Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.
Free Download
  • Home
  • Articles
  • [Aug-2021] Practice Amazon SOA-C02 exam. Online Exam Practice Tests with detailed explanations! Pass SOA-C02 with confidence! [Q23-Q45]

[Aug-2021] Practice Amazon SOA-C02 exam. Online Exam Practice Tests with detailed explanations! Pass SOA-C02 with confidence! [Q23-Q45]

Share

Practice AWS Certified Associate SOA-C02 exam. Online Exam Practice Tests with detailed explanations! Pass SOA-C02 with confidence!

SOA-C02 - AWS Certified SysOps Administrator - Associate (SOA-C02) Practice Tests 2021 | DumpTorrent

NEW QUESTION 23
A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error.
Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

  • A. Configure the Auto Scaling group in different Availability Zones.
  • B. Change the instance type that the company is using.
  • C. Request an increase in the instance service quota.
  • D. Increase the maximum size of the Auto Scaling group.
  • E. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.

Answer: A,B

 

NEW QUESTION 24
A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.
  • B. Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.
  • C. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.
  • D. Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance failure, restore the EBS volume from a snapshot.

Answer: D

 

NEW QUESTION 25
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
  • B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
  • C. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
  • D. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.

Answer: D

 

NEW QUESTION 26
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

  • A. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
  • B. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.
  • C. Set up MFA Delete on all the S3 buckets to prevent the buckets from being ddeleted.
  • D. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

Answer: A

 

NEW QUESTION 27
A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above 70%.
A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of instances.
The SysOps administrator must restore the website's functionality without making changes to the network infrastructure.
Which solution will meet these requirements?

  • A. Move the website to a different AWS Region that is closer to the users.
  • B. Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.
  • C. Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.
  • D. Activate unlimited mode for the instances in the Auto Scaling group.

Answer: B

 

NEW QUESTION 28
A company is running an application on premises and wants to use AWS for data backup. All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX).
Which backup solution will meet these requirements?

  • A. Use AWS Storage Gateway, and configure it to use gateway-cached volumes.
  • B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups.
  • C. Use AWS Storage Gateway, and configure it to use gateway-stored volumes.
  • D. Configure the backup software to use Amazon S3 as the target for the data backups.

Answer: C

 

NEW QUESTION 29
A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps administrator must restrict access to certain countries.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries.
  • B. Update the application to generate signed CloudFront URLs only for IP addresses in authorized countries.
  • C. Create a secondary origin access identity (OAI). Configure the S3 bucket policy to prevent access from unauthorized countries.
  • D. Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition.

Answer: A

 

NEW QUESTION 30
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests Where can the administrator find this information?

  • A. Auto Scaling logs
  • B. Elastic Load Balancer access logs
  • C. AWS CloudTrail logs
  • D. EC2 instance logs

Answer: A

 

NEW QUESTION 31
A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the internet.
Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

  • A. Create an internet gateway and attach it to a VPC.
  • B. Attach a private address to the elastic network interface on the EC2 instance.
  • C. Add a NAT gateway to a public subnet.
  • D. Attach an Elastic IP address to the internet gateway.
  • E. Add an entry to the route table for the subnet that points to an internet gateway.

Answer: A,E

 

NEW QUESTION 32
A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately What should the SysOps administrator do to meet these requirements WITHOUT writing custom code''

  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail
  • B. Add the AWS account to AWS Organizations Enable CloudTrail in the management account
  • C. Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action
  • D. Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail

Answer: C

 

NEW QUESTION 33
A company has multiple Amazon EC2 instances that run a resource-intensive application in a developmentenvironment. A SysOps administrator is implementing a solution to stop these EC2 instances when they arenot in use.
Which solution will meet this requirement?

  • A. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric islower than 500 for a 30-minute period.
  • B. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS lambda function to stop the EC2 instances.
  • C. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resourceconfiguration changes.
  • D. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.

Answer: B

 

NEW QUESTION 34
A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.
Which solution will meet these requirements in the MOST secure manner?

  • A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account.
  • B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM user. Share the user credentials with the security administrator.
  • C. Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.
  • D. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user. Share the user credentials with the security administrator.

Answer: A

 

NEW QUESTION 35
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.
Which solution will meet these requirements?

  • A. Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.
  • B. Purchase RIs in the management account. Disable Rl discount sharing in the management account.
  • C. Purchase RIs in the management account. Disable Rl discount sharing in the member accounts.
  • D. Purchase RIs in individual member accounts. Disable Rl discount sharing in the member accounts.

Answer: C

 

NEW QUESTION 36
A company is managing multiple AWS accounts in AWS Organizations The company is reviewing internal security of Its AWS environment The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts Which solution will meet these requirements in the MOST secure manner?

  • A. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions Assign the policy to an IAM user Share the user credentials with the security administrator
  • B. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user Share the user credentials with the security administrator
  • C. Create an IAM policy in each developer account that has administrator access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account
  • D. Create an IAM policy m each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account

Answer: D

 

NEW QUESTION 37
A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

  • A. Add a bucket policy that grants everyone read access to the bucket objects.
  • B. Configure cross-origin resource sharing (CORS) on the bucket.
  • C. Remove the default bucket policy that denies read access to the bucket.
  • D. Add a bucket policy that grants everyone read access to the bucket.

Answer: A

 

NEW QUESTION 38
A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?

  • A. Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
  • B. Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update
  • C. Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
  • D. Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources

Answer: A

 

NEW QUESTION 39
A team of On-call engineers frequently needs to connect to Amazon EC2 Instances In a private subnet to troubleshoot and run commands. The Instances use either the latest AWS-provided Windows Amazon Machine Images (AMIs) or Amazon Linux AMIs.
The team has an existing IAM role for authorization. A SysOps administrator must provide the team with access to the Instances by granting IAM permissions to this Which solution will meet this requirement?

  • A. Associate an Elastic IP address and a security group with each instance. Add the engineers' IP addresses to the security group inbound rules. Add a statement to the IAM role policy to allow the ec2:AuthoflzeSecurityGroupIngress action so that the team can connect to the Instances.
  • B. Add a statement to the IAM role policy to allow the ssm:StartSession action on the instances. Instruct the team to use AWS Systems Manager Session Manager to connect to the Instances by using the assumed IAM role.
  • C. Create a bastion host with an EC2 Instance, and associate the bastion host with the VPC. Add a statement to the IAM role policy to allow the ec2:CreateVpnConnection action on the bastion host. Instruct the team to use the bastion host endpoint to connect to the instances.

Answer: B

Explanation:
D Create an internet-facing Network Load Balancer. Use two listeners. Forward port 22 to a target group of Linux instances. Forward port 3389 to a target group of Windows Instances. Add a statement to the IAM role policy to allow the ec2:CreateRoute action so that the team can connect to the Instances.

 

NEW QUESTION 40
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-
85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.
How can this be resolved?

  • A. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
  • B. Enable encryption on each host's local drive. Restart each host to encrypt the drive.
  • C. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
  • D. Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.

Answer: C

 

NEW QUESTION 41
A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.
Destination - 10.2.0.0/16
Target - local
Status - Active
Propagated - No
Destination - 0.0.0.0/0
Target - nat-xxxxxxx
Status - Blackhole
Propagated - No
What has caused the connectivity issue?

  • A. There is no route to the internet gateway.
  • B. The routes are no longer propagating.
  • C. The NAT gateway no longer exists
  • D. There is no route rule with a destination for the internet.

Answer: C

 

NEW QUESTION 42
A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application Into a production VPC. The application consists of an AWS Lambda function an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

  • A. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.
  • B. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack
  • C. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.
  • D. Enable termination protection on the AWS Cloud Formation stack.

Answer: B

 

NEW QUESTION 43
A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.
  • B. Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.
  • C. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
  • D. Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

Answer: C

 

NEW QUESTION 44
A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX) Which backup solution will meet these requirements?

  • A. Configure the backup software to use Amazon S3 Glacier as the target for the data backups
  • B. Use AWS Storage Gateway, and configure it to use gateway-stored volumes
  • C. Configure the backup software to use Amazon S3 as the target for the data backups
  • D. Use AWS Storage Gateway, and configure it to use gateway-cached volumes

Answer: B

 

NEW QUESTION 45
......

Get instant access to SOA-C02 practice exam questions: https://drive.google.com/open?id=1Mtv1vxmkBRRncQp4R3FApmCWBUaaQNnE

The best SOA-C02 exam study material and preparation tool is here: https://www.dumptorrent.com/SOA-C02-braindumps-torrent.html

 

Related Articles

more
Amazon SOA-C02 Certification Practice Exam

All Reliable Guide Torrent are edited by our professional education experts. If you choose to purchase our High-quality Exam Torrent and Valid Test Dumps, you will mostly pass the exams. No Pass No Pay.

Latest Exam Braindumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
DumpTorrent doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
DumpTorrent material do not contain actual actual Oracle Exam Questions or material.
DumpTorrent doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
DumpTorrent Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
DumpTorrent.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. DumpTorrent does not own or claim any ownership on any of the brands.