Updated SOA-C02 Dumps [2022] To Be AWS Certified SysOps Administrator – Associate Certified

To be an AWS Certified SysOps Administrator – Associate certified, candidates need to pass the SOA-C02 exam successfully. Updated SOA-C02 dumps of Lead4Pass will be great materials to ensure that you can get success in the actual Amazon SOA-C02 exam.
Amazon SOA-C02 dumps is the latest which contains 115 practice exam questions and answers.
We ensure that you can pass the complete SOA-C02 exam successfully by practicing SOA-C02 updated dumps questions with Lead4Pass pdf file and testing engine.

To Check SOA-C02 Dumps, You Can Read SOA-C02 Free Dumps Below

QUESTION 1

A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A. Specify “” as the principal and PrincipalOrgId as a condition.

B. Specify all account numbers as the principal.

C. Specify PrincipalOrgId as the principal.

D. Specify the organization\’s master account as the principal.

Correct Answer: A

Reference: https://aws.amazon.com/blogs/security/iam-share-aws-resources-groups-aws-accounts-awsorganizations/

QUESTION 2

A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts. Which solution will meet these requirements?

A. Purchase RIs in individual member accounts. Disable RI discount sharing in the management account.

B. Purchase RIs in individual member accounts. Disable RI discount sharing in the member accounts.

C. Purchase RIs in the management account. Disable RI discount sharing in the management account.

D. Purchase RIs in the management account. Disable RI discount sharing in the member accounts.

Correct Answer: B

QUESTION 3

A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company\’s account. The administrator must be alerted to potential issues. What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications.

B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.

C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.

D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space.

Correct Answer: C

QUESTION 4

A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts.

A SysOps administrator needs to identify all non-compliant resources. What is the MOST operationally efficient solution that meets these requirements?

A. Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.

B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.

C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.

D. Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags.

Correct Answer: C

Reference: https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html

QUESTION 5

A SysOps administrator must create a solution to automatically shuts down any Amazon EC2 instances that have less than 10% average CPU to monitor average CPU utilization for 60 minutes or more. Which solution meets these requirements in the MOST operationally efficient manner?

A. Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown if CPU utilization is less than 10%.

B. Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.

C. Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.

D. Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.

Correct Answer: B

Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_AlarmAtThresholdEC2.html

QUESTION 6

A company\’s SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys. The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company\’s other AWS accounts. The company requires that all AMIs have encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs. Which solution will securely share the AMI with the other AWS accounts?

A. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms: DescribeKey, kms: ReEncrypt, kms: CreateGrant, and kms: Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

B. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms: DescribeKey, kms: ReEncrypt, kms: CreateGrant, and kms: Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.

C. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms: DescribeKey, kms: ReEncrypt, kms: CreateGrant, and kms: Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to make it public.

D. In the account where the AMI was created, modify the key policy of the AWS managed key to provide
kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Correct Answer: C

QUESTION 7

An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.
How can this be resolved?

A. Enable encryption on each host\’s connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.

B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.

C. Enable encryption on each host\’s local drive. Restart each host to encrypt the drive.

D. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.

Correct Answer: D

QUESTION 8

A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company\’s data in an Amazon S3 bucket in the vendor\’s AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company\’s data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

A. Create a new KMS key. Add the vendor\’s IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.

B. Create a new KMS key. Create a new IAM key. Add the vendor\’s IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.

C. Configure encryption using the KMS managed S3 key. Add the vendor\’s IAM role ARN to the KMS key policy. Provide the KMS managed S3 key ARN to the vendor.

D. Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor\’s IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

Correct Answer: D

Reference: https://bookdown.org/bingweiliu11/aws-tutorial-book/use-case.html

QUESTION 9

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:
Which solution will provide the EC2 instances in the private subnet with access to the internet?

A. Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.

B. Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.

C. Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.

D. Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Correct Answer: A

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

QUESTION 10

A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer.
The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?

A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.

D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

Correct Answer: C

QUESTION 11

A SysOps administrator has used AWS CloudFormation to deploy a serverless application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS CloudFormation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS CloudFormation stack?

A. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

B. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

C. Enable termination protection on the AWS CloudFormation stack.

D. Update the application\’s IAM policy with a Deny statement for the dynamodb: DeleteTable action.

Correct Answer: A

QUESTION 12

A company is running a website on Amazon EC2 instances that are in an Auto Scaling group. When the website traffic increases, additional instances take several minutes to become available because of a long-running user data script that installs software. A SysOps administrator must decrease the time that is required for new instances to become available.
Which action should the SysOps administrator take to meet this requirement?

A. Reduce the scaling thresholds so that instances are added before traffic increases.

B. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group.

C. Update the Auto Scaling group to launch instances that have a storage optimized instance type.

D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software.

Correct Answer: C


SOA-C02 Free Dumps Online Download:https://drive.google.com/file/d/1BnIWjQ1taP5eCH5lWMisfbDmEFtZQCwr/view?usp=sharing

Free sharing of 12 Amazon SOA-C02 exam questions in March 2022, using the latest SOA-C02 dump of 115 questions: https://www.lead4pass.com/soa-c02.html. Helps you pass AWS Certified SysOps Administrator with ease – Associate Certified Exam.