Last Updated on October 3, 2021 by Admin 2
SOA-C01 : AWS-SysOps : Part 42
A SysOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team. Members of the team are part of an IAM group to which the following IAM policy has been assigned:
Which of the following actions will be allowed on the bucket? (Choose two.)
- Get the bucket’s region.
- Delete an object.
- Delete the bucket.
- Download an object.
- List all the buckets in the account.
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.
What actions should the SysOps Administrator take to meet these requirements?
- Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
- Create a VPC endpoint for the S3 bucket, and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
- Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
- Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
A Chief Financial Officer has asked for a breakdown of costs per project in a single AWS account using Cost Explorer.
Which combination of options should be set to accomplish this? (Choose two.)
- Activate AWS Budgets.
- Activate cost allocation tags.
- Create an organization using AWS Organizations.
- Create and apply resource tags.
- Enable AWS Trusted Advisor.
A SysOps Administrator has implemented a VPC network design with the following requirements:
-Two Availability Zones (AZs)
-Two private subnets
-Two public subnets
-One internet gateway
-One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?
- A single virtual private gateway, because it can be associated with a single AZ only.
- A single internet gateway, because it is not redundant across both AZs.
- A single NAT gateway, because it is not redundant across both AZs.
- The default VPC route table, because it can be associated with a single AZ only.
A SysOps Administration team is supporting an application that stores a configuration file in an Amazon S3 bucket. Previous revisions of the configuration file must be maintained for change control and rollback.
How should the S3 bucket be configured to meet these requirements?
- Enable a lifecycle policy on the S3 bucket.
- Enable cross-origin resource sharing on the S3 bucket.
- Enable object tagging on the S3 bucket.
- Enable versioning on the S3 bucket.
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Choose two.)
- Add Amazon CloudFront caching for static content.
- Change the load balancer listener from HTTPS to TCP.
- Enable Amazon Route 53 latency-based routing.
- Implement Amazon EC2 Auto Scaling for the web servers.
- Move the static content from Amazon S3 to the web servers.
An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.
What Amazon Glacier configuration option should be used to meet this compliance requirement?
- A Glacier data retrieval policy
- A Glacier vault access policy
- A Glacier vault lock policy
- A Glacier vault notification
A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps Administrator has been asked to determine what is causing this increase.
What is the MOST comprehensive tool that will accomplish this task?
- AWS Cost Explorer
- AWS Trusted Advisor
- Cost allocation tags
- Resource groups
A company has deployed its infrastructure using AWS CloudFormation. Recently, the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template.
Which solution will ensure all the changes are captured?
- Create a new CloudFormation stack based on the changes that were made. Delete the old stack and deploy the new stack.
- Update the CloudFormation stack using a change set. Review the changes and update the stack.
- Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed.
- Use drift detection on the CloudFormation stack. Use the output to update the CloudFormation template and redeploy the stack.
A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.
What should the Administrator do to restore the user’s file from the snapshot?
- Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.
- Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.
- Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.
- Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.
Each SysOps Administrator at a company has a unique IAM user account. Each user is a member of the SysOps IAM group that has an IAM policy applied. A recent change to the IT security policy states that employees must now use their on-premises Active Directory user accounts to access the AWS Management Console.
Which solution should be used to satisfy these requirements?
- Configure the on-premises Active Directory to use AWS Direct Connect.
- Enable an Active Directory federation in an Amazon Route 53 private zone.
- Implement a VPN tunnel and configure an Active Directory connector.
- Implement multi-factor authentication for IAM and Active Directory.
A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?
- Create one public subnet for the Application Load Balancer, one public subnet for the web servers, and one private subnet for the database servers.
- Create one public subnet for the Application Load Balancer, two public subnets for the web servers, and two private subnets for the database servers.
- Create two public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers.
- Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.
A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours.
What should be done to MINIMIZE disruption to the business?
- Reboot the instance as soon as possible to perform the system maintenance before the scheduled retirement.
- Reboot the instance outside business hours to perform the system maintenance before the scheduled retirement.
- Stop/start the instance outside business hours to move to a new host before the scheduled retirement.
- Write an AWS Lambda function to restore the system when the scheduled retirement occurs.
A company has a business application hosted on Amazon EC2 instances behind an Application Load Balancer. Amazon CloudWatch metrics show that the CPU utilization on the EC2 instances is very high. There are also reports from users that receive HTTP 503 and 504 errors when they try to connect to the application.
Which action will resolve these issues?
- Place the EC2 instances into an AWS Auto Scaling group.
- Configure the ALB’s Target Group to use more frequent health checks.
- Enable sticky sessions on the Application Load Balancer.
- Increase the idle timeout setting of the Application Load Balancer.
A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The Administrator notices an increase in the HTTPCode_ELB_5xx_Count Amazon CloudWatch metric for the load balancer.
What is a possible cause for this increase?
- The ALB is associated with private subnets within the VPC.
- The ALB received a request from a client, but the client closed the connection.
- The ALB security group is not configured to allow inbound traffic from the users.
- The ALB target group does not contain healthy EC2 instances.
An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements, the EC2 instances cannot have access to the public internet. SysOps Administrators require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.
Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirements? (Choose two.)
- Attach a NAT gateway to the VPC and configure routing
- Attach a virtual private gateway to the VPC and configure routing
- Attach an internet gateway to the VPC and configure routing
- Configure a VPN connection back to the corporate office
- Configure an Application Load Balancer in front of the EC2 instances
A developer is deploying a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) and notices that the application is not receiving all the expected elements from HTTP requests. The developer suspects users are not sending the correct query string.
How should a sysops administrator verify this?
- Monitor the ALB default Amazon CloudWatch metrics. Verify that the requests contain the expected query string.
- Сonfigure the ALB to store access logs within Amazon S3. Verify that log entries contain the expected query string.
- Open the ALB logs in Amazon CloudWatch. Verify that requests contain the expected query string.
- Create a custom Amazon CloudWatch metric to store requests. Verify that the metric contains the expected query string.
A company’s IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account, and the Finance team wants to determine the service costs incurred by each Developer.
What should a SysOps Administrator do to collect this information? (Choose two.)
- Activate the createdBy tag in the account
- Analyze the usage with Amazon CloudWatch dashboards
- Analyze the usage with Cost Explorer
- Configure AWS Trusted Advisor to track resource usage
- Create a billing alarm in AWS Budgets
An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the sysops administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Choose two.)
- Add an additional node to the ElastiCache cluster
- Increase the ElastiCache time to live (TTL)
- Increase the individual node size inside the ElastiCache cluster
- Put an Elastic Load Balancer in front of the ElastiCache cluster
- Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster
A sysops administrator created an AWS Lambda function within a VPC with no access to the Internet. The Lambda function pulls messages from an Amazon SQS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.
Which of the following are possible causes for this? (Choose two.)
- A VPC endpoint has not been created for Amazon RDS
- A VPC endpoint has not been created for Amazon SQS
- The RDS security group is not allowing connections from the Lambda function
- The subnet associated with the Lambda function does not have an internet gateway attached
- The subnet associated with the Lambda function has a NAT gateway