New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Amazon Web Services SOA-C01 AWS Certified SysOps Administrator - Associate Exam Practice Test

Page: 1 / 26
Total 263 questions

AWS Certified SysOps Administrator - Associate Questions and Answers

Question 1

A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:

403 Forbiddan - Access Denied

What change should be made to fix this error'?

Options:

A.

Add a bucket policy that grants everyone read access to the bucket

B.

Add a bucket policy that grants everyone read access to the bucket objects

C.

Remove the default bucket policy that denies read access to the bucket.

D.

Configure cross origin resource sharing (CORS) on the bucket

Question 2

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

Options:

A.

Delete the failed stack and create a new stack.

B.

Execute a change set on the failed stack.

C.

Perform an update-stack action on the failed stack.

D.

Run a validate-template command.

Question 3

A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.

What would be the command line necessary to deploy one of the sites’ certificates to the load balancer?

Question # 3

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 4

A company's IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.

What should a SysOps Administrator do to collect this information? (Select TWO)

Options:

A.

Activate the createdBy tag in the account

B.

Analyze the usage with Amazon CloudWatch dashboards

C.

Analyze the usage with Cost Explorer

D.

Configure AWS Trusted Advisor to track resource usage

E.

Create a billing alarm in AWS Budgets

Question 5

A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.

What should the Administrator do to restore the user's file from the snapshot?

Options:

A.

Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.

B.

Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.

C.

Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.

D.

Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.

Question 6

A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.

Which AWS tool will provide the necessary information?

Options:

A.

AWS Macie

B.

AWS Artifact

C.

AWS OpsWorks

D.

AWS Organizations

Question 7

A SysOps Administrator is maintaining a web application using an Amazon Cloud Front web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log source contain the status codes? (Select TWO.)

Options:

A.

VPC Flow Logs

B.

AWS CloudTrail logs

C.

ALB access logs

D.

ClodFront access logs

E.

RDS logs

Question 8

A sysops administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Options:

A.

Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).

B.

Create an origin access identity and grant it permissions to read objects in the S3 bucket.

C.

Assign an 1AM user to the CloudFront distribution and whitelist the 1AM user in the S3 bucket policy.

D.

Assign an 1AM role to the CloudFront distribution and whitelist the 1AM role in the S3 bucket policy.

Question 9

A SysOps Administrator is responsible for maintaining an Amazo EC2 instance that acts as a bastion host. The Administrator can sucessfully connect to the instance using SSH, but attempts to ping the instance result in a timeout.

What is one reason for the issue?

Options:

A.

The instance does not have an Elastic IP address.

B.

The instance has security group that does not allow Internet Control Message Protocol (ICMP) traffic

C.

The instance is not set up in a VPC using AWS Direct Connect.

D.

The instance is running in a peered VPC.

Question 10

A SysOps Administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:

AMI [ami-12345678] does not exist.

How should the Administrator ensure that the AWS CloudFormation template is working in every region?

Options:

A.

Copy the source region’s Amazon Machine Image (AMI) to the destination region and assign it the same ID.

B.

Edit the AWS CloudFormation template to specify the region code as part of the fully qualified AMI ID.

C.

Edit the AWS CloudFormation template to offer a drop-down list of all AMIs to the user by using the AWS: :EC2: :AMI: :ImageID control.

D.

Modify the AWS CloudFormation template by including the AMI IDs in the “Mappings” section. Refer to the proper mapping within the template for the proper AMI ID.

Question 11

A company is running an application on Amazon EC2 instances. The company needs to stop all development instances during non-business hours to reduce costs. The instances must be started again at trie beginning of each business day.

Which solution meets these requirements with the LEAST administrative overhead?

Options:

A.

Add the instances to an EC2 Auto Scaling group. Configure the scaling policy to scale in when the instances are at low CPU utilization levels.

B.

Create a cron script on each EC2 instance that shuts down the instance at the end of each day.

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that triggers an Amazon Simple Notification Service (Amazon SNS) topic to let a SysOps administrator know to start or stop the EC2 instances.

D.

Create Amazon EventBridge (Amazon CloudWatch Events) scheduled rules that trigger an AWS Lambda function to start or stop the EC2 instances.

Question 12

A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.

How should the SysOps Administrator publish the memory metrics? (Choose two.)

Options:

A.

Enable detailed monitoring on the instance within Amazon CloudWatch

B.

Publish the memory metrics to Amazon CloudWatch Events

C.

Publish the memory metrics using the Amazon CloudWatch agent

D.

Publish the memory metrics using Amazon CloudWatch Logs

E.

Set metrics_collection_interval to 60 seconds

Question 13

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

Options:

A.

Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

Question 14

An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.

How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?

Options:

A.

Deploy a second CloudFormation stack and use Amazon Route 53 to redirect traffic to the new stack.

B.

Run the awa cloudformation update-attack command with the —rollback-configuration option.

C.

Set an AutoScal ingRollingUpdate policy in the CloudFormation template to update the stack.

D.

Update the CloudFormation template with the new AMI ID. then reboot the EC2 instances.

Question 15

A company has a web application that runs both on-premises and on Amazon EC2 instances. Over time both the on-premises servers and EC2 instances begin crashing A sysops administrator suspects a memory leak in the application and wants a unified method to monitor memory utilization over time.

How can the Administrator track both the EC2 memory utilization and on-premises server memory utilization over time?

Options:

A.

Write a script or use a third-party application to report memory utilization for both EC2 instances and on-premises servers

B.

Use Amazon CloudWatch agent for both Amazon EC2 instances and on-premises servers to report MemoryUtilization metrics to CloudWatch and set a CloudWatch alarm for notifications

C.

Use CloudWatch agent for Amazon EC2 instances to report memory utilization to CloudWatch and set CloudWatch alarms for notifications. Use a third-party application for the on-premises servers

D.

Configure a load balancer to route traffic to both on-premises servers and EC2 instances then use CloudWatch as the unified view of the metrics for the load balancer

Question 16

A company has a business application hosted on Amazon EC2 instances behind an Application Load

Balancer. Amazon CloudWatch metrics show that the CPU utilization on the EC2 instances is very high. There are also reports from users that receive HTTP 503 and 504 errors when they try to connect to the application.

Which action will resolve these issues?

Options:

A.

Place the EC2 instances into an AWS Auto Scaling group.

B.

Configure the ALB's Target Group to use more frequent health checks.

C.

Enable sticky sessions on the Application Load Balancer.

D.

Increase the idle timeout setting of the Application Load Balancer.

Question 17

A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.

How can a sysops administrator achieve this is with the LEAST amount of operational overhead?

Options:

A.

Store AWS CloudTrail logs in Amazon S3 in each account Create a new account to store compliance data and replicate the objects into the newly created account

B.

Store AWS CloudTrail logs in Amazon S3 in each account. Create an 1AM user with read-only access to the CloudTrail logs

C.

From the master account create an organization trail using AWS CloudTrail and apply it to all Regions Use 1AM roles to restrict access.

D.

Use an AWS CloudFormation stack set to create an AWS CloudTrail trail in every account and restrict permissions to modify the logs

Question 18

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?

Options:

A.

Create a new CloudFormation stack based on the changes that were made Delete the old stack and deploy the new stack

B.

Update the CloudFormation stack using a change set Review the changes and update the stack

C.

Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed

D.

Use drift detection on the CloudFormation stack Use the output to update the CloudFormation template and redeploy the stack

Question 19

An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.

What is the MOST efficient way to accomplish this goal?

Options:

A.

Deploy the solution to memory-optimized EC2 instances, and use the CloudWatch MemoryUtilization metric

B.

Enable the Memory Monitoring option by using AWS Config

C.

Install the AWS Systems Manager agent on the applicable EC2 instances to monitor memory

D.

Monitor memory by using a script within the instance, and send it to CloudWatch as a custom metric

Question 20

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?

Options:

A.

Use Amazon CloudFront to log the URL and forward the request

B.

Use Amazon CloudFront to rewrite the header based on the microservice and forward the request

C.

Use a Network Load Balancer (NLB) and do path-based routing

D.

Use an Application Load Balancer (ALB) and do path-based routing

Question 21

A popular auctioning platform requires near-real-time access to dynamic bidding information. The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during the weekend auction and can no longer be resized. To improve application performance, a sysops administrator is evaluating Amazon ElastiCache and has chosen Redis (cluster mode enabled) instead of Memcached

What are reasons for making this choice? (Select TWO.)

Options:

A.

Data partitioning

B.

Multi-threaded processing

C.

Multi-AZ with automatic failover

D.

Multi-region with automatic failover

E.

Online resharding

Question 22

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

Options:

A.

Back up the current KMS key and enable automatic key rotation.

B.

Create a new key in AWS KMS and assign the key to Amazon EBS.

C.

Enable automatic key rotation of the EBS volume key in AWS KMS.

D.

Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Question 23

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations

What should a SysOps administrator do to implement this requirement?

Options:

A.

Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console

B.

Develop an 1AM policy that limits the business units to provision EC2 instances only Instruct the business units to launch instances by using an AWS CtoudFormation template.

C.

Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog Allow the business units to perform actions in AWS Service Catalog only

D.

Share an AWS CloudFormation template with the business units Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Question 24

A company's application infrastructure was deployed using AWS CloudFormation and is composed of Amazon EC2 instances behind an Application Load Balancer. The instances run an EC2 Auto Scaling group across multiple Availability Zones. When releasing a new version of the application, the update deployment must avoid DNS changes and allow rollback.

Which solution should a sysops administrator use to meet the deployment requirements for this new release?

Options:

A.

Configure the Auto Scaling group to use lifecycle hooks. Deploy now instances with the new application version. Complete the lifecycle hook action once healthy.

B.

Create a new Amazon Machine Image (AMI) containing the updated code. Create a launch configuration with the AMI. Update Auto Scaling group to use the new lauch configuration.

C.

Deploy a second CloudFormation stack. Wait for the application to be available Cut over to the new Application Load Balancer

D.

Modify the CloudFormation template to use an AutoScalingReplacingUpdate policy. Update the stack. Perform a second update with the new release

Question 25

An HTTP web application is launched on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run across multiple Availability Zones. A network ACL and a security group for the load balancer and EC2 instances allow inbound traffic on port 80. After launch, the website cannot be reached over the internet.

What additional step should be taken?

Options:

A.

Add a rule to the security group allowing outbound traffic on port 80.

B.

Add a rule to the network ACL allowing outbound traffic on port 80.

C.

Add a rule to the security group allowing outbound traffic on ports 1024 through 65535.

D.

Add a rule to the network ACL allowing outbound traffic on ports 1024 through 65535.

Question 26

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

Options:

A.

The EC2 instances are in the same Availability Zone, causing contention between the two.

B.

The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.

C.

The ALB health check has failed, and the ALB has taken EC2 instances out of service.

D.

The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Question 27

A company needs to ensure that all IAM users rotate their password on a regular basis.

Which action should be taken to implement this?

Options:

A.

Configure multi-factor authentication for all IAM users.

B.

Deactivate existing users and re-create new users every time a credential rotation is required.

C.

Re-create identity federation with new identity providers every time a credential rotation is required

D.

Set up a password policy to enable password of expiration for IAM users.

Question 28

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)

Options:

A.

Active AWS Budgets.

B.

Active cost allocation tags

C.

Create an organization using AWS Organization

D.

Create and apply resource tags

E.

enable AWS trusted advisor

Question 29

An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.

What Amazon Glacier configuration option should be used to meet this compliance requirements?

Options:

A.

A Glacier data retrieval policy.

B.

A Glacier Vault access policy.

C.

A Glacier vault lock policy.

D.

A Glacier vault notification

Question 30

A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.

What should a sysops administrator use to validate the calls mode to SQS?

Options:

A.

Amazon CloudWatch

B.

Amazon S3 server access logs

C.

AWS CloudTrail

D.

AWS Cost Explorer

Question 31

An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.

How should the SAML assertion mapping be configured?

Options:

A.

Map the group attribute to an AWS group. The AWS group is assigned IAM policies that govern access to AWS resources.

B.

Map the policy attribute to IAM policies the federated user is assigned to. These policies govern access to AWS resources.

C.

Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.

D.

Map the user attribute to an AWS user. The AWS user is assigned specific IAM policies that govern access to AWS resources.

Question 32

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?

Options:

A.

Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances

B.

Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric

C.

Use a target tracking scaling policy based on the ALB’s ActiveConnectionCount metric

D.

Use a target tracking scaling policy based on the ALB’s RequestCountPerTarget metric

Question 33

A company's application running on Amazon EC2 Linux recently crashed because it ran out ot available memory. Management wants to be alerted if this ever happens again. Which combination of steps will accomplish this? (Select TWO.)

Options:

A.

Create an Amazon CloudWatch dashboard to monitor the memory usage metrics on the Instance over time.

B.

Create an alarm on the dashboard that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

C.

Create an alarm on the metric that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

D.

Create an alarm on the AWS Personal Health Dashboard that publishes an Amazon SNS notification to alert the CIO when the system is out of memory.

E.

Configure the Amazon CloudWatch agent to collect and push memory usage metrics on the instance.

Question 34

A company has attached the following policy to an IAM user.

Question # 34

What of the following actions are allowed for the IAM user?

Options:

A.

Amazon RDS DescribeDBInstances action in the us-east-1 Region

B.

Amazon S3 PutObject operation in a bucket named testbucket

C.

Amazon EC2 DescribeInstances action in the us-east-1 Region

D.

Amazon EC2 AttachNetworkInterface action in the eu-west-1 Region

Question 35

A company is operating a multi-account environment under a single organization using AWS Organizations. The Security team discovers that some employees are using AWS services in ways that violate company policies. A SysOps Administrator needs to prevent all users of an account, including the root user, from performing certain restricted actions.

What should be done to accomplish this?

Options:

A.

Apply service control policies (SCPs) to allow approved actions only

B.

Apply service control policies (SCPs) to prevent restricted actions

C.

Define permissions boundaries to allow approved actions only

D.

Define permissions boundaries to prevent restricted actions

Question 36

An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.

What is a possible cause of this failure?

Options:

A.

The IAM user did not have privileges to launch the CloudFormation template.

B.

The t2 medium EC2 instance service limit was reached.

C.

An AWS Budgets threshold was breached.

D.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

Question 37

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?

Options:

A.

AWS CloudTrail data event logging

B.

AWS CloudTrail management event logging

C.

Amazon inspector bucket event logging

D.

Amazon inspector event logging

Question 38

A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.

What steps should be the Administrator take to complete this task?

Options:

A.

Select the AWS Namespace, filter by metric name, then add to the dashboard.

B.

Add a text widget, select the appropriate metric from the custom namespace, then add to the dashboard.

C.

Select the appropriate widget and metrics from the custom namespace, then add to the dashboard.

D.

Open the CloudWatch console, from the CloudWatch Events, add all custom metrics.

Question 39

A fleet of servers must send local logs to Amazon CloudWatch.

How should the servers be configured to meet this requirement?

Options:

A.

Configure AWS Config to forward events to CloudWatch.

B.

Configure a Simple Network Management Protocol (SNMP) agent to forward events to CloudWatch.

C.

Install and configure the unified CloudWatch agent.

D.

Install and configure the Amazon Inspector agent.

Page: 1 / 26
Total 263 questions