1. Home
  2. Amazon Web Services
  3. AWS Certified Associate
  4. SOA-C01
  5. AWS Certified SysOps Administrator - Associate Questions and Answers

Pass the Amazon Web Services AWS Certified Associate SOA-C01 Questions and answers with CertsForce

 Amazon Web Services Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 8 pages
Viewing questions 11-20 out of questions
Questions # 11:

A SysOps administrator is implementing automated I/O load performance testing as part of lite continuous integraliorVcontinuous delivery (CI'CD) process for an application The application uses an Amazon Elastic Block Store (Amazon E8S) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.

Which actions could the SysOps administrator take to accomplish this goal? (Select TWO.)

Options:
A.

Restore the EBS volume from the snapshot with fast snapshot restore enabled

B.

Restore the EBS volume from the snapshot using the cold HDD volume type.

C.

Restore the EBS volume from the snapshot and pre-warm the volume by reading all of the blocks.

D.

Restore the EBS volume from the snapshot and configure encryption.

E.

Restore the EBS volume from the snapshot and configure I/O block sizes at random

Expert Solution
Questions # 12:

A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.

What should the Administrator do to enable user-defined cost allocation tags?

Options:
A.

Log in to the AWS Billing and Cost Management console of the new account, and use the Cost Allocation Tags manager to create the new user-defined cost allocation tags.

B.

Log in to the AWS Billing and Cost Management console of the payer account, and use Cost Allocation Tags manager to create the new user-defined cost allocation tags.

C.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the new account to mark the tags as cost allocation tags.

D.

Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the payer account to mark the tags as cost allocation tags.

Expert Solution
Questions # 13:

A SysOps Administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select two.)

Options:
A.

Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings

B.

Change the Viewer Protocol Policy to use HTTPS only

C.

Configure the distribution to use presigned cookies and URLs to restrict access to the distribution

D.

Enable automatic compression of objects in the Cache Behavior Settings

E.

Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Expert Solution
Questions # 14:

Security has identified an IP address that should be explicity denied for both ingress and egress requests for all services in an Amazon VPC immediately.

Which feature can be used to meet this requirement?

Options:
A.

Host-based firewalls

B.

NAT Gateway

C.

Network access control lists

D.

Security Groups

Expert Solution
Questions # 15:

A company has a sales department and a marketing department. The company uses one AWS account. There Is a need to determine what charges are incurred on the AWS platform by each department. There is also a need to receive notifications when a specified cost level is approached or exceeded.

Which actions must a SysOps administrator take to achieve both requirements with the LEAST amount of administrative overhead? (Select TWO.)

Options:
A.

Use AWS Trusted Advisor to obtain a report containing the checked items in the Cost Optimization pillar

B.

Download the detailed billing report, upload it to a database, and match the line items with a list of known resources by department.

C.

Create a script by using the AWS CLI to automatically apply tags to existing resources (or each department. Schedule the script to run weekly.

D.

Use AWS Organizations to create a department Organizational Unit and allow only authorized personnel in each department to create resources.

E.

Create a Budget from the Billing and Cost Management console. Specify the budget type as Cost, assign tags for each department, define notifications, and specify any other options as required.

Expert Solution
Questions # 16:

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead''

Options:
A.

Create a role for each department within AWS 1AM and assign each role the necessary permissions.

B.

Create a user for each department within AWS 1AM and assign each user the necessary permissions.

C.

Implement service control policies within AWS Organizations to determine which resources each department can access

D.

Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

Expert Solution
Questions # 17:

A company needs to ensure that all IAM users rotate their password on a regular basis.

Which action should be taken to implement this?

Options:
A.

Configure multi-factor authentication for all IAM users.

B.

Deactivate existing users and re-create new users every time a credential rotation is required.

C.

Re-create identity federation with new identity providers every time a credential rotation is required

D.

Set up a password policy to enable password of expiration for IAM users.

Expert Solution
Questions # 18:

A SysOps administrator needs to register targets for a Network Load Balancer (NL8) using IP addresses Which prerequisite should the SysOps administrator validate to perform this task?

Options:
A.

Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04

B.

Ensure the heath check setting on the NLB for the Matcher configuration is between 200 and 399

C.

Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r 100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).

D.

Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses

Expert Solution
Questions # 19:

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy

What is likely to be the problem?

Options:
A.

The Amazon Machine Image used is not available in that region

B.

The AWS CloudFormation template needs to be updated to the latest version

C.

The VPC configuration parameters have changed and must be updated in the template

D.

The account has reached the default limit for VPCs allowed

Expert Solution
Questions # 20:

A company’s Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.

How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

Options:
A.

Add AWS CloudTrail logging for the S3 buckets.

B.

Implement IAM policies to allow only the Storage team to create S3 buckets.

C.

Add the AWS Config managed rule S3_BUCKET_LOGGING_ENABLED.

D.

Create an AWS Lambda function to delete the S3 buckets if logging is not turned on.

Expert Solution
Viewing page 2 out of 8 pages
Viewing questions 11-20 out of questions