Amazon SOA-C01 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C01 Online Training
The questions for SOA-C01 were last updated at May 13,2024.
- Exam Code: SOA-C01
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: May 13,2024
A SysOps Administrator has been tasked with deploying a company’s infrastructure as code. The Administrator wants to write a single template that can be reused for multiple environments in a safe, repeatable manner.
What is the recommended way to use AWS CloudFormation to meet this requirement?
- A . Use parameters to provision the resources.
- B . Use nested stacks to provision the resources.
- C . Use Amazon EC2 user data to provision the resources.
- D . Use stack policies to provision the resources.
A SysOps Administrator needs to create a replica of a company’s existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources.
What is the MOST efficient way to accomplish this?
- A . Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.
- B . Manually create an AWS Service Catalog portfolio in the new AWS account that duplicates the original portfolio.
- C . Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.
- D . Share the AWS Service Catalog portfolio with the other AWS accounts and import the portfolio into the other AWS accounts.
D
Reference: Refer to
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_sharing
.html
A sysops administrator is implementing SSL for a domain of an internet facing application running behind an Application load balancer (ALB). The administrator decides to use an SSL certificates from Amazon certificate Manager (ACM) to secure it. Upon creating a request for the ALB fully qualified domain name (FQND), it fails, and the error message “Domain not allowed” is displayed.
How can the administrator fix this issue?
- A . Contact the domain register and ask them to provide the verification required by AWS.
- B . Place a new request with the proper domain name instead of the ALB FQDN.
- C . Select the certificate request in the ACM console and resend the validation email.
- D . Contact AWS support and verify the request by answering security challenge questions.
A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin After a week of monitonng the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.
What are possible causes for this problem? (Select TWO.)
- A . CloudFront does not have the ALB configured as the origin access identity.
- B . The DNS is still pointing to the ALB instead of the CloudFront distribution.
- C . The ALB security group is not permitting inbound traffic from CloudFront.
- D . The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.
- E . The target groups associated with the ALB are configured for sticky sessions.
An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?
- A . Run the application on On-Demand EC2 instances. Run the jobs on Spot Instances with a specified duration.
- B . Run the application on Reserved Instance EC2 instances. Run the jobs on AWS Lambda.
- C . Run the application on On-Demand EC2 instances. Run the jobs on On-Demand EC2 instances.
- D . Run the application on Reserved instance EC2 instances. Run the jobs on Spot Instances with a specified duration.
A company’s Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?
- A . Add AWS CloudTrail logging for the S3 buckets.
- B . Implement IAM policies to allow only the Storage team to create S3 buckets.
- C . Add the AWS Config managed rule S3_BUCKET_LOGGING_ENABLED.
- D . Create an AWS Lambda function to delete the S3 buckets if logging is not turned on.
A company runs a web application that users access using the domain name www example com. The company manages the domain name using Amazon Route 53. The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront.
What is the MOST cost-effective way to achieve this?
- A . Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL
- B . Create an ALIAS record in Amazon Route 53 that points to the CloudFront distribution URL
- C . Creole an A record in Amazon Route 53 that points to the public IP address of the web application
- D . Create a PTR record in Amazon Route 53 that points to the public IP address of the web application
B
Explanation: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html
A sysops administrator has an AWS Lambda function that performs maintenance on various AWS resources. This function must be run nightly.
Which is the MOST cost-effective solution?
- A . Launch a single t2.nano Amazon EC2 instance and create a Linux cron job to invoke the Lambda function at the same time every night.
- B . Set up an Amazon CloudWatch metrics alarm to invoke the Lambda function at the same time every night.
- C . Schedule a CloudWatch event to invoke the Lambda function at the same time every night.
- D . Implement a Chef recipe in AWS OpsWorks stack to invoke the Lambda function at the same time every night.
A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.
How can the Administrator achieve this requirement?
- A . Use Amazon Inspector and Amazon CloudWatch Events.
- B . Use AWS Trusted Advisor and Amazon CloudWatch Events.
- C . Use the Personal Health Dashboard and CloudWatch Events.
- D . Use AWS CloudTrail and CloudWatch Events.
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?
- A . Set up MFA Delete on all the S3 buckets to prevent the buckets from being ddeleted.
- B . Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
- C . Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
- D . Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.