Amazon (SOA-C02) Exam Questions And Answers page 1
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?
What is the MOST operationally efficient solution that meets these requirements?
Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
Security and Compliance
Cost and Performance Optimization
A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template. It installs and configures necessary software through AWS OpsWorks, and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours, but at times, the process stalls due to installation errors.
The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back.
Based on these requirements, what should be added to the template?
The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back.
Based on these requirements, what should be added to the template?
Conditions with a timeout set to 4 hours.
CreationPolicy with a timeout set to 4 hours.
DependsOn with a timeout set to 4 hours.
Metadata with a timeout set to 4 hours.
Monitoring and Reporting
Security and Compliance
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company s security team asks for a count of application errors, grouped by type, across all of the log group.
What should a SysOps administrator do to meet this requirement?
What should a SysOps administrator do to meet this requirement?
Perform a CloudWatch Logs Insights query that uses the stats command and count function.
Perform a CloudWatch Logs search that uses the groupby keyword and count function.
Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.
Security and Compliance
Networking and Content Delivery
A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.
Which combination of actions will meet these requirements? (Choose two.)
Which combination of actions will meet these requirements? (Choose two.)
Add Auto Discovery to the data store.
Create an Amazon ElastiCache for Memcached data store.
Create an Amazon ElastiCache for Redis data store.
Enable Multi-AZ for the data store.
Enable Multi-threading for the data store.
High Availability and Business Continuity
Networking and Content Delivery
A company has an Amazon Route 53 private hosted zone in its AWS account. The private hosted zone is connected to the company s on-premises data center by an AWS Direct Connect connection. Virtual machines (VMs) in the on-premises data center need to resolve DNS queries that exist in the private hosted zone.
What is the MOST operationally efficient solution that meets this requirement?
What is the MOST operationally efficient solution that meets this requirement?
Create a Route 53 inbound resolver. Configure the on-premises VMs to use the inbound resolver.
Create a Route 53 outbound resolver. Configure the on-premises VMs to use the outbound resolver.
Configure the security group on the Route 53 private hosted zone by adding an inbound rule for the on-premises CIDR range.
Configure a Route 53 public hosted zone. Create an NS record for the private hosted zone. Query the public hosted zone from the on-premises VMs.
Monitoring and Reporting
Networking and Content Delivery
A company has a new requirement stating that all resources in AWS must be tagged according to a set policy.
Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?
Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?
AWS CloudTrail
Amazon Inspector
AWS Config
AWS Systems Manager
Security and Compliance
Cost and Performance Optimization
A company has a new requirement stating that all resources in AWS must be tagged according to a set policy.
Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?
Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?
AWS CloudTrail
Amazon Inspector
AWS Config
AWS Systems Manager
Security and Compliance
Cost and Performance Optimization
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Choose two.)
Which actions should be taken to improve the performance of the website? (Choose two.)
Add Amazon CloudFront caching for static content.
Change the load balancer listener from HTTPS to TCP.
Enable Amazon Route 53 latency-based routing.
Implement Amazon EC2 Auto Scaling for the web servers.
Move the static content from Amazon S3 to the web servers.
Deployment, Provisioning, and Automation
Networking and Content Delivery
A company has an infernal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?
Which action should the SysOps administrator take to meet this requirement?
Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
High Availability and Business Continuity
Networking and Content Delivery
A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a SysOps administrator take to resolve this problem? (Choose two.)
Which combination of actions should a SysOps administrator take to resolve this problem? (Choose two.)
Change to the least outstanding requests algorithm on the ALB target group.
Configure cookie forwarding in the CloudFront distribution cache behavior.
Configure header forwarding in the CloudFront distribution cache behavior.
Enable group-level stickiness on the ALB listener rule.
Enable sticky sessions on the ALB target group.
Monitoring and Reporting
Security and Compliance
Comments