Amazon SOA-C01 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C01 Online Training
The questions for SOA-C01 were last updated at Feb 25,2026.
- Exam Code: SOA-C01
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: Feb 25,2026
A company uses multiple accounts for its applications. Account A manages the company’s Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the company’s web servers.
How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?
- A . Create an Amazon EC2 proxy in Account A that forwards requests to Account B.
- B . Create a load balancer in Account A that points to the load balancer in Account B.
- C . Create a CNAME record in Account A pointing to an alias record to the load balancer in Account B.
- D . Create an alias record in Account A pointing to the load balancer in Account B.
An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.
Which solution accomplishes this with the LEAST amount of effort?
- A . Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances
- B . Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric
- C . Use a target tracking scaling policy based on the ALB’s ActiveConnectionCount metric
- D . Use a target tracking scaling policy based on the ALB’s RequestCountPerTarget metric
A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.
The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.
What should be done to resolve the issue?
- A . Assign elastic IP addresses to the instances and create a route from the private subnets to the internet gateway.
- B . Delete the NAT instance and replace it with AWS WAF.
- C . Disable source/destination checks on the NAT instance.
- D . Start/Stop the NAT instance so it is launched on a different host.
A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.
How can this be accomplished?
- A . Create an Auto Scaling target tracking scaling policy to gradually move traffic the old version to the new one
- B . Change the Application Load Balancer to a Network Load Balancer, then add both Auto Scaling groups as targets
- C . Use an Amazon Route 53 weighted routing policy to gradually move traffic from the old version to the new one
- D . Deploy Amazon Redshift to gradually move traffic from the old version to the new one using a set of predefined values
A
Reference: https://github.com/aws/containers-roadmap/issues/76
A company is storing monthly reports on Amazon S3. The company’s security requirement states that traffic from the client VPC to Amazon S3 cannot traverse the internet.
What should the SysOps Administrator do to meet this requirement?
- A . Use AWS Direct Connect and a public virtual interface to connect to Amazon S3.
- B . Use a managed NAT gateway to connect to Amazon S3.
- C . Deploy a VPC endpoint to connect to Amazon S3.
- D . Deploy an internet gateway to connect to Amazon S3.
A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
- A . Create a service control policy in AWS Organizations and apply it to the development
account. - B . Create a customer managed policy in IAM and apply it to all users within the development account.
- C . Create a job function policy in IAM and apply it to all users within the development account.
- D . Create an IAM policy and apply it in API Gateway to restrict the development account.
A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.
Which step will fix this issue?
- A . Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.
- B . Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.
- C . Disable server-side encryption for objects written to the S3 bucket by the Lambda function.
- D . Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.
A company has discovered an operating system security vulnerability that is impacting its production Amazon EC2 instances.
Which action should the company take?
- A . Patch the instances with AWS Systems Manager.
- B . Patch the vulnerability with Amazon Inspector.
- C . Redeploy the Amazon EC2 instances with AWS CloudFormation.
- D . Stop the instances. Change the Amazon Machine Image (AMI) to a patched version.
Restart the instances.
A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.
What is the MOST efficient approach to accomplish this?
- A . Write a AWS lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.
- B . Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.
- C . Redesign the aggregation of logs so that each team’s relevant parts are sent to a separate log group, then subscribe each team to its respective log group.
- D . Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull streams, look for patterns, and send notifications to relevant teams.
A company has several accounts between different teams and wants to increase its auditing and compliance capabilities. The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.
How can a sysops administrator achieve this is with the LEAST amount of operational overhead?
- A . Store AWS CloudTrail logs in Amazon S3 in each account Create a new account to store compliance data and replicate the objects into the newly created account
- B . Store AWS CloudTrail logs in Amazon S3 in each account. Create an 1AM user with read-only access to the CloudTrail logs
- C . From the master account create an organization trail using AWS CloudTrail and apply it to all Regions Use 1AM roles to restrict access.
- D . Use an AWS CloudFormation stack set to create an AWS CloudTrail trail in every account and restrict permissions to modify the logs
Latest SOA-C01 Dumps Valid Version with 254 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
