Amazon SOA-C01 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C01 Online Training
The questions for SOA-C01 were last updated at Apr 26,2024.
- Exam Code: SOA-C01
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: Apr 26,2024
Developers are using 1AM access keys to manage AWS resources using AWS CL1 Company policy requires that access keys are automatically disabled when the access key age is greater than 90 days.
Which solution will accomplish this?
- A . Configure an Amazon CloudWatch alarm to trigger an AWS Lambda function that disables keys older than 90 days
- B . Configure AWS Trusted Advisor to identify and disable keys older than 90 days.
- C . Set a password policy on the account with a 90-day expiration
- D . Use an AWS Config rule to identify noncompliant keys Create a custom AWS Systems Manager Automation document for remediation.
A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.
What should the Administrator do to restore the user’s file from the snapshot?
- A . Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.
- B . Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2
instance. - C . Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.
- D . Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.
An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Select TWO.)
- A . Add the EC2 instances to the ALB target group, configure the health check, and ensure that the instances report healthy.
- B . Add the EC2 instances to an Auto Scaling group, configure the health check to ensure that the instances report healthy, and remove the public IPs from the instances.
- C . Create a new subnet in which EC2 instances and ALB will reside to ensure that they can communicate, and remove the public IPs from the instances.
- D . Change the security group for the EC2 instances to allow access from only the ALB security group, and remove the public IPs from the instances.
- E . Change the security group to allow access from 0.0.0.0/0, which permits access from the ALB.
The Chief Financial Officer (CFO) of an organization has seen a spike in Amazon S3 storage costs over the last few months A sysops administrator suspects that these costs are related to storage for older versions of S3 objects from one of its S3 buckets.
What can the administrator do to confirm this suspicion1?
- A . Enable Amazon S3 inventory and then query the inventory to identify the total storage of previous object versions
- B . Use object-level cost allocation tags to identify the total storage of previous object versions.
- C . Enable the Amazon S3 analytics feature for the bucket to identify the total storage of previous object versions
- D . Use Amazon CloudWatch storage metrics for the S3 bucket to identify the total storage of previous object versions
A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company’s account. The Administrator must be alerted to potential issues.
What should the Administrator do to receive email alerts before low storage space affects EC2 instance performance?
- A . Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications
- B . Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic
- C . Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic
- D . Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space
A SysOps Administrator is attempting to use AWS Systems Manager Session Manager to initiate a SSH session with an Amazon EC2 instance running on a custom Linux Amazon Machine Image (AMI). The Administrator cannot find the target instance in the Session Manager console.
Which combination of actions with solve this issue? (Select TWO)
- A . Add Systems Manager permissions to the instance profile
- B . Configure the bucket used by Session Manager logs to allow write access
- C . install Systems Manager Agent on the instance
- D . Modify the instance security group to allow inbound traffic on SSH port 22
- E . Reboot the instance with a new SSH key pair named ssm-user
A developer is deploying a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) and notices that the application is not receiving all the expected elements from HTTP requests. The developer suspects users are not sending the correct query string
How should a sysops administrator verify this?
- A . Monitor the ALB default Amazon CloudWatch metrics Verify that the requests contain the expected query string
- B . Configure the ALB to store access logs within Amazon S3 Verify that log entries contain the expected query string
- C . Open the ALB logs in Amazon CloudWatch Verify that requests contain the expected query string
- D . Create a custom Amazon CloudWatch metric to store requests Verify that the metric contains the expected query string
A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.
Where can the administrator find this information?
- A . AWS CloudTrail data event logging
- B . AWS CloudTrail management event logging
- C . Amazon inspector bucket event logging
- D . Amazon inspector event logging
CORRECT TEXT
A sysops administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.
How should this report be generated?
A, Access the Cloud Trail logs stored in the Amazon S3 bucket tied to Cloud Trail. Use Amazon Athena to extract the information needed to generate the report
B. Locate the monthly reports that CloudTrail sends that are emailed to the account’s root user. Forward the reports to the auditor using a secure channel
C. Use the AWS Management Console to search for the user name in the CloudTrail history. Filter by API and download the report in CSV format
D. Use the CloudTrail digest files stored in the company’s Amazon S3 bucket. Send the logs to Amazon QuickSight to create the report.
A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.
What should a sysops administrator use to validate the calls mode to SQS?
- A . Amazon CloudWatch
- B . Amazon S3 server access logs
- C . AWS CloudTrail
- D . AWS Cost Explorer