Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Amazon Web Services SOA-C01 - AWS Certified SysOps Administrator - Associate

Amazon Web Services SOA-C01 Premium Access     Download Demo    
Page: 6 / 8
Total 263 questions

A SysOps Administrator is configuring AWS SSO tor the first time. The Administrator has already created a directory in the master account using AWS Directory Service and enabled full access in AWS Organizations

What should the Administrator do next to configure the service?

A.

Create IAM roles in each account to be used by AWS SSO, and associate users with these roles using AWS SSO

B.

Create IAM users in the master account and use AWS SSO to associate the users with the accounts they will access

C.

Create permission sets in AWS SSO and associate the permission sets with Directory Service users or groups

D.

Create service control policies (SCPs) in Organizations and associate the SCPs with Directory Service users or groups

A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours

Which steps will ensure that the instance maintenance does not produce an outage?

A.

Configure an Amazon Lambda function to automatically start the instance if it is stopped

B.

Create an Amazon Machine Image (AMI) of the instance and use the AMI to launch a new instance once the existing instance is retired

C.

Enable termination protection on the EC2 instance

D.

Stop and start the EC2 instance during a maintenance window outside of normal business hours

An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.

What is a possible cause of this failure?

A.

The IAM user did not have privileges to launch the CloudFormation template.

B.

The t2 medium EC2 instance service limit was reached.

C.

An AWS Budgets threshold was breached.

D.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create end delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company's AWS accounts and should be available to the Data Scientists, but no other users within the accounts.

Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?

A.

Create an Amazon Machine Image (AMI) of the EC2 instance. Share the AMI with authorized accounts owned by the company. Allow the Data Scientists to create EC2 instances with this AMI.

B.

Distribute an AWS CloudFormation template containing the EC2 instance configuration to the Data Scientists from an Amazon S3 bucket. Set the S3 template object to be readable from the AWS Organization orgid.

C.

Publish the instance configuration to the Private Marketplace Share the Private Marketplace with the company's AWS accounts. Allow the Data Scientists to subscribe and launch the product from the Private Marketplace.

D.

Upload an AWS CloudFormation template to AWS Service Catalog. Allow the Data Scientists to provision and deprovision products from the company's AWS Service Catalog portfolio.

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?

A.

AWS CloudTrail data event logging

B.

AWS CloudTrail management event logging

C.

Amazon inspector bucket event logging

D.

Amazon inspector event logging

A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred.

What are possible causes for this? (Choose two.)

A.

A read contention on the database.

B.

A storage failure on the primary database.

C.

A write contention on the database.

D.

Database corruption errors.

E.

The database instance type was changed.

An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account. How can a SysOps administrator achieve this while maintaining the security of the application?

A.

Create an encrypted Amazon Machine Image (AMI) of the instance and make it public to allow the other account to search and launch an instance from it.

B.

Create an AMI of the instance, add permissions for the AMI to the other AWS account, and start a new instance in the new region by using that AMI.

C.

Create an AMI of the instance, copy the AMI to the new region, add permissions for the AMI to the other AWS account, and start the new instance.

D.

Create an encrypted snapshot of the instance and make it public Provide only permissions to decrypt to the other AWS account.

Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?

A.

Performing underlying OS updates

B.

Provisioning of storage for database

C.

Scheduling maintenance, patches, and other updates

D.

Executing maintenance, patches, and other updates

A SySOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team. Members of the team are part of an IAM group to which the following IAM policy has been assigned.

Which of the following actions will be allowed on the bucket? (Select TWO.)

A.

Get the bucket's region.

B.

Delete an object.

C.

Delete the bucket

D.

Download an object

E.

List all the buckets in the account.

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

A.

Enable the CloudTrail log file integrity check in AWS Config Rules.

B.

Use CloudWatch Events to scan log files hourly.

C.

Enable CloudTrail log file integrity validation.

D.

Turn on Amazon S3 MFA Delete for the CloudTrail bucket.

E.

Implement a DENY ALL bucket policy on the CloudTrail bucket.