SOA-C01 Amazon Web Services AWS Certified SysOps Administrator

AWS Certified SysOps Administrator - Associate

Last Update 22 hours ago Total Questions : 263

The AWS Certified SysOps Administrator - Associate content is now fully updated, with all current exam questions added 22 hours ago. Deciding to include SOA-C01 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our SOA-C01 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these SOA-C01 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any AWS Certified SysOps Administrator - Associate practice test comfortably within the allotted time.

Question # 41

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.

Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)

Attach a NAT gateway to the VPC and configure routing

Attach a virtual private gateway to the VPC and configure routing

Attach an internet gateway to the VPC and configure routing

Configure a VPN connection back to the corporate office.

Configure an Application Load Balancer in front of the EC2 instances

Question # 42

A SysOps Administrator has configured health checks on a load balancer. An Amazon EC2 instance attached to this load balancer fails the health check.

What will happen next? (Choose two.)

The load balancer will continue to perform the health check on the EC2 instance.

The EC2 instance will be terminated based on the health check failure.

The EC2 instance will be rebooted.

The load balancer will stop sending traffic to the EC2 instance.

A new EC2 instance will be deployed to replace the unhealthy instance.

Question # 43

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?

Scale the cluster by adding additional nodes

Scale the cluster by adding read replicas

Scale the cluster by increasing CPU capacity

Scale the web layer by adding additional EC2 instances

Question # 44

A company needs to ensure that all IAM users rotate their password on a regular basis.

Which action should be taken to implement this?

Configure multi-factor authentication for all IAM users.

Deactivate existing users and re-create new users every time a credential rotation is required.

Re-create identity federation with new identity providers every time a credential rotation is required

Set up a password policy to enable password of expiration for IAM users.

Question # 45

A company manages multiple AWS accounts and wants to provide access to AWS from a single management account using an existing on-premises Microsoft Active Directory domain. Which solution will meet these requirements with the LEAST amount of effort?

Create an Active Directory connector using AWS Directory Service. Create 1AM users in the target accounts with the appropriate trust policy.

Create an Active Directory connector using AWS Directory Service. Associate the directory with AWS Single Sign-On (AWS SSO). Configure user access to target accounts through AWS SSO.

Create an Amazon Cognito federated identity pool. Associate the pool identity with the on-premises directory. Configure the 1AM roles with the appropriate trust policy,

Create an identity provider in AWS 1AM associated with the on-premises directory. Create 1AM roles in the target accounts with the appropriate trust policy.

Question # 46

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations

What should a SysOps administrator do to implement this requirement?

Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console

Develop an 1AM policy that limits the business units to provision EC2 instances only Instruct the business units to launch instances by using an AWS CtoudFormation template.

Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog Allow the business units to perform actions in AWS Service Catalog only

Share an AWS CloudFormation template with the business units Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Question # 47

A SysOps Administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:

AMI [ami-12345678] does not exist.

How should the Administrator ensure that the AWS CloudFormation template is working in every region?

Copy the source region’s Amazon Machine Image (AMI) to the destination region and assign it the same ID.

Edit the AWS CloudFormation template to specify the region code as part of the fully qualified AMI ID.

Edit the AWS CloudFormation template to offer a drop-down list of all AMIs to the user by using the AWS: :EC2: :AMI: :ImageID control.

Modify the AWS CloudFormation template by including the AMI IDs in the “Mappings” section. Refer to the proper mapping within the template for the proper AMI ID.

Question # 48

A sysops administrator is trying to identify why putObject calls are not being made from an Amazon EC2 instance to an Amazon S3 bucket in the same region. The instance is launched in a subnet with CIDR range 10.0.1.0/24 and Auto-assign Public IP’ set to “yes”. The instance profile tied to this instance has ‘AmazonS3FullAccess” Policy.

Security group rules for the instance:

Based on the information provided, what is causing the lack of access to S3 from the instance?

The instances profile does not have explicit permissions to write objects to the S3 bucket.

The route table does not have a rule for all traffic to pass through a NAT gateway.

The route table does not have a rule for all traffic to pass through an internet gateway.

The security group does not allow all TCP and all UDP traffic.

Question # 49

A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:

What is one cause of this?

The cluster has Enhanced VPC Routing enabled and it must be turned off

The cluster is only a single node and needs to be expanded to multi-node.

The cluster login credentials are incorrect request new credentials from the Administrator

The cluster nodes are running in multiple Availability Zones, and all need to be placed in a single Availability Zone.

Question # 50

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

Create and run an Amazon Inspector assessment template.

Manually SSH into each instance and check the software version.

Use AWS CloudTrail to verify Amazon EC2 activity in the account.

Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.