a Route 53 CAA record for the NLB. 
D. Create a Route 53 CNAME record for the NLB. 

Question # 47

A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas. Which solution will meet these requirements? 

A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas. 
B. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas. 
C. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas. 
D. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas. 

Question # 48

A company recently its server infrastructure to Amazon EC2 instances. The company wants to use Amazon CloudWatch metrics to track instance memory utilization and available disk space. What should a SysOps administrator do to meet these requirements? 

A. Configure CloudWatch from the AWS Management Console tor all the instances that require monitoring by CloudWatch. AWS automatically installs and configures the agents far the specified instances. 
B. Install and configure the CloudWatch agent on all the instances Attach an IAM role to allow the instances to write logs to CloudWatch. 
C. Install and configure the CloudWatch agent on all the instances Attach an IAM user to allow the instances to write logs to CloudWatch. 
D. Install and configure the CloudWatch agent on all the instances. Attach the necessary security groups to allow the instances to write logs to CloudWatch 

Question # 49

A company's VPC has connectivity to an on-premises data center through an AWS Site-toSite VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries for example com to the DNS servers in the data center. Which solution will meet these requirements?

A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwarding rule on the on-primes DNS servers to forward DNS requests for example.com to the inbound endpoints. 
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises DNS servers. Associate this rule with the VPC. 
C. Create an Amazon Route 53 Resolver outbound endpoint Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for example.com to the outbound endpoints 
D. Create an Amazon Route 53 Resolver outbound endpoint. Create a forwarding rule on the resolver that sends all queries for exarrc4e.com to the on-premises DNS servers Associate this rule with the VPC. 

Question # 50

A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account Which combination of steps must the SysOps administrator take to meet this requirement? (Select TWO.) 

A. Sign in to the new account by using 1AM credentials. Change the support plan. 
B. Sign in to the new account by using root user credentials. Change the support plan. 
C. Use the AWS Support API to change the support plan. 
D. Reset the password of the account root user. 
E. Create an 1AM user that has administrator privileges in the new account. 

Question # 51

A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The company does not want to pay for additional unneeded capacity to achieve this performance. Which solution will meet these requirements with the LEAST cost? 

A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS 
B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS. 
C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode. 
D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS 

Question # 52

A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out. Which action should the SysOps administrator take to meet these requirements? 

A. Enable instance scale-in protection. 
B. Place the instance into the Standby stale. 
C. Remove the listener from the ALB 
D. Suspend the Launch and Terminate process types.

Question # 53

A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS resources to be encrypted at rest and in transit. What should a SysOps administrator do to encrypt the database? 

A. Configure encryption on the existing DB instance. 
B. Take a snapshot of the DB instance. Encrypt the snapshot. Restore the snapshot to the same DB instance. 
C. Encrypt the standby replica in a secondary Availability Zone. Promote the standby replica to the primary DB instance. 
D. Take a snapshot of the DB instance. Copy and encrypt the snapshot. Create a new DB instance by restoring the encrypted copy. 

Question # 54

A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements? 

A. Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings. 
B. Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget. 
C. Purchase Reserved Instances through the Amazon EC2 console. 
D. Use AWS Compute Optimizer and take action on the provided recommendations. 

Question # 55

A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region Which solution will solve this problem? 

A. Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket. 
B. Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80.
C. Update the EC2 subnet route table to include the S3 prefix tot destination routes to the S3 gateway endpoint. 
D. Update the S3 bucket policy to allow s3 PurObject access from the private subnet OOR block. 

Question # 56

A company runs an application on an Amazon EC2 instance A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand However, the EC2 instances are failing tie health check. What should the SysOps administrator do to troubleshoot this issue? 

A. Verity that the Auto Scaling group is configured to use all AWS Regions.
 B. Verily that the application is running on the protocol and the port that the listens is expecting. 
C. Verify the listener priority in the ALB Change the priority if necessary. 
D. Verify the maximum number of instances in the Auto Scaling group Change the number if necessary 

Question # 57

A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to blockbased storage that is compatible with the Portable Operating System Interface (POSIX) Which backup solution will meet these requirements?

A. Configure the backup software to use Amazon S3 as the target for the data backups 
B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups 
C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes 
D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes 

Question # 58

A company applies user-defined tags to resources that are associated with me company's AWS workloads Twenty days after applying the tags, the company notices that it cannot use re tags to filter views in the AWS Cost Explorer console. What is the reason for this issue? 

A. It lakes at least 30 days to be able to use tags to filter views in Cost Explorer. 
B. The company has not activated the user-defined tags for cost allocation. 
C. The company has not created an AWS Cost and Usage Report 
D. The company has not created a usage budget in AWS Budgets

Question # 59

A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions. The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard. How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?

A. Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.
 B. Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource's DashboardBody property. 
C. Update the CloudFormation template to define an resource. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard. 
D. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing dashboard in the DashboardName property. 

Question # 60

A SysOps administrator trust manage the security of An AWS account Recently an IAM users access key was mistakenly uploaded to a public code repository. The SysOps administrator must identity anything that was changed by using this access key. 

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events lo an AWS Lambda function for analysis 
B. Query Amazon EC2 togs by using Amazon CloudWatch Logs Insights for all events Heated with the compromised access key within the suspected timeframe 
C. Search AWS CloudTrail event history tor all events initiated with the compromised access key within the suspected timeframe 
D. Search VPC Flow Logs foe all events initiated with the compromised access key within the suspected Timeframe. 

Question # 61

A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM permissions for all users are correct. What could be the cause of this issue? 

A. The management/payer account does not have billing alerts turned on. 
B. The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account. 
C. Amazon GuardDuty is turned on for all the accounts. 
D. The company has not configured an AWS Config rule to monitor billing.