Amazon SOA-C01 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C01 Online Training
The questions for SOA-C01 were last updated at Feb 25,2026.
- Exam Code: SOA-C01
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: Feb 25,2026
A SysOpsAdministrator is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Administrator wants to be notified automatically of AWS Personal Health Dashboard events.
In the main payer account, the Administrator configures Amazon CloudWatch Events triggered by AWS Health events triggered by AWS Health triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger.
Why did the alerts fail?
- A . Amazon SNS cannot be triggered from the AWS Personal Health Dashboard
- B . The AWS Personal Health Dashboard only reports events from one account, not linked accounts.
- C . The AWS Personal Health Dashboard must be configured from the payer account only; all events will then roll up into the payer account.
- D . AWS Organizations must be used to monitor linked accounts.
A SysOps administrator implemented the following bucket policy to allow only the corporate IP address range of 54.240.143.0/24 to access objects in an Amazon S3 bucket.
Some employees are reporting that they are able to access the S3 bucket from IP addresses outside the corporate IP address range.
How can the Administrator address this issue?
- A . Modify the Condition operator to include both NotIpAddress and IpAddress to prevent unauthorized access to the S3 bucket.
- B . Modify the Condition element from the IAM policy to aws:StringEquals instead of aws:SourceIp.
- C . Modify the IAM policy instead of the bucket policy to restrict users from accessing the bucket based on their source IP addresses.
- D . Change Effect from Allow to Deny in the second statement of the policy to deny requests not from the source IP range.
A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.
How should the SysOps Administrator publish the memory metrics? (Choose two.)
- A . Enable detailed monitoring on the instance within Amazon CloudWatch
- B . Publish the memory metrics to Amazon CloudWatch Events
- C . Publish the memory metrics using the Amazon CloudWatch agent
- D . Publish the memory metrics using Amazon CloudWatch Logs
- E . Set metrics_collection_interval to 60 seconds
A,B
Explanation:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automating_with_cloudwatch_ev ents.html
A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company’s systems immediately. The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances
How will AWS respond to this request?
- A . AWS will apply the patch during the next maintenance window and will provide the Administrator with a report of all patched EC2 instances
- B . AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI) and will provide the Administrator with a report of all patched EC2 instances
- C . AWS will research the vulnerability to see if the Administrator’s operating system is impacted and will patch the EC2 instances that are affected
- D . AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances
A company’s static website hosted on Amazon S3 was launched recently, and is being used by tens of thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.
Why are these errors occurring?
- A . The request rate to Amazon S3 is too high.
- B . There is an error with the Amazon RDS database.
- C . The requests to Amazon S3 do not have the proper permissions.
- D . The users are in different geographical region and Amazon Route 53 is restricting access.
An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have
been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.
What should be done to address this issue and improve performance?
- A . Scale the cluster by adding additional nodes
- B . Scale the cluster by adding read replicas
- C . Scale the cluster by increasing CPU capacity
- D . Scale the web layer by adding additional EC2 instances
A company stores thousands of non-critical log files in an Amazon S3 bucket A set of reporting scripts retrieve these log files daily.
Which of the following storage options will be the MOST cost efficient for the company’s use case?
- A . Amazon Glacier
- B . Amazon S3 Standard IA (infrequent access) storage
- C . Amazon S3 Standard Storage
- D . AWS Snowball
An application is running on an Amazon EC2 instance. A SysOps Administrator is tasked with allowing the application access to an Amazon S3 bucket.
What should be done to ensure optimal security?
- A . Apply an S3 bucket policy to allow access from all EC2 instances
- B . Create an IAM user and create a script to inject the credentials on boot
- C . Create and assign an IAM role tor Amazon S3 access to the EC2 instance.
- D . Embed an AWS credential file for an IAM user inside the Amazon Machine Image (AMI)
A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet.
Below is the route table that is applied to the subnet of the EC2 instance.
Destination C 10.2.0.0/16
Target C local
Status C Active
Propagated C No
Destination C 0.0.0.0/0
Target C nat-xxxxxxx
Status C Blackhole
Propagated C No
What has caused the connectivity issue?
- A . The NAT gateway no longer exists
- B . There is no route to the internet gateway.
- C . The routes are no longer propagating.
- D . There is no route rule with a destination for the internet.
A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the Administrator is unable to connect to any of the domains that reside on the internet.
What additional route destination rule should the Administrator add to the route tables?
- A . Route ::/0 traffic to a NAT gateway
- B . Route ::/0 traffic to an internet gateway
- C . Route 0.0.0.0/0 traffic to an egress-only internet gateway
- D . Route ::/0 traffic to an egress-only internet gateway
Latest SOA-C01 Dumps Valid Version with 254 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
