Practice Free SOA-C02 Exam Online Questions
Question #111
A SysOps administrator is responsible for a legacy. CPU-heavy application. The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance The system is showing 90% CPU usage and significant performance latency after a few minutes
What change should be made to alleviate the performance problem?
- A . Change the Amazon EBS volume to Provisioned lOPs
- B . Upgrade to a compute-optimized instance
- C . Add additional t3. large instances to the application
- D . Purchase Reserved Instances
Correct Answer: B
B
Explanation:
To address the performance issues of a CPU-heavy application running on a t2.large EC2 instance, the best course of action is to upgrade to a compute-optimized instance. Compute-optimized instances provide a higher ratio of CPU resources compared to memory, making them ideal for applications that require high CPU performance.
Upgrade to a Compute-Optimized Instance:
Identify a suitable compute-optimized instance type, such as the c5.large, which offers better CPU performance compared to the t2.large.
Stop the current EC2 instance and change the instance type to the chosen compute-optimized instance.
Reference: Amazon EC2 Instance Types
Considerations:
Ensure that the new instance type is compatible with the existing AMI and EBS volume configuration.
Monitor the application performance after the upgrade to ensure that the new instance type meets the application’s requirements.
This approach directly addresses the high CPU utilization and performance latency issues.
B
Explanation:
To address the performance issues of a CPU-heavy application running on a t2.large EC2 instance, the best course of action is to upgrade to a compute-optimized instance. Compute-optimized instances provide a higher ratio of CPU resources compared to memory, making them ideal for applications that require high CPU performance.
Upgrade to a Compute-Optimized Instance:
Identify a suitable compute-optimized instance type, such as the c5.large, which offers better CPU performance compared to the t2.large.
Stop the current EC2 instance and change the instance type to the chosen compute-optimized instance.
Reference: Amazon EC2 Instance Types
Considerations:
Ensure that the new instance type is compatible with the existing AMI and EBS volume configuration.
Monitor the application performance after the upgrade to ensure that the new instance type meets the application’s requirements.
This approach directly addresses the high CPU utilization and performance latency issues.
Question #112
A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOpe administrator notices that some of these EC2 instances show up as heathy in the Auto Scaling g-out but show up as unhealthy in the ALB target group.
What is a possible reason for this issue?
- A . Security groups ate rot allowing traffic between the ALB and the failing EC2 instances
- B . The Auto Seating group health check is configured for EC2 status checks
- C . The EC2 instances are failing to launch and failing EC2 status checks.
- D . The target group health check is configured with an incorrect port or path
Correct Answer: D
D
Explanation:
The issue where EC2 instances show up as healthy in the Auto Scaling group but unhealthy in the ALB target group is likely due to the target group health check being configured with an incorrect port or path.
Health Checks:
ALB target groups use health checks to determine the health of instances. These health checks are configured with a specific port and path.
If the health check configuration does not match the actual application endpoint on the instances, the instances will fail the health check.
Troubleshooting Steps:
Verify the health check settings for the target group in the ALB. Ensure the port and path are correctly configured to match the application on the EC2 instances.
Adjust the settings if necessary and monitor the health status of the instances in the target group.
Reference: Target Group Health Checks
D
Explanation:
The issue where EC2 instances show up as healthy in the Auto Scaling group but unhealthy in the ALB target group is likely due to the target group health check being configured with an incorrect port or path.
Health Checks:
ALB target groups use health checks to determine the health of instances. These health checks are configured with a specific port and path.
If the health check configuration does not match the actual application endpoint on the instances, the instances will fail the health check.
Troubleshooting Steps:
Verify the health check settings for the target group in the ALB. Ensure the port and path are correctly configured to match the application on the EC2 instances.
Adjust the settings if necessary and monitor the health status of the instances in the target group.
Reference: Target Group Health Checks
Question #113
A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?
- A . Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is
required at peak usage. - B . Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
- C . Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
- D . Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
Correct Answer: C
C
Explanation:
To make the application highly available, update the Auto Scaling group to launch new instances in a second Availability Zone within the same AWS Region.
Understand High Availability Requirements:
High availability involves distributing instances across multiple Availability Zones to ensure the application remains accessible even if one Availability Zone experiences issues.
Reference: Regions, Availability Zones, and Local Zones
Update Auto Scaling Group Configuration:
Navigate to the EC2 console.
Select "Auto Scaling Groups" and choose the Auto Scaling group for your application.
Update the "Network" section to include additional subnets from different Availability Zones within the same region.
Reference: Configuring your Auto Scaling group to launch instances in multiple Availability Zones Adjust Capacity Settings:
Ensure the desired and minimum capacity settings are configured to distribute instances across multiple Availability Zones.
Save the changes.
By launching instances in multiple Availability Zones, the application can handle failures in one zone, achieving high availability.
C
Explanation:
To make the application highly available, update the Auto Scaling group to launch new instances in a second Availability Zone within the same AWS Region.
Understand High Availability Requirements:
High availability involves distributing instances across multiple Availability Zones to ensure the application remains accessible even if one Availability Zone experiences issues.
Reference: Regions, Availability Zones, and Local Zones
Update Auto Scaling Group Configuration:
Navigate to the EC2 console.
Select "Auto Scaling Groups" and choose the Auto Scaling group for your application.
Update the "Network" section to include additional subnets from different Availability Zones within the same region.
Reference: Configuring your Auto Scaling group to launch instances in multiple Availability Zones Adjust Capacity Settings:
Ensure the desired and minimum capacity settings are configured to distribute instances across multiple Availability Zones.
Save the changes.
By launching instances in multiple Availability Zones, the application can handle failures in one zone, achieving high availability.
Question #114
A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhe company now needs to centruito Scaling group is configured with two similar scaling policies
dP) to centrally manage access to One scaling policy adds 5 instances when CPU utilization reaches 80%. The other sctrator can connect to the extemahen CPU utilization leaches 80%.
What will happen when CPU utilization reaches the 80% threshold?
- A . Amazon EC2 Auto Scaling will add 5 instances
- B . Amazon EC2 Auto Scaling will add 10 instances
- C . Amazon EC2 Auto Scaling will add 15 instances.
- D . The Auto Scaling group will not scale because of conflicting policies
Correct Answer: B
B
Explanation:
Scaling Policies in Auto Scaling:
When multiple scaling policies trigger at the same time, each policy is executed independently.
If both policies are set to add 5 instances when CPU utilization reaches 80%, they will both be executed when the threshold is met.
Therefore, the total number of instances added will be the sum of the instances specified in both policies.
In this case, 5 instances from one policy and 5 instances from the other policy will result in a total of 10 instances being added.
Steps to Configure and Verify Scaling Policies:
Go to the AWS Management Console.
Navigate to EC2 and select "Auto Scaling Groups."
Select your Auto Scaling group and review the scaling policies.
Ensure that both scaling policies are configured to trigger at 80% CPU utilization.
Monitor the Auto Scaling group’s activity to verify the addition of instances when the CPU utilization threshold is reached.
Reference: Scaling Policies for Amazon EC2 Auto Scaling
B
Explanation:
Scaling Policies in Auto Scaling:
When multiple scaling policies trigger at the same time, each policy is executed independently.
If both policies are set to add 5 instances when CPU utilization reaches 80%, they will both be executed when the threshold is met.
Therefore, the total number of instances added will be the sum of the instances specified in both policies.
In this case, 5 instances from one policy and 5 instances from the other policy will result in a total of 10 instances being added.
Steps to Configure and Verify Scaling Policies:
Go to the AWS Management Console.
Navigate to EC2 and select "Auto Scaling Groups."
Select your Auto Scaling group and review the scaling policies.
Ensure that both scaling policies are configured to trigger at 80% CPU utilization.
Monitor the Auto Scaling group’s activity to verify the addition of instances when the CPU utilization threshold is reached.
Reference: Scaling Policies for Amazon EC2 Auto Scaling
Question #115
A SysOps administrator is responsible for a company’s security groups. The company wants to maintain a documented trail of any changes that are made to the security groups. The SysOps administrator must receive notification whenever the security groups change.
Which solution will meet these requirements?
- A . Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SOS) queue for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SQS queue.
- B . Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
- C . Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
- D . Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
Correct Answer: C
C
Explanation:
To maintain a documented trail of any changes made to the security groups and receive notifications, AWS Config is the best solution.
AWS Config:
AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
You can set up AWS Config to record changes to your security groups.
Setting Up AWS Config:
Open the AWS Config console and choose "Set up AWS Config."
Select the resource types you want to record (in this case, security groups).
Specify an Amazon S3 bucket to store configuration snapshots and history files.
Notifications:
Create an Amazon SNS topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
Reference: AWS Config
Setting Up AWS Config
C
Explanation:
To maintain a documented trail of any changes made to the security groups and receive notifications, AWS Config is the best solution.
AWS Config:
AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
You can set up AWS Config to record changes to your security groups.
Setting Up AWS Config:
Open the AWS Config console and choose "Set up AWS Config."
Select the resource types you want to record (in this case, security groups).
Specify an Amazon S3 bucket to store configuration snapshots and history files.
Notifications:
Create an Amazon SNS topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
Reference: AWS Config
Setting Up AWS Config
Question #116
A company needs to view a list of security groups that are open to the internet on port 3389.
What should a SysOps administrator do to meet this requirement?
- A . Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.
- B . Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.
- C . Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
- D . Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389
Correct Answer: D
D
Explanation:
To view a list of security groups that are open to the internet on port 3389, the most appropriate tool
is AWS Trusted Advisor.
AWS Trusted Advisor:
AWS Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
It includes a security check that identifies security groups with unrestricted access.
Using Trusted Advisor:
Go to the AWS Trusted Advisor console.
In the "Security" category, look for the check that identifies security groups with unrestricted access.
Review the report to find security groups that allow unrestricted access on port 3389 (RDP).
Reference: AWS Trusted Advisor
AWS Trusted Advisor Best Practices
D
Explanation:
To view a list of security groups that are open to the internet on port 3389, the most appropriate tool
is AWS Trusted Advisor.
AWS Trusted Advisor:
AWS Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
It includes a security check that identifies security groups with unrestricted access.
Using Trusted Advisor:
Go to the AWS Trusted Advisor console.
In the "Security" category, look for the check that identifies security groups with unrestricted access.
Review the report to find security groups that allow unrestricted access on port 3389 (RDP).
Reference: AWS Trusted Advisor
AWS Trusted Advisor Best Practices
Question #117
After creating a presigned URL for an S3 object, users can no longer access the file after a few days. (Select TWO):
- A . The presigned URL’s expiration date and time have passed.
- B . The SysOps administrator’s access key is no longer valid.
- C . The S3 bucket’s Block Public Access settings are enabled.
- D . The S3 object’s ACL does not include READ access for the All Users group.
- E . The S3 object’s ACL does not include READ_ACP access for the All Users group.
Correct Answer: A, B
A, B
Explanation:
The presigned URL expiration is the most common reason for access issues after some time. Additionally, if the SysOps administrator’s access key (used to generate the presigned URL) is invalid, the URL will no longer be usable. Block Public Access or ACL settings are irrelevant to presigned URLs.
A, B
Explanation:
The presigned URL expiration is the most common reason for access issues after some time. Additionally, if the SysOps administrator’s access key (used to generate the presigned URL) is invalid, the URL will no longer be usable. Block Public Access or ACL settings are irrelevant to presigned URLs.
Question #118
A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and resources
Which action should be taken to meet these requirements?
- A . Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations
- B . Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure
- C . Use AWS Config to provision accounts and deploy instances using AWS Service Catalog
- D . Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts
Correct Answer: D
D
Explanation:
To provision AWS accounts for each team with a defined baseline and governance guardrails in a scalable and efficient way, using AWS Control Tower is the best solution.
AWS Control Tower:
AWS Control Tower provides a straightforward way to set up and govern a secure, multi-account AWS environment based on best practices.
It uses Account Factory, a feature that automates the creation of new AWS accounts with predefined configurations.
Creating Accounts with Control Tower:
Navigate to the AWS Control Tower console.
Use Account Factory to create a new account.
Customize the account template to include the necessary configurations, such as organizational units (OUs), guardrails, and baselines.
Advantages:
Ensures consistent security and compliance across all accounts.
Automates account creation and configuration, saving time and reducing errors.
Reference: AWS Control Tower
Setting Up Account Factory
D
Explanation:
To provision AWS accounts for each team with a defined baseline and governance guardrails in a scalable and efficient way, using AWS Control Tower is the best solution.
AWS Control Tower:
AWS Control Tower provides a straightforward way to set up and govern a secure, multi-account AWS environment based on best practices.
It uses Account Factory, a feature that automates the creation of new AWS accounts with predefined configurations.
Creating Accounts with Control Tower:
Navigate to the AWS Control Tower console.
Use Account Factory to create a new account.
Customize the account template to include the necessary configurations, such as organizational units (OUs), guardrails, and baselines.
Advantages:
Ensures consistent security and compliance across all accounts.
Automates account creation and configuration, saving time and reducing errors.
Reference: AWS Control Tower
Setting Up Account Factory
Question #119
A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.
Which action will the administrator of the second account be able to perform?
- A . Add a product from the imported portfolio to a local portfolio.
- B . Add new products to the imported portfolio.
- C . Change the launch role for the products contained in the imported portfolio.
- D . Customize the products in the imported portfolio.
Correct Answer: A
A
Explanation:
When a portfolio is shared between AWS accounts in AWS Service Catalog, the administrator of the second account can import the shared portfolio and add products from the imported portfolio to their local portfolio. However, they cannot modify the imported portfolio directly.
Import the Shared Portfolio:
In the second AWS account, open the AWS Service Catalog console at AWS Service Catalog Console. Navigate to Portfolios and choose Import portfolio. Add Products to a Local Portfolio:
Once the portfolio is imported, the administrator can select products from the imported portfolio and add them to a local portfolio for easier management and deployment.
Reference: Sharing Portfolios Across Accounts
AWS Service Catalog Admin Guide
A
Explanation:
When a portfolio is shared between AWS accounts in AWS Service Catalog, the administrator of the second account can import the shared portfolio and add products from the imported portfolio to their local portfolio. However, they cannot modify the imported portfolio directly.
Import the Shared Portfolio:
In the second AWS account, open the AWS Service Catalog console at AWS Service Catalog Console. Navigate to Portfolios and choose Import portfolio. Add Products to a Local Portfolio:
Once the portfolio is imported, the administrator can select products from the imported portfolio and add them to a local portfolio for easier management and deployment.
Reference: Sharing Portfolios Across Accounts
AWS Service Catalog Admin Guide
Question #120
A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.
What should a SysOps administrator do to implement this requirement?
- A . Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
- B . Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
- C . Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
- D . Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.
Correct Answer: C
C
Explanation:
To enforce the use of approved EC2 instance configurations across different business units efficiently:
AWS Service Catalog: Utilize AWS Service Catalog to manage and govern commonly deployed IT services. Create a catalog of pre-approved products (in this case, EC2 instance configurations).
Publish Products: Define and publish EC2 instance configurations as products within the Service Catalog. These products will incorporate all the necessary and approved configurations, options, and software.
Launch Constraints: Assign launch constraints to these products, ensuring that users can only launch EC2 instances as defined by the pre-approved configurations.
Control Access: Grant business units access only to the Service Catalog for provisioning EC2 instances. This ensures they use only those configurations that comply with company policies and standards.
This approach not only standardizes resource deployment but also simplifies management and enhances compliance across the organization.
C
Explanation:
To enforce the use of approved EC2 instance configurations across different business units efficiently:
AWS Service Catalog: Utilize AWS Service Catalog to manage and govern commonly deployed IT services. Create a catalog of pre-approved products (in this case, EC2 instance configurations).
Publish Products: Define and publish EC2 instance configurations as products within the Service Catalog. These products will incorporate all the necessary and approved configurations, options, and software.
Launch Constraints: Assign launch constraints to these products, ensuring that users can only launch EC2 instances as defined by the pre-approved configurations.
Control Access: Grant business units access only to the Service Catalog for provisioning EC2 instances. This ensures they use only those configurations that comply with company policies and standards.
This approach not only standardizes resource deployment but also simplifies management and enhances compliance across the organization.