Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Amazon Web Services SOA-C01 - AWS Certified SysOps Administrator - Associate

Amazon Web Services SOA-C01 Premium Access     Download Demo    
Page: 1 / 8
Total 263 questions

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

A.

Create and run an Amazon Inspector assessment template.

B.

Manually SSH into each instance and check the software version.

C.

Use AWS CloudTrail to verify Amazon EC2 activity in the account.

D.

Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

A company uses federation to authenticate users and grant AWS permissions. The SysOps Administrator has been asked to determine who made a request to AWS Organizations for a new AWS account.

What should the Administrator review to determine who made the request?

A.

AWS CloudTrail for the federated identity user name

B.

AWS IAM Access Advisor for the federated user name

C.

AWS Organizations access log for the federated identity user name

D.

Federated identity provider logs for the user name

Which component of an Ethernet frame is used to notify a host that traffic is coming?

A.

Type field

B.

preamable

C.

Data field

D.

start of frame delimiter

A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.

Which metric can be measured given the constraints? (Select Three)

A.

CPU Utilization

B.

Disk Read Operations

C.

Memory Utilization

D.

Network Packets In

E.

Network Packets Dropped

F.

CPU Ready Time

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

A.

Delete the failed stack and create a new stack.

B.

Execute a change set on the failed stack.

C.

Perform an update-stack action on the failed stack.

D.

Run a validate-template command.

Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration. Which log type will confirm whether users are trying to connect to the correct port?

A.

AWS CloudTrail logs

B.

Elastic Load Balancer access logs

C.

Amazon S3 access logs

D.

VPC Flow Logs

A SysOpsAdministrator is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Administrator wants to be notified automatically of AWS Personal Health Dashboard events.

In the main payer account, the Administrator configures Amazon CloudWatch Events triggered by AWS Health events triggered by AWS Health triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger.

Why did the alerts fail?

A.

Amazon SNS cannot be triggered from the AWS Personal Health Dashboard

B.

The AWS Personal Health Dashboard only reports events from one account, not linked accounts.

C.

The AWS Personal Health Dashboard must be configured from the payer account only; all events will then roll up into the payer account.

D.

AWS Organizations must be used to monitor linked accounts.

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?

A.

Change the root user password by using the AWS CLI routinely.

B.

Periodically use the AWS CLI to rotate access keys and secret keys for the root user.

C.

Use AWS Trusted Advisor security checks to review the configuration of the root user.

D.

Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.

A SysOps Administrator at an ecommerce company discovers that several 404 errors are being sent to one IP address every minute. The Administrator suspects a bot is collecting information about products listed on the company’s website.

Which service should be used to block this suspected malicious activity?

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWS Shield Standard

D.

AWS WAF

A company is planning to expand into an additional AWS region for disaster recovery purposes. the company uses AWS CloudFormation, and its infrastructure is well-defined as code. The company would like to reuse as much of its existing code as possible when deploying resources to additional Regions.

A SysOps Administrator is reviewing how Amazon Machine Images (AMIs) are selected in AWS CloudFormation, but is having trouble making the same stack work in the new Region.

Which action would make it easier to manage multiple Regions?

A.

Name each AMI in the new Region exactly the same as the equivalent AMI in the first Region.

B.

Duplicate the stack so unique AMI names can be coded into the appropriate stack.

C.

Create an alias for each AMI so that an AMI can be referenced by a common name across Regions.

D.

Create a Mappings section in the stack, and define the Region to AMI associations.