Amazon SOA-C01 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C01 Online Training
The questions for SOA-C01 were last updated at Feb 25,2026.
- Exam Code: SOA-C01
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: Feb 25,2026
A company’s IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.
What should a SysOps Administrator do to collect this information? (Select TWO)
- A . Activate the createdBy tag in the account
- B . Analyze the usage with Amazon CloudWatch dashboards
- C . Analyze the usage with Cost Explorer
- D . Configure AWS Trusted Advisor to track resource usage
- E . Create a billing alarm in AWS Budgets
A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.
What should the Administrator do to enable user-defined cost allocation tags?
- A . Log in to the AWS Billing and Cost Management console of the new account, and use the Cost Allocation Tags manager to create the new user-defined cost allocation tags.
- B . Log in to the AWS Billing and Cost Management console of the payer account, and use Cost Allocation Tags manager to create the new user-defined cost allocation tags.
- C . Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the new account to mark the tags as cost allocation tags.
- D . Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the payer account to mark the tags as cost allocation tags.
A
Explanation:
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/activating-tags.html
A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?
- A . Create an A record for each server. Associate the records with the Route 53 HTTP health check.
- B . Create an A record for each server. Associate the records with the Route 53 TCP health check.
- C . Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.
- D . Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.
A SysOps Administrator is configuring AWS SSO tor the first time. The Administrator has already created a directory in the master account using AWS Directory Service and enabled full access in AWS Organizations
What should the Administrator do next to configure the service?
- A . Create IAM roles in each account to be used by AWS SSO, and associate users with these roles using AWS SSO
- B . Create IAM users in the master account and use AWS SSO to associate the users with the accounts they will access
- C . Create permission sets in AWS SSO and associate the permission sets with Directory Service users or groups
- D . Create service control policies (SCPs) in Organizations and associate the SCPs with Directory Service users or groups
An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy
What is likely to be the problem?
- A . The Amazon Machine Image used is not available in that region
- B . The AWS CloudFormation template needs to be updated to the latest version
- C . The VPC configuration parameters have changed and must be updated in the template
- D . The account has reached the default limit for VPCs allowed
A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.
How should the Administrator ensure that this is done?
- A . Change the root user password by using the AWS CLI routinely.
- B . Periodically use the AWS CLI to rotate access keys and secret keys for the root user.
- C . Use AWS Trusted Advisor security checks to review the configuration of the root user.
- D . Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.
Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181. The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration
Which log type will confirm whether users are trying to connect to the correct port?
- A . AWS CloudTrail logs
- B . Elastic Load Balancer access logs
- C . Amazon S3 access logs
- D . VPC Flow Logs
A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.
Which solution meets these requirements with the LEAST amount of operational overhead”
- A . Create a role for each department within AWS 1AM and assign each role the necessary permissions.
- B . Create a user for each department within AWS 1AM and assign each user the necessary permissions.
- C . Implement service control policies within AWS Organizations to determine which resources each department can access
- D . Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access
A SysOps Administrator is notified that a security vulnerability affects a version of MySQL that is being used with Amazon RDS MySQL.
Who is responsible for ensuring that the patch is applied to the MySQL cluster?
- A . The database vendor
- B . The Security department of the SysOps Administrator’s company
- C . AWS
- D . The SysOps Administrator
A security team is concerned that intellectual property might leak to the internet A SysOps administrator must identify controls to address the potential problem. The instances in question operate in a VPC and cannot be allowed to send traffic to the internet.
What should the SysOps administrator do to meet these requirements?
- A . Add the following route to a route table for the subnets used by the instances:
Destination: 0.0.0.0/0 Target: igw-xxxxxxxx - B . Ensure that the instances do not have Elastic IP addresses. Move the instances to a private subnet.
- C . Enable enhanced networking on the instances Move the instances to a private subnet.
- D . Remove any routes that allow internet traffic from the route table associated with the instance’s subnets
Latest SOA-C01 Dumps Valid Version with 254 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
