Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Pass the Amazon Web Services AWS Certified Associate SOA-C03 Questions and answers with CertsForce

Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

A company's developers manually install software modules on Amazon EC2 instances to deploy new versions of a service. A security audit finds that instances contain inconsistent and unapproved modules.

A CloudOps engineer must create a new instance image that contains only approved software.

Which solution will meet these requirements?

Options:

A.

Use Amazon Detective to continuously find and uninstall unauthorized modules from the instances.


B.

Use Amazon GuardDuty to create and deploy an Amazon Machine Image (AMI) that includes only the approved modules.


C.

Use AWS Systems Manager Run Command to install the approved modules on all running instances during an in-place update.


D.

Use EC2 Image Builder to create and test an Amazon Machine Image (AMI) that includes only the approved modules. Update the deployment workflow to use the new AMI.


Expert Solution
Questions # 12:

A CloudOps engineer is configuring an Amazon CloudFront distribution to use an SSL/TLS certificate. The CloudOps engineer must ensure automatic certificate renewal.

Which combination of steps will meet this requirement? (Select TWO.)

Options:

A.

Use a certificate issued by AWS Certificate Manager (ACM).


B.

Use a certificate issued by a third-party certificate authority (CA).


C.

Configure CloudFront to automatically renew the certificate when the certificate expires.


D.

Configure email validation for the certificate.


E.

Configure DNS validation for the certificate.


Expert Solution
Questions # 13:

An application runs on Amazon EC2 instances that are in an Auto Scaling group. A CloudOps engineer needs to implement a solution that provides a central storage location for errors that the application logs to disk. The solution must also provide an alert when the application logs an error.

What should the CloudOps engineer do to meet these requirements?

Options:

A.

Deploy and configure the Amazon CloudWatch agent on the EC2 instances to log to a CloudWatch log group. Create a metric filter on the target CloudWatch log group. Create a CloudWatch alarm that publishes to an Amazon Simple Notification Service (Amazon SNS) topic that has an email subscription.


B.

Create a cron job on the EC2 instances to identify errors and push the errors to an Amazon CloudWatch metric filter. Configure the filter to publish to an Amazon Simple Notification Service (Amazon SNS) topic that has an SMS subscription.


C.

Deploy an AWS Lambda function that pushes the errors directly to Amazon CloudWatch Logs. Configure the Lambda function to run every time the log file is updated on disk.


D.

Create an Auto Scaling lifecycle hook that invokes an EC2-based script to identify errors. Configure the script to push the error messages to an Amazon CloudWatch log group when the EC2 instances scale in. Create a CloudWatch alarm that publishes to an Amazon Simple Notification Service (Amazon SNS) topic that has an email subscription when the number of error messages exceeds a threshold.


Expert Solution
Questions # 14:

A company needs to enforce tagging requirements for Amazon DynamoDB tables in its AWS accounts. A CloudOps engineer must implement a solution to identify and remediate all DynamoDB tables that do not have the appropriate tags.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.


B.

Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an AWS Config custom rule to invoke the Lambda function.


C.

Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWS Systems Manager Automation custom runbook.


D.

Create an Amazon EventBridge managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure the EventBridge rule to run an AWS Systems Manager Automation custom runbook for remediation.


Expert Solution
Questions # 15:

A company is storing backups in an Amazon S3 bucket. These backups must not be deleted for at least 3 months after creation.

What should the CloudOps engineer do?

Options:

A.

Configure an IAM policy that denies the s3:DeleteObject action for all users. Three months after an object is written, remove the policy.


B.

Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.


C.

Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.


D.

Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.


Expert Solution
Questions # 16:

A company is running an ecommerce application on AWS. The application maintains many open but idle connections to an Amazon Aurora DB cluster. During times of peak usage, the database produces the following error message: "Too many connections." The database clients are also experiencing errors.

Which solution will resolve these errors?

Options:

A.

Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database.


B.

Configure RDS Proxy. Update the application with the RDS Proxy endpoint.


C.

Turn on enhanced networking for the DB instances.


D.

Modify the DB cluster to use a burstable instance type.


Expert Solution
Questions # 17:

A company runs an application on Amazon EC2 that connects to an Amazon Aurora PostgreSQL database. A developer accidentally drops a table from the database, causing application errors. Two hours later, a CloudOps engineer needs to recover the data and make the application functional again.

Which solution will meet this requirement?

Options:

A.

Use the Aurora Backtrack feature to rewind the database to a specified time, 2 hours in the past.


B.

Perform a point-in-time recovery on the existing database to restore the database to a specified point in time, 2 hours in the past.


C.

Perform a point-in-time recovery and create a new database to restore the database to a specified point in time, 2 hours in the past. Reconfigure the application to use a new database endpoint.


D.

Create a new Aurora cluster. Choose the Restore data from S3 bucket option. Choose log files up to the failure time 2 hours in the past.


Expert Solution
Questions # 18:

A company runs a retail website on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The company must secure traffic to the website over an HTTPS connection.

Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO.)

Options:

A.

Attach the certificate to each EC2 instance.


B.

Attach the certificate to the ALB.


C.

Create a private certificate in AWS Certificate Manager (ACM).


D.

Create a public certificate in AWS Certificate Manager (ACM).


E.

Export the certificate, and attach it to the website.


Expert Solution
Questions # 19:

A company with millions of subscribers needs to automatically send notifications every Saturday. The company already uses Amazon SNS to send messages but has historically sent them manually.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.

Launch a new Amazon EC2 instance. Configure a cron job to use the AWS SDK to send an SNS notification to subscribers every Saturday.


B.

Create a rule in Amazon EventBridge that triggers every Saturday. Configure the rule to publish a notification to an SNS topic.


C.

Create an SNS subscription to a message fanout that sends notifications to subscribers every Saturday.


D.

Use AWS Step Functions scheduling to run a step every Saturday. Configure the step to publish a message to an SNS topic.


Expert Solution
Questions # 20:

A company hosts an encrypted Amazon S3 bucket in the ap-southeast-2 Region. Users from the eu-west-2 Region access the S3 bucket through the internet. The users from eu-west-2 need faster transfers to and from the S3 bucket for large files.

Which solution will meet these requirements?

Options:

A.

Create an S3 access point in eu-west-2 to use as the destination for S3 replication from ap-southeast-2. Ensure all users switch to the new S3 access point.


B.

Create an Amazon Route 53 hosted zone with a geolocation routing policy. Choose the Alias to S3 website endpoint option. Specify the S3 bucket that is in ap-southeast-2 as the source bucket.


C.

Create a new S3 bucket in eu-west-2. Copy all contents from ap-southeast-2 to the new bucket in eu-west-2. Create an S3 access point, and associate it with both buckets. Ensure users use the new S3 access point.


D.

Configure and activate S3 Transfer Acceleration on the S3 bucket. Use the new S3 acceleration endpoint's domain name for access.


Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions