Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Amazon Web Services SOA-C01 - AWS Certified SysOps Administrator - Associate

Amazon Web Services SOA-C01 Premium Access     Download Demo    
Page: 5 / 8
Total 263 questions

A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.

How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

A.

Update the EFS file system settings to enable server-side encryption using AES-256.

B.

Create a new encrypted EFS file system and copy the data from the unencrypted EFS file system to the new encrypted EFS file system.

C.

Use AWS CloudHSM to encrypt the files directly before storing them in the EFS file system.

D.

Modify the EFS file system mount options to enable Transport Layer Security (TLS) on each of the EC2 instances.

A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.

How should the SysOps Administrator publish the memory metrics? (Choose two.)

A.

Enable detailed monitoring on the instance within Amazon CloudWatch

B.

Publish the memory metrics to Amazon CloudWatch Events

C.

Publish the memory metrics using the Amazon CloudWatch agent

D.

Publish the memory metrics using Amazon CloudWatch Logs

E.

Set metrics_collection_interval to 60 seconds

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

A.

AWS/ApplicationELB HealthyHostCount <= 0

B.

AWS/ApplicationELB UnhealthyHostCount >= 1

C.

AWS/EC2 StatusCheckFailed <= 0

D.

AWS/EC2 StatusCheckFailed >= 1

An environment company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and Expressures (CVE) report. The Security tea, requests that all these instances be upgraded.

Who is responsible for upgrading the EC2 instances?

A.

The AWS Security team

B.

The Amazon EC2 team

C.

The AWS Premium Support team

D.

The company’s System Administrator

A SysOps administrator is creating an AWS CloudFormation template that uses Amazon EC2 auto scaling to launch EC2 instances with windows 2016. The administrator wants to configure the CloudFormation template to ensure that newly launched instances include recent security updates before serving application traffic. This will minimize the time it takes for the instance to start.

Which action will meet these requirements?

A.

Configure the template to retrieve the latest windows Amazon machine image (AMI) from AWS systems manager parameter store.

B.

Configure the template to use AWS system manager patch manager to update instances when they are launched.

C.

Create a CloudFormation nested stack that creates a new Amazon Machine Image (AMI), then use that AMI ID in the auto scaling launch configuration.

D.

Update the template with a user data script that runs windows update using the command line and then calls cfn-signal.

A company is about to launch a new product and is expecting a large increase in application traffic. The application is running on Amazon EC3 is an Auto scaling group and using an Amazon RDS multi-AZ instance. The static content is stored in Amazon S3. During the load test, the time to access the application increased significantly. A SysOps administrator wants to increase the scalability of the application without compromising the durability of the architecture.

How can this goal be achieved?

A.

Move the static content from Amazon EFS and serve that the content through the EC2 instances.

B.

Move the databases from Amazon RDS to Amazon ElastiCache for Memcached.

C.

Use Amazon Cloudfront to cache the static content.

D.

Use Amazon Route S3 with geolocation routing.

A SysOps administrator is running an automatically scaled application behind an Application Load Balancer. Scaling out Is triggered when the CPU Utilization instance metric is more than 75% across the Auto Scaling group. The administrator noticed aggressive scaling out. Developers suspect an application memory leak that is causing aggressive garbage collection cycles.

How can the administrator troubleshoot the application without triggering the scaling process?

A.

Create a scale down trigger when the CPUUtilization instance metric is at 70%.

B.

Delete the Auto Scaling group and recreate it when troubleshooting is complete

C.

Remove impacted instances from the Application Load Balancer.

D.

Suspend the scaling process before troubleshooting.

Developers are using 1AM access keys to manage AWS resources using AWS CL1 Company policy requires that access keys are automatically disabled when the access key age is greater than 90 days

Which solution will accomplish this?

A.

Configure an Amazon CloudWatch alarm to trigger an AWS Lambda function that disables keys older than 90 days

B.

Configure AWS Trusted Advisor to identify and disable keys older than 90 days.

C.

Set a password policy on the account with a 90-day expiration

D.

Use an AWS Config rule to identify noncompliant keys Create a custom AWS Systems Manager Automation document for remediation.

A SysOps Administrator needs to create a replica of a company’s existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources.

What is the MOST efficient way to accomplish this?

A.

Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.

B.

Manually create an AWS Service Catalog portfolio in the new AWS account that duplicates the original portfolio.

C.

Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.

D.

Share the AWS Service Catalog portfolio with the other AWS accounts and import the portfolio into the other AWS accounts.

A company’s website went down for several hours. The root cause was a full disk on one of the company’s Amazon EC2 instances.

Which steps should the SysOps Administrator take to prevent this from happening in this future?

A.

Configure Amazon CloudWatch Events to filter and forward AWS Health events for disk space utilization to an Amazon SNS topic to notify the Administrator.

B.

Create an AWS Lambda function to describe the volume status for each EC2 instance. Post a notification to an Amazon SNS topic when a volume status is impaired.

C.

Enable detailed monitoring for the EC2 instances. Create an Amazon CloudWatch alarm to notify the

Administrator when disk space is running low.

D.

Use the Amazon CloudWatch agent on the EC2 instances to collect disk metrics. Create a CloudWatch alarm to notify the Administrator when disk space is running low.