Amazon SOA-C02 AWS Certified SysOps Administrator – Associate Online Training
Amazon SOA-C02 Online Training
The questions for SOA-C02 were last updated at Jul 18,2025.
- Exam Code: SOA-C02
- Exam Name: AWS Certified SysOps Administrator - Associate
- Certification Provider: Amazon
- Latest update: Jul 18,2025
An errant process is known to use an entire processor and run at 100% A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes
How can this be accomplished?
- A . Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance
- B . Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance
- C . Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes
- D . Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests
Where can the administrator find this information?
- A . Auto Scaling logs
- B . AWS CloudTrail logs
- C . EC2 instance logs
- D . Elastic Load Balancer access logs
An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership
What is the BEST method to allow access using current LDAP credentials?
- A . Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD
- B . Create a Lambda function to read LDAP groups and automate the creation of IAM users
- C . Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server
- D . Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions
An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted These objects must be encrypted, and all future objects must be encrypted at the time they are written.
Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO)
- A . Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place
- B . Edit the properties of the S3 bucket to enable default server-side encryption
- C . Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with encryption enabled
- D . Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS"
- E . Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found
A company is using an AWS KMS customer master key (CMK) with imported key material The company references the CMK by its alias in the Java application to encrypt data The CMK must be rotated every 6 months
What is the process to rotate the key?
- A . Enable automatic key rotation for the CMK and specify a period of 6 months
- B . Create a new CMK with new imported material, and update the key alias to point to the new CMK.
- C . Delete the current key material, and import new material into the existing CMK
- D . Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months
A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company already has configured the database to use the maximum max_connections value that is possible
What should a SysOps administrator do to resolve these errors’?
- A . Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases
- B . Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function
- C . Increase the value in the max_connect_errors parameter in the parameter group that the database uses
- D . Update the Lambda function’s reserved concurrency to a higher value
A company stores files on 50 Amazon S3 buckets in the same AWS Region The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost
Which solution will meet these requirements?
- A . Create a gateway VPC endpoint lor each S3 bucket Attach the gateway VPC endpoints to each subnet inside the VPC
- B . Create an interface VPC endpoint (or each S3 bucket Attach the interface VPC endpoints to each subnet inside the VPC
- C . Create one gateway VPC endpoint for all the S3 buckets Add the gateway VPC endpoint to the VPC route table
- D . Create one interface VPC endpoint for all the S3 buckets Add the interface VPC endpoint to the VPC route table
A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?
- A . Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
- B . Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
- C . Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update
- D . Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources
A company’s financial department needs to view the cost details of each project in an AWS account A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer
Which solution will meet this requirement?
- A . Activate cost allocation tags Add a project tag to the appropriate resources
- B . Configure consolidated billing Create AWS Cost and Usage Reports
- C . Use AWS Budgets Create AWS Budgets reports
- D . Use cost categories to define custom groups that are based on AWS cost and usage dimensions
A company is managing multiple AWS accounts in AWS Organizations The company is reviewing internal security of Its AWS environment The company’s security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts
Which solution will meet these requirements in the MOST secure manner?
- A . Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user Share the user credentials with the security administrator
- B . Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions Assign the policy to an IAM user Share the user credentials with the security administrator
- C . Create an IAM policy in each developer account that has administrator access related to VPC
resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account - D . Create an IAM policy m each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account
Latest SOA-C02 Dumps Valid Version with 54 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
