• 2021-09-27

Get the latest updated Amazon SOA-C02 exam dumps online

Lead4Pass has updated the latest valid Amazon SOA-C02 exam questions and answers. All exam questions have been verified to ensure successful passing of the exam.
Lead4pass SOA-C02 dumps https://www.lead4pass.com/soa-c02.html (Total Questions: 54 Q&A). With many years of exam experience, 99.5% of the exam pass rate.
You can experience part of the exam practice questions shared by Lead4Pass online for free.

Free share part of Amazon SOA-C01 exam pdf

The free Amazon SOA-C02 exam PDF is shared from Lead4Pass. You can download the practice online. To get the complete Amazon SOA-C02 exam questions and answers, please choose Lead4Pass.
We update all exam questions and answers in real-time throughout the year to ensure immediate validity.

Amazon SOA-C02 exam practice questions and answers come from Lead4Pass and share a part for free

QUESTION 1
A company has an infernal web application that runs on Amazon EC2 instances behind an Application Load Balancer.
The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must
make the application highly available.
Which action should the SysOps administrator take to meet this requirement?
A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak
usage.
B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak
usage.
C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.
Correct Answer: C

 

QUESTION 2
A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS
certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate
expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the
future.
What is the MOST operationally efficient solution that meets these requirements?
A. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the
ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.
B. Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the
ELB. ACM will automatically manage the renewal of the certificate.
C. Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager
(ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.
D. Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly
from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the
expiration date.
Correct Answer: C

 

QUESTION 3
A SysOps administrator is notified that an Amazon EC2 instance has stopped responding. The AWS Management
Console indicates that the system checks are failing.
What should the administrator do first to resolve this issue?
A. Reboot the EC2 instance so it can be launched on a new host.
B. Stop and then start the EC2 instance so that it can be launched on a new host.
C. Terminate the EC2 instance and relaunch it.
D. View the AWS CloudTrail log to investigate what changed on the EC2 instance.
Correct Answer: B

 

QUESTION 4
A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load
Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all
target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?
A. AWS/ApplicationELB HealthyHostCount = 1
C. AWS/EC2 StatusCheckFailed = 1
Correct Answer: A

 

QUESTION 5
A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across
two different Availability Zones. The company\\’s IT team discovers that the ElastiCache for Redis cluster has 75%
freeable memory. The application must maintain high availability.
What is the MOST cost-effective way to resize the cluster?
A. Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.
B. Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to
the new cluster. After the process is complete, shut down the original cluster.
C. Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and
restore the backup in the new cluster. After the process is complete, shut down the original cluster.
D. Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to
large nodes.
Correct Answer: B

 

QUESTION 6
A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must
provide the lowest possible latency to users across the globe.
Which solution will meet these requirements?
A. Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront
distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record
that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the request originates.
B. Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront
distribution, and set the S3 bucket as the origin. Use Amazon Route 53 to create an alias record that points to the
CloudFront distribution.
C. Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at
least two EC2 instances in the associated target group. Store the website content on the EC2 instances. Use Amazon
Route 53 to create an alias record that points to the ALB.
D. Create an Application Load Balancer (ALB) and a target group in two Regions. Create an Amazon EC2 Auto Scaling
group in each Region with at least two EC2 instances in each target group. Store the website content on the EC2
instances. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the
correct ALB based on where the request originates.
Correct Answer: A

 

QUESTION 7
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used
to manage DNS records.
What type of record should be set in Route 53 to point the website\\’s apex domain name (for example, “company.com”)
to the Application Load Balancer?
A. CNAME
B. SOA
C. TXT
D. ALIAS
Correct Answer: D
Reference: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/setting-up-route53-zoneapexelb.html

 

QUESTION 8
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs85ba41fc, and
it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not
encrypted.
How can this be resolved?
A. Enable encryption on each host\\’s connection to the Amazon EFS volume. Each connection must be recreated for
encryption to take effect.
B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
C. Enable encryption on each host\\’s local drive. Restart each host to encrypt the drive.
D. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
Correct Answer: D

 

QUESTION 9
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of
the company\\’s geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing
corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation
Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirements?
A. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server\\’s domain
name to Amazon ES. Configure Kibana to use Amazon ES authentication.
B. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool.
Enable Amazon Cognito authentication for Kibana on Amazon ES.
C. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon
ES that includes the Active Directory server\\’s IP address.
D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication
in Kibana. Add the Active Directory server\\’s IP address to Kibana.
Correct Answer: B
Reference: https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-awssingle-sign-on/

 

QUESTION 10
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an
Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket.
The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application,
without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?
A. EBS General Purpose SSD volumes
B. RDS PostgreSQL database
C. Amazon EFS file systems
D. S3 objects within a bucket
Correct Answer: B


QUESTION 11
A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both
incoming and outgoing connectivity to the internet.
Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)
A. Add a NAT gateway to a public subnet.
B. Attach a private address to the elastic network interface on the EC2 instance.
C. Attach an Elastic IP address to the internet gateway.
D. Add an entry to the route table for the subnet that points to an internet gateway.
E. Create an internet gateway and attach it to a VPC.
Correct Answer: DE

 

QUESTION 12
A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages
its DNS with Amazon Route 53, and wants to point its domain\\’s zone apex to the website.
Which type of record should be used to meet these requirements?
A. An AAAA record for the domain\\’s zone apex
B. An A record for the domain\\’s zone apex
C. A CNAME record for the domain\\’s zone apex
D. An alias record for the domain\\’s zone apex
Correct Answer: D
Reference: https://aws.amazon.com/route53/faqs/

 

QUESTION 13
A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an
AWS Site-to-Site VPN connection between the on-premises network and AWS. The company must monitor the
application for changes that allow network access outside of the corporate network. Any change that exposes the
application externally must be restricted automatically.
Which solution meets these requirements in the MOST operationally efficient manner?
A. Create an AWS Lambda function that updates security groups that are associated with the elastic network interface
to remove inbound rules with noncorporate CIDR ranges. Turn on VPC Flow Logs, and send the logs to Amazon
CloudWatch Logs. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and
publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a
target.
B. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager
Automation document to check for public IP addresses on the EC2 instances. If public IP addresses are found on the
EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
C. Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from
noncorporate CIDR ranges. Create an AWS Systems Manager Automation document to remove any noncorporate
CIDR ranges from the application security groups.
D. Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag.
Tag the EC2 instances with an identifier. Create an AWS Systems Manager Automation document to remove the public
IP association from the EC2 instances.
Correct Answer: A


The free Amazon SOA-C02 exam practice questions come from a part of the real exam room. You can experience part of the exam content first.
Get the complete SOA-C02 exam dumps at https://www.lead4pass.com/soa-c02.html (PDF + VCE) to help you successfully pass the exam.
Lead4Pass has two learning modes: PDF and VCE. You can choose according to your preferences.

ps.
The free Amazon SOA-C02 exam PDF is shared from Lead4Pass. You can download the practice online. To get the complete Amazon SOA-C02 exam questions and answers, please choose Lead4Pass.
We update all exam questions and answers in real-time throughout the year to ensure immediate validity.