Amazon (SOA-C02) Exam Questions And Answers page 7
A company uses an Amazon RDS DB instance for data storage for its web application. For disaster recovery purposes, a SysOps administrator has configured an AWS Lambda function that copies the daily DB snapshot to the us-west-2-Region.
The SysOps administrator must provide a custom DNS name, myexampledb, for the DB instance so that the company s developers do not need to update the application code if the DB snapshot must be restored in another Region. The company hosts its corporate domain, example.com, on Amazon Route 53.
Which solution will meet these requirements?
The SysOps administrator must provide a custom DNS name, myexampledb, for the DB instance so that the company s developers do not need to update the application code if the DB snapshot must be restored in another Region. The company hosts its corporate domain, example.com, on Amazon Route 53.
Which solution will meet these requirements?
Create a Route 53 CNAME record that maps myexampledb.example.com to the DB instance domain name. Instruct the developers to refer to myexampledb.example.com in their application. After restoring the DB snapshot in us-west-2, update the CNAME record to point to the new DB instance domain name.
Locate the IP address of the DB instance. Create a Route 53 A record that maps myexamplebd.example.com to the IP address. Instruct the developers to refer to myexampledb.example.com in their application. After restoring the DB snapshot in us-west-2, update the A record to point to the new DB instance IP address.
Locate the IP address of the DB instance. Create a Route 53 alias record that maps myexampledb.example.com to the IP address. Instruct the developers to refer to myexampledb.example.com in their application. After restoring the DB snapshot in us-west-2, update the alias record to point to the new DB instance IP address.
Monitoring and Reporting
Cost and Performance Optimization
A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance. A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched.
What should the SysOps administrator do to meet this requirement?
What should the SysOps administrator do to meet this requirement?
Add a wait condition to the template. Update the EC2 instance user data script to send a signal after the EC2 instance is started.
Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource.
Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource.
Create multiple templates. Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created.
Deployment, Provisioning, and Automation
Networking and Content Delivery
A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?
Which solution will meet these requirements?
Set up an AWS Config rule to alert based on changes to any CloudFormation stack. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.
Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.
Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update:*
Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources.
Deployment, Provisioning, and Automation
Security and Compliance
A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the application across the AWS accounts.
A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company s existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS Single Sign-On (AWS SSO) and has set up an AWS Direct Connect connection.
What is the MOST operationally efficient solution that meets these requirements?
A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company s existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS Single Sign-On (AWS SSO) and has set up an AWS Direct Connect connection.
What is the MOST operationally efficient solution that meets these requirements?
Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for AWS SSO. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for AWS SSO. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for AWS SSO. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
Use the built-in SSO directory as the identity source for AWS SSO. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.
Deployment, Provisioning, and Automation
Security and Compliance
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.
Which solution will meet these requirements?
Which solution will meet these requirements?
Purchase RIs in individual member accounts. Disable RI discount sharing in the management account.
Purchase RIs in individual member accounts. Disable RI discount sharing in the member accounts.
Purchase RIs in the management account. Disable RI discount sharing in the management account.
Purchase RIs in the management account. Disable RI discount sharing in the member accounts.
Deployment, Provisioning, and Automation
Cost and Performance Optimization
A company uses several large Chef recipes to automate the configuration of virtual machines (VMs) in its data center. A SysOps administrator is migrating this workload to Amazon EC2 Instances on AWS and must run the existing Chef recipes.
Which solution will meet these requirements MOST cost-effectively?
Which solution will meet these requirements MOST cost-effectively?
Create a Chef server that includes EC2 instances. Migrate the existing recipes. Modify the EC2 instance user data to connect to Chef.
Set up AWS OpsWorks for Chef Automate. Migrate the existing recipes. Modify the EC2 instance user data to connect to Chef.
Upload the existing recipes to Amazon S3. Run the recipes by using AWS Systems Manager State Manager.
Upload the existing recipes to the user data section during the creation of the EC2 instances.
Deployment, Provisioning, and Automation
Cost and Performance Optimization
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?
What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?
Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.
Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.
Security and Compliance
Networking and Content Delivery
How to set up email alerts for IAM CreateUser API calls in AWS?
Multiple Choice
A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.
Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)
Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)
Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.
Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.
Monitoring and Reporting
Security and Compliance
A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.
What is the MOST operationally efficient solution that meets these requirements?
What is the MOST operationally efficient solution that meets these requirements?
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags.
Deployment, Provisioning, and Automation
Cost and Performance Optimization
A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.
What is the MOST operationally efficient solution that meets these requirements?
What is the MOST operationally efficient solution that meets these requirements?
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags.
Deployment, Provisioning, and Automation
Cost and Performance Optimization
Comments