SOA-C01 Online Practice Questions and Answers

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign one of the Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP assignment screen. What is a possible reason that the instance is unavailable in the assigned IP console?

A. The IP address may be attached to one of the instances

B. The IP address belongs to a different zone than the subnet zone

C. The user has not created an internet gateway

D. The IP addresses belong to EC2 Classic; so they cannot be assigned to VPC

You need to determine what encryption operations were taken with which key in AWS KMS to ei-ther encrypt or decrypt data in the AWS CodeCommit repository. Which of the following actions will best help you accomplish this?

A. Searching for the AWS CodeCommit repository ID in AWS CloudTrail logs

B. Searching for the encryption key ID in AWS CloudTrail logs

C. Searching for the AWS CodeCommit repository ID in AWS CloudWatch D. Searching for the encryption key ID in AWS CloudWatch

A website uses Elastic Load Balancing (ELB) in front of several Amazon EC2 instances backed by an Amazon RDS database. The content is dynamically generated for visitors of a webpage based on their geographic location. and is updated daily. Some of the generated objects are large in size and are taking longer to download than they should, resulting in a poor user experience.

Which approach will improve the user experience?

A. Implement Amazon ElastiCache to cache the content and reduce the load on the database.

B. Enable an Amazon CloudFront distribution with Elastic Load Balancing as a custom origin.

C. Use Amazon S3 to store and deliver the content.

D. Enable Auto Scaling for the EC2 instances so that they can scale automatically.

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.

B. Enable log file integrity validation and use digest files to verify the hash value of the log file.

C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D. Enable S3 server access logging to track requests made to the log bucket for security audits.

A SysOps Administrator at an ecommerce company discovers that several 404 errors are being sent to one IP address every minute. The Administrator suspects a bot is collecting information about products listed on the company's website.

Which service should be used to block this suspected malicious activity?

A. AWS CloudTrail

B. Amazon Inspector

C. AWS Shield Standard

D. AWS WAF

A SysOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team. Members of the team are part of an IAM group to which the following IAM policy has been assigned: Which of the following actions will be allowed on the bucket? (Choose two.)

A. Get the bucket's region.

B. Delete an object.

C. Delete the bucket.

D. Download an object.

E. List all the buckets in the account.

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers.

Which next step should be taken to configure Route 53?

A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.

B. Create an A record for each server. Associate the records with the Route 53 TCP health check.

C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

A company wants to launch a group of Amazon EC2 instances that need to communicate with each other with the lowest possible latency.

Which combination of actions should a SysOps administrator take when launching these instances? (Choose two.)

A. Launch instances in different VPCs with a VPN tunnel.

B. Launch instances in different VPCs with VPC peering enabled.

C. Launch instances in a cluster placement group.

D. Launch instances in a spread placement group.

E. Launch instances with enhanced networking enabled.

A SysOps administrator is implementing automated I/O load performance testing as part of lite continuous integraliorVcontinuous delivery (CI'CD) process for an application The application uses an Amazon Elastic Block Store (Amazon E8S) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results. Which actions could the SysOps administrator take to accomplish this goal? (Select TWO.)

A. Restore the EBS volume from the snapshot with fast snapshot restore enabled

B. Restore the EBS volume from the snapshot using the cold HDD volume type.

C. Restore the EBS volume from the snapshot and pre-warm the volume by reading all of the blocks.

D. Restore the EBS volume from the snapshot and configure encryption.

E. Restore the EBS volume from the snapshot and configure I/O block sizes at random

A SysOps administrator is testing a new batch job. The batch job will upload 20 GB of data from Amazon EC2 instances in a private subnet to an Amazon S3 bucket each day. After the first test is complete, a small cost is reported. The cost has the heading “NAT Gateway - Data Processed.”

Which change can the SysOps administrator make to eliminate this cost for future tests?

A. Configure and use a VPC endpoint.

B. Write an S3 bucket policy to enforce encryption in transit for the uploads.

C. Configure the S3 bucket to use the S3 Intelligent-Tiering storage class.

D. Disable cross-origin resource sharing (CORS) for the S3 bucket.