Notes: Hi all, AWS Certified SysOps Administrator Associate Practice Exam (SOA-C02) Part 1 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take AWS Certified SysOps Administrator Associate SOA-C02 Actual Exam Version because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
For PDF Format:
Part 1: https://www.awslagi.com/aws-certified-sysops-practice-exam-part-1
Part 2: https://www.awslagi.com/aws-certified-sysops-practice-exam-part-2
Part 3: https://www.awslagi.com/aws-certified-sysops-practice-exam-part-3
Part 4: https://www.awslagi.com/aws-certified-sysops-practice-exam-part-4
Part 5: https://www.awslagi.com/aws-certified-sysops-practice-exam-part-5
For Audio Version:
1. An organization would like to set up an option for its Developers to receive an email whenever production Amazon EC2 instances are running over 80% CPU. How can this be accomplished using Amazon Cloudwatch Alarm?
A. Configure the alarm to send emails to subscribers using Amazon SES
B. Configure the alarm to send emails to subscribers using Amazon SNS
C. Configure the alarm to send emails to subscribers using Amazon Inspector
D. Configure the alarm to send emails to subscribers using Amazon Cognito
2. After installing and configuring the Amazon Cloudwatch agent on an EC2 instance, the anticipated system logs are not being received by cloudwatch logs. Which the following are likely to be the cause of this problem ? ( SELECT TWO)
A. A custom third-party solution for logs is being used.
B. The IAM role attached to the EC2 instance does not have the proper permissions.
C. The cloudwatch agent does not support the operation system used
D. A billing constraint is limiting the number of cloudwatch logs within this account.
E. The EC2 instance is in a private subnet and the VPC does not have a NAT gateway
3. An organization finds that a high number of gp2 Amazon EBS volumes are running out of space.
Which solution will provide the LEAST disruption with minimal effort?
A. Create a snapshot and restore it to a large gp2 volume
B. Create a RAID 0 with another new gp2 volume to increase capacity
C. Leverage the elastic volumes feature of EBS to increase gp2 volume size
D. Write a script to migrate data to a larger gp2 volume
4. A company is planning to expand into additional AWS Region for disaster recovery purposes. The company use AWS Cloudformation and it infrastructure is well-defined as code. The company would like to reuse as much of its existing code as possible when deploying resources to additional regions.
A SysOps Administrator is reviewing how AMIs are selected in AWS Cloudformation but is having trouble making the same stack work in new region. Which action would be made it easier to manage multiple Regions ?
A. Name each AMI in the new region exactly the same as the requirement AMI in the first region
B. Duplicate the stack so unique AMI names can be coded into the appreciate stack
C. Create an alias for each AMI so that an AMI can be referenced by a common name across region
D. Create a Mappings section in the stack and define the Region to AMI associations
6. An application is being developed that will be served access a fleet of EC2 instances, which require a consistent view of persistent data. Items stored vary in size from 1KB to 300MB; the items are read frequently, created occasionally and often require partial changes without conflict. The data is not expected to grow beyond 2TB, and items will be expired according to age and content type. Which AWS solutions meets these requirements?
A. Amazon S3 bucket with lifecycle policies to delete old objects.
B. Amazon RDS PostgreSQL and a jobs that delete ROWS based on age and file type columns
C. Amazon EFS and a scheduled process to delete files based on age and extension
D. An EC2 instance store synced on boot from a central Amazon EBS-backed instance
7. A company is concerned about a security vulnerability impacting it Linux operating system. What should the SysOps Administrator do to alleviate this concern?
A. Patch the vulnerability with Amazon Inspector
B. Provide the AWS Trusted Advisor report showing which Amazon EC2 instances have been patched
C. Redeploy the Amazon EC2 instances using AWS Cloudformation
D. Patch the Linux operating system using AWS system manager
8. A company has an application that is running on an EC2 instance in one Availability Zone. A SysOps Administrator has been tasked with making the application highly available. The administrator created a launch configuration from the running EC2 instance. The administrator also properly configured a load balancer. What step should the administrator complete next to make the application is highly available?
A. Create an Autoscaling group by using the launch configuration across at least 2 availability zones with a minimum size of 1, desired capacity of 1 and a maximum size of 1
B. Create an Autoscaling group by using the launch configuration across at least 3 availability zones with a minimum size of 2, desired capacity of 2 and a maximum size of 2
C. Create an Autoscaling group by using the launch configuration across at least 2 regions with a minimum size of 1, desired capacity of 1 and a maximum size of 1
D. Create an Autoscaling group by using the launch configuration across at least 2 regions with a minimum size of 2, desired capacity of 2 and a maximum size of 2
9. A company IT security team is performing an audit of the AWS environment to determine which servers need to be patched and where additional security need to be added. The company is responsible for which of the following ? (SELECT TWO)
A. Patching the OS on amazon RDS instances
B. Patching the OS on Amazon EC2 instances
C. Enabling server side encryption with Amazon S3-Managed keys (SSE-S3) on S3 objects
D. Patching database engine on RDS instances
E. Patching Elastic beanstalk managed EC2 application
10. The Infosec team has asked the SysOps Administrator to perform some hardening on the company Amazon RDS database instances. Based on the requirement, what actions should be recommended for the start of security review ? ( Select TWO )
A. Use Amazon Inspector to present a detailed report of security vulnerabilities across the RDS database fleet
B. Review the security group inbound access rules for least privilege
C. Export AWS cloudtrail entries detailing all SSH activity on the RDS instances.
D. Cat command to enumerate the allowed SSH keys in ~/.ssh on each RDS instances
E. VPC Settings and ensure that encrypted connections
11. A SysOps administrator must take a team’s single AWS Cloudformation template and split into smaller, service specific templates. All of the services in template reference a single, shared Amazon S3 bucket. What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?
A. Include the s3 bucket as a mapping in each template
B. Add the S3 bucket as a resource in each template
C. Create the S3 bucket in its own template and export it
D. Generate the S3 bucket using StackSets.
12. A Company web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC2 auto scaling group across multiple Availability Zones. Data is stored in an Amazon Elastic Cache for Redis cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at mid night on Tuesday. Which resources will need to have a maintenance window configured for midnight on Tuesday? (Select TWO)
A. Elastic Load Balancer
B. EC2 instances
C. RDS DB instances
D. ElastiCache Cluster
E. Auto Scaling Group
13. A Sysops administrator needs to confirm that security best practices are being followed with the AWS root account user. How should the Administrator ensure that this is done?
A. Change the root user password by using the AWS CLI routinely
B. Periodically use the AWS CLI to rotate access keys and secret keys for the root user
C. Use AWS Trusted Advisor security checks to review the configuration of the root user
D. Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration
14. A SysOps Administrator must provide data to show the overall usage of Amazon EC2 instances within each department and must determine if the purchased Reserved instances are being used effectively. What service should be used to provide the necessary information?
A. AWS Personal Health Dashboard
B. AWS Cost Explorer
C. AWS Service Catalog
D. AWS Application Discovery Service
15. While setting up an AWS managed VPN connection, a Sysops Administrator creates a customer gateway resources in AWS. The customer gateway device reside in a data center with a Nat gateway in front of it. What address should be used to create customer gateway resource?
A. The private IP address of the customer gateway device
B. The Mac address of the NAT device in front of the customer gateway device
C. The public IP address of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway
16. A SysOps Administrator has configured a Cloudwatch agent to send custom metrics to Amazon Cloudwatch and is now assembling a cloudwatch dashboard to display these metrics. What steps should the Administrator take to complete this task?
A. Select the AWS Namespace filter by metric name then add to the dashboard
B. Add a text widget, select the appropriate metric from the custom namespace then add to the dashboard
C. Select the appropriate widget and metrics from the custom namespace then add to the dashboard
D. Open the CloudWatch console, from the CloudWatch Events, add all custom metrics.
17. Recently several critical files were mistakenly deleted from a shared Amazon S3 bucket. A SysOps Administrator tasked prevent mistaken occuring in the future by enabling MFA Delete. Once enabled, which bucket activities will require MFA authentication? (SELECT TWO)
A. Permanently removing an object version from the bucket
B. Disabling default object encryption for the bucket
C. Listing all versions of deleted objects in the bucket
D. Suspending versioning on the bucket
E. Enable MFA Add on the bucket
18. An organizational audit uncovered an existing Amazon RDS Database that is not currently configured for high availability database, it must be configured for high availability as soon as possible. How can this requirement be met?
A. Switch to an active/passive database pair using the create-db-instance-read-replica with the –availability-zone flag
B. Specify high availability when creating a new RDS instance, and live-migrate the data
C. Modify the RDS instance using the console to include the Multi-AZ option
D. Use the modify-db-instance command with the -ha flag
19. The networking team has created a VPC in an AWS account. The application team has asked for access resources in other account. The SysOps Administrator has created the VPC peering connection between both accounts, but the resource in one VPC cannot connect to resources in the other VPC. What could be causing this issue?
A. One of the VPCs is not sized correctly for peering
B. There is no public subnet in one of the VPCs
C. The route table have not been updated
D. One VPC has disabled the peering flag
20. A System Administrator is responsible for maintaining custom, approved AMIs for a company. The AMIs must be shared to other AWS Account. How can the Administrator address this issue?
A. Contact AWS support for sharing AMIs with the other AWS accounts
B. Modify the permissions on the AMIs so that they are publicly accessible
C. Modify the permissions on the IAM Role that associated with the AMI
D. Share the AMIs with each AWS account using the console or CLI
21. The Accounting Department would like to receive billing updates more than once a month. They would like the updates to be maintenanced with a spreadsheet application. How can this request be fulfilled?
A. Use Amazon Cloudwatch events to schedule a billing inquiry on a bi-weekly basis. Use AWS Glue to convert the output to CSV
B. Set AWS Cost and Usage reports to publish bills daily to an Amazon S3 bucket in CSV format
C. Use the AWS CLI to output billing data as JSON. Use Amazon SES to email bills on a daily basis
D. Use the AWS Lambda, triggered by cloudwatch to query billing data and push to Amazon RDS
22. A SysOps Administrator must generate a report that provides a breakdown of all API activity by a specify user over call API action Given that AWS Cloudtrail was enabled, how can this report be generated?
A. Using the AWS management console, search for the user name in the Cloudtrail history. Then filter by API and download the report in CSV format.
B. Use the cloudtrail digest files stored in the company’s Amazon S3 bucket. Then send the log to Amazon QuickSight to create the report
C. Locate the monthly reports that cloudtrail sends that are emailed to the account root users. Then forward the reports to the auditor using a secure channel
D. Access the cloudtrail logs stored in Amazon S3 bucket tied to Cloudtrail. Use Amazon Athena to extract the information needed to generate the report
23. When the AWS Cloud Infrastructure experiences an event that may impact an organization, which AWS service can be show up resources are affected ?
A. AWS Service Health Dashboard
B. AWS Trusted Advisor
C. AWS Personal Health Dashboard
D. AWS Systems Manager
24. A company in running a social media site on EC2 instance. The application store data in an Amazon RDS for MySQL and store read caching by using an Elastic Cache for Redis (cluster mode enabled) cluster to improve read times. A Social event is coming and SysOps Administrator expects website traffic to triple. What can a SysOps Administrator do to ensure improved read times for users during the social event?
A. Use Amazon RDS Multi-AZ
B. Add shards to the existing Redis Cluster
C. Offload static data to Amazon S3
D. Launch a second multi-AZ Redis Cluster
25. A SysOps Administrator is managing a MemCached cluster in Amazon ElasticCache. The cluster has been ready for capacity with a large instance type with more memory. What should the Administrator use to make this change?
A. Use the ModifyCacheCluster API and specify a new CacheNodeType
B. Use the CreateCacheCluster API and specify a new CacheNodeType
C. Use the ModifyCacheParameterGroup API and specify a new CacheNodeType
D. Use the RebootCacheCluster API and specify a new CacheNodeType
26. A Company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company wants to point its domain zone apex to the website Which type of record should be used to meet these requirements?
A. An AAAA record for the domain zone Apex
B. An A record for the domain zone Apex
C. A CNAME record for the domain zone Apex
D. An Alias Record for the domain zone Apex
27. A SysOps Administrator has an AWS Direct Connect connection in place in region us-east-1, between an AWS account and a data center. The Administrator is now required to connect the data to a VPC in another AWS Region, us-west-2, which must have consistent network performance and low-latency What is the MOST efficient and quickest way to establish this connectivity?
A. Create an AWS VPN cloudhub architecture and use software VPN to connect to the VPC in region us-west-2
B. Create a new Direct Connect connection between the data center and region us-west-2
C. Create a VPC peering connection between the VPC in region us-east-1 and us-west-2 and access the VPC in us-west-2 from the data center
D. Use Direct Connect gateway with the existing Direct Connect connection to the Virtual Private Gateway of the VPC in region us-west-2
28. A web-commerce application stores its data in an Amazon Aurora DB cluster with an Aurora replica. The application displays shopping cart information by reading data from the reader endpoint. When monitoring the Aurora database, the SysOps Administrator sees the AuroraReplicaLagMaximum metric for a single replica is high. What behavior is the application MOST likely exhibiting to users?
A. Users cannot add any items to the shopping cart
B. Users immediately notice that the cart is not updated correctly
C. Users cannot remove any items from the shopping cart
D. Users cannot use the application because it is failing back to an error page
29. A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the Internet. The EC2 Instance is in private subnet is applied to the subnet of the EC2 instance.
Destination – 10.2.0.0/16
Target – local
Status – Active
Propagated – No
Destination – 0.0.0.0/0
Target – nat-xxxxxx
Status – Blackhole
Propagated – No
What has caused the connectivity issue?
A. The NAT gateway is no longer exists
B. There is no route to the Internet Gateway
C. The route are no longer propagating
D. There is no route rule with a destination for the internet
30. An Amazon EBS Volume attached to an EC2 instance was recently modified. Part of the modification included increasing capacity. Administrator notices that the increased storage capacity is not reflected in the file system. Which step should the Administrator complete to use the increased storage capacity?
A. Restart the EC2 instance
B. Extend the volume file system
C. Detach the EBS volume, resize it and attach it
D. Take an EBS snapshot and restore it to the bigger volume
31. During a security investigation it is determined that there is a coordinated attack on the web application deployed in Amazon EC2 Instance through malformed HTTP headers What AWS service or feature would prevent this traffic from reaching the EC instances?
A. Amazon Inspector
B. Amazon Security Group
C. AWS WAF
D. Application Load Balancer (ALB)
32. A SysOps Administrator is notified that a security vulnerability affects a version of MySQL RDS database cluster. Who is responsible for ensuring that is the patch is applied to the MySQL cluster?
A. The database vendor
B. The security department of the SysOps Administrator company
D. The SysOps Administrator
33. A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics. Why are the additional instances missing from the aggregated metrics?
A. The warm-up period has not expired
B. The instances are still in the boot process
C. The instances has not been attached to the auto scaling group
D. The instances are included in a different set of metrics
34. . A SysOps Administrator is creating additional Amazon EC2 instances and received an InstanceLimitExceeded error. What is the cause of the issue and how can it be resolved?
A. The administrator has requested too many instances at once and must required fewer instances in batches
B. The concurrent running instance limit has been reached, and an EC2 limit increase request must be filed with AWS support
C. AWS currently does not have enough available capacity and a different instance type must be used
D. The Administrator must specify the maximum number of instance to be created while provisioning EC2 instances
35. A SysOps Administrator must devise a strategy for enforcing tagging of all EC2 instances and Amazon Elastic Block store (EBS) volumes. What action can the Administrator take to implement this for real-time enforcement?
A. Use the AWS Tag Editor to manually search for untagged resource and then tag them properly in the editor
B. Set Up AWS Service Catalog with the TagOptions Library rule that enforces a tagging taxonomy proactively when instances and volumes are launched
C. In a power shell or shell script, check for untagged items by using the resource tagging GetResources API action, and then manually tag the reported items.
D. Launch items by using the AWS API. Use the TagResources API action to applied the required tags when the instances and volumes are launched
36. A company’s customers are reporting increased latency while accessing static web content from Amazon S3. A SysOps Administrator observed a very high rate of read operations on a particular S3 bucket. What will minimize latency by reducing load on the S3 bucket?
A. Migrate the S3 bucket to a region that is closer to end users geographic locations
B. Use cross-region replication to replicate all of the data to another region
C. Create Amazon Cloudfront distribution with the S3 bucket as the origin
D. Use Amazon Elastic to cache data being served from Amazon S3
37. An e-commerce company wants to lower costs on its nightly jobs that aggregate the current day’s sales and store the results in Amazon S3. The jobs are currently run using multiple on-demand instances and the job take just under 2 hours to complete. If a job fails for any reason, it needs to be restarted from the beginning. What method is the MOST cost effective based on these requirements?
A. Use a mixture of On-Demand and Spot instances for job execution
B. Submit a request for a Spot Block to be used for job execution
C. Purchase reserved instance to be used for job execution
D. Submit a request for a one-time spot instance for job execution
38. A SysOps Administrator is implementing SSL for a domain of an internet facing application running behind an Application Load Balancer. The Administrator decides to use SSL certificate from Amazon Certificate Manager (ACM) to secure it. Upon creating request for the ALB is fails and the error message “Domain not allowed” is displayed. How can the Administrator fix the issue?
A. Contact the domain registrar and ask them to provide the verification required by AWS
B. Place a new request with a proper domain name instead of the ALB FQDN
C. Select the certificate request in the ACM console and resend the validation email
D. Contact AWS support and verify the request by answering security challenge questions
39. Malicious traffic is reaching company web servers. A SysOps Administrator is tasked with blocking this traffic. The malicious traffic request is addresses and represents much higher traffic than is typically seen from legitimate users. How should the Administrator protect the web servers?
A. Create a security group for the web servers and add deny rules for malicious sources
B. Set the network access control list for the web servers subnet and add deny entries
C. Place a web server behind AWS WAF and establish the rate limit to create a blacklist
D. Use Amazon Cloudfront to cache all pages and remove the traffic from the web servers.
40. A SysOps Administrator created an Amazon VPC with an IPV6 CIDR block, which requires access to the internet. However access from internet to VPC is prohibited. After adding and configuring the required components to the VPC. The Administrator is unable to connect from private subnet to the internet. What additional route destination rule should the Administrator add to the route tables?
A. Route ::/0 traffic to a NAT gateway
B. Route ::/0 traffic to an Internet Gateway
C. Rote 0.0.0.0 traffic to an egress-only internet gateway
D. Route ::/0 traffic to an egress-only internet gateway