Amazon SOA-C02 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C02 Online Training
The questions for SOA-C02 were last updated at Jul 17,2025.
- Exam Code: SOA-C02
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: Jul 17,2025
A SysOps administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing.
What should the administrator do first to resolve this issue?
- A . Reboot the EC2 instance so it can be launched on a new host
- B . Stop and then start the EC2 instance so that it can be launched on a new host
- C . Terminate the EC2 instance and relaunch it
- D . View the AWS CloudTrail log to investigate what changed on the EC2 instance
A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately What should the SysOps administrator do to meet these requirements WITHOUT writing custom code”
- A . Add the AWS account to AWS Organizations Enable CloudTrail in the management account
- B . Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action
- C . Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail
- D . Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail
A recent audit found that most resources belonging to the development team were in violation of patch compliance standards The resources were properly tagged.
Which service should be used to quickly remediate the issue and bring the resources back into compliance?
- A . AWS Config
- B . Amazon Inspector
- C . AWS Trusted Advisor
- D . AWS Systems Manager
An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS} queues A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues
Which solution will meet these requirements in the MOST secure manner?
- A . Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Embed the IAM user’s credentials in the application’s configuration
- B . Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Export the IAM user’s access key and secret access key as environment variables on the EC2 instance
- C . Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows sqs." permissions to the appropriate queues
- D . Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues
A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data
Which AWS service will mitigate this issue?
- A . AWS Shield Standard
- B . AWS WAF
- C . Elastic Load Balancing
- D . Amazon Cognito
A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched
What should the SysOps administrator do to meet this requirement?
- A . Add a wait condition to the template Update the EC2 instance user data script to send a signal after the EC2 instance is started
- B . Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource
- C . Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource
- D . Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones The application uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests tor dynamic content to the load balancer and requests for static content to an Amazon S3 bucket Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Select TWO)
- A . Add Amazon CloudFront caching for static content
- B . Change the load balancer listener from HTTPS to TCP
- C . Enable Amazon Route 53 latency-based routing
- D . Implement Amazon EC2 Auto Scaling for the web servers
- E . Move the static content from Amazon S3 to the web servers
A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX)
Which backup solution will meet these requirements?
- A . Configure the backup software to use Amazon S3 as the target for the data backups
- B . Configure the backup software to use Amazon S3 Glacier as the target for the data backups
- C . Use AWS Storage Gateway, and configure it to use gateway-cached volumes
- D . Use AWS Storage Gateway, and configure it to use gateway-stored volumes
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted
How can this be resolved?
- A . Enable encryption on each host’s connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
- B . Enable encryption on the existing EFS volume by using the AWS Command Line Interface
- C . Enable encryption on each host’s local drive Restart each host to encrypt the drive
- D . Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it
What address should be used to create the customer gateway resource?
- A . The private IP address of the customer gateway device
- B . The MAC address of the NAT device in front of the customer gateway device
- C . The public IP address of the customer gateway device
- D . The public IP address of the NAT device in front of the customer gateway device
Latest SOA-C02 Dumps Valid Version with 54 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
