SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

The Amazon Machine image used is not available in that region.

The AWS CloudFormation template needs to be updated to the latest version.

The VPC configuration parameters have changed and must be updated in the template.

The account has reached the default limit for VPCs allowed.

Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.

Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.

Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.

Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Add the AWS account to AWS Organizations Enable CloudTrail in the management account

Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action

Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail

Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail

Enable S3 server access logging for audit logs. Set up an Amazon Simple Notification Service (Amazon SNSJ notification for the S3 bucket. Select DeleteObject tor the event type for the alert system.

Enable S3 server access logging for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.

Use Amazon CloudWatch Logs for audit logs. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.

Use Amazon CloudWatch Logs for audit logs. Launch an Amazon EC2 instance for The alert system. Run a cron job on the EC2 Instance each day to compare the list of the items with the list from the previous day. Configure the cron job to send a notification if an item is missing.

Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.

Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.

Purchase Reserved Instances through the Amazon EC2 console.

Use AWS Compute Optimizer and take action on the provided recommendations.

Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.

Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.

Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.

Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.

Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify the application to check the cache before the application issues new queries to the database. Add the results of any queries to the cache.

Deploy an Aurora Replica for the DB cluster. Modify the application to use the reader endpoint for search operations. Use Aurora Auto Scaling to scale the number of replicas based on load. Most Voted

Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.

Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application. Use Aurora Auto Scaling to scale the instance size based on load.

Deploy workloads only to Dedicated Hosts.

Deploy workloads only to Dedicated Instances.

Deploy workloads only to Reserved Instances.

Place all instances in a dedicated placement group.

Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.

Configure AWS Network Firewall to redirect traffic to the internal S3 address.

Modify the application to use the S3 path-style endpoint.

Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.

Set up an Amazon S3 File Gateway.

Set up an AWS Direct Connect connection.

Use AWS DataSync to automate data transfers between the existing file servers and AWS.

Set up an Amazon FSx File Gateway.

Log in to the RDS console and select the encryption box to encrypt the database

Create a new encrypted Amazon EBS volume and attach it to the instance

Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.

Take a snapshot of the RDS instance, copy and encrypt the snapshot and then restore to the new RDS instance

Store the credentials in AWS Systems Manager Parameter Store as a secure string. Configure automatic rotation with a rotation interval of 30 days.

Store the credentials in AWS Secrets Manager. Configure automatic rotation with a rotation interval of 30 days.

Store the credentials in a file in an Amazon S3 bucket. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Store the credentials in AWS Secrets Manager. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user. Share the user credentials with the security administrator.

Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM

user. Share the user credentials with the security administrator.

Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account.

Perform a CloudWatch Logs Insights query that uses the stats command and count function.

Perform a CloudWatch Logs search that uses the groupby keyword and count function.

Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.

Sign in as an 1AM user with administrator permissions. Resynchronize the MFA token by using the 1AM console.

Sign in as an 1AM user with administrator permissions. Reset the MFA device for the root user by adding a new device.

Use the forgot-password process to verify the email address. Set up a new password and MFA device.

Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.

Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.

Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.

Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.