SOA-C02 Online Practice Questions and Answers

A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched

What should the SysOps administrator do to meet this requirement?

A. Add a wait condition to the template Update the EC2 instance user data script to send a signal after the EC2 instance is started

B. Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource

C. Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource

D. Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created

Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.

To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:

What is the reason for the rejected traffic?

A. The security group of the EC2 instances has no Allow rule for the traffic from the NLB.

B. The security group of the NLB has no Allow rule for the traffic from the on-premises environment.

C. The ACL of the on-premises environment does not allow traffic to the AWS environment.

D. The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.

A company wants to archive sensitive data on Amazon S3 Glacier. The company's regulatory and compliance requirements do not allow any modifications to the data by any account.

Which solution meets these requirements?

A. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.

B. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.

C. Configure S3 Object Lock in governance mode. Upload all files after 24 hours.

D. Configure S3 Object Lock in governance mode. Upload all files within 24 hours.

A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones The application uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests tor dynamic content to the load balancer and requests for static content to an Amazon S3 bucket Site visitors are reporting extremely long loading times.

Which actions should be taken to improve the performance of the website? (Select TWO )

A. Add Amazon CloudFront caching for static content

B. Change the load balancer listener from HTTPS to TCP

C. Enable Amazon Route 53 latency-based routing

D. Implement Amazon EC2 Auto Scaling for the web servers

E. Move the static content from Amazon S3 to the web servers

A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3.

Which action should a SysOps administrator take to meet this requirement?

A. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.

B. Create an Amazon ElastiCache duster and enable caching for the S3 bucket

C. Set up AWS Global Accelerator and configure it with the S3 bucket

D. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files

An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted These objects must be encrypted, and all future objects must be encrypted at the time they are written. Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO )

A. Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place

B. Edit the properties of the S3 bucket to enable default server-side encryption

C. Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with en cryption enabled

D. Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS"

E. Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found

A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.

What is the MOST operationally efficient solution that will improve the application's responsiveness?

A. Configure CloudWatch logging on the EC2 instance. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.

B. Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency.

C. Create an Auto Scaling group, and assign it to an Application Load Balancer. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group.

D. Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%. Configure the alarm to invoke an AWS Lambda function that vertically scales the instance.

A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2

instances in eu-central-1 are unable to connect to the database in us-east-1.

What is the MOST operationally efficient solution that will resolve this connectivity issue?

A. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.

B. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.

C. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.

D. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.

A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.

What is the MOST operationally efficient solution that meets this requirement?

A. Create a rule in Amazon EventBridge that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.

B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.

C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.

D. Create a rule in Amazon EventBridge with a managed rule to evaluate all created or updated resources for the specified tags.

A company is running an ecommerce application on AWS. The application maintains many open but idle connections to an Amazon Aurora DB cluster. During times of peak usage, the database produces the following error message: "Too many connections." The database clients are also experiencing errors.

Which solution will resolve these errors?

A. Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database.

B. Configure RDS Proxy. Update the application with the RDS Proxy endpoint.

C. Turn on enhanced networking for the DB instances.

D. Modify the DB cluster to use a burstable instance type.