Welcome to download the Newest 2passeasy SOA-C02 dumps

https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

Exam Questions SOA-C02

AWS Certified SysOps Administrator - Associate (SOA-C02)

https://www.2passeasy.com/dumps/SOA-C02/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

NEW QUESTION 1
- (Exam Topic 1)
A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda
function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting
the DynamoOB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

A. Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.
B. Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.
C. Enable termination protection on the AWS Cloud Formation stack.
D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

Answer: A

NEW QUESTION 2
- (Exam Topic 1)
A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must
encrypt the credentials and must support automatic rotation.
Which solution will meet these requirements?

A. Create an AWS::SecretsManager::Secret resource in the CloudFormation templat

B. Reference thecredentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
C. Create an AWS::SecretsManager::Secret resource in the CloudFormation templat
D. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
E. Create an AWS::SSM::Parameter resource in the CloudFormation templat
F. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
G. Create parameters for the database credentials in the CloudFormation templat
H. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.

Answer: A

NEW QUESTION 3
- (Exam Topic 1)
A company applies user-defined tags to resources that are associated with me company's AWS workloads Twenty days after applying the tags, the company
notices that it cannot use re tags to filter views in the AWS Cost Explorer console.
What is the reason for this issue?

A. It lakes at least 30 days to be able to use tags to filter views in Cost Explorer.
B. The company has not activated the user-defined tags for cost allocation.
C. The company has not created an AWS Cost and Usage Report
D. The company has not created a usage budget in AWS Budgets

Answer: B

NEW QUESTION 4
- (Exam Topic 1)
A company runs a website from Sydney, Australia. Users in the United States (US) and Europe are reporting that images and videos are taking a long time to load.
However, local testing in Australia indicates no performance issues. The website has a large amount of static content in the form of images and videos that are
stored m Amazon S3.
Which solution will result In the MOST Improvement In the user experience for users In the US and Europe?

A. Configure AWS PrivateLink for Amazon S3.

B. Configure S3 Transfer Acceleration.
C. Create an Amazon CloudFront distributio
D. Distribute the static content to the CloudFront edge locations
E. Create an Amazon API Gateway API in each AWS Regio
F. Cache the content locally.

Answer: D

NEW QUESTION 5
- (Exam Topic 1)
A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2
instances The instances all exist in the same VPC across multiple Availability Zones. There are two instances In each Availability Zone. The SysOps administrator
must make the file system accessible to each instance with the lowest possible latency.
Which solution will meet these requirements?

A. Create a mount target for the EFS file system in the VP

B. Use the mount target to mount the file system on each of the instances
C. Create a mount target for the EFS file system in one Availability Zone of the VP
D. Use the mount target to mount the file system on the instances in that Availability Zon
E. Share the directory with the other instances.
F. Create a mount target for each instanc
G. Use each mount target to mount the EFS file system on each respective instance.
H. Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective Availability
Zone.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

Answer: D

Explanation:
A mount target provides an IP address for an NFSv4 endpoint at which you can mount an Amazon EFS file system. You mount your file system using its Domain
Name Service (DNS) name, which resolves to the IP address of the EFS mount target in the same Availability Zone as your EC2 instance. You can create one
mount target in each Availability Zone in an AWS Region. If there are multiple subnets in an Availability Zone in your VPC, you create a mount target in one of the
subnets. Then all EC2 instances in that Availability Zone share that mount target. https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html

NEW QUESTION 6
- (Exam Topic 1)
An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance
degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200
connections. The application team wants the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?

A. Migrate to a new Aurora multi-master DB cluste

B. Modify the application database connection string.
C. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.
D. Create an auto scaling policy with a target metric of 195 DatabaseConnections
E. Modify the DB cluster by increasing the Aurora Replica instance size.

Answer: C

NEW QUESTION 7
- (Exam Topic 1)
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2
instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network
interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.
A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.
What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?

A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.

Answer: C

NEW QUESTION 8
- (Exam Topic 1)
A company website contains a web tier and a database tier on AWS. The web tier consists of Amazon EC2 instances that run in an Auto Scaling group across two
Availability Zones. The database tier runs on an Amazon ROS for MySQL Multi-AZ DB instance. The database subnet network ACLs are restricted to only the web
subnets that need access to the database. The web subnets use the default network ACL with the default rules.
The company's operations team has added a third subnet to the Auto Scaling group configuration. After an Auto Scaling event occurs, some users report that they
intermittently receive an error message. The error message states that the server cannot connect to the database. The operations team has confirmed that the
route tables are correct and that the required ports are open on all security groups.
Which combination of actions should a SysOps administrator take so that the web servers can communicate with the DB instance? (Select TWO.)

A. On the default AC
B. create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.
C. On the default ACL, create outbound Allow rules of type MySQL/Aurora (3306). Specify the destinations as the database subnets.
D. On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.
E. On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web
subnet.
F. On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.

Answer: CD

NEW QUESTION 9
- (Exam Topic 1)
A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront
distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an
unintended side effect, mobile users are now being served the desktop version of the website.
Which action should a SysOps administrator take to resolve this issue?

A. Configure the CloudFront distribution behavior to forward the User-Agent header.

B. Configure the CloudFront distribution origin setting
C. Add a User-Agent header to the list of origin custom headers.
D. Enable IPv6 on the AL
E. Update the CloudFront distribution origin settings to use the dualstack endpoint.
F. Enable IPv6 on the CloudFront distributio
G. Update the Route 53 record to use the dualstack endpoint.

Answer: A

Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

NEW QUESTION 10
- (Exam Topic 1)
A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files.
Which solution will meet these requirements?

A. Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Recognition.
C. Enable Amazon GuardDut
D. Configure S3 protection to monitor all data inside Amazon S3.
E. Enable Amazon Maci
F. Create a discovery job that uses the managed data identifier.

Answer: D

Explanation:
Amazon Macie is a security service designed to help organizations find, classify, and protect sensitive data stored in Amazon S3. Amazon Macie uses machine
learning to automatically discover, classify, and protect sensitive data in Amazon S3. Creating a discovery job with the managed data identifier will allow Macie to
identify sensitive personal information in the S3 files and classify it accordingly. Enabling AWS Config and Amazon GuardDuty will not help with this requirement
as they are not designed to automatically classify and protect data.

NEW QUESTION 10
- (Exam Topic 1)
A database is running on an Amazon RDS Mufti-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?

A. Log in to the RDS console and select the encryption box to encrypt the database
B. Create a new encrypted Amazon EBS volume and attach it to the instance
C. Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
D. Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance

Answer: D

NEW QUESTION 14
- (Exam Topic 1)
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon
S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the
company's data. The vendor has provided an IAM role Amazon Resource Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

A. Create a new KMS ke

B. Add the vendor's IAM role ARN to the KMS key polic
C. Provide the new KMS key ARN to the vendor.
D. Create a new KMS ke
E. Create a new IAM use
F. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM use
G. Provide the new IAM user ARN to the vendor.
H. Configure encryption using the KMS managed S3 ke
I. Add the vendor's IAM role ARN to the KMS managed S3 key polic
J. Provide the KMS managed S3 key ARN to the vendor.
K. Configure encryption using the KMS managed S3 ke
L. Create an S3 bucke
M. Add the vendor's IAM role ARN to the S3 bucket polic
N. Provide the S3 bucket ARN to the vendor.

Answer: C

NEW QUESTION 16
- (Exam Topic 1)
A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the
Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.
What is the MOST operationally efficient solution that will improve the application's responsiveness?

A. Configure CloudWatch logging on the EC2 instanc

B. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.
C. Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency.
D. Create an Auto Scaling group, and assign it to an Application Load Balance
E. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group.
F. Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%.Configure the alarm to invoke an AWS Lambda function
that vertically scales the instance.

Answer: C

NEW QUESTION 17
- (Exam Topic 1)
A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance
application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps
administrator must reduce the cost of running the application without affecting the application's availability or design.
Which solution will meet these requirements?

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

A. Reduce the number of application servers.

B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.
C. Provision an Application Load Balancer in front of the instances.
D. Scale up the instance size of the application servers.

Answer: C

NEW QUESTION 18
- (Exam Topic 1)
A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are
attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the
DiskWriteBytes metric.
A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold.
However, the CloudWatch alarms were not in ALARM state.
Which action will ensure that the CloudWatch alarms function correctly?

A. Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.
B. Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.
C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.
D. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

Answer: A

NEW QUESTION 19
- (Exam Topic 1)
A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any worry groups that urn 0.0.0.0/0 as the source
address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block
corresponds with the company's intranet.

A. Create an AWS Config rule to detect noncompliant security group

B. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDK block.
C. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as the source address Attach this 1AM policy to every user in the company.
D. Create an AWS Lambda function to inspect now and existing security groups check for a noncompliant 0.0.0.0A) source address and change the source
address to the approved CIDR block.
E. Create a service control policy (SCP) for the organizational unit (OU) to deny the creation of security groups that have the 0.0.0.0/0 source addres
F. Set up automatic remediation to change Vie 0.0.0.0/0 source address to the approved CIDR block.

Answer: A

NEW QUESTION 20
- (Exam Topic 1)
A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company
requires all connections to the DB instance to be encrypted.
What should a SysOps administrator do to meet this requirement?

A. Allow SSL connections to the database by using an inbound security group rule.
B. Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.
C. Enforce SSL connections to the database by using a custom parameter group.
D. Patch the database with SSL/TLS by using a custom PostgreSQL extension.

Answer: C

Explanation:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.htm Amazon RDS supports SSL/TLS encryption for connections
to the database, and this can be enabled by
creating a custom parameter group and setting the rds.force_ssl parameter to 1. This will ensure that all connections to the database are encrypted, protecting the
data and maintaining compliance with the company's
requirements.l

NEW QUESTION 24
- (Exam Topic 1)
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered
instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email
notification when the recovery process is initiated.
Which solution will meet these requirements?

A. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metri
B. Add an EC2 action to the alarm to recover the instanc
C. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topi
D. Subscribe the SysOps team email address to the SNS topic.
E. Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metri
F. Add an EC2 action to the alarm to recover the instanc
G. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topi
H. Subscribe the SysOps team email address to the SNS topic.
I. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto
Seating group to use a launch template that specifies the private IP address and the Elastic IP addres
J. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).
K. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a
launch template that specifies the private IP addressand the Elastic IP addres

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

L. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topi
M. Subscribe the SysOps team email address to the SNS topic.

Answer: B

Explanation:
You can create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically recovers the instance if it becomes impaired due to an
underlying hardware failure or a problem that requires AWS involvement to repair. Terminated instances cannot be recovered. A recovered instance is identical to
the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata. If the impaired instance has a public IPv4
address, the instance retains the public IPv4 address after recovery. If the impaired instance is in a placement group, the recovered instance runs in the placement
group. When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you selected
when you created the alarm and associated the recover action. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html

NEW QUESTION 26
- (Exam Topic 1)
A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A
SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator
must make this change without changing the application code
Which solution will meet these requirements?

A. Modify the ALB type to internal Set the distribution's origin to the internal ALB domain name
B. Create a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to
the origin in case of a match Associate the function with the distribution.
C. Replace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the
distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed
response code of 403.
D. Add a custom HTTP header to the origin settings for the distribution in the ALB listener add a rule to forward requests that contain the matching custom header
and the header's value Add a default rule to return a fixed response code of 403.

Answer: D

Explanation:
To make the application accessible only through the CloudFront distribution and not directly through the Application Load Balancer (ALB), you can add a custom
HTTP header to the origin settings for the CloudFront distribution. You can then create a rule in the ALB listener to forward requests that contain the matching
custom header and its value to the origin. You can also add a default rule to the ALB listener to return a fixed response code of 403 for requests that do not contain
the matching custom header. This will allow you to redirect all requests to the CloudFront distribution and block direct access to the application through the ALB.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/restrict-access-to-load-balancer.html

NEW QUESTION 28
- (Exam Topic 1)
A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the
VPC is prohibited. After adding and configuring the required components to the VPC. the administrator is unable to connect to any of the domains that reside on
the internet.
What additional route destination rule should the administrator add to the route tables?

A. Route ;:/0 traffic to a NAT gateway

B. Route ::/0 traffic to an internet gateway
C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
D. Route ::/0 traffic to an egress-only internet gateway

Answer: D

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html

NEW QUESTION 30
- (Exam Topic 1)
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides
in a data center with a NAT gateway in front of it
What address should be used to create the customer gateway resource?

A. The private IP address of the customer gateway device

B. The MAC address of the NAT device in front of the customer gateway device
C. The public IP address of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway device

Answer: D

NEW QUESTION 35
- (Exam Topic 1)
A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation
template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment
process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?

A. Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any
protected resources were modified and cancel the operation
B. Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack
to determine if any protected resources were modified and cancel the operation

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

C. Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action
of Update
D. Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource
Names (ARNs) of the protected resources

Answer: B

NEW QUESTION 36
- (Exam Topic 1)
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator
needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB
cluster.
Which solution will meet these requirements?

A. Create an Aurora Replic

B. Promote the replica to replace the primary DB instance.
C. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
D. Use backtracking to rewind the existing DB cluster to the desired recovery point.
E. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.

Answer: C

Explanation:
"The limit for a backtrack window is 72 hours.....Backtracking is only available for DB clusters that were created with the Backtrack feature enabled....Backtracking
"rewinds" the DB cluster to the time you specify. Backtracking is not a replacement for backing up your DB cluster so that you can restore it to a point in time....You
can backtrack a DB cluster quickly. Restoring a DB cluster to a point in time launches a new DB cluster and restores it from backup data or a DB cluster snapshot,
which can take hours."
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html

NEW QUESTION 37
- (Exam Topic 1)
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report
that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

A. Configure the file system for Provisioned Throughput.

B. Enable encryption in transit on the file system.
C. Identify any unused files in the file system, and remove the unused files.
D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Answer: A

NEW QUESTION 42
- (Exam Topic 1)
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an
EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability
Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
B. The ALB was configured for only two Availability Zones.
C. The Auto Scaling group was configured for only two Availability Zones.
D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Answer: C

Explanation:
the autoscaling group is responsable to add the instances in the subnets

NEW QUESTION 46
- (Exam Topic 1)
A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The
company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.
What is the MOST cost-effective way to resize the cluster?

A. Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.
B. Deploy a new ElastiCache for Redis cluster that uses large node type
C. Migrate the data from the original cluster to the new cluste
D. After the process is complete, shut down the original duster.
E. Deploy a new ElastiCache for Redis cluster that uses large node type
F. Take a backup from the original cluster, and restore the backup in the new cluste
G. After the process is complete, shut down the original cluster.
H. Perform an online resizing for the ElastiCache for Redis cluste
I. Change the node types from extra-large nodes to large nodes.

Answer: D

Explanation:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/scaling-redis-cluster-mode-enabled.html As demand on your clusters changes, you might decide

to improve performance or reduce costs by changing the number of shards in your Redis (cluster mode enabled) cluster. We recommend using online horizontal
scaling to do so, because it allows your cluster to continue serving requests during the scaling process.
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/redis-cluster-vertical-scaling-scaling-down.html

NEW QUESTION 49
- (Exam Topic 1)
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own
Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?

A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.
C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Answer: A

NEW QUESTION 51
- (Exam Topic 1)
A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same
structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web
server returns an HTTP 404 response.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.
B. Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
D. Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

Answer: A

Explanation:
This is the most operationally efficient solution that meets the requirements, as it will allow the company to monitor the number of times that the web server returns
an HTTP 404 response in real-time. The other solutions (creating a CloudWatch Logs subscription filter, an AWS Lambda function, or a script) will require
additional steps and resources to monitor the number of times that the web server returns an HTTP 404 response.
A metric filter allows you to search for specific terms, phrases, or values in your log events, and then to create a metric based on the number of occurrences of
those search terms. This allows you to create a CloudWatch Metric that can be used to create alarms and dashboards, which can be used to monitor the number
of HTTP 404 responses returned by the web server.

NEW QUESTION 52
- (Exam Topic 1)
A company stores files on 50 Amazon S3 buckets in the same AWS Region The company wants to connect to the S3 buckets securely over a private connection
from its Amazon EC2 instances The company needs a solution that produces no additional cost
Which solution will meet these requirements?

A. Create a gateway VPC endpoint lor each S3 bucket Attach the gateway VPC endpoints to each subnet inside the VPC
B. Create an interface VPC endpoint (or each S3 bucket Attach the interface VPC endpoints to each subnet inside the VPC
C. Create one gateway VPC endpoint for all the S3 buckets Add the gateway VPC endpoint to the VPC route table
D. Create one interface VPC endpoint for all the S3 buckets Add the interface VPC endpoint to the VPC route table

Answer: C

NEW QUESTION 54
- (Exam Topic 1)
A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer in use. The CloudFormation stack is in the DELETE_FAILED state. The
SysOps administrator has validated the permissions that are required to delete the Cloud Formation stack.

A. The configured timeout to delete the stack was too low for the delete operation to complete.
B. The stack contains nested stacks that must be manually deleted fast.
C. The stack was deployed with the -disable rollback option.
D. There are additional resources associated with a security group in the stack
E. There are Amazon S3 buckets that still contain objects in the stack.

Answer: DE

NEW QUESTION 59
- (Exam Topic 1)
A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this
requirement?

A. Configure S3 bucket metrics to record object access logs

B. Create an AWS CloudTrail trail to log data events tor all S3 objects
C. Enable S3 server access logging for each S3 bucket
D. Use AWS IAM Access Analyzer for Amazon S3 to store object access logs.

Answer: B

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

NEW QUESTION 61
- (Exam Topic 1)
A company's IT department noticed an increase in the spend of their developer AWS account. There are over 50 developers using the account, and the finance
team wants to determine the service costs incurred by each developer.
What should a SysOps administrator do to collect this information? (Select TWO.)

A. Activate the createdBy tag in the account.

B. Analyze the usage with Amazon CloudWatch dashboards.
C. Analyze the usage with Cost Explorer.
D. Configure AWS Trusted Advisor to track resource usage.
E. Create a billing alarm in AWS Budgets.

Answer: AC

NEW QUESTION 66
- (Exam Topic 1)
A company has a mobile app that uses Amazon S3 to store images The images are popular for a week, and then the number of access requests decreases over
time The images must be highly available and must be immediately accessible upon request A SysOps administrator must reduce S3 storage costs for the
company Which solution will meet these requirements MOST cost-effectively?

A. Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days

B. Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days
C. Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days
D. Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days

Answer: D

NEW QUESTION 71
- (Exam Topic 1)
A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS
resources to be encrypted at rest and in transit.
What should a SysOps administrator do to encrypt the database?

A. Configure encryption on the existing DB instance.

B. Take a snapshot of the DB instanc
C. Encrypt the snapsho
D. Restore the snapshot to the same DB instance.
E. Encrypt the standby replica in a secondary Availability Zon
F. Promote the standby replica to the primary DB instance.
G. Take a snapshot of the DB instanc
H. Copy and encrypt the snapsho
I. Create a new DB instance by restoring the encrypted copy.

Answer: B

NEW QUESTION 76
- (Exam Topic 1)
A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to
deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the
CloudFront distribution.
How should a SysOps administrator create a new record for the subdomain in Route 53?

A. Create a CNAME recor

B. Enter static.cloudfront.net as the record nam
C. Enter the CloudFront distribution's public IP address as the value.
D. Create a CNAME recor
E. Enter static.example.com as the record nam
F. Enter the CloudFront distribution's private IP address as the value.
G. Create an A recor
H. Enter static.cloudfront.net as the record nam
I. Enter the CloudFront distribution's ID as an alias target.
J. Create an A recor
K. Enter static.example.com as the record nam
L. Enter the CloudFront distribution's domain name as an alias target.

Answer: D

Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html

NEW QUESTION 79
- (Exam Topic 1)
A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps
administrator meet this requirement?

A. Create one S3 bucket named example.com for both the domain and subdomain.
B. Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.
C. Create two S3 buckets named example.com and www.exdmpte.co
D. Configure the subdomain bucket to redirect requests to the domain bucket.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

E. Create two S3 buckets named http//example.com and http//" exampte.co

F. Configure the wildcard (') bucket to redirect requests to the domain bucket.

Answer: C

NEW QUESTION 82
- (Exam Topic 1)
A company runs us Infrastructure on Amazon EC2 Instances that run In an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2
fleet. This faulty code caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved.
What should a SysOps administrator do to retain the application logs after instances are terminated?

A. Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
B. Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Log
C. Update the launch template to use the new AMI.
D. Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrai
E. Update the launch template to use the new AMI.
F. Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch templat
G. Configure the CloudWatch agent to back up the logs to ephemeral storage.

Answer: B

NEW QUESTION 86
- (Exam Topic 1)
A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route
tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template
should refer to the resources created by the first template.
How can this be accomplished with the LEAST amount of administrative effort?

A. Add an export field to the outputs of the first template and import the values in the second template.
B. Create a custom resource that queries the stack created by the first template and retrieves the required values.
C. Create a mapping in the first template that is referenced by the second template.
D. Input the names of resources in the first template and refer to those names in the second template as a parameter.

Answer: A

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html

NEW QUESTION 88
- (Exam Topic 1)
A company's backend infrastructure contains an Amazon EC2 instance in a private subnet. The private subnet has a route to the internet through a NAT gateway
in a public subnet. The instance must allow connectivity to a secure web server on the internet to retrieve data at regular intervals.
The client software times out with an error message that indicates that the client software could not establish the TCP connection.
What should a SysOps administrator do to resolve this error?

A. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0.0.0.0/0.
B. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0.0.0.0/0.
C. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0.0.0.0/0.
D. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP
E. Destination - 0.0.0.0/0.

Answer: D

NEW QUESTION 91
- (Exam Topic 1)
A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an AWS Site-to-Site VPN connection between
the on-premises network and AWS. The company must monitor the application for changes that allow network access outside of the corporate network. Any
change that exposes the application externally must be restricted automatically.
Which solution meets these requirements in the MOST operationally efficient manner?

A. Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate
CIDR range
B. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Log
C. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service
(Amazon SNS) topic with the Lambda function as a target.
D. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public
IP addresses on the EC2 instance
E. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
F. Configure AWS Config and a custom rule to monitor whether a security group allows inbound requestsfrom noncorporate CIDR range
G. Create an AWS Systems Manager Automation document to remove any noncorporate CIDR ranges from the application security groups.
H. Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by ta
I. Tag the EC2 instances with an identifie
J. Create an AWS Systems Manager Automation document to remove the public IP association from the EC2 instances.

Answer: C

Explanation:
https://aws.amazon.com/blogs/security/how-to-auto-remediate-internet-accessible-ports-with-aws-config-and-aw

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

NEW QUESTION 92
- (Exam Topic 1)
A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a
separate microservice running on a different Amazon EC2 instance. The administrator has been tasked with reconfiguring the infrastructure to support this
approach.
How can the administrator accomplish this with the LEAST administrative overhead?

A. Use Amazon CloudFront to log the URL and forward the request.
B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request.
C. Use an Application Load Balancer (ALB) and do path-based routing.
D. Use a Network Load Balancer (NLB) and do path-based routing.

Answer: C

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-achieve-path-based-routing-alb/

NEW QUESTION 93
- (Exam Topic 1)
A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon
Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.
According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the
company’s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.
Which action should the SysOps administrator take to meet these requirements?

A. Increase the size of the 1 GiB EBS volumes.

B. Add two additional elastic network interfaces on each EC2 instance.
C. Turn on Transfer Acceleration on the EBS volumes in the Region.
D. Add all the EC2 instances to a cluster placement group.

Answer: A

Explanation:
Increasing the size of the 1 GiB EBS volumes will increase the IOPS capacity of the volumes, which will improve the I/O performance of the EBS volumes. This
option does not require any changes to the instance types or EBS volume types, so it can be done quickly without the need for lengthy acceptance tests to validate
that the company's applications will function properly.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/requesting-ebs-volume-modifications.html

NEW QUESTION 96
- (Exam Topic 1)
A company is implementing a monitoring solution that is based on machine learning. The monitoring solution consumes Amazon EventBridge (Amazon
CloudWatch Events) events that are generated by Amazon EC2 Auto Scaling. The monitoring solution provides detection of anomalous behavior such as
unanticipated scaling events and is configured as an EventBridge (CloudWatch Events) API destination.
During initial testing, the company discovers that the monitoring solution is not receiving events. However, Amazon CloudWatch is showing that the EventBridge
(CloudWatch Events) rule is being invoked. A SysOps administrator must implement a solution to retrieve client error details to help resolve this issue.
Which solution will meet these requirements with the LEAST operational effort?

A. Create an EventBridge (CloudWatch Events) archive for the event pattern to replay the event
B. Increase the logging on the monitoring solutio
C. Use replay to invoke the monitoring solutio
D. Examine the error details.
E. Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letter queue for the targe
F. Process the messages in the dead-letter queue to retrieve error details.
G. Create a second EventBridge (CloudWatch Events) rule for the same event pattern to target an AWS Lambda functio
H. Configure the Lambda function to invoke the monitoring solution and to record the results to Amazon CloudWatch Log
I. Examine the errors in the logs.
J. Configure the EventBridge (CloudWatch Events) rule to send error messages to an Amazon Simple Notification Service (Amazon SNS) topic.

Answer: A

Explanation:
"In EventBridge, you can create an archive of events so that you can easily replay them at a later time. For example, you might want to replay events to recover
from errors or to validate new functionality in your
application." https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-archive.html

NEW QUESTION 101

- (Exam Topic 1)
A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a
combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the
most flexibility.
What should the company do to MAXIMIZE cost savings while meeting these requirements?

A. Establish the compute expense by the hou

B. Purchase a Compute Savings Plan.
C. Establish the compute expense by the hou
D. Purchase an EC2 Instance Savings Plan.
E. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy.
F. Use EC2 Spot Instances to match the instances that run in each Region.

Answer: D

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

NEW QUESTION 103

- (Exam Topic 1)
A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report
on data that is stored in an Amazon S3 bucket.
What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
C. Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
D. Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

Answer: C

NEW QUESTION 108

- (Exam Topic 1)
A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises
website as a custom origin.
The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users
are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution.
What should a SysOps administrator do to resolve this problem?

A. Examine the expiration date on the certificate on the origin sit

B. Validate that the certificate has not expire
C. Replace the certificate if necessary.
D. Examine the hostname on the certificate on the origin sit
E. Validate that the hostname matches one of the hostnames on the CloudFront distributio
F. Replace the certificate if necessary.
G. Examine the firewall rules that are associated with the origin serve
H. Validate that port 443 is open for inbound traffic from the interne
I. Create an inbound rule if necessary.
J. Examine the network ACL rules that are associated with the CloudFront distributio
K. Validate that port 443 is open for outbound traffic to the origin serve
L. Create an outbound rule if necessary.

Answer: A

Explanation:
HTTP 502 errors from CloudFront can occur because of the following reasons:
There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront.
There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid.
There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.
The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution. The custom origin is ending the connection to
CloudFront too quickly.
https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-connection-error/

NEW QUESTION 110

- (Exam Topic 1)
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level
access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must
set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A. Specify '*' as the principal and PrincipalOrgld as a condition.

B. Specify all account numbers as the principal.
C. Specify PrincipalOrgld as the principal.
D. Specify the organization's management account as the principal.

Answer: C

NEW QUESTION 111

- (Exam Topic 1)
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.
What should a SysOps administrator do to meet this requirement?

A. Configure an IAM policy that denies the s3:DeleteObject action for all user
B. Three months after an object is written, remove the policy.
C. Enable S3 Object Lock on a new S3 bucket in compliance mod
D. Place all backups in the new S3 bucket with a retention period of 3 months.
E. Enable S3 Versioning on the existing S3 bucke
F. Configure S3 Lifecycle rules to protect the backups.
G. Enable S3 Object Lock on a new S3 bucket in governance mod
H. Place all backups in the new S3 bucket with a retention period of 3 months.

Answer: D

Explanation:
To meet the requirements of the workload, a SysOps administrator should enable S3 Object Lock on a new S3 bucket in governance mode and place all backups
in the new S3 bucket with a retention period of 3 months.
This will ensure that the backups are not deleted for at least 3 months after they are created. The other solutions (configuring an IAM policy that denies the

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

s3:DeleteObject action for all users, enabling S3 Object Lock on a new S3 bucket in compliance mode, or enabling S3 Versioning on the existing S3 bucket and
configuring S3 Lifecycle rules to protect the backups) will not meet the requirements, as they do not provide a way to ensure that the backups are not deleted for at
least 3 months after they are created.

NEW QUESTION 114

- (Exam Topic 1)
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report
that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

A. Configure the file system for Provisioned Throughput.

B. Enable encryption in transit on the file system.
C. Identify any unused files in the file system, and remove the unused files.
D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Answer: A

NEW QUESTION 119

- (Exam Topic 1)
A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6
months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.
A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that
are available and must ensure that there are no unused reservations.
Which purchasing option will meet these requirements?

A. Compute Savings Plans for 1 year with the No Upfront payment option
B. Compute Savings Plans for 1 year with the Partial Upfront payment option
C. EC2 Instance Savings Plans for 1 year with the All Upfront payment option
D. EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Answer: C

NEW QUESTION 120

- (Exam Topic 1)
A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting
vulnerability that could expose user data.
Which AWS service will mitigate this issue?

A. AWS Shield Standard

B. AWS WAF
C. Elastic Load Balancing
D. Amazon Cognito

Answer: A

NEW QUESTION 124

- (Exam Topic 1)
A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website
is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does
not seem to work, and the static website is not displayed in the browser.
Which of the following is a cause of this?

A. The S3 bucket must be configured with Amazon CloudFront first.

B. The Route 53 record set must have an IAM role that allows access to the S3 bucket.
C. The Route 53 record set must be in the same region as the S3 bucket.
D. The S3 bucket name must match the record set name in Route 53.

Answer: D

NEW QUESTION 126

- (Exam Topic 1)
A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must
integrate with Amazon RDS.
Which solution will meet these requirements with the LEAST operational overhead?

A. Store the credentials in AWS Systems Manager Parameter Store as a secure strin
B. Configure automatic rotation with a rotation interval of 30 days.
C. Store the credentials in AWS Secrets Manage
D. Configure automatic rotation with a rotation interval of 30 days.
E. Store the credentials in a file in an Amazon S3 bucke
F. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
G. Store the credentials in AWS Secrets Manage
H. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Answer: B

Explanation:
Storing the credentials in AWS Secrets Manager and configuring automatic rotation with a rotation interval of 30 days is the most efficient way to meet the

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

requirements with the least operational overhead. AWS Secrets Manager automatically rotates the credentials at the specified interval, so there is no need for an
additional AWS Lambda function or manual rotation. Additionally, Secrets Manager is integrated with Amazon RDS, so the credentials can be easily used with the
RDS database.

NEW QUESTION 128

- (Exam Topic 1)
A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that
some requests are going directly to the S3 bucket by using the website hosting endpoint. A SysOps administrator must secure the S3 bucket to allow requests only
from CloudFront.
What should the SysOps administrator do to meet this requirement?

A. Create an origin access identity (OAI) in CloudFron

B. Associate the OAI with the distributio
C. Remove access to and from other principals in the S3 bucket polic
D. Update the S3 bucket policy to allow accessonly from the OAI.
E. Create an origin access identity (OAI) in CloudFron
F. Associate the OAI with the distributio
G. Update the S3 bucket policy to allow access only from the OA
H. Create a new origin, and specify the S3 bucket as the new origi
I. Update the distribution behavior to use the new origi
J. Remove the existing origin.
K. Create an origin access identity (OAI) in CloudFron
L. Associate the OAI with the distributio
M. Update the S3 bucket policy to allow access only from the OA
N. Disable website hostin
O. Create a new origin, and specify the S3 bucket as the new origi
P. Update the distribution behavior to use the new origi
Q. Remove the existing origin.
R. Update the S3 bucket policy to allow access only from the CloudFront distributio
S. Remove access to and from other principals in the S3 bucket polic
T. Disable website hostin
. Create a new origin, and specify the S3 bucket as the new origi
. Update the distribution behavior to use the new origi
. Remove the existing origin.

Answer: A

NEW QUESTION 129

- (Exam Topic 1)
A company uses an Amazon CloudFront distribution to deliver its website Traffic togs for the website must be centrally stored and all data must be encrypted at
rest
Which solution will meet these requirements?

A. Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS
managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
B. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure
CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
C. Create an Amazon S3 bucket that is configured with default server side encryption that uses AES-256 Configure CloudFront to use the S3 bucket as a log
destination
D. Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log
destination

Answer: C

NEW QUESTION 130

- (Exam Topic 1)
A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The
company does not want to pay for additional unneeded capacity to achieve this performance.
Which solution will meet these requirements with the LEAST cost?

A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS
B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS.
C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode.
D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS

Answer: A

NEW QUESTION 135

- (Exam Topic 1)
A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user
logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region
Which solution will solve this problem?

A. Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket.
B. Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80.
C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.
D. Update the S3 bucket policy to allow s3 PurObject access from the private subnet CIDR block.

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

NEW QUESTION 140

- (Exam Topic 1)
A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and
database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.
Which solution will meet these requirements?

A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enable
B. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
C. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enable
D. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
E. Use AWS Backup to create a backup plan with a backup rule that runs dail
F. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.
G. Use AWS Backup to create a backup plan with a backup rule that runs dail
H. Assign the resource ID of the EC2 instance with the reboot parameter enabled.

Answer: B

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinAMI.html "NoReboot By default, Amazon EC2 attempts to shut down and
reboot the instance before creating the image.
If the No Reboot option is set, Amazon EC2 doesn't shut down the instance before creating the image. When this option is used, file system integrity on the
created image can't be guaranteed." Besides, we can use AWS EventBridge to invoke Lambda function
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html

NEW QUESTION 141

- (Exam Topic 1)
A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The
Sysops administrator needs to manage the cluster by using the kubect1 command line tool.
Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?

A. The kubeconfig file

B. The kube-proxy Amazon EKS add-on
C. The Fargate profile
D. The eks-connector.yaml file

Answer: A

Explanation:
The kubeconfig file is a configuration file used to store cluster authentication information, which is required to make requests to the Amazon EKS cluster API
server. The kubeconfig file will need to be configured on the SysOps administrator's machine in order for kubectl to be able to communicate with the cluster API
server.
https://aws.amazon.com/blogs/developer/running-a-kubernetes-job-in-amazon-eks-on-aws-fargate-using-aws-ste

NEW QUESTION 144

- (Exam Topic 1)
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

A. Configure Amazon Cognito to detect any compromised 1AM credentials.

B. Set up Amazon Inspecto
C. Scan and monitor resources for unauthorized logins.
D. Set up AWS Confi
E. Add the iam-policy-blacklisted-check managed rule to the account.
F. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Answer: D

NEW QUESTION 148

- (Exam Topic 1)
A company is planning to host its stateful web-based applications on AWS A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances The
web applications will run 24 hours a day 7 days a week throughout the year The company must be able to change the instance type within the same instance
family later in the year based on the traffic and usage patterns
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

A. Convertible Reserved Instances

B. On-Demand instances
C. Spot instances
D. Standard Reserved instances

Answer: A

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-convertible-exchange.html

NEW QUESTION 152

- (Exam Topic 1)
A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of
business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and
resources
Which action should be taken to meet these requirements?

A. Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations
B. Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure
C. Use AWS Config to provision accounts and deploy instances using AWS Service Catalog
D. Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts

Answer: D

NEW QUESTION 155

- (Exam Topic 1)
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to
the account's Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
D. Enable S3 server access logging to track requests made to the log bucket for security audits.

Answer: B

Explanation:
When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that
references the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a
public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS region
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

NEW QUESTION 157

- (Exam Topic 1)
A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all
current objects in the S3 bucket are encrypted.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a script that runs against the S3 bucket and outputs the status of each object.
B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.
C. Provide the security team with an IAM user that has read access to the S3 bucket.
D. Use the AWS CLI to output a list of all objects in the S3 bucket.

Answer: D

NEW QUESTION 159

- (Exam Topic 1)
A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.
Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for
the event pattern.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call
for the event pattern.
C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific
API call for the event pattern.
D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
E. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Answer: AD

Explanation:
https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-your-iam-configuration-changes/

NEW QUESTION 161

- (Exam Topic 1)
A company's VPC has connectivity to an on-premises data center through an AWS Site-to-Site VPN. The company needs Amazon EC2 instances in the VPC to
send DNS queries for example com to the DNS servers in the data center.
Which solution will meet these requirements?

A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwarding rule on the on-primes DNS servers to forward DNS requests for
example.com to the inbound endpoints.
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises
DNS server
C. Associate this rule with the VPC.
D. Create an Amazon Route 53 Resolver outbound endpoint Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for
example.com to the outbound endpoints
E. Create an Amazon Route 53 Resolver outbound endpoin
F. Create a forwarding rule on the resolver that sends all queries for exarrc4e.com to the on-premises DNS servers Associate this rule with the VPC.

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

NEW QUESTION 163

- (Exam Topic 1)
A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that
interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?

A. Store the database password as an environment variable for each Lambda functio
B. Create a new Lambda function that is named PasswordRotat
C. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update
the environment variable for each Lambda function.
D. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each
Lambda functio
E. Grant each Lambda function access to the KMS key so that the database password can be decrypted when require
F. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.
G. Use AWS Secrets Manager to store credentials for the databas
H. Create a Secrets Manager secret, and select the database so that Secrets Manager will use a Lambda function to update the database password automaticall
I. Specify an automatic rotation schedule of 30 day
J. Update each Lambda function to access the database password from SecretsManager.
K. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the databas
L. Create a new Lambda function called PasswordRotat
M. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to
update the secret within Parameter Stor
N. Update each Lambda function to access the database password from Parameter Store.

Answer: C

Explanation:
When you choose to enable rotation, Secrets Manager supports the following Amazon Relational Database Service (Amazon RDS) databases with AWS written
and tested Lambda rotation function templates, and full configuration of the rotation process:
Amazon Aurora on Amazon RDS MySQL on Amazon RDS PostgreSQL on Amazon RDS Oracle on Amazon RDS MariaDB on Amazon RDS
Microsoft SQL Server on Amazon RDS https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

NEW QUESTION 168

- (Exam Topic 1)
A company's SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company's web application. The web application does not use
any Elastic IP addresses. Users must access the web application by using the company's domain name. The SysOps administrator needs to configure Amazon
Route 53 to route traffic to the NLB.
Which solution will meet these requirements MOST cost-effectively?

A. Create a Route 53 AAAA record for the NLB.

B. Create a Route 53 alias record for the NLB.
C. Create a Route 53 CAA record for the NLB.
D. Create a Route 53 CNAME record for the NLB.

Answer: B

NEW QUESTION 170

- (Exam Topic 1)
A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these
requirements?

A. Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.
B. Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.
C. Purchase Reserved Instances through the Amazon EC2 console.
D. Use AWS Compute Optimizer and take action on the provided recommendations.

Answer: D

NEW QUESTION 171

- (Exam Topic 1)
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-
Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users'
locations.
Which approach should the SysOps administrator use to optimize this workload?

A. Purchase Compute Savings Plans based on the usage during the past 30 days
B. Purchase Convertible Reserved Instances by calculating the usage baseline.
C. Purchase EC2 Instance Savings Plane based on the usage during the past 30 days
D. Purchase Standard Reserved Instances by calculating the usage baseline.

Answer: C

NEW QUESTION 174

- (Exam Topic 1)
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC.
The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain
records. After the migration, the application is not able to connect to the customer data because of name resolution errors.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

Which solution will give the application the ability to resolve the internal domain names?

A. Launch EC2 instances in the VP

B. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS serve
C. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.
D. Create an Amazon Route 53 Resolver outbound endpoin
E. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
F. Set up two AWS Direct Connect connections between the AWS environment and the on-premises networ
G. Set up a link aggregation group (LAG) that includes the two connection
H. Change the VPC resolver address to point to the on-premises DNS server.
I. Create an Amazon Route 53 public hosted zone for the on-premises domai
J. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Answer: B

Explanation:
https://docs.aws.amazon.com/zh_tw/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html

NEW QUESTION 176

- (Exam Topic 1)
A company's SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because
another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots
are deleted.
Which solution will provide this functionality?

A. Turn on deletion protection on individual EBS snapshots that need to be kept.

B. Create an 1AM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age Apply the policy to all users
C. Create a Recycle Bin retention rule for EBS snapshots for the desired retention period.
D. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.

Answer: B

NEW QUESTION 181

- (Exam Topic 1)
A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the
appropriate permissions for AWS Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While
configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager.
What must the SysOps administrator do to fix this issue?

A. Ensure that all the EC2 instances have the correct tags for Systems Manager access.
B. Configure AWS Identity and Access Management Access Analyzer to determine and automatically remediate the issue.
C. Ensure that all the EC2 instances have an instance profile with Systems Manager access.
D. Configure Systems Manager to use an interface VPC endpoint.

Answer: C

Explanation:
Ensuring that all the EC2 instances have an instance profile with Systems Manager access is the most effective way to fix this issue. Having an instance profile
with Systems Manager access will allow the SysOps administrator to configure the inventory collection for all the instances in the subnet, regardless of whether or
not they are managed by Systems Manager.

NEW QUESTION 184

- (Exam Topic 1)
An errant process is known to use an entire processor and run at 100% A SysOps administrator wants to automate restarting the instance once the problem
occurs for more than 2 minutes
How can this be accomplished?

A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance
B. Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance
C. Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes
D. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks

Answer: B

NEW QUESTION 186

- (Exam Topic 1)
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused
for multiple environments.
How should the SysOps administrator use AWS CloudFormation to create a solution?

A. Use Amazon EC2 user data in a CloudFormation template

B. Use nested stacks to provision resources
C. Use parameters in a CloudFormation template
D. Use stack policies to provision resources

Answer: C

Explanation:
Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before
implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks
when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment,
but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse

NEW QUESTION 187

- (Exam Topic 1)
A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions.
The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires
its own CloudWatch dashboard.
How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?

A. Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboar
B. Run the command each time a new CloudFormation stack is created.
C. Export the existing CloudWatch dashboard as JSO
D. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resourc
E. Include the exported JSON in the resource's DashboardBody property.
F. Update the CloudFormation template to define an resourc
G. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.
H. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resourc
I. Specify the name of the existingdashboard in the DashboardName property.

Answer: B

Explanation:
You can only use the Intrinsic Ref function to reference a resource that is being created at the same time as the current CloudFormation template. The question
states that the CloudWatch dashboard was previously created using the AWS Management Console, so there is no ID to reference the existing CloudWatch
dashboard in the CloudFormation template. You would need to export the existing CloudWatch dashboard as JSON, then use the DashboardBody property in the
CloudFormation template to replicate it upon each deployment
(https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structu

NEW QUESTION 191

- (Exam Topic 1)
A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between
6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak
times.
B. Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
C. Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
D. Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.

Answer: B

Explanation:
"Scheduled scaling helps you to set up your own scaling schedule according to predictable load changes. For example, let's say that every week the traffic to your
web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can configure a schedule for Amazon EC2
Auto Scaling to increase capacity on Wednesday and decrease capacity on Friday." https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html

NEW QUESTION 192

- (Exam Topic 1)
A company runs workloads on 90 Amazon EC2 instances in the eu-west-1 Region in an AWS account. In 2 months, the company will migrate the workloads from
eu-west-1 to the eu-west-3 Region.
The company needs to reduce the cost of the EC2 instances. The company is willing to make a 1-year commitment that will begin next week. The company must
choose an EC2 Instance purchasing option that will provide discounts for the 90 EC2 Instances regardless of Region during the 1-year period. Which solution will
meet these requirements?

A. Purchase EC2 Standard Reserved Instances.

B. Purchase an EC2 Instance Savings Plan.
C. Purchase EC2 Convertible Reserved Instances.
D. Purchase a Compute Savings Plan.

Answer: B

NEW QUESTION 194

- (Exam Topic 2)
You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named
cloudformation-bucket
* 1. Use the us-east-2 Region for all resources.
* 2. Unless specified below, use the default configuration settings.
* 3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:
* a) Change the EC2 instance type to us-east-t2.nano.
* b) Allow SSH to connect to the EC2 instance from the IP address range 192.168.100.0/30.
* c) Replace the instance profile IAM role with IamRoleB.
* 4. Deploy the changes by updating the stack using the CFServiceR01e role.
* 5. Edit the stack options to prevent accidental deletion.
* 6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Here are the steps to update an existing AWS CloudFormation stack:
Log in to the AWS Management Console and navigate to the CloudFormation service in the us-east-2 Region.
Find the existing stack named 1700182 and click on it.
Click on the "Update" button.
Choose "Replace current template" and upload the updated CloudFormation template from the Amazon S3 bucket named "cloudformation-bucket"
In the "Parameter" section, update the EC2 instance type to us-east-t2.nano and add the IP address range 192.168.100.0/30 for SSH access.
Replace the instance profile IAM role with IamRoleB.
In the "Capabilities" section, check the checkbox for "IAM Resources"
Choose the role CFServiceR01e and click on "Update Stack"
Wait for the stack to be updated.
Once the update is complete, navigate to the stack and click on the "Stack options" button, and select "Prevent updates to prevent accidental deletion"
To get the value of the Prodlnstanceld , navigate to the "Outputs" tab in the CloudFormation stack and
find the key "Prodlnstanceld". The value corresponding to it is the value that you need to enter in the text box below.
Note:
You can use AWS CloudFormation to update an existing stack.
You can use the AWS CloudFormation service role to deploy updates.
You can refer to the AWS CloudFormation documentation for more information on how to update and manage stacks: https://aws.amazon.com/cloudformation/

NEW QUESTION 199

......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy SOA-C02 dumps
https://www.2passeasy.com/dumps/SOA-C02/ (305 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual SOA-C02 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the SOA-
C02 Product From:

https://www.2passeasy.com/dumps/SOA-C02/

Money Back Guarantee

SOA-C02 Practice Exam Features:

* SOA-C02 Questions and Answers Updated Frequently

* SOA-C02 Practice Questions Verified by Expert Senior Certified Staff

* SOA-C02 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* SOA-C02 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Powered by TCPDF (www.tcpdf.org)