• Home
  • Articles
  • Pass AWS Certified Associate SOA-C02 exam [Jan 05, 2024] Updated 428 Questions [Q215-Q232]

Pass AWS Certified Associate SOA-C02 exam [Jan 05, 2024] Updated 428 Questions [Q215-Q232]

Share

Pass AWS Certified Associate SOA-C02 exam [Jan 05, 2024] Updated 428 Questions

Amazon SOA-C02 Actual Questions and 100% Cover Real Exam Questions

NEW QUESTION # 215
A company has an application that uses an Amazon Elastic File System (Amazon EFS) file system. A recent incident that involved an application logic error corrupted several files. The company wants to improve its ability to back up and recover the EFS file system. The company must be able to recover individual files rapidly.
Which solution meets these requirements MOST cost-effectively?

  • A. Enable AWS Backup in Amazon EFS to back up the file system to a backup vault. Use a partial restore job to retrieve individual files.
  • B. Configure Amazon Data Lifecycle Manager (Amazon DLM) to archive a copy of the data to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.
  • C. Enable AWS Backup in Amazon EFS to back up the file system to an Amazon S3 Glacier vault.
    Use S3 Glacier retrieval requests to retrieve individual files.
  • D. Create a second EFS file system in another AWS Region. Configure AWS DataSync to copy the data to the backup file system. Recover files by copying them from the backup EFS file system.

Answer: A


NEW QUESTION # 216
A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes.
File system integrity must be maintained.
Which solution will meet these requirements?

  • A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enabled.
    Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
  • B. Use AWS Backup to create a backup plan with a backup rule that runs daily.
    Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.
  • C. Create an AWS Lambda function to call the CreateImage API operation with the EC2 ins ance ID and the reboot parameter enabled.
    Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
  • D. Use AWS Backup to create a backup plan with a backup rule that runs daily.
    Assign the resource ID of the EC2 instance with the reboot parameter enabled.

Answer: B


NEW QUESTION # 217
A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambd a. The company uses a combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the most flexibility.
What should the company do to MAXIMIZE cost savings while meeting these requirements?

  • A. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy.
  • B. Establish the compute expense by the hour. Purchase a Compute Savings Plan.
  • C. Establish the compute expense by the hour. Purchase an EC2 Instance Savings Plan.
  • D. Use EC2 Spot Instances to match the instances that run in each Region.

Answer: D


NEW QUESTION # 218
A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route
53 to manage the website's DNS records.
Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

  • A. Multivalue answer routing policy
  • B. Latency routing policy
  • C. Geoproximity routing policy
  • D. Geolocation routing policy

Answer: A


NEW QUESTION # 219
A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet.
When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the instance multiple times.
However, the SysOps administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?

  • A. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.
  • B. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.
  • C. Add a route table entry in the public subnet for the SysOps administrator's IP address.
  • D. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.

Answer: A


NEW QUESTION # 220
A new application is being tested for deployment on an Amazon EC2 instance that requires greater IOPS than currently provided by the single 4TB General Purpose SSD (gp2) volume.
Which actions should be taken to provide additional Amazon EBS IOPS for the application?
(Choose two.)

  • A. Use RAID 1 to distribute I/O across multiple volumes
  • B. Increase the size of the General Purpose (gp2) volume
  • C. Use RAID 0 to distribute I/O across multiple volumes
  • D. Enable MAX I/O performance mode on the General Purpose (gp2) volume
  • E. Migrate to a Provisioned IOPS SSD (io1) volume

Answer: C,E

Explanation:
https://cloudacademy.com/blog/amazon-aws-raid-0-configuration-on-ebs-volumes/


NEW QUESTION # 221
A SysOps administrator needs to design a disaster recovery (DR) plan for an application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database. The recovery time objective (RTO) and recovery point objective (RPO) are 15 minutes each.
Which combination of steps should the SysOps administrator take to meet these requirements MOST cost-effectively? (Choose two.)

  • A. Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scaling group's minimum capacity, maximum capacity, and desired capacity to 1.
  • B. Manually launch a new ALB and a new Auto Scaling group by using AWS CloudFormation during a failover activity.
  • C. Configure Aurora backups to be exported to the DR Region.
  • D. Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.
  • E. Configure the DR Region with an ALB and an Auto Scaling group. Use the same configuration as in the primary Region.

Answer: D,E


NEW QUESTION # 222
An errant process is known to use an entire processor and run at 100% A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes How can this be accomplished?

  • A. Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance
  • B. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks
  • C. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance
  • D. Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes

Answer: A


NEW QUESTION # 223
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

  • A. Specify '*' as the principal and PrincipalOrgld as a condition.
  • B. Specify the organization's management account as the principal.
  • C. Specify all account numbers as the principal.
  • D. Specify PrincipalOrgld as the principal.

Answer: D


NEW QUESTION # 224
A company wants to reduce costs for jobs that can be completed at any time. The jobs currently run by using multiple Amazon EC2 On-Demand Instances and the jobs take slightly less than 2 hours to complete. If a job falls for any reason it must be restarted from the beginning.
Which solution will meet these requirements MOST cost-effectively?

  • A. Purchase Reserved Instances for the jobs.
  • B. Submit a request for a one-time Spot Instance for the jobs.
  • C. Submit a request for Spot Instances with a defined duration for the jobs.
  • D. Use a mixture of On-Demand Instances and Spot Instances for the jobs.

Answer: C

Explanation:
Spot Instances with a defined duration (also known as Spot blocks) are no longer available to new customers as of July 1, 2021. For customers that have previously used the feature, we will continue to support Spot Instances with a defined duration until December 31, 2022. If your workload is interruption tolerant, we recommend that you use Spot Instances without setting a defined duration. If your workload is not interruption tolerant we recommend that you use On- Demand instances for the required duration of your workload.
https://aws.amazon.com/blogs/aws/new-ec2-spot-blocks-for-defined-duration-workloads/


NEW QUESTION # 225
A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets.
How should a SysOps administrator configure the VPC to meet these requirements?

  • A. Create and attach an egress-only internet gateway.
    Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway.
    Attach the custom route table to the IPv6-only subnets.
  • B. Create and attach a NAT gateway.
    Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway.
    Attach the custom route table to the IPv6-only subnets.
  • C. Create and attach an internet gateway and a NAT gateway.Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.
  • D. Create and attach an internet gateway.
    Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway.
    Attach the custom route table to the IPv6-only subnets.

Answer: A

Explanation:
Only egress-only internet gateway can be used to let instance go to internet without being exposed.


NEW QUESTION # 226
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

  • A. The public IP address of the customer gateway device
  • B. The public IP address of the NAT device in front of the customer gateway device
  • C. The private IP address of the customer gateway device
  • D. The MAC address of the NAT device in front of the customer gateway device

Answer: B

Explanation:
If your customer gateway device is behind a network address translation (NAT) device, use the IP address of your NAT device.
https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html


NEW QUESTION # 227
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?

  • A. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
  • B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
  • C. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.
  • D. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.

Answer: B


NEW QUESTION # 228
A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX) Which backup solution will meet these requirements?

  • A. Configure the backup software to use Amazon S3 Glacier as the target for the data backups
  • B. Use AWS Storage Gateway, and configure it to use gateway-cached volumes
  • C. Configure the backup software to use Amazon S3 as the target for the data backups
  • D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes

Answer: D


NEW QUESTION # 229
A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

  • A. Add a bucket policy that grants everyone read access to the bucket.
  • B. Configure cross-origin resource sharing (CORS) on the bucket.
  • C. Add a bucket policy that grants everyone read access to the bucket objects.
  • D. Remove the default bucket policy that denies read access to the bucket.

Answer: C


NEW QUESTION # 230
A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.
How should the administrator implement this process?

  • A. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
  • B. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
  • C. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP. export the database contents into a file, then share this file with the other accounts.
  • D. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.

Answer: D


NEW QUESTION # 231
A company wants to archive sensitive data on Amazon S3 Glacier. The company's regulatory and compliance requirements do not allow any modifications to the data by any account.
Which solution meets these requirements?

  • A. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.
  • B. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
  • C. Configure S3 Object Lock in governance mode. Upload all files after 24 hours.
  • D. Configure S3 Object Lock in governance mode. Upload all files within 24 hours.

Answer: B


NEW QUESTION # 232
......

Amazon SOA-C02 Real 2024 Braindumps Mock Exam Dumps: https://www.vceprep.com/SOA-C02-latest-vce-prep.html

SOA-C02 Free Exam Questions and Answers PDF Updated on Jan-2024: https://drive.google.com/open?id=1eXg-xdSmdB6S0Mz_jFNT-3R_M4Xwf4M4

Related Articles

more
Amazon SOA-C02 Certification Practice Exam