Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Amazon Web Services
  3. AWS Certified Associate
  4. SOA-C01
  5. AWS Certified SysOps Administrator - Associate Questions and Answers

Pass the Amazon Web Services AWS Certified Associate SOA-C01 Questions and answers with ValidTests

Exam SOA-C01 All Questions
Exam SOA-C01 Premium Access

View all detail and faqs for the SOA-C01 exam

Go to Exam
Viewing page 3 out of 8 pages
Viewing questions 21-30 out of questions
Questions # 21:

A company’s Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.

How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

Options:

A.

Add AWS CloudTrail logging for the S3 buckets.

B.

Implement IAM policies to allow only the Storage team to create S3 buckets.

C.

Add the AWS Config managed rule S3_BUCKET_LOGGING_ENABLED.

D.

Create an AWS Lambda function to delete the S3 buckets if logging is not turned on.

Expert Solution
Questions # 22:

A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.

How can a sysops administrator achieve this is with the LEAST amount of operational overhead?

Options:

A.

Store AWS CloudTrail logs in Amazon S3 in each account Create a new account to store compliance data and replicate the objects into the newly created account

B.

Store AWS CloudTrail logs in Amazon S3 in each account. Create an 1AM user with read-only access to the CloudTrail logs

C.

From the master account create an organization trail using AWS CloudTrail and apply it to all Regions Use 1AM roles to restrict access.

D.

Use an AWS CloudFormation stack set to create an AWS CloudTrail trail in every account and restrict permissions to modify the logs

Expert Solution
Questions # 23:

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances

How will AWS respond to this request?

Options:

A.

AWS will apply the patch during the next maintenance window and will provide the Administrator with a report of all patched EC2 instances

B.

AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI) and will provide the Administrator with a report of all patched EC2 instances

C.

AWS will research the vulnerability to see if the Administrator's operating system is impacted and will patch the EC2 instances that are affected

D.

AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances

Expert Solution
Questions # 24:

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

Options:

A.

Add a product from the imported portfolio to a local portfolio.

B.

Add new product to the imported portfolio.

C.

Change the launch role for the products contained in the imported portfolio.

D.

Remove Products from the imported portfolio.

Expert Solution
Questions # 25:

A SysOps Administrator has been tasked with deploying a company’s infrastructure as code. The Administrator wants to write a single template that can be reused for multiple environments in a safe, repeatable manner.

What is the recommended way to use AWS CloudFormation to meet this requirement?

Options:

A.

Use parameters to provision the resources.

B.

Use nested stacks to provision the resources.

C.

Use Amazon EC2 user data to provision the resources.

D.

Use stack policies to provision the resources.

Expert Solution
Questions # 26:

An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.

What is the MOST efficient way to accomplish this goal?

Options:

A.

Deploy the solution to memory-optimized EC2 instances, and use the CloudWatch MemoryUtilization metric

B.

Enable the Memory Monitoring option by using AWS Config

C.

Install the AWS Systems Manager agent on the applicable EC2 instances to monitor memory

D.

Monitor memory by using a script within the instance, and send it to CloudWatch as a custom metric

Expert Solution
Questions # 27:

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?

Options:

A.

Copy the AMI to each region using aws ec2 copy-image Update the CloudFormation mapping include mappings for the copy AMIs.

B.

Creating a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI.

C.

Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.

D.

Update the CloudFormation template to include the additional regions in the auto scaling group. Update the existing stack in us-east-1.

Expert Solution
Questions # 28:

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

Options:

A.

Delete the failed stack and create a new stack.

B.

Execute a change set on the failed stack.

C.

Perform an update-stack action on the failed stack.

D.

Run a validate-template command.

Expert Solution
Questions # 29:

A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps administrator has been asked to determine what is causing this increase.

What is the Most comprehensive tool that will accomplish this task?

Options:

A.

AWS Cost Explorer

B.

AWS Trusted Advisor

C.

Cost allocation tags

D.

Resource groups

Expert Solution
Questions # 30:

A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.

How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

Options:

A.

Update the EFS file system settings to enable server-side encryption using AES-256.

B.

Create a new encrypted EFS file system and copy the data from the unencrypted EFS file system to the new encrypted EFS file system.

C.

Use AWS CloudHSM to encrypt the files directly before storing them in the EFS file system.

D.

Modify the EFS file system mount options to enable Transport Layer Security (TLS) on each of the EC2 instances.

Expert Solution
Viewing page 3 out of 8 pages
Viewing questions 21-30 out of questions