Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Pass the Amazon Web Services AWS Certified Associate SOA-C03 Questions and answers with CertsForce

Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions
Questions # 21:

A company’s ecommerce application is running on Amazon EC2 instances that are behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. Customers report that the website is occasionally down. When the website is down, it returns an HTTP 500 (server error) status code to customer browsers.

The Auto Scaling group’s health check is configured for EC2 status checks, and the instances appear healthy.

Which solution will resolve the problem?

Options:

A.

Replace the ALB with a Network Load Balancer.


B.

Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.


C.

Update the target group configuration on the ALB. Enable session affinity (sticky sessions).


D.

Install the Amazon CloudWatch agent on all instances. Configure the agent to reboot the instances.


Expert Solution
Questions # 22:

A company hosts a production MySQL database on an Amazon Aurora single-node DB cluster. The database is queried heavily for reporting purposes. The DB cluster is experiencing periods of performance degradation because of high CPU utilization and maximum connections errors. A CloudOps engineer needs to improve the stability of the database.

Which solution will meet these requirements?

Options:

A.

Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas based on CPU utilization. Ensure that all reporting requests use the read-only connection string.


B.

Create a second Aurora MySQL single-node DB cluster in a second Availability Zone. Ensure that all reporting requests use the connection string for this additional node.


C.

Create an AWS Lambda function that caches reporting requests. Ensure that all reporting requests call the Lambda function.


D.

Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests use the ElastiCache cluster. Use the database if the data is not in the cache.


Expert Solution
Questions # 23:

A CloudOps engineer created a VPC with a private subnet, a security group allowing all outbound traffic, and an endpoint for EC2 Instance Connect in the private subnet. The EC2 instance was launched without an SSH key pair, using the same subnet and security group. However, the engineer cannot connect via EC2 Instance Connect endpoint.

How can the CloudOps engineer connect to the instance?

Options:

A.

Create an inbound rule in the security group to allow HTTPS traffic on port 443 from the private subnet.


B.

Create an inbound rule in the security group to allow SSH traffic on port 22 from the private subnet.


C.

Create an IAM instance profile that allows AWS Systems Manager Session Manager to access the EC2 instance. Associate the instance profile with the instance.


D.

Recreate the EC2 instance. Associate an SSH key pair with the instance.


Expert Solution
Questions # 24:

A SysOps administrator needs to encrypt an existing Amazon Elastic File System (Amazon EFS) file system by using an existing AWS KMS customer managed key.

Which solution will meet these requirements?

Options:

A.

Use Amazon EFS replication to create a new file system. Copy the data and metadata from the existing file system to the new file system. Specify the KMS customer managed key in the replication configuration. When the replication process finishes, fail over to the new encrypted file system.


B.

Directly modify the file system to use encryption. Specify the KMS customer managed key.


C.

Use Amazon EFS replication to create a new file system. Copy the data and metadata from the existing file system to the new file system. Generate a new TLS certificate. Specify the TLS certificate in the replication configuration. When the replication process finishes, fail over to the new encrypted file system.


D.

Create a new EFS file system that is encrypted with the KMS customer managed key. Create an Amazon EC2 instance to copy the files. Mount the encrypted file system and unencrypted file system on the instance. Copy all data from the unencrypted file system to the encrypted file system. Unmount the unencrypted file system and remove the temporary instance.


Expert Solution
Questions # 25:

A company has a new security policy that requires all Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at rest. The company needs to use a custom key policy to manage access to the encryption keys. The company must rotate the keys once each year.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create AWS KMS symmetric customer managed keys. Enable automatic key rotation.


B.

Use AWS owned AWS KMS keys across the company's AWS environment.


C.

Create AWS KMS asymmetric customer managed keys. Enable automatic key rotation.


D.

Create AWS KMS symmetric customer managed keys by using imported key material. Rotate the keys on a yearly basis.


Expert Solution
Questions # 26:

A CloudOps engineer needs to ensure that AWS resources across multiple AWS accounts are tagged consistently. The company uses an organization in AWS Organizations to centrally manage the accounts. The company wants to implement cost allocation tags to accurately track the costs that are allocated to each business unit.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use Organizations tag policies to enforce mandatory tagging on all resources. Enable cost allocation tags in the AWS Billing and Cost Management console.


B.

Configure AWS CloudTrail events to invoke an AWS Lambda function to detect untagged resources and to automatically assign tags based on predefined rules.


C.

Use AWS Config to evaluate tagging compliance. Use AWS Budgets to apply tags for cost allocation.


D.

Use AWS Service Catalog to provision only pre-tagged resources. Use AWS Trusted Advisor to enforce tagging across the organization.


Expert Solution
Questions # 27:

A CloudOps engineer has created an AWS Service Catalog portfolio and shared it with a second AWS account in the company, managed by a different CloudOps engineer.

Which action can the CloudOps engineer in the second account perform?

Options:

A.

Add a product from the imported portfolio to a local portfolio.


B.

Add new products to the imported portfolio.


C.

Change the launch role for the products contained in the imported portfolio.


D.

Customize the products in the imported portfolio.


Expert Solution
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions