Soa-C02 9
Uploaded by
Gabriel MelloSoa-C02 9
Uploaded by
Gabriel MelloRecommend!!
Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
Amazon-Web-Services
Exam Questions SOA-C02
AWS Certified SysOps Administrator - Associate (SOA-C02)
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
NEW QUESTION 1
- (Exam Topic 1)
A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda
function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting
the DynamoOB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?
A. Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.
B. Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.
C. Enable termination protection on the AWS Cloud Formation stack.
D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.
Answer: A
NEW QUESTION 2
- (Exam Topic 1)
A company has an application that is running on Amazon EC2 instances in a VPC. The application needs access to download software updates from the internet.
The VPC has public subnets and private signets. The company's security policy requires all ECS instances to be deployed in private subnets
What should a SysOps administrator do to meet those requirements?
A. Add an internet gateway to the VPC In the route table for the private subnets, odd a route to the interne; gateway.
B. Add a NAT gateway to a private subne
C. In the route table for the private subnets, add a route to the NAT gateway.
D. Add a NAT gateway to a public subnet in the route table for the private subnets, add a route to the NAT gateway.
E. Add two internet gateways to the VP
F. In The route tablet for the private subnets and public subnets, add a route to each internet gateway.
Answer: C
NEW QUESTION 3
- (Exam Topic 1)
A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must
encrypt the credentials and must support automatic rotation.
Which solution will meet these requirements?
A. Create an AWS::SecretsManager::Secret resource in the CloudFormation templat
B. Reference thecredentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
C. Create an AWS::SecretsManager::Secret resource in the CloudFormation templat
D. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
E. Create an AWS::SSM::Parameter resource in the CloudFormation templat
F. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
G. Create parameters for the database credentials in the CloudFormation templat
H. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.
Answer: A
NEW QUESTION 4
- (Exam Topic 1)
A company applies user-defined tags to resources that are associated with me company's AWS workloads Twenty days after applying the tags, the company
notices that it cannot use re tags to filter views in the AWS Cost Explorer console.
What is the reason for this issue?
A. It lakes at least 30 days to be able to use tags to filter views in Cost Explorer.
B. The company has not activated the user-defined tags for cost allocation.
C. The company has not created an AWS Cost and Usage Report
D. The company has not created a usage budget in AWS Budgets
Answer: B
NEW QUESTION 5
- (Exam Topic 1)
A SysOps administrator applies the following policy to an AWS CloudFormation stack:
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
What is the result of this policy?
A. Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command.
B. Users can update all resources in the stack except for resources that have a logical ID that begins with "Production".
C. Users can update all resources in the stack except for resources that have an attribute that begins with "Production".
D. Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command.
Answer: B
NEW QUESTION 6
- (Exam Topic 1)
A company runs a website from Sydney, Australia. Users in the United States (US) and Europe are reporting that images and videos are taking a long time to load.
However, local testing in Australia indicates no performance issues. The website has a large amount of static content in the form of images and videos that are
stored m Amazon S3.
Which solution will result In the MOST Improvement In the user experience for users In the US and Europe?
A. Configure AWS PrivateLink for Amazon S3.
B. Configure S3 Transfer Acceleration.
C. Create an Amazon CloudFront distributio
D. Distribute the static content to the CloudFront edge locations
E. Create an Amazon API Gateway API in each AWS Regio
F. Cache the content locally.
Answer: D
NEW QUESTION 7
- (Exam Topic 1)
A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2
instances The instances all exist in the same VPC across multiple Availability Zones. There are two instances In each Availability Zone. The SysOps administrator
must make the file system accessible to each instance with the lowest possible latency.
Which solution will meet these requirements?
A. Create a mount target for the EFS file system in the VP
B. Use the mount target to mount the file system on each of the instances
C. Create a mount target for the EFS file system in one Availability Zone of the VP
D. Use the mount target to mount the file system on the instances in that Availability Zon
E. Share the directory with the other instances.
F. Create a mount target for each instanc
G. Use each mount target to mount the EFS file system on each respective instance.
H. Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective Availability
Zone.
Answer: D
Explanation:
A mount target provides an IP address for an NFSv4 endpoint at which you can mount an Amazon EFS file system. You mount your file system using its Domain
Name Service (DNS) name, which resolves to the IP address of the EFS mount target in the same Availability Zone as your EC2 instance. You can create one
mount target in each Availability Zone in an AWS Region. If there are multiple subnets in an Availability Zone in your VPC, you create a mount target in one of the
subnets. Then all EC2 instances in that Availability Zone share that mount target. https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html
NEW QUESTION 8
- (Exam Topic 1)
A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The
company uses Amazon Route 53 for its website's DNS solution.
Which configuration will meet these requirements?
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
A. Create a failover routing polic
B. Within the policy, configure 80% of the website traffic to be sent to the original resourc
C. Configure the remaining 20% of traffic as the failover record that points to the new resource.
D. Create a multivalue answer routing polic
E. Within the policy, create 4 records with the name and IP address of the original resourc
F. Configure 1 record with the name and IP address of the new resource.
G. Create a latency-based routing polic
H. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.
I. Create a weighted routing polic
J. Within the policy, configure a weight of 80 for the record pointing to the original resourc
K. Configure a weight of 20 for the record pointing to the new resource.
Answer: C
NEW QUESTION 9
- (Exam Topic 1)
An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance
degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200
connections. The application team wants the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?
A. Migrate to a new Aurora multi-master DB cluste
B. Modify the application database connection string.
C. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.
D. Create an auto scaling policy with a target metric of 195 DatabaseConnections
E. Modify the DB cluster by increasing the Aurora Replica instance size.
Answer: C
NEW QUESTION 10
- (Exam Topic 1)
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2
instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network
interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.
A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.
What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?
A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.
Answer: C
NEW QUESTION 10
- (Exam Topic 1)
A company website contains a web tier and a database tier on AWS. The web tier consists of Amazon EC2 instances that run in an Auto Scaling group across two
Availability Zones. The database tier runs on an Amazon ROS for MySQL Multi-AZ DB instance. The database subnet network ACLs are restricted to only the web
subnets that need access to the database. The web subnets use the default network ACL with the default rules.
The company's operations team has added a third subnet to the Auto Scaling group configuration. After an Auto Scaling event occurs, some users report that they
intermittently receive an error message. The error message states that the server cannot connect to the database. The operations team has confirmed that the
route tables are correct and that the required ports are open on all security groups.
Which combination of actions should a SysOps administrator take so that the web servers can communicate with the DB instance? (Select TWO.)
A. On the default AC
B. create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.
C. On the default ACL, create outbound Allow rules of type MySQL/Aurora (3306). Specify the destinations as the database subnets.
D. On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.
E. On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web
subnet.
F. On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.
Answer: CD
NEW QUESTION 11
- (Exam Topic 1)
A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront
distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an
unintended side effect, mobile users are now being served the desktop version of the website.
Which action should a SysOps administrator take to resolve this issue?
A. Configure the CloudFront distribution behavior to forward the User-Agent header.
B. Configure the CloudFront distribution origin setting
C. Add a User-Agent header to the list of origin custom headers.
D. Enable IPv6 on the AL
E. Update the CloudFront distribution origin settings to use the dualstack endpoint.
F. Enable IPv6 on the CloudFront distributio
G. Update the Route 53 record to use the dualstack endpoint.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
Answer: A
Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-
NEW QUESTION 16
- (Exam Topic 1)
A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the member accounts want to
receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM
permissions for all users are correct. What could be the cause of this issue?
A. The management/payer account does not have billing alerts turned on.
B. The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the
management/payer account.
C. Amazon GuardDuty is turned on for all the accounts.
D. The company has not configured an AWS Config rule to monitor billing.
Answer: B
NEW QUESTION 19
- (Exam Topic 1)
A company runs a stateless application that is hosted on an Amazon EC2 instance. Users are reporting performance issues. A SysOps administrator reviews the
Amazon CloudWatch metrics for the application and notices that the instance's CPU utilization frequently reaches 90% during business hours.
What is the MOST operationally efficient solution that will improve the application's responsiveness?
A. Configure CloudWatch logging on the EC2 instanc
B. Configure a CloudWatch alarm for CPU utilization to alert the SysOps administrator when CPU utilization goes above 90%.
C. Configure an AWS Client VPN connection to allow the application users to connect directly to the EC2 instance private IP address to reduce latency.
D. Create an Auto Scaling group, and assign it to an Application Load Balance
E. Configure a target tracking scaling policy that is based on the average CPU utilization of the Auto Scaling group.
F. Create a CloudWatch alarm that activates when the EC2 instance's CPU utilization goes above 80%.Configure the alarm to invoke an AWS Lambda function
that vertically scales the instance.
Answer: C
NEW QUESTION 23
- (Exam Topic 1)
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones The
application uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests tor dynamic content to the load balancer and requests for
static content to an Amazon S3 bucket Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Select TWO )
A. Add Amazon CloudFront caching for static content
B. Change the load balancer listener from HTTPS to TCP
C. Enable Amazon Route 53 latency-based routing
D. Implement Amazon EC2 Auto Scaling for the web servers
E. Move the static content from Amazon S3 to the web servers
Answer: AD
NEW QUESTION 28
- (Exam Topic 1)
A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps
administrator creates the following policy:
Which actions does this policy allow? (Select TWO.)
A. Create an AWS Storage Gateway.
B. Create an IAM role for an AWS Lambda function.
C. Delete an Amazon Simple Queue Service (Amazon SQS) queue.
D. Describe AWS load balancers.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
E. Invoke an AWS Lambda function.
Answer: DE
NEW QUESTION 30
- (Exam Topic 1)
A company has an internal web application that runs on Amazon EC2 instances behind an Application Load
Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly
available.
Which action should the SysOps administrator take to meet this requirement?
A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
Answer: C
NEW QUESTION 34
- (Exam Topic 1)
A company's financial department needs to view the cost details of each project in an AWS account A SysOps administrator must perform the initial configuration
that is required to view cost for each project in Cost Explorer
Which solution will meet this requirement?
A. Activate cost allocation tags Add a project tag to the appropriate resources
B. Configure consolidated billing Create AWS Cost and Usage Reports
C. Use AWS Budgets Create AWS Budgets reports
D. Use cost categories to define custom groups that are based on AWS cost and usage dimensions
Answer: A
NEW QUESTION 38
- (Exam Topic 1)
A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting
vulnerability that could expose user data
Which AWS service will mitigate this issue?
A. AWS Shield Standard
B. AWS WAF
C. Elastic Load Balancing
D. Amazon Cognito
Answer: B
Explanation:
https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/
NEW QUESTION 39
- (Exam Topic 1)
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered
instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email
notification when the recovery process is initiated.
Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metri
B. Add an EC2 action to the alarm to recover the instanc
C. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topi
D. Subscribe the SysOps team email address to the SNS topic.
E. Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metri
F. Add an EC2 action to the alarm to recover the instanc
G. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topi
H. Subscribe the SysOps team email address to the SNS topic.
I. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto
Seating group to use a launch template that specifies the private IP address and the Elastic IP addres
J. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).
K. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a
launch template that specifies the private IP addressand the Elastic IP addres
L. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topi
M. Subscribe the SysOps team email address to the SNS topic.
Answer: B
Explanation:
You can create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically recovers the instance if it becomes impaired due to an
underlying hardware failure or a problem that requires AWS involvement to repair. Terminated instances cannot be recovered. A recovered instance is identical to
the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata. If the impaired instance has a public IPv4
address, the instance retains the public IPv4 address after recovery. If the impaired instance is in a placement group, the recovered instance runs in the placement
group. When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you selected
when you created the alarm and associated the recover action. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
NEW QUESTION 42
- (Exam Topic 1)
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the
associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests
Where can the administrator find this information?
A. Auto Scaling logs
B. AWS CloudTrail logs
C. EC2 instance logs
D. Elastic Load Balancer access logs
Answer: D
Explanation:
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the
time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns
and troubleshoot issues.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
NEW QUESTION 47
- (Exam Topic 1)
A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP
address and attempts to remotely connect to the instance multiple times. However, the SysOps administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?
A. Add a route table entry in the public subnet for the SysOps administrator's IP address.
B. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.
C. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.
D. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.
Answer: C
NEW QUESTION 50
- (Exam Topic 1)
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of
fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted
How can this be resolved?
A. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
C. Enable encryption on each host's local drive Restart each host to encrypt the drive
D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume
Answer: D
Explanation:
https://docs.aws.amazon.com/efs/latest/ug/encryption.html
Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. You can enable encryption of data at rest when
creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system.
NEW QUESTION 54
- (Exam Topic 1)
A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service Which of the following is the cause of this issue?
A. The IAM password is incorrect
B. The server certificate is missing
C. The SSH key pair is incorrect
D. There is no access key
Answer: C
NEW QUESTION 59
- (Exam Topic 1)
A SysOps administrator has successfully deployed a VPC with an AWS Cloud Formation template The SysOps administrator wants to deploy me same template
across multiple accounts that are managed through AWS Organizations.
Which solution will meet this requirement with the LEAST operational overhead?
A. Assume the OrganizationAccountAcccssKolc IAM role from the management accoun
B. Deploy the template in each of the accounts
C. Create an AWS Lambda function to assume a role in each account Deploy the template by using the AWS CloudFormation CreateStack API call
D. Create an AWS Lambda function to query fc a list of accounts Deploy the template by using the AWS Cloudformation CreateStack API call.
E. Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts
Answer: D
Explanation:
AWS CloudFormation StackSets extends the capability of stacks by enabling you to create, update, or delete stacks across multiple accounts and AWS Regions
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
NEW QUESTION 61
- (Exam Topic 1)
A company’s reporting job that used to run in 15 minutes is now taking an hour to run. An application generates the reports. The application runs on Amazon EC2
instances and extracts data from an Amazon RDS for MySQL database.
A SysOps administrator checks the Amazon CloudWatch dashboard for the RDS instance and notices that the Read IOPS metrics are high, even when the reports
are not running. The SysOps administrator needs to improve the performance and the availability of the RDS instance.
Which solution will meet these requirements?
A. Configure an Amazon ElastiCache cluster in front of the RDS instanc
B. Update the reporting job to query the ElastiCache cluster.
C. Deploy an RDS read replic
D. Update the reporting job to query the reader endpoint.
E. Create an Amazon CloudFront distributio
F. Set the RDS instance as the origi
G. Update the reporting job to query the CloudFront distribution.
H. Increase the size of the RDS instance.
Answer: B
Explanation:
Using an RDS read replica will improve the performance and availability of the RDS instance by offloading read queries to the replica. This will also ensure that the
reporting job completes in a timely manner and does not affect the performance of other queries that might be running on the RDS instance. Additionally, updating
the reporting job to query the reader endpoint will ensure that all read queries are directed to the read replica.
Reference: [1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
NEW QUESTION 64
- (Exam Topic 1)
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator
needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB
cluster.
Which solution will meet these requirements?
A. Create an Aurora Replic
B. Promote the replica to replace the primary DB instance.
C. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
D. Use backtracking to rewind the existing DB cluster to the desired recovery point.
E. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.
Answer: C
Explanation:
"The limit for a backtrack window is 72 hours.....Backtracking is only available for DB clusters that were created with the Backtrack feature enabled....Backtracking
"rewinds" the DB cluster to the time you specify. Backtracking is not a replacement for backing up your DB cluster so that you can restore it to a point in time....You
can backtrack a DB cluster quickly. Restoring a DB cluster to a point in time launches a new DB cluster and restores it from backup data or a DB cluster snapshot,
which can take hours."
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html
NEW QUESTION 68
- (Exam Topic 1)
A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are
needed to meet service requirements.
Which action will maintain uptime for the application MOST cost-effectively?
A. Use a Spot Fleet with an On-Demand capacity of 6 instances.
B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances.
C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances.
D. Use a Spot Fleet with a target capacity of 6 instances.
Answer: A
NEW QUESTION 70
- (Exam Topic 1)
A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working
In us-east-1. but it is failing In us-west-2 with the error code:
How should the administrator ensure that the AWS Cloud Formation template is working in every region?
A. Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.
B. Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID.
C. Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control.
D. Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings" sectio
E. Refer to the proper mapping within the template for the proper AMI ID.
Answer: A
NEW QUESTION 75
- (Exam Topic 1)
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
A SysOps administrator is creating an Amazon EC2 Auto Scaling group in a new AWS account. After adding some instances, the SysOps administrator notices
that the group has not reached the minimum number of instances. The SysOps administrator receives the following error message:
Which action will resolve this issue?
A. Adjust the account spending limits for Amazon EC2 on the AWS Billing and Cost Management console
B. Modify the EC2 quota for that AWS Region in the EC2 Settings section of the EC2 console.
C. Request a quota Increase for the Instance type family by using Service Quotas on the AWS Management Console.
D. Use the Rebalance action In the Auto Scaling group on the AWS Management Console.
Answer: C
NEW QUESTION 80
- (Exam Topic 1)
A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary
software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at
limes the process stalls due to installation errors.
The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.
Based on these requirements what should be added to the template?
A. Conditions with a timeout set to 4 hours.
B. CreationPolicy with timeout set to 4 hours.
C. DependsOn a timeout set to 4 hours.
D. Metadata with a timeout set to 4 hours
Answer: B
NEW QUESTION 81
- (Exam Topic 1)
A SysOps administrator receives notification that an application that is running on Amazon EC2 instances has failed to authenticate to an Amazon RDS database
To troubleshoot, the SysOps administrator needs to investigate AWS Secrets Manager password rotation
Which Amazon CloudWatch log will provide insight into the password rotation?
A. AWS CloudTrail logs
B. EC2 instance application logs
C. AWS Lambda function logs
D. RDS database logs
Answer: B
NEW QUESTION 84
- (Exam Topic 1)
A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.
Which combination of actions will meet these requirements? (Choose two.)
A. Add Auto Discovery to the data store.
B. Create an Amazon ElastiCache for Memcached data store.
C. Create an Amazon ElastiCache for Redis data store.
D. Enable Multi-AZ for the data store.
E. Enable Multi-threading for the data store.
Answer: CD
Explanation:
https://aws.amazon.com/elasticache/memcached/ https://aws.amazon.com/elasticache/redis/
NEW QUESTION 85
- (Exam Topic 1)
A company’s application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company’s IAM
policies allow only the permissions that the application requires.
How can the SysOps administrator create a policy to meet this requirement?
A. Turn on AWS CloudTrai
B. Generate a policy by using AWS Security Hub.
C. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS Identity and Access Management Access Analyzer.
D. Use the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer.
E. Turn on AWS CloudTrai
F. Generate a policy by using AWS Identity and Access Management Access Analyzer.
Answer: D
Explanation:
Generate a policy by using AWS Identity and Access Management Access Analyzer. AWS CloudTrail is a service that records all API calls made on your account.
You can use this data to generate a policy with AWS Identity and Access Management Access Analyzer that only allows the permissions that the application
requires. This will ensure that the application only has the necessary permissions and will protect the company from any unauthorized access.
https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html#what-is-access-analyzer-poli
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
NEW QUESTION 86
- (Exam Topic 1)
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own
Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?
A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.
C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.
Answer: A
NEW QUESTION 90
- (Exam Topic 1)
A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same
structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web
server returns an HTTP 404 response.
What is the MOST operationally efficient solution that meets these requirements?
A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.
B. Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
D. Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
Answer: A
Explanation:
This is the most operationally efficient solution that meets the requirements, as it will allow the company to monitor the number of times that the web server returns
an HTTP 404 response in real-time. The other solutions (creating a CloudWatch Logs subscription filter, an AWS Lambda function, or a script) will require
additional steps and resources to monitor the number of times that the web server returns an HTTP 404 response.
A metric filter allows you to search for specific terms, phrases, or values in your log events, and then to create a metric based on the number of occurrences of
those search terms. This allows you to create a CloudWatch Metric that can be used to create alarms and dashboards, which can be used to monitor the number
of HTTP 404 responses returned by the web server.
NEW QUESTION 95
- (Exam Topic 1)
A company stores files on 50 Amazon S3 buckets in the same AWS Region The company wants to connect to the S3 buckets securely over a private connection
from its Amazon EC2 instances The company needs a solution that produces no additional cost
Which solution will meet these requirements?
A. Create a gateway VPC endpoint lor each S3 bucket Attach the gateway VPC endpoints to each subnet inside the VPC
B. Create an interface VPC endpoint (or each S3 bucket Attach the interface VPC endpoints to each subnet inside the VPC
C. Create one gateway VPC endpoint for all the S3 buckets Add the gateway VPC endpoint to the VPC route table
D. Create one interface VPC endpoint for all the S3 buckets Add the interface VPC endpoint to the VPC route table
Answer: C
NEW QUESTION 99
- (Exam Topic 1)
A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. The database will store data for a demonstration environment. The data must be
reset on a daily basis.
What is the MOST operationally efficient solution that meets these requirements?
A. Create a manual snapshot of the DB cluster after the data has been populate
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi
C. Configure the function to restore the snapshot and then delete the previous DB cluster.
D. Enable the Backtrack feature during the creation of the DB cluste
E. Specify a target backtrack window of 48 hour
F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi
G. Configure the function to perform a backtrack operation.
H. Export a manual snapshot of the DB cluster to an Amazon S3 bucket after the data has been populated.Create an Amazon EventBridge (Amazon CloudWatch
Events) rule to invoke an AWS Lambda function on a daily basi
I. Configure the function to restore the snapshot from Amazon S3.
J. Set the DB cluster backup retention period to 2 day
K. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi
L. Configure the function to restore the DB cluster to a point in time and then delete the previous DB cluster.
Answer: D
Explanation:
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the DB
cluster to a point in time and then delete the previous DB cluster. This is the most operationally efficient solution that meets the requirements, as it will allow the
company to reset the database on a daily basis without having to manually take and restore snapshots. The other solutions (creating a manual snapshot of the DB
cluster, enabling the Backtrack feature, or exporting a manual snapshot of the DB cluster to Amazon S3) will require additional steps and resources to reset the
database on a daily basis.
NEW QUESTION 103
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
- (Exam Topic 1)
An application runs on multiple Amazon EC2 instances in an Auto Scaling group The Auto Scaling group is
configured to use the latest version of a launch template A SysOps administrator must devise a solution that centrally manages the application logs and retains the
logs for no more than 90 days
Which solution will meet these requirements?
A. Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to an Amazon S3 bucket Apply a 90-day
S3 Lifecycle policy on the S3 bucket to expire the application logs
B. Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to a log group Create an Amazon
EventBridge (Amazon CloudWatch Events) scheduled rule to perform an instance refresh every 90 days
C. Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Configure the retention period on
the log group to be 90 days
D. Update the launch template user data to install and configure the Amazon CloudWatch Logs agent to send logs to a log group Set the log rotation configuration
of the EC2 instances to 90 days
Answer: C
NEW QUESTION 104
- (Exam Topic 1)
A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon
CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that
gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.
Which solution will meet these requirements?
A. Deploy a global-scoped AWS WAF web ACL with an allow default actio
B. Configure an AWS WAF rate-based rule to block matching traffi
C. Associate the web ACL with the CloudFront distribution.
D. Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffi
E. Associate the web ACL with the S3 bucket.
F. Deploy a global-scoped AWS WAF web ACL with a block default actio
G. Configure an AWS WAF rate-based rule to allow matching traffi
H. Associate the web ACL with the CloudFront distribution.
I. Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffi
J. Associate the web ACL with the S3 bucket.
Answer: B
NEW QUESTION 109
- (Exam Topic 1)
A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to
deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the
CloudFront distribution.
How should a SysOps administrator create a new record for the subdomain in Route 53?
A. Create a CNAME recor
B. Enter static.cloudfront.net as the record nam
C. Enter the CloudFront distribution's public IP address as the value.
D. Create a CNAME recor
E. Enter static.example.com as the record nam
F. Enter the CloudFront distribution's private IP address as the value.
G. Create an A recor
H. Enter static.cloudfront.net as the record nam
I. Enter the CloudFront distribution's ID as an alias target.
J. Create an A recor
K. Enter static.example.com as the record nam
L. Enter the CloudFront distribution's domain name as an alias target.
Answer: D
Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html
NEW QUESTION 111
- (Exam Topic 1)
A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps
administrator meet this requirement?
A. Create one S3 bucket named example.com for both the domain and subdomain.
B. Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.
C. Create two S3 buckets named example.com and www.exdmpte.co
D. Configure the subdomain bucket to redirect requests to the domain bucket.
E. Create two S3 buckets named http//example.com and http//" exampte.co
F. Configure the wildcard (') bucket to redirect requests to the domain bucket.
Answer: C
NEW QUESTION 112
- (Exam Topic 1)
A company runs us Infrastructure on Amazon EC2 Instances that run In an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
fleet. This faulty code caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved.
What should a SysOps administrator do to retain the application logs after instances are terminated?
A. Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
B. Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Log
C. Update the launch template to use the new AMI.
D. Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrai
E. Update the launch template to use the new AMI.
F. Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch templat
G. Configure the CloudWatch agent to back up the logs to ephemeral storage.
Answer: B
NEW QUESTION 114
- (Exam Topic 1)
A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route
tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template
should refer to the resources created by the first template.
How can this be accomplished with the LEAST amount of administrative effort?
A. Add an export field to the outputs of the first template and import the values in the second template.
B. Create a custom resource that queries the stack created by the first template and retrieves the required values.
C. Create a mapping in the first template that is referenced by the second template.
D. Input the names of resources in the first template and refer to those names in the second template as a parameter.
Answer: A
Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html
NEW QUESTION 119
- (Exam Topic 1)
A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While
discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?
A. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
B. Create an origin access identity and grant it permissions to read objects in the S3 bucket.
C. Assign an 1AM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
D. Assign an 1AM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.
Answer: B
Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3
NEW QUESTION 122
- (Exam Topic 1)
A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a
NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be
inaccessible directly from the public internet.
What should be added to the private subnet's route table in order to address this issue, given the information provided?
A. 0.0.0.0/0 IGW
B. 0.0.0.0/0 NAT
C. 10.0.1.0/24 IGW
D. 10.0.1.0/24 NAT
Answer: B
NEW QUESTION 127
- (Exam Topic 1)
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in tts own
Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?
A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.
Answer: A
NEW QUESTION 128
- (Exam Topic 1)
A company is undergoing an external audit of its systems, which run wholly on AWS. A SysOps administrator must supply documentation of Payment Card
Industry Data Security Standard (PCI DSS) compliance for the infrastructure managed by AWS.
Which set of action should the SysOps administrator take to meet this requirement?
A. Download the applicable reports from the AWS Artifact portal and supply these to the auditors.
B. Download complete copies of the AWS CloudTrail log files and supply these to the auditors.
C. Download complete copies of the AWS CloudWatch logs and supply these to the auditors.
D. Provide the auditors with administrative access to the production AWS account so that the auditors can determine compliance.
Answer: A
NEW QUESTION 133
- (Exam Topic 1)
A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53. and wants
to point its domain's zone apex to the website.
Which type of record should be used to meet these requirements?
A. A CNAME record for the domain's zone apex
B. An A record for the domain's zone apex
C. An AAAA record for the domain's zone apex
D. An alias record for the domain's zone apex
Answer: D
Explanation:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.htm
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html
NEW QUESTION 135
- (Exam Topic 1)
A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises
website as a custom origin.
The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users
are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution.
What should a SysOps administrator do to resolve this problem?
A. Examine the expiration date on the certificate on the origin sit
B. Validate that the certificate has not expire
C. Replace the certificate if necessary.
D. Examine the hostname on the certificate on the origin sit
E. Validate that the hostname matches one of the hostnames on the CloudFront distributio
F. Replace the certificate if necessary.
G. Examine the firewall rules that are associated with the origin serve
H. Validate that port 443 is open for inbound traffic from the interne
I. Create an inbound rule if necessary.
J. Examine the network ACL rules that are associated with the CloudFront distributio
K. Validate that port 443 is open for outbound traffic to the origin serve
L. Create an outbound rule if necessary.
Answer: A
Explanation:
HTTP 502 errors from CloudFront can occur because of the following reasons:
There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront.
There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid.
There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.
The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution. The custom origin is ending the connection to
CloudFront too quickly.
https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-connection-error/
NEW QUESTION 139
- (Exam Topic 1)
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level
access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must
set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?
A. Specify '*' as the principal and PrincipalOrgld as a condition.
B. Specify all account numbers as the principal.
C. Specify PrincipalOrgld as the principal.
D. Specify the organization's management account as the principal.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
Answer: C
NEW QUESTION 144
- (Exam Topic 1)
A global company handles a large amount of personally identifiable information (Pll) through an internal web portal. The company's application runs in a corporate
data center that is connected to AWS through an AWS Direct Connect connection. The application stores the Pll in Amazon S3. According to a compliance
requirement, traffic from the web portal to Amazon S3 must not travel across the internet.
What should a SysOps administrator do to meet the compliance requirement?
A. Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
B. Configure AWS Network Firewall to redirect traffic to the internal S3 address.
C. Modify the application to use the S3 path-style endpoint.
D. Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.
Answer: B
NEW QUESTION 147
- (Exam Topic 1)
A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded:
however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?
A. Add a bucket policy that grants everyone read access to the bucket.
B. Add a bucket policy that grants everyone read access to the bucket objects.
C. Remove the default bucket policy that denies read access to the bucket.
D. Configure cross-origin resource sharing (CORS) on the bucket.
Answer: B
NEW QUESTION 152
- (Exam Topic 1)
A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately. What should the SysOps
administrator do to meet these requirements WITHOUT writing custom code?
A. Add the AWS account to AWS Organization
B. Enable CloudTrail in the management account.
C. Create an AWS Config rule that is invoked when CloudTrail configuration change
D. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.
E. Create an AWS Config rule that is invoked when CloudTrail configuration change
F. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.
G. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to
enable CloudTrail.
Answer: D
NEW QUESTION 154
- (Exam Topic 1)
A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at
rest.
Which solution will meet these requirements?
A. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS
managed ke
B. Configure CloudFront to use theAmazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
C. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure
CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
D. Create an Amazon S3 bucket that Is configured with default server-side encryption that uses AES-256.Configure CloudFront to use the S3 bucket as a log
destination.
E. Create an Amazon S3 bucket that is configured with no default encryptio
F. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination.
Answer: C
NEW QUESTION 156
- (Exam Topic 1)
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website’s apex domain name (for example.company.com to the Application Load Balancer?
A. CNAME
B. SOA
C. TXT
D. ALIAS
Answer: D
NEW QUESTION 159
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
- (Exam Topic 1)
A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website
is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does
not seem to work, and the static website is not displayed in the browser.
Which of the following is a cause of this?
A. The S3 bucket must be configured with Amazon CloudFront first.
B. The Route 53 record set must have an IAM role that allows access to the S3 bucket.
C. The Route 53 record set must be in the same region as the S3 bucket.
D. The S3 bucket name must match the record set name in Route 53.
Answer: D
NEW QUESTION 160
- (Exam Topic 1)
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report
that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?
A. Configure the file system for Provisioned Throughput.
B. Enable encryption in transit on the file system.
C. Identify any unused files in the file system, and remove the unused files.
D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
Answer: A
NEW QUESTION 164
- (Exam Topic 1)
A SysOps administrator has Nocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket
becomes publicly readable in the future.
What is the MOST operationally efficient way to meet this requirement?
A. Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket.Set up Amazon Simple Notification Service (Amazon
SNS) to send notifications.
B. Create a cron script that uses the S3 API to check the public access settings for each S3 bucke
C. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications
D. Enable S3 Event notified tons for each S3 bucke
E. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
F. Enable the s3-bucket-public-read-prohibited managed rule in AWS Confi
G. Subscribe the AWS Config rule to an Amazon Simple Notification Service (Amazon SNS) topic.
Answer: D
NEW QUESTION 165
- (Exam Topic 1)
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company's geographically dispersed
sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed
Active Directory Federation Services (AD FS) to enable authentication to cloud services. Which solution will meet these requirements?
A. Configure Active Directory as an authentication provider in Amazon E
B. Add the Active Directory server's domain name to Amazon E
C. Configure Kibana to use Amazon ES authentication.
D. Deploy an Amazon Cognito user poo
E. Configure Active Directory as an external identity provider for the user poo
F. Enable Amazon Cognito authentication for Kibana on Amazon ES.
G. Enable Active Directory user authentication in Kiban
H. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.
I. Establish a trust relationship with Kibana on the Active Directory serve
J. Enable Active Directory user authentication in Kiban
K. Add the Active Directory server's IP address to Kibana.
Answer: B
Explanation:
https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-aws-single-sign-on/ https://docs.aws.amazon.com/elasticsearch-
service/latest/developerguide/es-cognito-auth.html
NEW QUESTION 170
- (Exam Topic 1)
A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The
company does not want to pay for additional unneeded capacity to achieve this performance.
Which solution will meet these requirements with the LEAST cost?
A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS
B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS.
C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode.
D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS
Answer: A
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
NEW QUESTION 175
- (Exam Topic 1)
A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user
logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region
Which solution will solve this problem?
A. Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket.
B. Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80.
C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.
D. Update the S3 bucket policy to allow s3 PurObject access from the private subnet CIDR block.
Answer: C
NEW QUESTION 176
- (Exam Topic 1)
A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the
existing Chef recipes after the applications are migrated to AWS.
What is the MOST operationally efficient solution that meets these requirements?
A. Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chefrecipes.
B. Use AWS CloudFormation to create a stack and add layers for Chef recipes.
C. Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.
D. Use AWS OpsWorks to create a stack and add layers with Chef recipes.
Answer: D
NEW QUESTION 178
- (Exam Topic 1)
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?
A. Configure Amazon Cognito to detect any compromised 1AM credentials.
B. Set up Amazon Inspecto
C. Scan and monitor resources for unauthorized logins.
D. Set up AWS Confi
E. Add the iam-policy-blacklisted-check managed rule to the account.
F. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.
Answer: D
NEW QUESTION 183
- (Exam Topic 1)
A SysOps administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The administrator attempts to use the
template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Select TWO.)
A. The template referenced an IAM user that is not available in eu-west-1.
B. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1.
C. The template did not have the proper level of permissions to deploy the resources.
D. The template requested services that do not exist in eu-west-1.
E. CloudFormation templates can be used only to update existing services.
Answer: BD
NEW QUESTION 186
- (Exam Topic 1)
A company needs to ensure strict adherence to a budget for 25 applications deployed on AWS Separate teams are responsible for storage compute, and database
costs. A SysOps administrator must implement an automated solution to alert each team when their projected spend will exceed a quarterly amount mat has been
set by the finance department. The solution cannot additional compute, storage, or database costs.
A. Configure AWS Cost and Usage Reports to send a daily report to an Amazon S3 bucke
B. Create an AWS Lambda function that will evaluate Spend by service and nobly each team by using Amazon Simple Notification Service (Amazon SNS)
notification
C. Invoke the Lambda function when a report is placed in the S3 bucket
D. Configure AWS Cost and Usage Reports to send a dairy report to an Amazon S3 bucke
E. Create a rule In Amazon EventBridge (Amazon CloudWatch Events) to evaluate the spend by service and notify each team by using Amazon Simple Queue
Service (Amazon SOS) when the cost threshold i6 exceeded.
F. Use AWS Budgets :o create one cost budget and select each of the services in use Specify the budget amount defined by the finance department along with the
forecasted cost threshold Enter the appropriate email recipients for the budget.
G. Use AWS Budgets to create a cost budget for each team, filtering by the services they ow
H. Specify the budget amount defined by the finance department along with a forecasted cost threshold Enter the appropriate email recipients for each budget.
Answer: D
NEW QUESTION 191
- (Exam Topic 1)
A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts
are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and
resources
Which action should be taken to meet these requirements?
A. Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations
B. Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure
C. Use AWS Config to provision accounts and deploy instances using AWS Service Catalog
D. Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts
Answer: D
NEW QUESTION 194
- (Exam Topic 1)
A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a
company’s account. The administrator must be alerted to potential issues.
What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?
A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications
B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.
C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.
D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space
Answer: C
NEW QUESTION 195
- (Exam Topic 1)
A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB).
The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for
a 2-week period to determine when requests exceeded this threshold.
What should the SysOps administrator do to collect this data?
A. Use the ALB’s RequestCount metri
B. Configure a time range of 2 weeks and a period of 1 minute.Examine the chart to determine peak traffic times and volumes.
C. Use Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week perio
D. Sort by a 1-minute interval.
E. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances.
F. Create an Amazon EventBridge (Amazon CloudWatch Events) rul
G. Configure an EC2 event matching pattern that creates a metric that is based on EC2 request
H. Display the data in a graph.
Answer: A
Explanation:
Using the ALB’s RequestCount metric will allow the SysOps administrator to collect information about total requests for a 2-week period and determine when
requests exceeded the threshold of 100 requests per second. Configuring a time range of 2 weeks and a period of 1 minute will ensure that the data can be
accurately examined to determine peak traffic times and volumes.
NEW QUESTION 198
- (Exam Topic 1)
A team of On-call engineers frequently needs to connect to Amazon EC2 Instances In a private subnet to troubleshoot and run commands. The Instances use
either the latest AWS-provided Windows Amazon Machine Images (AMIs) or Amazon Linux AMIs.
The team has an existing IAM role for authorization. A SysOps administrator must provide the team with
access to the Instances by granting IAM permissions to this Which solution will meet this requirement?
A. Add a statement to the IAM role policy to allow the ssm:StartSession action on the instance
B. Instruct the team to use AWS Systems Manager Session Manager to connect to the Instances by using the assumed IAM role.
C. Associate an Elastic IP address and a security group with each instanc
D. Add the engineers' IP addresses to the security group inbound rule
E. Add a statement to the IAM role policy to allow the ec2:AuthoflzeSecurityGroupIngress action so that the team can connect to the Instances.
F. Create a bastion host with an EC2 Instance, and associate the bastion host with the VP
G. Add a statement to the IAM role policy to allow the ec2:CreateVpnConnection action on the bastion hos
H. Instruct the team to use the bastion host endpoint to connect to the instances.D Create an internet-facing Network Load Balance
I. Use two listener
J. Forward port 22 to a target group of Linux instance
K. Forward port 3389 to a target group of Windows Instance
L. Add a statement to the IAM role policy to allow the ec2:CreateRoute action so that the team can connect to the Instances.
Answer: A
NEW QUESTION 201
- (Exam Topic 1)
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?
A. Deny Pos
B. Pu
C. and Delete on the bucket.
D. Enable server-side encryption on the bucket.
E. Enable Amazon S3 versioning on the bucket.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
F. Enable snapshots on the bucket.
Answer: B
NEW QUESTION 204
- (Exam Topic 1)
A company's VPC has connectivity to an on-premises data center through an AWS Site-to-Site VPN. The company needs Amazon EC2 instances in the VPC to
send DNS queries for example com to the DNS servers in the data center.
Which solution will meet these requirements?
A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwarding rule on the on-primes DNS servers to forward DNS requests for
example.com to the inbound endpoints.
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises
DNS server
C. Associate this rule with the VPC.
D. Create an Amazon Route 53 Resolver outbound endpoint Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for
example.com to the outbound endpoints
E. Create an Amazon Route 53 Resolver outbound endpoin
F. Create a forwarding rule on the resolver that sends all queries for exarrc4e.com to the on-premises DNS servers Associate this rule with the VPC.
Answer: C
NEW QUESTION 208
- (Exam Topic 1)
A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a
patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances. Which additional action must the SysOps administrator perform to
meet this requirement?
A. Add an inbound rule to the instances' security group.
B. Attach an 1AM instance profile with access to Systems Manager to the instances.
C. Create a Systems Manager activation Then activate the fleet of instances.
D. Manually specify the instances to patch Instead of using tag-based selection.
Answer: A
NEW QUESTION 211
- (Exam Topic 1)
A SysOps administrator is responsible for a company's security groups. The company wants to maintain a documented trail of any changes that are made to the
security groups. The SysOps administrator must receive notification whenever the security groups change.
Which solution will meet these requirements?
A. Set up Amazon Detective to record security group change
B. Specify an Amazon CloudWatch Logs log group to store configuration history log
C. Create an Amazon Simple Queue Service (Amazon SOS) queue for notifications about configuration change
D. Subscribe the SysOps administrator's email address to the SQS queue.
E. Set up AWS Systems Manager Change Manager to record security group change
F. Specify an Amazon CloudWatch Logs log group to store configuration history log
G. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration change
H. Subscribe the SysOps administrator's email address to the SNS topic.
I. Set up AWS Config to record security group change
J. Specify an Amazon S3 bucket as the location for configuration snapshots and history file
K. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration change
L. Subscribe the SysOps administrator's email address to the SNS topic.
M. Set up Amazon Detective to record security group change
N. Specify an Amazon S3 bucket as the location for configuration snapshots and history file
O. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration change
P. Subscribe the SysOps administrator's email address to the SNS topic.
Answer: D
NEW QUESTION 214
- (Exam Topic 1)
A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that
interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?
A. Store the database password as an environment variable for each Lambda functio
B. Create a new Lambda function that is named PasswordRotat
C. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update
the environment variable for each Lambda function.
D. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each
Lambda functio
E. Grant each Lambda function access to the KMS key so that the database password can be decrypted when require
F. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.
G. Use AWS Secrets Manager to store credentials for the databas
H. Create a Secrets Manager secret, and select the database so that Secrets Manager will use a Lambda function to update the database password automaticall
I. Specify an automatic rotation schedule of 30 day
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
J. Update each Lambda function to access the database password from SecretsManager.
K. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the databas
L. Create a new Lambda function called PasswordRotat
M. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to
update the secret within Parameter Stor
N. Update each Lambda function to access the database password from Parameter Store.
Answer: C
Explanation:
When you choose to enable rotation, Secrets Manager supports the following Amazon Relational Database Service (Amazon RDS) databases with AWS written
and tested Lambda rotation function templates, and full configuration of the rotation process:
Amazon Aurora on Amazon RDS MySQL on Amazon RDS PostgreSQL on Amazon RDS Oracle on Amazon RDS MariaDB on Amazon RDS
Microsoft SQL Server on Amazon RDS https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
NEW QUESTION 217
- (Exam Topic 1)
A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application
fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times:
"** Error Establishing a Database Connection
Which of the following may be causes of the connectivity problems? {Select TWO.)
A. The security group for the database does not have the appropriate egress rule from the database to the web server.
B. The certificate used by the web server is not trusted by the RDS instance.
C. The security group for the database does not have the appropriate ingress rule from the web server to the database.
D. The port used by the application developer does not match the port specified in the RDS configuration.
E. The database is still being created and is not available for connectivity.
Answer: CD
NEW QUESTION 218
- (Exam Topic 1)
A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator
inspects the VPC flow logs and finds the following entry:
2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK
What is a possible cause of these failed connections?
A. A security group is denying traffic on port 443.
B. The EC2 instance is shut down.
C. The network ACL is blocking HTTPS traffic.
D. The VPC has no internet gateway attached.
Answer: A
Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-accepted
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#
Accepted and rejected traffic: In this example, RDP traffic (destination port 3389, TCP protocol) to network interface eni-1235b8ca123456789 in account
123456789010 was rejected. 2 123456789010
eni-1235b8ca123456789 172.31.9.69 172.31.9.12 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK
NEW QUESTION 223
- (Exam Topic 1)
A software development company has multiple developers who work on the same product. Each developer must have their own development environment, and
these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The
development environments should be created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?
A. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessar
B. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.
C. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessar
D. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.
E. Provide developers with CLI commands so that they can provision their own development environment when necessar
F. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB
instance.
G. Provide developers with CLI commands so that they can provision their own development environment when necessar
H. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment
resources.
Answer: B
NEW QUESTION 227
- (Exam Topic 1)
A company runs an application on an Amazon EC2 instance A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to
handle an increase in demand However, the EC2 instances are failing tie health check.
What should the SysOps administrator do to troubleshoot this issue?
A. Verity that the Auto Scaling group is configured to use all AWS Regions.
B. Verily that the application is running on the protocol and the port that the listens is expecting.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
C. Verify the listener priority in the ALB Change the priority if necessary.
D. Verify the maximum number of instances in the Auto Scaling group Change the number if necessary
Answer: B
NEW QUESTION 229
- (Exam Topic 1)
A company is testing Amazon Elasticsearch Service (Amazon ES) as a solution for analyzing system logs from a fleet of Amazon EC2 instances. During the test
phase, the domain operates on a single-node cluster. A SysOps administrator needs to transition the test domain into a highly available production-grade
deployment.
Which Amazon ES configuration should the SysOps administrator use to meet this requirement?
A. Use a cluster of four data nodes across two AWS Region
B. Deploy four dedicated master nodes in each Region.
C. Use a cluster of six data nodes across three Availability Zone
D. Use three dedicated master nodes.
E. Use a cluster of six data nodes across three Availability Zone
F. Use six dedicated master nodes.
G. Use a cluster of eight data nodes across two Availability Zone
H. Deploy four master nodes in a failover AWS Region.
Answer: B
NEW QUESTION 232
- (Exam Topic 1)
A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to
turn on AWS Config in all the accounts of the organization and in all AWS Regions.
What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?
A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.
B. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.
C. Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.
D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organizatio
E. Run the script from the organization's management account.
Answer: C
NEW QUESTION 233
- (Exam Topic 1)
A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the
appropriate permissions for AWS Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While
configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager.
What must the SysOps administrator do to fix this issue?
A. Ensure that all the EC2 instances have the correct tags for Systems Manager access.
B. Configure AWS Identity and Access Management Access Analyzer to determine and automatically remediate the issue.
C. Ensure that all the EC2 instances have an instance profile with Systems Manager access.
D. Configure Systems Manager to use an interface VPC endpoint.
Answer: C
Explanation:
Ensuring that all the EC2 instances have an instance profile with Systems Manager access is the most effective way to fix this issue. Having an instance profile
with Systems Manager access will allow the SysOps administrator to configure the inventory collection for all the instances in the subnet, regardless of whether or
not they are managed by Systems Manager.
NEW QUESTION 234
- (Exam Topic 1)
A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is
not running fast enough and is creating bottlenecks in the system.
What should a SysOps administrator do to resolve this issue?
A. In the CPU launch options for the Lambda function, activate hyperthreading.
B. Turn off the AWS managed encryption.
C. Increase the amount of memory for the Lambda function.
D. Load the required code into a custom layer.
Answer: C
Explanation:
Increasing the amount of memory for the Lambda function will help to improve the performance of the function. This is because the Lambda function is CPU-
intensive and increasing the memory will give it access to more CPU resources and help it run faster. The other options (activating hyperthreading in the CPU
launch options for the Lambda function, turning off the AWS managed encryption, and loading the required code into a custom layer) will not help to improve the
performance of the Lambda function and are not the correct solutions for this issue.
https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-con
NEW QUESTION 235
- (Exam Topic 1)
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
A SysOps administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks
are failing What should the administrator do first to resolve this issue?
A. Reboot the EC2 instance so it can be launched on a new host
B. Stop and then start the EC2 instance so that it can be launched on a new host
C. Terminate the EC2 instance and relaunch it
D. View the AWS CloudTrail log to investigate what changed on the EC2 instance
Answer: B
Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-windows-system-status-check-fail/
NEW QUESTION 236
- (Exam Topic 1)
A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern
all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the
management account.
What could be the reason for this issue?
A. All features have not been enabled in the organization.
B. Consolidated billing has not been enabled.
C. The member accounts do not have tags enabled for cost allocation.
D. The member accounts have not manually enabled trusted access for Compute Optimizer.
Answer: C
NEW QUESTION 238
- (Exam Topic 1)
A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto
Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?
A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
Answer: C
Explanation:
"An Auto Scaling group can contain EC2 instances in one or more Availability Zones within the same Region. However, Auto Scaling groups cannot span multiple
Regions". As stated in https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.htm
NEW QUESTION 239
- (Exam Topic 1)
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect
the website by using AWS Certificate Manager (ACM) certificates The ELB must automatically redirect any HTTP requests to HTTPS
Which solution will meet these requirements?
A. Create an Application Load Balancer that has one HTTPS listener on port 80 Attach an SSLTLS certificate to listener port 80 Create a rule to redirect requests
from HTTP to HTTPS
B. Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443 Attach an SSL TLS certificate to
listener port 443 Create a rule to redirect requests from port 80 to port 443
C. Create an Application Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to
redirect requests from port 80 to port 443
D. Create a Network Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect
requests from port 80 to port 443
Answer: B
NEW QUESTION 241
- (Exam Topic 1)
A company has a compliance requirement that no security groups can allow SSH ports to be open to all IP addresses. A SysOps administrator must implement a
solution that will notify the company's SysOps team when a security group rule violates this requirement. The solution also must remediate the security group rule
automatically.
Which solution will meet these requirements?
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a security group change
B. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on all ports, and notify the SysOps team if
the security group is noncompliant.
C. Create an AWS CloudTrail metric filter for security group change
D. Create an Amazon CloudWatch alarm to notify the SysOps team through an Amazon Simple Notification Service (Amazon SNS) topic when (he metric is
greater than 0. Subscribe an AWS Lambda function to the SNS topic to remediate the security group rule by removing the rule.
E. Activate the AWS Config restricted-ssh managed rul
F. Add automatic remediation to the AWS Config rule by using the AWS Systems Manager Automation AWS DisablePublicAccessForSecurityGroup runboo
G. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.
H. Create an AWS CloudTrail metric filter for security group change
I. Create an Amazon CloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manager action to the CloudWatch alarm to suspend the
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
security group by using the Systems Manager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarm is in ALARM stat
J. Add an Amazon Simple Notification Service (Amazon SNS) topic as a second target to notify the SysOps team.
Answer: C
NEW QUESTION 242
- (Exam Topic 1)
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused
for multiple environments.
How should the SysOps administrator use AWS CloudFormation to create a solution?
A. Use Amazon EC2 user data in a CloudFormation template
B. Use nested stacks to provision resources
C. Use parameters in a CloudFormation template
D. Use stack policies to provision resources
Answer: C
Explanation:
Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your
infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before
implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks
when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment,
but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse
NEW QUESTION 246
- (Exam Topic 1)
A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto
Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application.
Which solution will meet these requirements?
A. Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
B. Create a scaling policy that will scale the application based on the mem used Amazon CloudWatch metric that is generated from the ELB.
C. Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections.
D. Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metri
E. Create a scaling policy that uses the metric.
Answer: D
Explanation:
This solution will allow the application to scale based on the number of users that connect to the application. The other solutions (creating a scaling policy that uses
the ActiveConnectionCount Amazon CloudWatch metric generated from the ELB, creating a scaling policy that uses the mem used Amazon CloudWatch metric
generated from the ELB, or creating a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional
connections) will not meet the requirements, as they do not allow the application to scale based on the number of users that connect to the application.
NEW QUESTION 251
- (Exam Topic 1)
A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an
InsufficientlnstanceCapacity error.
Which actions should a SysOps administrator take to remediate this issue? (Select TWO.
A. Change the instance type that the company is using.
B. Configure the Auto Scaling group in different Availability Zones.
C. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.
D. Increase the maximum size of the Auto Scaling group.
E. Request an increase in the instance service quota.
Answer: AB
NEW QUESTION 256
- (Exam Topic 1)
A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions.
The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires
its own CloudWatch dashboard.
How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?
A. Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboar
B. Run the command each time a new CloudFormation stack is created.
C. Export the existing CloudWatch dashboard as JSO
D. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resourc
E. Include the exported JSON in the resource's DashboardBody property.
F. Update the CloudFormation template to define an resourc
G. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.
H. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resourc
I. Specify the name of the existingdashboard in the DashboardName property.
Answer: B
Explanation:
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
You can only use the Intrinsic Ref function to reference a resource that is being created at the same time as the current CloudFormation template. The question
states that the CloudWatch dashboard was previously created using the AWS Management Console, so there is no ID to reference the existing CloudWatch
dashboard in the CloudFormation template. You would need to export the existing CloudWatch dashboard as JSON, then use the DashboardBody property in the
CloudFormation template to replicate it upon each deployment
(https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structu
NEW QUESTION 261
- (Exam Topic 1)
A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed.
The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The
third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically
Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.) Create a Systems Manager Distributor package for the
third-party agent.
A. Make sure that Systems Manager Inventory Is configure
B. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows.
C. Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document.Populate the details of the third-party agent packag
D. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
E. Create a Systems Manager State Manager- association to run the AWS-ConfigureAWSPackage documen
F. Populate the details of the third-party agent packag
G. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
H. Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsite
I. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day.
Answer: AD
Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor-working-with-packages-deploy.html
NEW QUESTION 262
- (Exam Topic 1)
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.
What actions should the SysOps administrator take to meet these requirements?
A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
B. Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the
source.
C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows
the EC2 instances full access to the S3 bucket.
D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
Answer: B
Explanation:
While IAM policy (letter A) also can be used, it does not enforce everyone. The only option that enforces everyone is policy configured directly in the bucket S3.
NEW QUESTION 264
- (Exam Topic 1)
A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access
an Amazon DynamoDB table.
Which solution will meet this requirement?
A. Create access keys to access the DynamoDB tabl
B. Assign the access keys to the EC2 instance profile.
C. Create an EC2 key pair to access the DynamoDB tabl
D. Assign the key pair to the EC2 instance profile.
E. Create an IAM user to access the DynamoDB tabl
F. Assign the IAM user to the EC2 instance profile.
G. Create an IAM role to access the DynamoDB tabl
H. Assign the IAM role to the EC2 instance profile.
Answer: D
NEW QUESTION 268
- (Exam Topic 1)
A company runs workloads on 90 Amazon EC2 instances in the eu-west-1 Region in an AWS account. In 2 months, the company will migrate the workloads from
eu-west-1 to the eu-west-3 Region.
The company needs to reduce the cost of the EC2 instances. The company is willing to make a 1-year commitment that will begin next week. The company must
choose an EC2 Instance purchasing option that will provide discounts for the 90 EC2 Instances regardless of Region during the 1-year period. Which solution will
meet these requirements?
A. Purchase EC2 Standard Reserved Instances.
B. Purchase an EC2 Instance Savings Plan.
C. Purchase EC2 Convertible Reserved Instances.
D. Purchase a Compute Savings Plan.
Answer: B
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
NEW QUESTION 273
......
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full SOA-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SOA-C02-exam-dumps.html (305 New Questions)
Thank You for Trying Our Product
We offer two products:
1st - We have Practice Tests Software with Actual Exam Questions
2nd - Questons and Answers in PDF Format
SOA-C02 Practice Exam Features:
* SOA-C02 Questions and Answers Updated Frequently
* SOA-C02 Practice Questions Verified by Expert Senior Certified Staff
* SOA-C02 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* SOA-C02 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
100% Actual & Verified — Instant Download, Please Click
Order The SOA-C02 Practice Test Here
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Powered by TCPDF (www.tcpdf.org)
You might also like
- Aws Certified Developer Associate Dva c02No ratings yetAws Certified Developer Associate Dva c02209 pages
- AWS Certified DevOps Engineer - Professional DOP-C02 Exam - Free Exam Q&As, Page 1 - ExamTopics50% (2)AWS Certified DevOps Engineer - Professional DOP-C02 Exam - Free Exam Q&As, Page 1 - ExamTopics161 pages
- Amazon - Dop C02.VJan 2024.by .Lorenci.82q100% (1)Amazon - Dop C02.VJan 2024.by .Lorenci.82q42 pages
- Terraform Associate - Edu4u.premium - New OptimizedNo ratings yetTerraform Associate - Edu4u.premium - New Optimized340 pages
- AWS Solutions Architect Cheat Sheet Nov 2024No ratings yetAWS Solutions Architect Cheat Sheet Nov 2024148 pages
- Linux Foundatiocka Exam Dumps 2023-Sep-19 by Jacob 25q VceNo ratings yetLinux Foundatiocka Exam Dumps 2023-Sep-19 by Jacob 25q Vce28 pages
- SAA Roadmap in 8 Weeks - Cloudemind Copy 3No ratings yetSAA Roadmap in 8 Weeks - Cloudemind Copy 323 pages
- 1.1 AWS Certified Cloud Practitioner - Exam - Guide - v1.4 - FINALNo ratings yet1.1 AWS Certified Cloud Practitioner - Exam - Guide - v1.4 - FINAL3 pages
- Aws Certified Solutions Architect Associate Saa c03 Updated Nov 2024No ratings yetAws Certified Solutions Architect Associate Saa c03 Updated Nov 2024488 pages
- AWS Certified Solutions Architect Professional - Exam GuideNo ratings yetAWS Certified Solutions Architect Professional - Exam Guide22 pages
- AWS Certified Developer Associate - Exam GuideNo ratings yetAWS Certified Developer Associate - Exam Guide16 pages
- AWS Solution Architect Syllabus - by Murali P N, Besant TechnologiesNo ratings yetAWS Solution Architect Syllabus - by Murali P N, Besant Technologies7 pages
- Aindumps 2023-Sep-14 by Darnell 218q VceNo ratings yetAindumps 2023-Sep-14 by Darnell 218q Vce18 pages
- AWS Certified SysOps Administrator Associate - Exam GuideNo ratings yetAWS Certified SysOps Administrator Associate - Exam Guide14 pages
- AWS Certified Cloud Practitioner - Exam Guide - C02No ratings yetAWS Certified Cloud Practitioner - Exam Guide - C0214 pages
- Aws + Azure + GCP - Devops Course Content V1.2No ratings yetAws + Azure + GCP - Devops Course Content V1.28 pages
- Selling Platform Connect - GuÃ-a Usuario - SP - 201406 PDFNo ratings yetSelling Platform Connect - GuÃ-a Usuario - SP - 201406 PDF194 pages
- Amazon Passguide AWS-Certified-Developer-Associate Exam Dumps V2018-Mar-20 by Lyle 299q VceNo ratings yetAmazon Passguide AWS-Certified-Developer-Associate Exam Dumps V2018-Mar-20 by Lyle 299q Vce6 pages
- Exam Tips For Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD)No ratings yetExam Tips For Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD)3 pages
- HUAWEI 4G Router 3 Pro Quick Start - (B535-235,01, En)No ratings yetHUAWEI 4G Router 3 Pro Quick Start - (B535-235,01, En)88 pages
- AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 1 - ExamTopicsNo ratings yetAWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 1 - ExamTopics97 pages
- Authentic AWS-Solution-Architect-Associate Exam - Questions - Answers0% (1)Authentic AWS-Solution-Architect-Associate Exam - Questions - Answers3 pages
- Contracts - Support - Associate - Swiss Re - Written Assessment - 15.11.21No ratings yetContracts - Support - Associate - Swiss Re - Written Assessment - 15.11.214 pages
- Aws Certified Devops Engineer - Professional (Dop-C01) Exam GuideNo ratings yetAws Certified Devops Engineer - Professional (Dop-C01) Exam Guide10 pages
- A Multi-View Feature Fusion Approach For Effective Malware Classification Using Deep LearningNo ratings yetA Multi-View Feature Fusion Approach For Effective Malware Classification Using Deep Learning15 pages
- What Is Difference Between Candidate Key and Primary KeyNo ratings yetWhat Is Difference Between Candidate Key and Primary Key25 pages
- Abstract Syntax Notation One (ASN.1) - The Tutorial and ReferenceNo ratings yetAbstract Syntax Notation One (ASN.1) - The Tutorial and Reference12 pages
- PR To Be Made Mandatory Field in Purchase Order - SCNNo ratings yetPR To Be Made Mandatory Field in Purchase Order - SCN3 pages
- CS1101 Computational Engineering: Introduction To C Programming LanguageNo ratings yetCS1101 Computational Engineering: Introduction To C Programming Language34 pages
- Data Structures in C MCQ Questions and Answers For Sppu Exam 2020 Part-1 - ToolsandJobsNo ratings yetData Structures in C MCQ Questions and Answers For Sppu Exam 2020 Part-1 - ToolsandJobs4 pages
- SAA-C03 AWS Certified Solutions Architect - Associate Updated DumpsNo ratings yetSAA-C03 AWS Certified Solutions Architect - Associate Updated Dumps89 pages