Amazon SOA-C01 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C01 Online Training
The questions for SOA-C01 were last updated at Feb 25,2026.
- Exam Code: SOA-C01
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: Feb 25,2026
The Accounting department would like to receive billing updates more than once a month. They would like the updates to be in a format that can easily be viewed with a spreadsheet application.
How can this request be fulfilled?
- A . Use Amazon CloudWatch Events to schedule a billing inquiry on a bi-weekly basis. Use AWS Glue to convert the output to CSV.
- B . Set AWS Cost and Usage Reports to publish bills daily to an Amazon S3 bucket in CSV format.
- C . Use the AWS CLI to output billing data as JSON. Use Amazon SES to email bills on a daily basis.
- D . Use AWS Lambda, triggered by CloudWatch, to query billing data and push to Amazon RDS.
A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic. The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB)
After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.
What should the sysops administrator do to prevent similar attacks?
- A . Install Amazon Inspector on the EC2 instances and configure a rules package Use the findings reports to identify and block SQL injection attacks.
- B . Modify the security group of the ALB Use the IP addresses from the logs to block the IP addresses where SQL injection originated.
- C . Create an AWS WAF web ACL in front of the ALB. Add an SQL injection rule to the web ACL Associate the web ACL to the ALB
- D . Enable Amazon GuardDuty in the AWS Region Use Amazon CloudWatch Events to trigger an AWS Lambda function response every time an SQL injection finding is discovered
A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments development test, and production Each environment requires unique credentials for external services
What option securely provides the application with the needed credential while requiring MINIMAL administrative overhead?
- A . Pass the credentials for the target environment to the CloudFormation template as parameters Use the user data script to insert the parameterized credentials into the EC2 instances
- B . Store the credentials as secure strings in AWS Systems Manager Parameter Store. Pass an environment tag as a parameter to the CloudFormation template Use the user data script to insert the environment tag in the EC2 instances Access the credentials from the application
- C . Create a separate CloudFormation template for each environment in the Resources section include a user data script for each EC2 instance Use the user data script to insert the proper credentials for the environment into the EC2 instances
- D . Create separate Amazon Machine Images (AMIs) with the required credentials for each environment Pass the environment tag as a parameter to the CloudFormation template In the Mappings section of the CloudFormation template, map the environment tag to the proper AMI then use that AMI when launching the EC2 instances
A company wants to identify specific Amazon EC2 instances that are underutilized and the estimated cost savings for each instance.
How can this be done with MINIMAL effort?
- A . Use AWS Budgets to report on low utilization of EC2 instances.
- B . Run an AWS Systems Manager script to check for tow memory utilization of EC2 instances.
- C . Run Cost Explorer to look for low utilization of EC2 instances.
- D . Use Amazon CloudWatch metrics to identify EC2 instances with low utilization.
An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data A new company policy requires the secondary volume to be encrypted at rest.
Which solution will meet this requirement?
- A . Create a snapshot of the volume Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.
- B . Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.
- C . Stop the EC2 instance Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.
- D . Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.
A SysOps Administrator is trying to set up an Amazon Route 53 domain namo to route traffic to a website hosted on Amazon S3. The domain name of the website is www anycompany com and the S3 bucket name is anycompany-static After the record set is set up in Route 53, the domain name www anycompany com does not seem to work, and the static website is not displayed in the browser
Which of the following is a cause of this?
- A . The S3 bucket must be configured with Amazon CloudFront first.
- B . The Route 53 record set must have an IAM role that allows access to the S3 bucket
- C . The Route 53 record set must be in the same region as the S3 bucket
- D . The S3 bucket name must match the record sot name in Route 53.
A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.
Which combination of options should be set to accomplish this? (Select two)
- A . Active AWS Budgets.
- B . Active cost allocation tags
- C . Create an organization using AWS Organization
- D . Create and apply resource tags
- E . enable AWS trusted advisor
A company manages multiple AWS accounts and wants to provide access to AWS from a single management account using an existing on-premises Microsoft Active Directory domain.
Which solution will meet these requirements with the LEAST amount of effort?
- A . Create an Active Directory connector using AWS Directory Service. Create 1AM users in the target accounts with the appropriate trust policy.
- B . Create an Active Directory connector using AWS Directory Service. Associate the directory with AWS Single Sign-On (AWS SSO). Configure user access to target accounts through AWS SSO.
- C . Create an Amazon Cognito federated identity pool Associate the pool identity with the on-premises directory. Configure the 1AM roles with the appropriate trust policy.
- D . Create an identity provider in AWS I AM associated with the on-premises directory.
Create IAM roles in the target accounts with the appropriate trust policy.
A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:
What is one cause of this?
- A . The cluster has Enhanced VPC Routing enabled and it must be turned off
- B . The cluster is only a single node and needs to be expanded to multi-node.
- C . The cluster login credentials are incorrect request new credentials from the Administrator
- D . The cluster nodes are running in multiple Availability Zones, and all need to be placed in a single Availability Zone.
A kernel patch for AWS Linux has been released, and systems need to be updated to the new version. A SysOps administrator must apply an m-place update to an existing Amazon EC2 instance without replacing the instance.
How should the SysOps administrator apply the new software version to the instance?
- A . Add the instance to a patch group and patch baseline containing the desired patch by using AWS Systems Manager Patch Manager.
- B . Develop a new version of the instance’s Amazon Machine Image (AMI). Apply that new AMI to the instance.
- C . Develop a new user data script containing the patch Configure the instance with the new script.
- D . Run commands on the instance remotely using the AWS CLI.
Latest SOA-C01 Dumps Valid Version with 254 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
