Amazon (SOA-C02) Exam Questions And Answers page 5
A company is testing Amazon Elasticsearch Service (Amazon ES) as a solution for analyzing system logs from a fleet of Amazon EC2 instances. During the test phase, the domain operates on a single-node cluster. A SysOps administrator needs to transition the test domain into a highly available production-grade deployment.
Which Amazon ES configuration should the SysOps administrator use to meet this requirement?
Which Amazon ES configuration should the SysOps administrator use to meet this requirement?
Use a cluster of six data nodes across three Availability Zones. Use three dedicated master nodes.
Use a cluster of six data nodes across three Availability Zones. Use six dedicated master nodes.
Use a cluster of eight data nodes across two Availability Zones. Deploy four master nodes in a failover AWS Region.
High Availability and Business Continuity
Deployment, Provisioning, and Automation
A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of host1.onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of host1.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS.
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?
Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.
Deployment, Provisioning, and Automation
Networking and Content Delivery
A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of host1.onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of host1.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS.
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?
Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.
Deployment, Provisioning, and Automation
Networking and Content Delivery
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.
Which actions should a SysOps administrator take to improve the performance of the file system?
Which actions should a SysOps administrator take to improve the performance of the file system?
Configure the file system for Provisioned Throughput.
Enable encryption in transit on the file system.
Identify any unused files in the file system, and remove the unused files.
Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
Networking and Content Delivery
Cost and Performance Optimization
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?
Which solution will meet these requirements?
Create an Aurora Replica. Promote the replica to replace the primary DB instance.
Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
Use backtracking to rewind the existing DB cluster to the desired recovery point.
Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.
Monitoring and Reporting
Security and Compliance
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?
Which solution will meet these requirements?
Create an Aurora Replica. Promote the replica to replace the primary DB instance.
Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
Use backtracking to rewind the existing DB cluster to the desired recovery point.
Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.
Monitoring and Reporting
Security and Compliance
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months.
What is the process to rotate the key?
What is the process to rotate the key?
Enable automatic key rotation for the CMK, and specify a period of 6 months.
Create a new CMK with new imported material, and update the key alias to point to the new CMK.
Delete the current key material, and import new material into the existing CMK.
Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.
Security and Compliance
Cost and Performance Optimization
A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.
What is the MOST cost-effective way to resize the cluster?
What is the MOST cost-effective way to resize the cluster?
Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.
Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original cluster.
Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and restore the backup in the new cluster. After the process is complete, shut down the original cluster.
Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to large nodes.
High Availability and Business Continuity
Cost and Performance Optimization
A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account s Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket?
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket?
Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
Enable log file integrity validation and use digest files to verify the hash value of the log file.
Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
Enable S3 server access logging to track requests made to the log bucket for security audits.
Security and Compliance
Networking and Content Delivery
A company must ensure that any objects uploaded to an S3 bucket are encrypted.
Which of the following actions will meet this requirement? (Choose two.)
Which of the following actions will meet this requirement? (Choose two.)
Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
Security and Compliance
Networking and Content Delivery
Comments