Amazon SOA-C01 Dumps - AWS Certified SysOps Administrator - Associate PDF Sample Questions

Exam Code:
SOA-C01
Exam Name:
AWS Certified SysOps Administrator - Associate
263 Questions
Last Update Date : 24 March, 2023
PDF + Test Engine
$89 $115.7
Test Engine Only Demo
$79 $102.7
PDF Only Demo
$59 $76.7

Amazon SOA-C01 This Week Result

0

They can't be wrong

0

Score in Real Exam at Testing Centre

0

Questions came word by word from this dumps

Best Amazon SOA-C01 Dumps - pass your exam In First Attempt

Our SOA-C01 dumps are better than all other cheap SOA-C01 study material.

Only best way to pass your Amazon SOA-C01 is that if you will get reliable exam study materials. We ensure you that realexamdumps is one of the most authentic website for Amazon AWS Sysops Administrator exam question answers. Pass your SOA-C01 AWS Certified SysOps Administrator - Associate with full confidence. You can get free AWS Certified SysOps Administrator - Associate demo from realexamdumps. We ensure 100% your success in SOA-C01 Exam with the help of Amazon Dumps. you will feel proud to become a part of realexamdumps family.

Our success rate from past 5 year very impressive. Our customers are able to build their carrier in IT field.

Owl
Search

45000+ Exams

Buy

Desire Exam

Download

Exam

and pass your exam...

Related Exam

Realexamdumps Providing most updated AWS Sysops Administrator Question Answers. Here are a few exams:


Sample Questions

Realexamdumps Providing most updated AWS Sysops Administrator Question Answers. Here are a few sample questions:

Amazon SOA-C01 Sample Question 1

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)


Options:

A. Use a VPN to set up a tunnel between the on-premises data center and the AWS resources
B. Use AWS Certificate Manager to create TLS/SSL certificates
C. Use AWS CloudHSM to encrypt the data
D. Use AWS KMS to create TLS/SSL certificates
E. Use AWS KMS to manage the encryption keys used for data encryption

Answer: A, E Explanation: Reference: [Reference:, https://wa.aws.amazon.com/wat.question.SEC_10.en.html, https://aws.amazon.com/blogs/database/best-practices-for-securing-sensitive-data-in-aws-data-stores/, ]

Amazon SOA-C01 Sample Question 2

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?


Options:

A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Answer: C

Amazon SOA-C01 Sample Question 3

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?


Options:

A. Change the root user password by using the AWS CLI routinely.
B. Periodically use the AWS CLI to rotate access keys and secret keys for the root user.
C. Use AWS Trusted Advisor security checks to review the configuration of the root user.
D. Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.

Answer: D

Amazon SOA-C01 Sample Question 4

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?


Options:

A. Back up the current KMS key and enable automatic key rotation.
B. Create a new key in AWS KMS and assign the key to Amazon EBS.
C. Enable automatic key rotation of the EBS volume key in AWS KMS.
D. Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Answer: C Explanation: Explanation: References: https://docs.aws.amazon .com/kms/latest/developerguide/rotate-keys.htmm

Amazon SOA-C01 Sample Question 5

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?


Options:

A. Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway
B. Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.
C. Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.
D. Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Answer: C

Amazon SOA-C01 Sample Question 6

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?


Options:

A. AWS CloudTrail data event logging
B. AWS CloudTrail management event logging
C. Amazon inspector bucket event logging
D. Amazon inspector event logging

Answer: B

Amazon SOA-C01 Sample Question 7

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?


Options:

A. Copy the AMI to each region using aws ec2 copy-image Update the CloudFormation mapping include mappings for the copy AMIs.
B. Creating a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI.
C. Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.
D. Update the CloudFormation template to include the additional regions in the auto scaling group. Update the existing stack in us-east-1.

Answer: B

Amazon SOA-C01 Sample Question 8

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?


Options:

A. Create an AWS Lambda function K> look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.
B. Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.
C. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.
D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

Answer: B

Amazon SOA-C01 Sample Question 9

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?


Options:

A. Implement a blue/green strategy using AWS Elastic Beanstalk.
B. Perform a canary deployment using Application Load Balancers and target groups.
C. Create a change set for the running stack.
D. Submit the update using the UpdateStack API call.

Answer: C Explanation: Explanation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.htmm

Amazon SOA-C01 Sample Question 10

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:


Options:

A. a dedicated VPC.
B. a single subnet inside the VPC.
C. a placement group.
D. a single Availability Zone.

Answer: D

Amazon SOA-C01 Sample Question 11

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?


Options:

A. Add a product from the imported portfolio to a local portfolio.
B. Add new product to the imported portfolio.
C. Change the launch role for the products contained in the imported portfolio.
D. Remove Products from the imported portfolio.

Answer: B

Amazon SOA-C01 Sample Question 12

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?


Options:

A. AWS Service Health Dashboard
B. AWS Trusted Advisor
C. AWS Personal Health Dashboard
D. AWS Systems Manager

Answer: D

Amazon SOA-C01 Sample Question 13

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)


Options:

A. Active AWS Budgets.
B. Active cost allocation tags
C. Create an organization using AWS Organization
D. Create and apply resource tags
E. enable AWS trusted advisor

Answer: B, E

Amazon SOA-C01 Sample Question 14

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?


Options:

A. Create a new CloudFormation stack based on the changes that were made Delete the old stack and deploy the new stack
B. Update the CloudFormation stack using a change set Review the changes and update the stack
C. Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed
D. Use drift detection on the CloudFormation stack Use the output to update the CloudFormation template and redeploy the stack

Answer: E

Amazon SOA-C01 Sample Question 15

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?


Options:

A. Create and run an Amazon Inspector assessment template.
B. Manually SSH into each instance and check the software version.
C. Use AWS CloudTrail to verify Amazon EC2 activity in the account.
D. Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

Answer: B

Amazon SOA-C01 Sample Question 16

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?


Options:

A. Scale the cluster by adding additional nodes
B. Scale the cluster by adding read replicas
C. Scale the cluster by increasing CPU capacity
D. Scale the web layer by adding additional EC2 instances

Answer: B

Amazon SOA-C01 Sample Question 17

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?


Options:

A. Use Amazon CloudFront to log the URL and forward the request
B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request
C. Use a Network Load Balancer (NLB) and do path-based routing
D. Use an Application Load Balancer (ALB) and do path-based routing

Answer: D

Amazon SOA-C01 Sample Question 18

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?


Options:

A. Delete the failed stack and create a new stack.
B. Execute a change set on the failed stack.
C. Perform an update-stack action on the failed stack.
D. Run a validate-template command.

Answer: C

Amazon SOA-C01 Sample Question 19

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?


Options:

A. Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.
B. Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.
C. Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.
D. Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.

Answer: D

Amazon SOA-C01 Sample Question 20

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?


Options:

A. Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances
B. Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric
C. Use a target tracking scaling policy based on the ALB’s ActiveConnectionCount metric
D. Use a target tracking scaling policy based on the ALB’s RequestCountPerTarget metric

Answer: B

Amazon SOA-C01 Sample Question 21

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?


Options:

A. Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.
B. Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.
C. Disable server-side encryption for objects written to the S3 bucket by the Lambda function.
D. Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.

Answer: B

Amazon SOA-C01 Sample Question 22

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?


Options:

A. Implement an IAM policy that uses the aws:sourceConnection condition to allow access from the AWS Direct Connect connection ID only
B. Set up a public virtual interface on the AWS Direct Connect connection
C. Configure AWS Shield to protect the AWS Management Console from being accessed by IP addresses other than those within the data center ranges
D. Update all the VPC network ACLs to allow access from the data center IP ranges

Answer: C

Amazon SOA-C01 Sample Question 23

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?


Options:

A. AWS Cost Explorer
B. AWS Config
C. AWS Organizations
D. AWS Budgets

Answer: D Explanation: Reference: [Reference: https://aws.amazon.com/aws-cost-management/, , ]

Amazon SOA-C01 Sample Question 24

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?


Options:

A. Resources tags defined in the CloudFormation template are specific to the us-east-1 Region.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.
C. The cfn-init script did not execute during resource provisioning in the us-west-2 Region.
D. The IAM user was not created in the specified Region.

Answer: C

Amazon SOA-C01 Sample Question 25

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?


Options:

A. The EC2 instances are in the same Availability Zone, causing contention between the two.
B. The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.
C. The ALB health check has failed, and the ALB has taken EC2 instances out of service.
D. The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Answer: C Explanation: Explanation: https://docs .aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.htmm

Amazon SOA-C01 Sample Question 26

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)


Options:

A. Enable the CloudTrail log file integrity check in AWS Config Rules.
B. Use CloudWatch Events to scan log files hourly.
C. Enable CloudTrail log file integrity validation.
D. Turn on Amazon S3 MFA Delete for the CloudTrail bucket.
E. Implement a DENY ALL bucket policy on the CloudTrail bucket.

Answer: C, E

Amazon SOA-C01 Sample Question 27

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?


Options:

A. change sets What features of AWS CloudFormation will
B. Nested stacks
C. Stack policies
D. StacksSets

Answer: E

Amazon SOA-C01 Sample Question 28

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?


Options:

A. Create a service control policy in AWS Organizations and apply it to the development account.
B. Create a customer managed policy in IAM and apply it to all users within the development account.
C. Create a job function policy in IAM and apply it to all users within the development account.
D. Create an IAM policy and apply it in API Gateway to restrict the development account.

Answer: B

Amazon SOA-C01 Sample Question 29

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)


Options:

A. Use a VPN to set up a tunnel between the on-premises data center and the AWS resources
B. Use AWS Certificate Manager to create TLS/SSL certificates
C. Use AWS CloudHSM to encrypt the data
D. Use AWS KMS to create TLS/SSL certificates
E. Use AWS KMS to manage the encryption keys used for data encryption

Answer: A, E Explanation: Reference: [Reference:, https://wa.aws.amazon.com/wat.question.SEC_10.en.html, https://aws.amazon.com/blogs/database/best-practices-for-securing-sensitive-data-in-aws-data-stores/, ]

Amazon SOA-C01 Sample Question 30

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?


Options:

A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Answer: C

Amazon SOA-C01 Sample Question 31

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?


Options:

A. Change the root user password by using the AWS CLI routinely.
B. Periodically use the AWS CLI to rotate access keys and secret keys for the root user.
C. Use AWS Trusted Advisor security checks to review the configuration of the root user.
D. Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.

Answer: D

Amazon SOA-C01 Sample Question 32

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?


Options:

A. Back up the current KMS key and enable automatic key rotation.
B. Create a new key in AWS KMS and assign the key to Amazon EBS.
C. Enable automatic key rotation of the EBS volume key in AWS KMS.
D. Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Answer: C Explanation: Explanation: References: https://docs.aws.amazon .com/kms/latest/developerguide/rotate-keys.htmm

Amazon SOA-C01 Sample Question 33

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?


Options:

A. Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway
B. Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.
C. Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.
D. Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Answer: C

Amazon SOA-C01 Sample Question 34

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?


Options:

A. AWS CloudTrail data event logging
B. AWS CloudTrail management event logging
C. Amazon inspector bucket event logging
D. Amazon inspector event logging

Answer: B

Amazon SOA-C01 Sample Question 35

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?


Options:

A. Copy the AMI to each region using aws ec2 copy-image Update the CloudFormation mapping include mappings for the copy AMIs.
B. Creating a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI.
C. Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.
D. Update the CloudFormation template to include the additional regions in the auto scaling group. Update the existing stack in us-east-1.

Answer: B

Amazon SOA-C01 Sample Question 36

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?


Options:

A. Create an AWS Lambda function K> look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.
B. Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.
C. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.
D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

Answer: B

Amazon SOA-C01 Sample Question 37

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?


Options:

A. Implement a blue/green strategy using AWS Elastic Beanstalk.
B. Perform a canary deployment using Application Load Balancers and target groups.
C. Create a change set for the running stack.
D. Submit the update using the UpdateStack API call.

Answer: C Explanation: Explanation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.htmm

Amazon SOA-C01 Sample Question 38

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:


Options:

A. a dedicated VPC.
B. a single subnet inside the VPC.
C. a placement group.
D. a single Availability Zone.

Answer: D

Amazon SOA-C01 Sample Question 39

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?


Options:

A. Add a product from the imported portfolio to a local portfolio.
B. Add new product to the imported portfolio.
C. Change the launch role for the products contained in the imported portfolio.
D. Remove Products from the imported portfolio.

Answer: B

Amazon SOA-C01 Sample Question 40

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?


Options:

A. AWS Service Health Dashboard
B. AWS Trusted Advisor
C. AWS Personal Health Dashboard
D. AWS Systems Manager

Answer: D

Amazon SOA-C01 Sample Question 41

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)


Options:

A. Active AWS Budgets.
B. Active cost allocation tags
C. Create an organization using AWS Organization
D. Create and apply resource tags
E. enable AWS trusted advisor

Answer: B, E

Amazon SOA-C01 Sample Question 42

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?


Options:

A. Create a new CloudFormation stack based on the changes that were made Delete the old stack and deploy the new stack
B. Update the CloudFormation stack using a change set Review the changes and update the stack
C. Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed
D. Use drift detection on the CloudFormation stack Use the output to update the CloudFormation template and redeploy the stack

Answer: E

Amazon SOA-C01 Sample Question 43

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?


Options:

A. Create and run an Amazon Inspector assessment template.
B. Manually SSH into each instance and check the software version.
C. Use AWS CloudTrail to verify Amazon EC2 activity in the account.
D. Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

Answer: B

Amazon SOA-C01 Sample Question 44

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?


Options:

A. Scale the cluster by adding additional nodes
B. Scale the cluster by adding read replicas
C. Scale the cluster by increasing CPU capacity
D. Scale the web layer by adding additional EC2 instances

Answer: B

Amazon SOA-C01 Sample Question 45

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?


Options:

A. Use Amazon CloudFront to log the URL and forward the request
B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request
C. Use a Network Load Balancer (NLB) and do path-based routing
D. Use an Application Load Balancer (ALB) and do path-based routing

Answer: D

Amazon SOA-C01 Sample Question 46

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?


Options:

A. Delete the failed stack and create a new stack.
B. Execute a change set on the failed stack.
C. Perform an update-stack action on the failed stack.
D. Run a validate-template command.

Answer: C

Amazon SOA-C01 Sample Question 47

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?


Options:

A. Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.
B. Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.
C. Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.
D. Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.

Answer: D

Amazon SOA-C01 Sample Question 48

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?


Options:

A. Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances
B. Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric
C. Use a target tracking scaling policy based on the ALB’s ActiveConnectionCount metric
D. Use a target tracking scaling policy based on the ALB’s RequestCountPerTarget metric

Answer: B

Amazon SOA-C01 Sample Question 49

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?


Options:

A. Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.
B. Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.
C. Disable server-side encryption for objects written to the S3 bucket by the Lambda function.
D. Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.

Answer: B

Amazon SOA-C01 Sample Question 50

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?


Options:

A. Implement an IAM policy that uses the aws:sourceConnection condition to allow access from the AWS Direct Connect connection ID only
B. Set up a public virtual interface on the AWS Direct Connect connection
C. Configure AWS Shield to protect the AWS Management Console from being accessed by IP addresses other than those within the data center ranges
D. Update all the VPC network ACLs to allow access from the data center IP ranges

Answer: C

Amazon SOA-C01 Sample Question 51

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?


Options:

A. AWS Cost Explorer
B. AWS Config
C. AWS Organizations
D. AWS Budgets

Answer: D Explanation: Reference: [Reference: https://aws.amazon.com/aws-cost-management/, , ]

Amazon SOA-C01 Sample Question 52

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?


Options:

A. Resources tags defined in the CloudFormation template are specific to the us-east-1 Region.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.
C. The cfn-init script did not execute during resource provisioning in the us-west-2 Region.
D. The IAM user was not created in the specified Region.

Answer: C

Amazon SOA-C01 Sample Question 53

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?


Options:

A. The EC2 instances are in the same Availability Zone, causing contention between the two.
B. The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.
C. The ALB health check has failed, and the ALB has taken EC2 instances out of service.
D. The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Answer: C Explanation: Explanation: https://docs .aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.htmm

Amazon SOA-C01 Sample Question 54

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)


Options:

A. Enable the CloudTrail log file integrity check in AWS Config Rules.
B. Use CloudWatch Events to scan log files hourly.
C. Enable CloudTrail log file integrity validation.
D. Turn on Amazon S3 MFA Delete for the CloudTrail bucket.
E. Implement a DENY ALL bucket policy on the CloudTrail bucket.

Answer: C, E

Amazon SOA-C01 Sample Question 55

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?


Options:

A. change sets What features of AWS CloudFormation will
B. Nested stacks
C. Stack policies
D. StacksSets

Answer: E

Amazon SOA-C01 Sample Question 56

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?


Options:

A. Create a service control policy in AWS Organizations and apply it to the development account.
B. Create a customer managed policy in IAM and apply it to all users within the development account.
C. Create a job function policy in IAM and apply it to all users within the development account.
D. Create an IAM policy and apply it in API Gateway to restrict the development account.

Answer: B

Amazon SOA-C01 Sample Question 57

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)


Options:

A. Use a VPN to set up a tunnel between the on-premises data center and the AWS resources
B. Use AWS Certificate Manager to create TLS/SSL certificates
C. Use AWS CloudHSM to encrypt the data
D. Use AWS KMS to create TLS/SSL certificates
E. Use AWS KMS to manage the encryption keys used for data encryption

Answer: A, E Explanation: Reference: [Reference:, https://wa.aws.amazon.com/wat.question.SEC_10.en.html, https://aws.amazon.com/blogs/database/best-practices-for-securing-sensitive-data-in-aws-data-stores/, ]

Amazon SOA-C01 Sample Question 58

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?


Options:

A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Answer: C

Amazon SOA-C01 Sample Question 59

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?


Options:

A. Change the root user password by using the AWS CLI routinely.
B. Periodically use the AWS CLI to rotate access keys and secret keys for the root user.
C. Use AWS Trusted Advisor security checks to review the configuration of the root user.
D. Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.

Answer: D

Amazon SOA-C01 Sample Question 60

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?


Options:

A. Back up the current KMS key and enable automatic key rotation.
B. Create a new key in AWS KMS and assign the key to Amazon EBS.
C. Enable automatic key rotation of the EBS volume key in AWS KMS.
D. Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

Answer: C Explanation: Explanation: References: https://docs.aws.amazon .com/kms/latest/developerguide/rotate-keys.htmm

Amazon SOA-C01 Sample Question 61

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?


Options:

A. Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway
B. Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.
C. Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.
D. Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Answer: C

Amazon SOA-C01 Sample Question 62

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?


Options:

A. AWS CloudTrail data event logging
B. AWS CloudTrail management event logging
C. Amazon inspector bucket event logging
D. Amazon inspector event logging

Answer: B

Amazon SOA-C01 Sample Question 63

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?


Options:

A. Copy the AMI to each region using aws ec2 copy-image Update the CloudFormation mapping include mappings for the copy AMIs.
B. Creating a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI.
C. Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.
D. Update the CloudFormation template to include the additional regions in the auto scaling group. Update the existing stack in us-east-1.

Answer: B

Amazon SOA-C01 Sample Question 64

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?


Options:

A. Create an AWS Lambda function K> look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.
B. Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.
C. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.
D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

Answer: B

Amazon SOA-C01 Sample Question 65

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?


Options:

A. Implement a blue/green strategy using AWS Elastic Beanstalk.
B. Perform a canary deployment using Application Load Balancers and target groups.
C. Create a change set for the running stack.
D. Submit the update using the UpdateStack API call.

Answer: C Explanation: Explanation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.htmm

Amazon SOA-C01 Sample Question 66

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:


Options:

A. a dedicated VPC.
B. a single subnet inside the VPC.
C. a placement group.
D. a single Availability Zone.

Answer: D

Amazon SOA-C01 Sample Question 67

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?


Options:

A. Add a product from the imported portfolio to a local portfolio.
B. Add new product to the imported portfolio.
C. Change the launch role for the products contained in the imported portfolio.
D. Remove Products from the imported portfolio.

Answer: B

Amazon SOA-C01 Sample Question 68

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?


Options:

A. AWS Service Health Dashboard
B. AWS Trusted Advisor
C. AWS Personal Health Dashboard
D. AWS Systems Manager

Answer: D

Amazon SOA-C01 Sample Question 69

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)


Options:

A. Active AWS Budgets.
B. Active cost allocation tags
C. Create an organization using AWS Organization
D. Create and apply resource tags
E. enable AWS trusted advisor

Answer: B, E

Amazon SOA-C01 Sample Question 70

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?


Options:

A. Create a new CloudFormation stack based on the changes that were made Delete the old stack and deploy the new stack
B. Update the CloudFormation stack using a change set Review the changes and update the stack
C. Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed
D. Use drift detection on the CloudFormation stack Use the output to update the CloudFormation template and redeploy the stack

Answer: E

Amazon SOA-C01 Sample Question 71

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?


Options:

A. Create and run an Amazon Inspector assessment template.
B. Manually SSH into each instance and check the software version.
C. Use AWS CloudTrail to verify Amazon EC2 activity in the account.
D. Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

Answer: B

Amazon SOA-C01 Sample Question 72

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?


Options:

A. Scale the cluster by adding additional nodes
B. Scale the cluster by adding read replicas
C. Scale the cluster by increasing CPU capacity
D. Scale the web layer by adding additional EC2 instances

Answer: B

Amazon SOA-C01 Sample Question 73

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?


Options:

A. Use Amazon CloudFront to log the URL and forward the request
B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request
C. Use a Network Load Balancer (NLB) and do path-based routing
D. Use an Application Load Balancer (ALB) and do path-based routing

Answer: D

Amazon SOA-C01 Sample Question 74

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?


Options:

A. Delete the failed stack and create a new stack.
B. Execute a change set on the failed stack.
C. Perform an update-stack action on the failed stack.
D. Run a validate-template command.

Answer: C

Amazon SOA-C01 Sample Question 75

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?


Options:

A. Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.
B. Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.
C. Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.
D. Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.

Answer: D

Amazon SOA-C01 Sample Question 76

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?


Options:

A. Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances
B. Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric
C. Use a target tracking scaling policy based on the ALB’s ActiveConnectionCount metric
D. Use a target tracking scaling policy based on the ALB’s RequestCountPerTarget metric

Answer: B

Amazon SOA-C01 Sample Question 77

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?


Options:

A. Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.
B. Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.
C. Disable server-side encryption for objects written to the S3 bucket by the Lambda function.
D. Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.

Answer: B

Amazon SOA-C01 Sample Question 78

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?


Options:

A. Implement an IAM policy that uses the aws:sourceConnection condition to allow access from the AWS Direct Connect connection ID only
B. Set up a public virtual interface on the AWS Direct Connect connection
C. Configure AWS Shield to protect the AWS Management Console from being accessed by IP addresses other than those within the data center ranges
D. Update all the VPC network ACLs to allow access from the data center IP ranges

Answer: C

Amazon SOA-C01 Sample Question 79

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?


Options:

A. AWS Cost Explorer
B. AWS Config
C. AWS Organizations
D. AWS Budgets

Answer: D Explanation: Reference: [Reference: https://aws.amazon.com/aws-cost-management/, , ]

Amazon SOA-C01 Sample Question 80

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?


Options:

A. Resources tags defined in the CloudFormation template are specific to the us-east-1 Region.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.
C. The cfn-init script did not execute during resource provisioning in the us-west-2 Region.
D. The IAM user was not created in the specified Region.

Answer: C

Amazon SOA-C01 Sample Question 81

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?


Options:

A. The EC2 instances are in the same Availability Zone, causing contention between the two.
B. The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.
C. The ALB health check has failed, and the ALB has taken EC2 instances out of service.
D. The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Answer: C Explanation: Explanation: https://docs .aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.htmm

Amazon SOA-C01 Sample Question 82

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)


Options:

A. Enable the CloudTrail log file integrity check in AWS Config Rules.
B. Use CloudWatch Events to scan log files hourly.
C. Enable CloudTrail log file integrity validation.
D. Turn on Amazon S3 MFA Delete for the CloudTrail bucket.
E. Implement a DENY ALL bucket policy on the CloudTrail bucket.

Answer: C, E

Amazon SOA-C01 Sample Question 83

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?


Options:

A. change sets What features of AWS CloudFormation will
B. Nested stacks
C. Stack policies
D. StacksSets

Answer: E

Amazon SOA-C01 Sample Question 84

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?


Options:

A. Create a service control policy in AWS Organizations and apply it to the development account.
B. Create a customer managed policy in IAM and apply it to all users within the development account.
C. Create a job function policy in IAM and apply it to all users within the development account.
D. Create an IAM policy and apply it in API Gateway to restrict the development account.

Answer: B


and so much more...