Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Amazon Web Services SOA-C01 - AWS Certified SysOps Administrator - Associate

Amazon Web Services SOA-C01 Premium Access     Download Demo    
Page: 3 / 8
Total 263 questions

A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.

Destination – 10.2.0.0/16

Target – local

Status – Active

Propagated – No

Destination – 0.0.0.0/0

Target – nat-xxxxxxx

Status – Blackhole

Propagated – No

What has caused the connectivity issue?

A.

The NAT gateway no longer exists

B.

There is no route to the internet gateway.

C.

The routes are no longer propagating.

D.

There is no route rule with a destination for the internet.

A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.

Which action should be taken to meet these requirements?

A.

Edit the template to remove the RDS resources and update the stack.

B.

Enable termination protection on the stack.

C.

Set the deletionPolicy attributes for RDS resources to retain in the template.

D.

Set the deletion-protection parameter on RDS resources.

A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront

What is the MOST cost-effective way to achieve this?

A.

Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL

B.

Create an ALIAS record in Amazon Route 53 that points to the CloudFront distribution URL

C.

Creole an A record in Amazon Route 53 that points to the public IP address of the web application

D.

Create a PTR record in Amazon Route 53 that points to the public IP address of the web application

A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.

Which AWS tool will provide the necessary information?

A.

AWS Macie

B.

AWS Artifact

C.

AWS OpsWorks

D.

AWS Organizations

A company is storing monthly reports on Amazon S3. The company’s security requirement states that traffic from the client VPC to Amazon S3 cannot traverse the internet.

What should the SysOps Administrator do to meet this requirement?

A.

Use AWS Direct Connect and a public virtual interface to connect to Amazon S3.

B.

Use a managed NAT gateway to connect to Amazon S3.

C.

Deploy a VPC endpoint to connect to Amazon S3.

D.

Deploy an internet gateway to connect to Amazon S3.

A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.

Which service can be used to monitor and recover the EC2 instances?

A.

Amazon EC2 Systems Manager

B.

Amazon Inspector

C.

AWS CloudFormation

D.

Amazon CloudWatch

A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.

What is the MOST efficient approach to accomplish this?

A.

Write a AWS lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.

B.

Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.

C.

Redesign the aggregation of logs so that each team’s relevant parts are sent to a separate log group, then subscribe each team to its respective log group.

D.

Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull streams, look for patterns, and send notifications to relevant teams.

A SysOps Administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:

AMI [ami-12345678] does not exist.

How should the Administrator ensure that the AWS CloudFormation template is working in every region?

A.

Copy the source region’s Amazon Machine Image (AMI) to the destination region and assign it the same ID.

B.

Edit the AWS CloudFormation template to specify the region code as part of the fully qualified AMI ID.

C.

Edit the AWS CloudFormation template to offer a drop-down list of all AMIs to the user by using the AWS: :EC2: :AMI: :ImageID control.

D.

Modify the AWS CloudFormation template by including the AMI IDs in the “Mappings” section. Refer to the proper mapping within the template for the proper AMI ID.

After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.

What should the SysOps Administrator analyze?

A.

VPC Flow Logs

B.

Elastic Load Balancing logs

C.

Amazon CloudFront logs

D.

Amazon RDS MySQL error logs

A SysOps administrator needs to register targets for a Network Load Balancer (NL8) using IP addresses Which prerequisite should the SysOps administrator validate to perform this task?

A.

Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04

B.

Ensure the heath check setting on the NLB for the Matcher configuration is between 200 and 399

C.

Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r 100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).

D.

Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses