2021 Realistic ITexamReview SOA-C02 Dumps PDF - 100% Passing Guarantee [Q48-Q67]

2021 Realistic ITexamReview SOA-C02 Dumps PDF - 100% Passing Guarantee

Free Amazon SOA-C02  Exam Questions & Answer

NEW QUESTION 48
A company is using an Amazon DynamoDB table for dat
a. A SysOps administrator must configure replication of the table to another AWS Region for disaster recovery.
What should the SysOps administrator do to meet this requirement?

• A. Enable DynamoDB Streams, and-add a global table Region.
• B. Enable DynamoDB Accelerator (DAX).
• C. Enable DynamoDB Streams, and add a global secondary index (GSI).
• D. Enable point-in-time recovery.

Answer: A

 

NEW QUESTION 49
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled.
Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.
Which solution will meet these requirements?

• A. Purchase RIs in the management account. Disable RI discount sharing in the member accounts.
• B. Purchase RIs in individual member accounts. Disable RI discount sharing in the member accounts.
• C. Purchase RIs in the management account. Disable RI discount sharing in the management account.
• D. Purchase RIs in individual member accounts. Disable RI discount sharing in the management account.

Answer: B

 

NEW QUESTION 50
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

• A. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
• B. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
• C. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon S3 object. The security team can use the information in the tag to verify the integrity of the delivered files.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.

Answer: A

 

NEW QUESTION 51
An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership What is the BEST method to allow access using current LDAP credentials?

• A. Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server
• B. Create a Lambda function to read LDAP groups and automate the creation of IAM users
• C. Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions
• D. Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD

Answer: C

 

NEW QUESTION 52
A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.
Which of the following is a cause of this?

• A. The Route 53 record set must be in the same region as the S3 bucket.
• B. The S3 bucket name must match the record set name in Route 53.
• C. The S3 bucket must be configured with Amazon CloudFront first.
• D. The Route 53 record set must have an IAM role that allows access to the S3 bucket.

Answer: B

 

NEW QUESTION 53
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.
Which solution will meet this requirement?

• A. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
• B. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.
• C. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.
• D. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.

Answer: A

 

NEW QUESTION 54
A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.
Which solution will meet these requirements?

• A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
• B. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enabled. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
• C. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.
• D. Use AWS Backup to create a backup plan with a backup rule that runs daily. Assign the resource ID of the EC2 instance with the reboot parameter enabled.

Answer: C

 

NEW QUESTION 55
A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group.
The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a SysOps administrator take to resolve this problem? (Choose two.)

• A. Change to the least outstanding requests algorithm on the ALB target group.
• B. Enable sticky sessions on the ALB target group.
• C. Enable group-level stickiness on the ALB listener rule.
• D. Configure header forwarding in the CloudFront distribution cache behavior.
• E. Configure cookie forwarding in the CloudFront distribution cache behavior.

Answer: B,D

 

NEW QUESTION 56
A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.)

• A. CloudFront access logs
• B. AWS CloudTrail logs
• C. ALB access logs
• D. VPC Flow Logs
• E. RDS logs

Answer: A,C

Explanation:
Reference:
"C" because Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
"D" because "you can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives"
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

 

NEW QUESTION 57
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data.
Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirements?

• A. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.
• B. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.
• C. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.
• D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server's IP address to Kibana.

Answer: A

 

NEW QUESTION 58
A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.
Which solution will meet these requirements?

• A. Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the CloudFront distribution.
• B. Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3 bucket.
• C. Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.
• D. Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.

Answer: B

 

NEW QUESTION 59
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website's apex domain name (for example,
"company.com") to the Application Load Balancer?

• A. SOA
• B. TXT
• C. CNAME
• D. ALIAS

Answer: D

 

NEW QUESTION 60
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted How can this be resolved?

• A. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
• B. Enable encryption on each host's local drive Restart each host to encrypt the drive
• C. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume
• D. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect

Answer: C

 

NEW QUESTION 61
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

• A. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
• B. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
• C. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.
• D. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Answer: A

Explanation:
Reference:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html If you're using AWS Organizations, check the service control policies for any statements that explicitly deny Amazon S3 access. In particular, check the service control policies for statements denying the s3:PutBucketPolicy action. https://aws.amazon.com/tw/premiumsupport/knowledge-center/s3-access-denied-bucket-policy/

 

NEW QUESTION 62
A company has launched a social media website that gives users the ability to upload images directly to a centralized Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3 bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed.
What should the SysOps administrator do to meet these requirements?

• A. Create an accelerator in AWS Global Accelerator for the S3 bucket.
• B. Enable S3 Transfer Acceleration on the S3 bucket.
• C. Enable cross-origin resource sharing (CORS) on the S3 bucket.
• D. Create S3 access points in Regions that are closer to the users.

Answer: D

 

NEW QUESTION 63
A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

• A. Modify the EFS file system mount options to enable Transport Layer Security (TLS) on each of the EC2 instances.
• B. Use AWS CloudHSM to encrypt the files directly before storing them in the EFS file system.
• C. Create a new encrypted EFS file system and copy the data from the unencrypted EFS file system to the new encrypted EFS file system.
• D. Update the EFS file system settings to enable server-side encryption using AES-256.

Answer: C

 

NEW QUESTION 64
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

• A. Specify all account numbers as the principal.
• B. Specify PrincipalOrgld as the principal.
• C. Specify the organization's management account as the principal.
• D. Specify '*' as the principal and PrincipalOrgld as a condition.

Answer: B

 

NEW QUESTION 65
A SysOps administrator applies the following policy to an AWS CloudFormation stack:

What is the result of this policy?

• A. Users can update all resources in the stack except for resources that have a logical ID that begins with "Production".
• B. Users can update all resources in the stack except for resources that have an attribute that begins with "Production".
• C. Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command.
• D. Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command.

Answer: A

 

NEW QUESTION 66
A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization.
The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether they comply with this requirement.
Which combination of steps should the SysOps administrator take to collect this data? {Select TWO).

• A. Use the AWS Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.
• B. Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.
• C. Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.
• D. Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket
• E. Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the s3-bucket-public-read-prohibited rule for the entire organization.

Answer: B,E

 

NEW QUESTION 67
......

AWS SOA-C02 Exam Certification Details:

Sample Questions	AWS SOA-C02 Sample Questions
Schedule Exam	AWS Certification
Exam Price	$150 USD
Passing Score	720 / 1000
Number of Questions	65
Exam Name	AWS SysOps Administrator Associate (AWS-SysOps)
Exam Code	SOA-C02
Recommended Training / Books	Systems Operations on AWS
Duration	180 minutes

 

Verified SOA-C02 dumps Q&As Latest SOA-C02  Download: https://www.itexamreview.com/SOA-C02-exam-dumps.html

Updated 100% Cover Real SOA-C02 Exam Questions - 100% Pass Guarantee: https://drive.google.com/open?id=1J00nvHI0oc3yR5Aw0uWtQMkO1AvTzb2t