[2021.6] Valid Amazon SOA-C02 Practice Questions Free Share From Pass4itsure

Amazon AWS SOA-C02 is difficult. But with the Pass4itsure SOA-C02 dumps https://www.pass4itsure.com/soa-c02.html preparation material candidate, it can be achieved easily. In SOA-C02 practice tests, you can practice on the same exam as the actual exam. If you master the tricks you gained through practice, it will be easier to achieve your target score.

Amazon AWS SOA-C02 pdf free https://drive.google.com/file/d/1j9oY5YXPvhS-rw-0woU2GTZyk1LjhPZ5/view?usp=sharing

Latest Amazon SOA-C02 dumps practice test video tutorial

Latest Amazon AWS SOA-C02 practice exam questions at here:

QUESTION 1
A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load
Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all
target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?
A. AWS/ApplicationELB HealthyHostCount = 1
C. AWS/EC2 StatusCheckFailed = 1
Correct Answer: A


QUESTION 2
A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an
AWS Site-to-Site VPN connection between the on-premises network and AWS. The company must monitor the
application for changes that allow network access outside of the corporate network. Any change that exposes the
application externally must be restricted automatically.
Which solution meets these requirements in the MOST operationally efficient manner?
A. Create an AWS Lambda function that updates security groups that are associated with the elastic network interface
to remove inbound rules with noncorporate CIDR ranges. Turn on VPC Flow Logs, and send the logs to Amazon
CloudWatch Logs. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and
publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a
target.
B. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager
Automation document to check for public IP addresses on the EC2 instances. If public IP addresses are found on the
EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
C. Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from
noncorporate CIDR ranges. Create an AWS Systems Manager Automation document to remove any noncorporate
CIDR ranges from the application security groups.
D. Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag.
Tag the EC2 instances with an identifier. Create an AWS Systems Manager Automation document to remove the public
IP association from the EC2 instances.
Correct Answer: A

QUESTION 3
A company is running an application on premises and wants to use AWS for data backup. All of the data must be
available locally. The backup application can write only to block-based storage that is compatible with the Portable
Operating System Interface (POSIX).
Which backup solution will meet these requirements?
A. Configure the backup software to use Amazon S3 as the target for the data backups.
B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups.
C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes.
D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes.
Correct Answer: D


QUESTION 4
A data storage company provides a service that gives users the ability to upload and download files as needed. The
files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently
during the first 30 days after the files are stored. Users rarely access files after 30 days.
The company\\’s SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object
availability and minimizes cost.
Which solution will meet these requirements?
A. Move objects to S3 Glacier after 30 days.
B. Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
C. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
D. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.
Correct Answer: C
Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-generalconsiderations.html

QUESTION 5
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of
the company\\’s geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing
corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation
Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirements?
A. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server\\’s domain
name to Amazon ES. Configure Kibana to use Amazon ES authentication.
B. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool.
Enable Amazon Cognito authentication for Kibana on Amazon ES.
C. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon
ES that includes the Active Directory server\\’s IP address.
D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication
in Kibana. Add the Active Directory server\\’s IP address to Kibana.
Correct Answer: B
Reference: https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-awssingle-sign-on/


QUESTION 6
A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances
that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in
the VPC, and all security groups allow all outbound traffic:
Which solution will provide the EC2 instances in the private subnet with access to the internet?
A. Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
B. Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
C. Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
D. Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.
Correct Answer: A
Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

QUESTION 7
A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the
application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:
2 111122223333 eni- 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK
What is a possible cause of these failed connections?
A. A security group is denying traffic on port 443.
B. The EC2 instance is shut down.
C. The network ACL is blocking HTTPS traffic.
D. The VPC has no internet gateway attached.
Correct Answer: A

QUESTION 8
A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company
maintains several AWS Lambda functions that interact with the database to add, update, and delete items. The Lambda
functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is
rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?
A. Store the database password as an environment variable for each Lambda function. Create a new Lambda function
that is named PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the
PasswordRotate function every 30 days to change the database password and update the environment variable for
each Lambda function.
B. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted
password as an environment variable for each Lambda function. Grant each Lambda function access to the KMS key so
that the database password can be decrypted when required. Create a new Lambda function that is named
PasswordRotate to change the password every 30 days.
C. Use AWS Secrets Manager to store credentials for the database. Create a Secrets Manager secret and select the
database so that Secrets Manager will use a Lambda function to update the database password automatically. Specify
an automatic rotation schedule of 30 days. Update each Lambda function to access the database password from
Secrets Manager.
D. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the database. Create
a new Lambda function called PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule
the PasswordRotate function every 30 days to change the database password and to update the secret within
Parameter Store. Update each Lambda function to access the database password from Parameter Store.
Correct Answer: C


QUESTION 9
A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private
subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the
correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable
to communicate with the S3 bucket.
Which action will solve this problem while adhering to least privilege access?
A. Add a bucket policy to the S3 bucket permitting access from the IAM role.
B. Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
C. Configure the route table to allow the instances on the private subnet access through the internet gateway.
D. Create a NAT Gateway in a private subnet and configure the route table for the private subnets.
Correct Answer: C

QUESTION 10
A company is migrating its production file server to AWS. All data that is stored on the file server must remain
accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able
to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by
using Windows ACLs.
Which solution will net these requirements?
A. Create a single AWS Storage Gateway file gateway.
B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
C. Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load
Balancer in front of the file gateways.
D. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File
System Replication (DFSR).
Correct Answer: B
Reference: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html


QUESTION 11
A company has launched a social media website that gives users the ability to upload images directly to a centralized
Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3
bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed.
What should the SysOps administrator do to meet these requirements?
A. Create S3 access points in Regions that are closer to the users.
B. Create an accelerator in AWS Global Accelerator for the S3 bucket.
C. Enable S3 Transfer Acceleration on the S3 bucket.
D. Enable cross-origin resource sharing (CORS) on the S3 bucket.
Correct Answer: A

QUESTION 12
A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eucentral-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1.
All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the
website\\’s DNS records.
Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?
A. Geolocation routing policy
B. Geoproximity routing policy
C. Latency routing policy
D. Multivalue answer routing policy
Correct Answer: D
Reference: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

QUESTION 13
A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2
instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization
is above 70%.
A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps
administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet
of instances.
The SysOps administrator must restore the website\\’s functionality without making changes to the network
infrastructure.
Which solution will meet these requirements?
A. Activate unlimited mode for the instances in the Auto Scaling group.
B. Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.
C. Move the website to a different AWS Region that is closer to the users.
D. Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.
Correct Answer: C
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instanceshow-to.html

Welcome to download the valid Pass4itsure SOA-C02 pdf

Free downloadGoogle Drive
Amazon AWSSOA-C02 pdf https://drive.google.com/file/d/1j9oY5YXPvhS-rw-0woU2GTZyk1LjhPZ5/view?usp=sharing

Pass4itsure latest Amazon exam dumps coupon code free share

Summary:

New AmazonSOA-C02 exam questions from Pass4itsureĀ SOA-C02 dumps! Welcome to download the newest Pass4itsureĀ SOA-C02 dumps https://www.pass4itsure.com/soa-c02.html (642 Q&As), verified the latest SOA-C02 practice test questions with relevant answers.

Amazon AWS SOA-C02 dumps pdf free share https://drive.google.com/file/d/1j9oY5YXPvhS-rw-0woU2GTZyk1LjhPZ5/view?usp=sharing