• Home
  • Articles
  • Pass AWS Certified Associate SOA-C02 exam [Dec 16, 2023] Updated 428 Questions [Q120-Q137]

Pass AWS Certified Associate SOA-C02 exam [Dec 16, 2023] Updated 428 Questions [Q120-Q137]

Share

Pass AWS Certified Associate SOA-C02 exam [Dec 16, 2023] Updated 428 Questions

Amazon SOA-C02 Actual Questions and 100% Cover Real Exam Questions

NEW QUESTION # 120
A company is running distributed computing software to manage a fleet of 20 Amazon EC2 instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run the calculations. Control nodes can automatically start the task nodes.
Currently, all the nodes run on demand. The control nodes must be available 24 hours a day, 7 days a week. The task nodes run for 4 hours each day. A SysOps administrator needs to optimize the cost of this solution.
Which combination of actions will meet these requirements? (Choose two.)

  • A. Use Reserved Instances for the task nodes.
  • B. Use Spot Instances for the control nodes.
    Use On-Demand Instances if there is no Spot availability.
  • C. Purchase EC2 Instance Savings Plans for the control nodes.
  • D. Use Spot Instances for the task nodes.
    Use On-Demand Instances if there is no Spot availability.
  • E. Use Dedicated Hosts for the control nodes.

Answer: C,D

Explanation:
It asks for the most cost effective solution, EC2 instance savings plan is a better option than reserved instance.
https://www.missioncloud.com/blog/ec2-spot-instances-vs-aws-savings-plans-what-are-the- potential-savings


NEW QUESTION # 121
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?

  • A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
  • B. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
  • C. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
  • D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Answer: C

Explanation:
When you create a hosted zone, Route 53 automatically creates a name server (NS) record and a start of authority (SOA) record for the zone. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html#migrate-dns-create-hosted-zone
https://en.wikipedia.org/wiki/SOA_record


NEW QUESTION # 122
A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group.
Users are reporting slow responses during peak times between 6 PM and 11 PM very weekend.
A SysOps administrator must implement a solution to improve performance during these peak times.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
  • B. Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.
  • C. Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
  • D. Create a target tracking scaling po icy to add more instances when memory utilization is above
    70%.

Answer: C

Explanation:
Scheduled scaling helps you to set up your own scaling schedule according to predictable load changes. For example, let's say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can configure a schedule for Amazon EC2 Auto Scaling to increase capacity on Wednesday and decrease capacity on Friday.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html


NEW QUESTION # 123
An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked as unhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambda function is invoked in this situation.
How should the SysOps administrator meet these requirements?

  • A. Activate the instance scale-in protection setting for the Auto Scaling group.
    Invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
  • B. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53.
  • C. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
  • D. Activate the instance scale-in protection setting for the Auto Scaling group.
    Invoke the Lambda function through Amazon Route 53.

Answer: C

Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html


NEW QUESTION # 124
A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances. The SysOps administrator notices that the instances do not appear in the Systems Manager console.
What must the SysOps administrator do to resolve this issue?

  • A. Use AWS Certificate Manager (ACM) to create a TLS certificate.
    Import the certificate into each instance.
    Configure Systems Manager Agent to use the TLS certificate for secure communications.
  • B. Connect to each instance by using SSH.
    Create an ssm-user account.
    Add the ssm-user account to the /etcsudoers directory.
  • C. Connect to each instance by using SSH.
    Install Systems Manager Agent on each instance.
    Configure Systems Manager Agent to start automatically when the instances start up.
  • D. Attach an IAM instance profile to the instances.
    Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy

Answer: D

Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html


NEW QUESTION # 125
An application runs on multiple Amazon EC2 instances in an Auto Scaling group The Auto Scaling group is configured to use the latest version of a launch template A SysOps administrator must devise a solution that centrally manages the application logs and retains the logs for no more than 90 days Which solution will meet these requirements?

  • A. Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to an Amazon S3 bucket Apply a 90-day S3 Lifecycle policy on the S3 bucket to expire the application logs
  • B. Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to a log group Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to perform an instance refresh every 90 days
  • C. Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Set the log rotation configuration of the EC2 instances to 90 days
  • D. Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Configure the retention period on the log group to be 90 days

Answer: D


NEW QUESTION # 126
A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambd a. Which action should a SysOps administrator take to meet these requirements?

  • A. Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.
  • B. Purchase Reserved Instances through the Amazon EC2 console.
  • C. Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.
  • D. Use AWS Compute Optimizer and take action on the provided recommendations.

Answer: D


NEW QUESTION # 127
A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application's availability or design.
Which solution will meet these requirements?

  • A. Scale up the instance size of the application servers.
  • B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.
  • C. Reduce the number of application servers.
  • D. Provision an Application Load Balancer in front of the instances.

Answer: D


NEW QUESTION # 128
A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

  • A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.
  • B. Restrict the IAM users to use of the console, as MFA is not supported for CLI use.
  • C. Require users to use temporary credentials from the get-session token command to sign API calls.
  • D. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.

Answer: C


NEW QUESTION # 129
A company wants to prohibit its developers from using a particular family of Amazon EC2 instances. The company uses AWS Organizations and wants to apply the restriction across multiple accounts.
What is the MOST operationally efficient way for the company to apply service control policies (SCPs) to meet these requirements?

  • A. Enroll the accounts with AWS Control Tower. Apply the SCPs to the AWS Control Tower management account.
  • B. Apply the SCPs to each developer account
  • C. Add the accounts to resource groups in AWS Resource Groups. Apply the SCPs to the resource groups.
  • D. Add the accounts to an organizational unit (OU). Apply the SCPs to the OU.

Answer: D

Explanation:
https://aws.amazon.com/blogs/industries/best-practices-for-aws-organizations-service-control- policies-in-a-multi-account-environment/


NEW QUESTION # 130
A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet.
When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the instance multiple times.
However, the SysOps administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?

  • A. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.
  • B. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.
  • C. Add a route table entry in the public subnet for the SysOps administrator's IP address.
  • D. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.

Answer: D


NEW QUESTION # 131
A SysOps administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%.
Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select TWO.)

  • A. Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.
  • B. Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings.
  • C. Configure the distribution to use presigned cookies and URLs to restrict access to the distribution.
  • D. Change the Viewer Protocol Policy to use HTTPS only.
  • E. Enable automatic compression of objects in the Cache Behavior Settings.

Answer: A,B


NEW QUESTION # 132
An application is running on an Amazon EC2 instance in a VPC with the default DHCP option set.
The application connects to an on-premises Microsoft SQL Server database with the DNS name mssql.example.com. The application is unable to resolve the database DNS name.
Which solution will fix this problem?

  • A. Create an Amazon Route 53 Resolver outbound endpoint.
    Add a forwarding rule for the domain example.com.
    Associate the forwarding rule with the VPC.
  • B. Create an Amazon Route 53 Resolver inbound endpoint.
    Add a system rule for the domain example.com.
    Associate the system rule with the VPC.
  • C. Create an Amazon Route 53 Resolver inbound endpoint.
    Add a forwarding rule for the domain example.com.
    Associate the forwarding rule with the VPC.
  • D. Create an Amazon Route 53 Resolver outbound endpoint.
    Add a system rule for the domain example.com.Associate the system rule with the VPC.

Answer: A

Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-rules-managing.html
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound- queries.html


NEW QUESTION # 133
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

  • A. The public IP address of the NAT device in front of the customer gateway device
  • B. The private IP address of the customer gateway device
  • C. The public IP address of the customer gateway device
  • D. The MAC address of the NAT device in front of the customer gateway device

Answer: A

Explanation:
If your customer gateway device is behind a network address translation (NAT) device, use the IP address of your NAT device.
https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html


NEW QUESTION # 134
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests Where can the administrator find this information?

  • A. Auto Scaling logs
  • B. AWS CloudTrail logs
  • C. EC2 instance logs
  • D. Elastic Load Balancer access logs

Answer: D

Explanation:
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html


NEW QUESTION # 135
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

  • A. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.
  • B. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
  • C. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
  • D. Configure Amazon Cognito to detect any compromised 1AM credentials.

Answer: A


NEW QUESTION # 136
A SysOps administrator is creating a simple, public-facing website running on Amazon EC2. The SysOps administrator created the EC2 instance in an existing public subnet and assigned an Elastic IP address to the instance. Next, the SysOps administrator created and applied a new security group to the instance to allow incoming HTTP traffic from 0.0.0.0/0. Finally, the SysOps administrator created a new network ACL and applied it to the subnet to allow incoming HTTP traffic from 0.0.0.0/0. However, the website cannot be reached from the internet.
What is the cause of this issue?

  • A. The SysOps administrator did not create an outbound rule that allows ephemeral port return traffic in the new network ACL.
  • B. There is an additional network ACL associated with the subnet that includes a rule that denies inbound HTTP traffic from port 80.
  • C. The SysOps administrator did not create an outbound rule in the security group that allows HTTP traffic from port 80.
  • D. The Elastic IP address assigned to the EC2 instance has changed.

Answer: A


NEW QUESTION # 137
......

Amazon SOA-C02 Real 2023 Braindumps Mock Exam Dumps: https://www.freecram.com/Amazon-certification/SOA-C02-exam-dumps.html

SOA-C02 Free Exam Questions and Answers PDF Updated on Dec-2023: https://drive.google.com/open?id=1idN_hHltP_bDt7OArZOnV5QWUFvttheG

Related Articles

more
Go To SOA-C02 Questions
0
0
0
10