Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Amazon Web Services SOA-C01 - AWS Certified SysOps Administrator - Associate

Amazon Web Services SOA-C01 Premium Access     Download Demo    
Page: 7 / 8
Total 263 questions

A company is running multiple AWS Lambda functions in a non-VPC environment. Most of the functions are application-specific; an operational function is involved synchronously every hour.

Recently, the Applications team deployed new functions that are triggered based on an Amazon S3 event to process multiple files that are uploaded to an S3 bucket simultaneously. The SysOps Administrator notices that the operational function occasionally fails to execute due to throttling.

What step should the Administrator take to make sure that the operational function executes?

A.

Redeploy the operational function to a VPC.

B.

Increase the operational function timeout.

C.

Set the operational function concurrency to 1.

D.

Increase the operational function memory.

A SysOps Administrator manages an Amazon RDS MySQL DB instance in production. The database is accessed by several applications. The Administrator needs to ensure minimal downtime of the applications in the event the database suffers a failure. This change must not impact customer use during regular business hours.

Which action will make the database MORE highly available?

A.

Contact AWS Support to pre-warm the database to ensure that it can handle any unexpected spikes in traffic

B.

Create a new Multi-AZ RDS DB instance. Migrate the data to the new DB instance and delete the old one

C.

Create a read replica from the existing database outside of business hours

D.

Modify the DB instance to outside of business hours be a Multi-AZ deployment

An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.

What Amazon Glacier configuration option should be used to meet this compliance requirements?

A.

A Glacier data retrieval policy.

B.

A Glacier Vault access policy.

C.

A Glacier vault lock policy.

D.

A Glacier vault notification

Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.

How can this be accomplished?

A.

Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.

B.

Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

C.

Send Cost and Usage Reports files to a central Amazon S3 bucket and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.

D.

Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.

An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.

What should the organization do to reduce costs?

A.

Purchase Reserved Instances for the specific m2 instances

B.

Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances

C.

Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.

D.

Purchase Spot Instances for the specific m2 instances

A SysOps Administrator is deploying a legacy web application on AWS. The application has four Amazon EC2 instances behind Classic Load Balancer and stores data in an Amazon RDS instance. The legacy application has known vulnerabilities to SQL injection attacks, but the application code is no longer available to update.

What cost-effective configuration change should the Administrator make to migrate the risk of SQL injection attacks?

A.

Configure Amazon GuardDuty to monitor the application for SQL injection threats.

B.

Configure AWS WAF with a Classic Load Balancer for protection against SQL injection attacks.

C.

Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.

D.

Configure an Amazon CloudFront distribution with the Classic Load Balancer as the origin and subscribe to AWS Shield Standard.

A company's finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements?

A.

Configure AWS Cost and Usage reports for each department Run the reports monthly.

B.

Schedule a monthly report for each department using AWS Budgets

C.

Run a monthly AWS CloudTrail report of resource usage by tag using department codes

D.

Tag all resources with department codes Generate a monthly cost allocation report

A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:

What action will resolve the issue?

A.

Modify the EC2 security group rules to allow inbound traffic from the on-premises computer

B.

Modify the EC2 security group rules to allow outbound traffic to the on-premises computer

C.

Modify the VPC network ACL rules to allow inbound traffic from the on-premises computer

D.

Modify the VPC network ACL rules to allow outbound traffic to the on-premises computer

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

A.

Add a product from the imported portfolio to a local portfolio.

B.

Add new product to the imported portfolio.

C.

Change the launch role for the products contained in the imported portfolio.

D.

Remove Products from the imported portfolio.

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?

A.

Implement an IAM policy that uses the aws:sourceConnection condition to allow access from the AWS Direct Connect connection ID only

B.

Set up a public virtual interface on the AWS Direct Connect connection

C.

Configure AWS Shield to protect the AWS Management Console from being accessed by IP addresses other than those within the data center ranges

D.

Update all the VPC network ACLs to allow access from the data center IP ranges