SOA-C01 Amazon Web Services AWS Certified SysOps Administrator

AWS Certified SysOps Administrator - Associate

Last Update 22 hours ago Total Questions : 263

The AWS Certified SysOps Administrator - Associate content is now fully updated, with all current exam questions added 22 hours ago. Deciding to include SOA-C01 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our SOA-C01 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these SOA-C01 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any AWS Certified SysOps Administrator - Associate practice test comfortably within the allotted time.

Question # 71

A company has mandated the use of multi-factor authentication (MFA) for all 1AM users, and requires users to make all API calls using the CLI. However, users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt t o enforce MFA. the company attached an 1AM policy to all users that denies API calls that have not been authenticated with MFA.

What additional step must be taken to ensure that API calls are authenticated using MFA?

Enable MFA on 1AM roles, and require 1AM users to use role credentials to sign API calls.

Ask the 1AM users to log into the AWS Management Console with MFA before making API calls using the CLI.

Restrict the 1AM users to use of the console, as MFA is not supported for CLI use.

Require users to use temporary credentials from the get-session token command to sign API calls.

Question # 72

A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.

How can these requirements be met?

Create read replicas for the RDS database and use them in case of a database failure

Create a new RDS instance from the snapshot of the original RDS instance if a failure occurs

Keep a separate RDS database running and switch the endpoint in the web application if a failure occurs

Modify the RDS instance to be a Multi-AZ deployment

Question # 73

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all. introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.

What should the administrator do to meet these requirements?

Create an 1AM managed policy lo deny access to ports 22 and 3389 on any security groups in a VPC.

Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.

Enable AWS Trusted Advisor to remediate public port access.

Use AWS Systems Manager configuration compliance to remediate public port access.

Question # 74

A company’s website went down for several hours. The root cause was a full disk on one of the company’s Amazon EC2 instances.

Which steps should the SysOps Administrator take to prevent this from happening in this future?

Configure Amazon CloudWatch Events to filter and forward AWS Health events for disk space utilization to an Amazon SNS topic to notify the Administrator.

Create an AWS Lambda function to describe the volume status for each EC2 instance. Post a notification to an Amazon SNS topic when a volume status is impaired.

Enable detailed monitoring for the EC2 instances. Create an Amazon CloudWatch alarm to notify the

Administrator when disk space is running low.

Use the Amazon CloudWatch agent on the EC2 instances to collect disk metrics. Create a CloudWatch alarm to notify the Administrator when disk space is running low.

Question # 75

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

Create an AWS Lambda function K > look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.

Configure an Amazon EventBridge (Amazon CloudWat ch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

Question # 76

An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.

How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?

Deploy a second CloudFormation stack and use Amazon Route 53 to redirect traffic to the new stack.

Run the awa cloudformation update-attack command with the —rollback-configuration option.

Set an AutoScal ingRollingUpdate policy in the CloudFormation template to update the stack.

Update the CloudFormation template with the new AMI ID. then reboot the EC2 instances.

Question # 77

A SysOps administrator is managing a VPC network consisting of public and private subnets. Instances in the private subnets access the internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creatin g the most network traffic.

How should this be accomplished?

Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses

Run an AWS Cost and Usage report and group the findings by instance ID.

Use the VPC traffic mirroring feature to send traffic to Amazon QuickSight.

Use Amazon CloudWatch metrics generated by the NAT gateway for each individual instance.

Question # 78

Company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private and perform cryptographic signing operations in a secure environment.

Which service should be used to meet these requirements?

AWS CloudHSM

AWS KMS

AWS Certificate Manager

Amazon Connect