AWS SysOps Administrator SOA-C02 Exam Simulator 2

You are using AWS Trusted Advisor as it provides you real-time guidance to help you provision your resources following AWS best practices. Which of the following categories is NOT included in the AWS Trusted Advisor’s best practice recommendations?

A Linux instance running in your VPC requires some configuration changes to be implemented locally and you need to run some commands.

Which of the following can be used to securely access the instance?

In compliance with PCI DSS, an EU-based company is required to provide compliance documents, such as Payment Card Industry (PCI). Where are these AWS compliance documents located?

A company needs to create an AWS multi-account strategy for its AWS Control Tower landing zone as a well-architected AWS environment following the best practices.

Which action should a SysOps administrator take to meet these requirements?

A company starts growing rapidly and they need to implement a solution to centrally manage billing; control access, and security; and share resources across the AWS accounts.

Which of the following AWS services will meet this requirement?

Which of the following AWS Key Management Service (AWS KMS) practice encrypts plaintext data with a data key, and then encrypts the data key under another key?

A company just installed a new WordPress website on an Amazon EC2 Linux instance. Although the website is installed on an Amazon EC2 instance, they cannot directly deploy an ACM Certificate on that instance.

Which action should the SysOps administrator take to fix this issue?

A company wants to set up an AWS Site-to-Site VPN connection with a virtual private gateway as the target gateway.

Which of the following is the FIRST step to meet the requirement?

The instances that you launch into an Amazon VPC can’t communicate with your own (remote) network. Which of the following services do you need to create and configure in order to enable access to your remote network from your VPC?

You are working for Examsdigest LLC, as a SysOps Administrator. You have been tasked to connect the on-premises infrastructure to their AWS cloud as secure as possible.

Which of the following AWS services can you use to accomplish this? (Choose all that apply)

Which of the following AWS Services enables you to replace hardcoded credentials in your code with an API to ensure that the secret can’t be compromised by someone examining your code?

A company for compliance purposes needs to assess how well its resource configurations comply with internal practices, industry guidelines, and regulations.

Which tool should a SysOps administrator use to meet these requirements?

A company is hosted the new application in an Auto Scaling group of EC2 instances. The company wants to implement an SSL solution for the app to improve its security. The certificate is obtained from a third-party issuer.

Where can you import the SSL/TLS certificate to improve the security of the application?

A company wants to implement a solution to automate security vulnerability assessments throughout the development and deployment pipelines.

Which service should a SysOps administrator enable to meet the requirement?

You can configure a Lambda function to connect to private subnets in a virtual private cloud (VPC) in your AWS account.

What happens when you connect a function to a VPC?

A company wants to monitor the traffic that is reaching its instance by capturing information about the IP traffic going to and from the network interfaces in its VPC.

Which solution will meet this requirement?

You have been tasked to improve the security of the data flow between your Amazon Redshift cluster and other resources. The very first step is to use VPC flow logs to monitor all the COPY and UNLOAD traffic of your Redshift cluster that moves in and out of your VPC.

Which of the following option is the most suitable solution to improve the security of your data?

A company has a VPC for the IT department and another VPC for the accounting department. Which type of networking connection in AWS should a SysOps administrator use for the IT department in order to get access to all resources that are in the accounting department, and vice versa?

A company wants to create a VPC with a dedicated tenancy for the 10.0.0.0/16 IPv4 CIDR block.

Which command should a SysOps administrator type in the command-line tool to meet the requirement?

A company needs to increase the security of its VPC. The company wants to control traffic in and out of its subnets.

Which service should a SysOps administrator use to meet the requirement?

Which of the following ACL rules allows inbound HTTP traffic from any IPv4 address.

A company just launched an EC2 instance in a subnet into its VPC. After investigation, a SysOps administrator has realized that the EC2 instance isn’t accessible from the Internet.

What could be the primary cause of this issue?

A company just finalized the process of hosting its WordPress blog on a new Amazon EC2 Linux instance. After trying to connect to the instance the SysOps administrator gets the following error message:

Network error: Connection timed out or Error connecting

Which actions should the SysOps administrator take to fix this issue? (Select TWO.)

Α company handles sensitive data in their private subnet, the data is processed by the EC2 instances and then delivered to S3. The company wants the data to NOT be passed through the public Internet.

How could a SysOps administrator design this solution so that the data does not pass through the public Internet?

A company wants to use a network address translation (NAT) gateway to enable the instances in its private subnet to connect to the internet and prevent the internet from initiating a connection with those instances.

Sort the steps from the top (first step) to the bottom (last step) to create a NAT gateway using the console.

A company wants to use a security group to control inbound and outbound traffic. The company has already launched an instance in a VPC and now they want to assign two security groups to the instance.

Sort the steps from the top (first step) to the bottom (last step) to create a security group using the console.

A company wants to add an additional layer of protection from web attacks that attempt to exploit vulnerabilities to its web app. The company needs to create rules to filter web traffic based on specific IP addresses and block common web exploits like SQL injection and cross-site scripting.

Which of the following AWS service meet these requirements?

A company that has a MySQL on Amazon Relational Database Service discovers common attack patterns, such as SQL injection and cross-site scripting. You have been hired to implement a solution to improve web traffic visibility by monitoring the entire inbound traffic and improve the security against web attacks.

Which of the following services should you implement to meet the requirements?

Which of the following AWS service is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization?

A company is using Amazon Elastic Container Service (Amazon ECS) containers to host its applications. The company wants to use AWS WAF to protect the applications that are hosted in Amazon ECS containers.

Which actions should a SysOps administrator take to meet these requirements?

A company is using Amazon CloudFront distributions and Amazon Route 53 hosted zones. The company wants to add protection against DDoS attacks for those resource types using AWS Shield Advanced.

Which of the following is the THIRD step in the AWS Shield Advanced configuration process?

Your Online Travel Agent (OTA) startup in California recently faced tremendous growth. Users from all over the world started using the APP. After investigation, you noticed 60% of the traffic was originated from Germany. Because of this, you decide to localize your content and present all of your website’s content in German to the users from Germany and English to the rest of the users. Also, you want all queries from Europe to be routed to an ELB load balancer in the Frankfurt region.

Which of the following services would allow you to fulfill this requirement?

A company wants to configure a public hosted zone to provide information about how they want to route traffic on the internet for its domain (examsdigest.com).

Which solution will meet these requirements with the LEAST amount of effort?

A SysOps Administrator is configuring a Route 53 Resolver using the wizard. Which of the following steps has to be done before choosing the direction that you want to forward DNS queries?

A company wants to create a secure static website for its domain name. The company’s website uses only files like HTML, CSS, JavaScript, and doesn’t need servers or server-side processing.

Which of the following are prerequisites to deploy this secure static website solution using the console? (Select TWO.)

A SysOps administrator tries to add an alternate domain name (CNAME) to its distribution but CloudFront returns an InvalidViewerCertificate error.

Which actions should the SysOps administrator take to fix this issue? (Select TWO.)

A company is using VPC Flow Logs to capture information about the IP traffic going to and from the network interfaces in its VPC. The company has created a flow log, and the Amazon VPC console displays the flow log as Active. However, they cannot see any log streams in CloudWatch Logs or log files in its Amazon S3 bucket.

Which actions should the SysOps administrator take to fix this issue?

A company just created a subnet and configured a routing. The company wants to launch an instance of type t2.micro into the default subnet for the current Region using a command-line tool.

Which action should a SysOps administrator take to meet these requirements?

A company wants to receive an alert once the EC2 cost budget reaches the threshold of $2,500.00.

Which action should a SysOps administrator take to track and inspect the company’s budget?

Your new online event management application is hosted in AWS. The application uses Multi-AZ RDS for its database tier, which has a standby replica.

What are the events that will make Amazon RDS automatically perform a failover to the standby replica? (Select THREE.)

You are building an application that will be hosted in ECS which needs to be configured to run its tasks and services using the Fargate launch type. The application will have four different tasks where each task will access various AWS resources that are different from the other tasks.

Which of the following solutions can provide your application in ECS access to the required AWS resources?

A tech-educational company uses EC2, CloudFront, and S3 for its tutorial videos. The company uses a standard S3 storage class to store all tutorials. The wants to transfer the tutorials automatically from the S3 bucket to Amazon S3 Glacier storage.

Which action should a SysOps administrator take to meet the requirement?

You are working on a bookkeeping accountant application for a startup. Your project manager asked you to have the ability to automatically transfer obsolete data from their S3 bucket to a low-cost storage system in AWS.

Which of the following solution will you use to meet the requirement?

A company wants to use an RDS Proxy to make its applications more resilient to database failures by automatically connecting to a standby DB instance while preserving application connections.

Which networking resources should a SysOps administrator set in place in order to use an RDS Proxy? (Select THREE.)

A company has customers from all over the world that upload files to a centralized bucket. The company needs to provide fast, easy, and secure transfer of the files over long distances between its clients and an S3 bucket.

Which solution will meet this requirement?

A company is building a text to speech conversion service in which a fleet of EC2 worker instances processes an uploaded text file and generates an audio file as an output. The company wants to enable enhanced networking with the Elastic Network Adapter (ENA).

What should the SysOps administrator do to set up the EC2 instance for enhanced networking? (Select TWO.)

The previous AWS SysOps administrator in the Acme Corporation was using Amazon CloudWatch dashboards, as he was able to monitor the resources in a single view, even those resources that are spread across different Regions. Now, you took over the position as AWS SysOps administrator and you are responsible to create a new CloudWatch dashboard using the console.

Which of the following steps is NOT required to create the new CloudWatch dashboard?

Your new application is hosted in an Auto Scaling group of EC2 instances. To improve the monitoring process, you have to configure it to keep the average aggregate CPU utilization of your Auto Scaling group at 50 percent. This should be done by specifying the scaling metrics and threshold values for the CloudWatch alarms that trigger the scaling process.

Which of the following scaling policy type you should use?

A company uses EventBridge as it delivers a stream of real-time data from their own applications, and AWS services and routes that data to targets such as AWS Lambda. Also, they can set up routing rules to determine where to send their data to build application architectures. Now, the company needs to configure the EventBridge with more targets.

Which of the following is NOT a target for EventBridge?

A company is creating an EventBridge rule that triggers on an AWS API Call Using AWS CloudTrail. After configuring the Service provider and the Service name of the service that emits the event, now they are configuring the Event type.

Which of the following Event type should they choose to create the EventBridge rule?

A company is creating a new Amazon Relational Database Service (Amazon RDS) as it provides a cost-efficient relational database and manages common database administration tasks.

Sort the steps from the top (first step) to the bottom (last step) to create a read replica using the console with the following.

1. Choose the MySQL or PostgreSQL DB instance

2. Choose the custom Availability Zone for Destination Custom AZ

Your web application is on a fleet of EC2 instances located in three Availability Zones which are behind an Application Load Balancer. Which health check configuration will you implement to ensure that your web app is highly-available?

Suppose you have ELB load balancers in the US West (Oregon) Region and in the Asia Pacific (Singapore) Region and you created a latency record for each load balancer. What will happen when a user in London enters the name of your domain in a browser? (Choose all that apply.)

A company runs an application on a large fleet of Amazon EC2 instances to process financial transactions. The company needs to restore the DB instance to the latest possible time after experiencing a power outage.

Which action should a SysOps administrator take to meet this requirement?

You are working for a content management company as a SysOps Administrator. The company needs a storage service that provides the scale and performance the content management applications require such as high throughput and low-latency file operations. In addition, their data needs to be stored redundantly across multiple AZs and allows concurrent connections from multiple EC2 instances hosted on multiple AZs.

Which of the following AWS storage services is most suitable for the project?

A company runs several production workloads on Amazon EC2 instances. The company wants to create an automated pipeline to build and maintain a customized EC2 Image Builder image using the Create image pipeline console wizard.

Which of the following is the FIRST step to create an image pipeline workflow?