AWS SOA-C00 Certified Sys Ops Administrator Associate Exam Set 2

Which of the following requires a custom Cloud Watch metric to monitor?


Options are :

  • Memory Utilization of an EC2 instance
  • Disk usage activity of an EC2 instance (Correct)
  • Data transfer of an EC2 instance
  • CPU Utilization of an EC2mstance

Answer : Disk usage activity of an EC2 instance

You receive a frantic call from a new DRA who accidentally dropped a table containing all your customers. Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made?


Options are :

  • Multi-AZ RDS
  • RDS automated backup
  • RDS snapshots (Correct)
  • RDS read replicas

Answer : RDS snapshots

You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly. Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? ((Choose 2 answers))


Options are :

  • Both instances are the same instance class and using the same Key-pair.
  • A network ACL that allows communication between the two subnets. (Correct)
  • That the default route is set to a NAT instance or internet Gateway (1GW) for them to communicate. (Correct)
  • Security groups are set to allow the application host to talk to the database on the right port/protocol.

Answer : A network ACL that allows communication between the two subnets. That the default route is set to a NAT instance or internet Gateway (1GW) for them to communicate.

You are tasked with the migration of a highly trafficked Node JS application to AWS In order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events. Which deployment option meets these requirements while minimizing administrative burden?


Options are :

  • Create a new application within Elastic Beanstalk and deploy this application to a new environment (Correct)
  • Create a new stack within Ops works add the appropriate layers to the stack and deploy the application
  • Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI launch application servers and configure those instances using Chef.
  • Launch a Mode JS server from a community AMI and manual y deploy the application to the launched EC2 instance

Answer : Create a new application within Elastic Beanstalk and deploy this application to a new environment

You are designing a system that has a Bastion host. This component needs to be highly available without human intervention. Which of the following approaches would you select?


Options are :

  • Run the bastion on two instances one in each AZ
  • Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure
  • Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to include multiple AZs but have a mm-size of 1 and max-size of 1 (Correct)
  • Configure an ELB in front of the bastion instance

Answer : Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to include multiple AZs but have a mm-size of 1 and max-size of 1

You have a server with a 500GB Amazon EBS data volume. The volume is 80% full. You need to back up the volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time possible. Al applications using the volume can be paused for a period of a few minutes with no discernible user impact. Which of the following backup methods will best full fill your requirements?


Options are :

  • Create another EBS volume in the second Availability Zone attach it to the Amazon EC2 instance, and use a disk manager to mirror me two disks (Correct)
  • Periodically back up al data to a single compressed archive and archive to Amazon S3 using a parallelized multi-part upload
  • Use a third party Incremental backup application to back up to Amazon Glacier
  • Take periodic snapshots of the EBS volume

Answer : Create another EBS volume in the second Availability Zone attach it to the Amazon EC2 instance, and use a disk manager to mirror me two disks

You use S3 to store critical data for your company Several users within your group currently have full permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects. Which two options will address this issue? (Choose 2 answers)


Options are :

  • Configure your S3 Buckets with MFA delete (Correct)
  • Enable versioning on your S3 Buckets
  • Create a Bucket policy and only allow read only permissions to all users at the bucket level (Correct)
  • Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier

Answer : Configure your S3 Buckets with MFA delete Create a Bucket policy and only allow read only permissions to all users at the bucket level

You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?


Options are :

  • Change the thresholds set on the Auto Scaling group health check
  • Increase the value for the Health check interval set on the Elastic Load Balancer
  • Add an Elastic Load Balancing health check to your Auto Scaling group (Correct)
  • Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

Answer : Add an Elastic Load Balancing health check to your Auto Scaling group

A customer has a web application that uses cookie Based sessions to track logged in users It Is deployed on AWS using ELB and Auto Scaling The customer observes that when load increases. Auto Scaling launches new Instances but the load on the easting Instances does not decrease, causing all existing users to have a sluggish experience. Which two answer choices independently describe a behavior that could be the cause of the sluggish user experience? (Choose 2 answers)


Options are :

  • A faulty browser is not honoring the TTL of the ELB DNS name.
  • ELBs normal behavior sends requests from the same user to the same backend instance
  • ELB?s behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance (Correct)
  • The web application uses long poling such as comet or web sockets. Thereby keeping a connection open to a web server for a long time.
  • The web application uses long poling such as comet or web sockets. Thereby keeping a connection open to a web server tor a long time (Correct)

Answer : ELB?s behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance The web application uses long poling such as comet or web sockets. Thereby keeping a connection open to a web server tor a long time

The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company as existing application user management processes. What option would you implement to successfully launch this application?


Options are :

  • Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication (Correct)
  • Establish a VPN connection between your data center and AWS create a LOAP replica on AWS and configure your application to use the LDAP replica for authentication
  • Create a second, independent LOAP server in AWS for your application to use for authentication
  • Establish a VPN connection so your applications can authenticate against your existing on premises LDAP servers

Answer : Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

When attached to an Amazon VPC which two components provide connectivity with external networks? (Choose 2 answers)


Options are :

  • Internet Gateway (1GW) (Correct)
  • Virtual Private Gateway (VGW) (Correct)
  • NAT Gateway (NAT)
  • Elastic IPS (EIP)

Answer : Internet Gateway (1GW) Virtual Private Gateway (VGW)

Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls Cloud Watch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However you also need to watch the watcher -the monitoring instance itself - and be notified if it becomes unhealthy. Which of the following Is a simple way to achieve that goal?


Options are :

  • Set a Cloud Watch alarm based on the CPU utilization of the monitoring instance and nave the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound loop should Detect any application problems.
  • Have the monitoring instances post messages to an SOS queue and then de queue those messages on another instance should 0 c- the queue cease to have nemessages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SOS queue. (Correct)
  • Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
  • Set a Cloud Watch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.

Answer : Have the monitoring instances post messages to an SOS queue and then de queue those messages on another instance should 0 c- the queue cease to have nemessages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SOS queue.

Your organization?s security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. Which two of the following options would allow an organization to enforce this policy for AWS users?


Options are :

  • Create 1 AM users for privileged accounts
  • Configure multi-factor authentication for privileged IAM users
  • Implement identity federation between your organization?s Identity provider leveraging the IAM Security Token Service (Correct)
  • Enable the 1 AM single-use password policy option for privileged users

Answer : Implement identity federation between your organization?s Identity provider leveraging the IAM Security Token Service

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied tor the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?


Options are :

  • Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
  • Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block. (Correct)
  • Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the P address block
  • Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block

Answer : Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block.

Which of the following statements about this S3 bucket policy is true?


Options are :

  • Grants all the servers within the 192 168 100 188/32 subnet full access to the „my bucket? bucket
  • Denies the server with the P address 192 168 100 188 full access to the my bucket” bucket
  • Denies the server with the IP address 192 168 100 0 full access to the „my bucket bucket
  • Grants all the servers within the 192 1 68 100 0/24 subnet full access to the „my bucket (Correct)

Answer : Grants all the servers within the 192 1 68 100 0/24 subnet full access to the „my bucket

You have identified network throughput as a bottleneck on your ml small EC2 instance when uploading data Into Amazon S3 In the same region. How do you remedy this situation?


Options are :

  • Use Direct Connect between EC2 and S3
  • Use EBS PIOPS on the local volume
  • Add an additional ENI
  • Change to a larger Instance (Correct)

Answer : Change to a larger Instance

Which two AWS services provide out-of-the-box user configurable automatic backup-as-aservice and backup rotation options? (Choose 2 answers)


Options are :

  • Amazon EBS (Correct)
  • Amazon Red shift (Correct)
  • Amazon RDS
  • Amazon S3

Answer : Amazon EBS Amazon Red shift

You are tasked with setting up a cluster of EC2 Instances for a N0SOL database The database requires random read 10 disk performance up to a 100.000 IOPS at 4KB block side per node Which of the following EC2 instances will perform the best for this workload?


Options are :

  • High I/O Quadruple Extra Large (hill 4xiarge) using instance storage
  • A Cluster Compute Eight Extra Large (cc2 8xlarge) using instance storage (Correct)
  • A Cluster GPU Quadruple Extra Large (cal 4xlarge) using four separate 4000 PIOPS EBS volumes in a RAID 0 configuration
  • A High-Memory Quadruple Extra Large (m2 4xlarge) with EBS-Optimized set to true and a PIOPs EBS volume

Answer : A Cluster Compute Eight Extra Large (cc2 8xlarge) using instance storage

What are characteristics of Amazon S3?


Options are :

  • Objects are directly accessible via a URL
  • S3 allows you to store objects or virtual y unlimited size
  • S3 should be used to host a relational database (Correct)
  • S3 allows you to store virtual y unlimited amounts of data E. S3 offers Provisioned IOPS

Answer : S3 should be used to host a relational database

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175. What should you do to avoid potential service disruptions during the ramp up in traffic?


Options are :

  • Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches
  • Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.
  • Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign
  • Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign (Correct)

Answer : Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?


Options are :

  • Data is unavailable until the instance is restarted. (Correct)
  • Data is automatically deleted.
  • Data is automatically saved as an ESS snapshot.
  • Data is automatically saved as an E8S volume.

Answer : Data is unavailable until the instance is restarted.

A user has developed an application which is required to send the data to a N0SQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario


Options are :

  • AWS Simple Queue Service (Correct)
  • AWS Simple work overflow
  • AWS Simple Workflow
  • AWS Simple Query Service

Answer : AWS Simple Queue Service

Which of the following are characteristics of Amazon VPC subnets? (Choose 2 answers)


Options are :

  • By default, all subnets can route between each other, whether they are private or public
  • A CIDR block mask of /25 is the smallest range supported
  • Each subnet maps to a single Availability Zone
  • Instances in a private subnet can communicate with the internet only if they have an Elastic IP. (Correct)
  • V Each subnet spans at least 2 Availability zones to provide a high- availability environment (Correct)

Answer : Instances in a private subnet can communicate with the internet only if they have an Elastic IP. V Each subnet spans at least 2 Availability zones to provide a high- availability environment

You are attempting to connect to an instance in Amazon VPC without success You have already verified that the VPC has an Internet Gateway (1GW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place. Which VPC component should you evaluate next?


Options are :

  • The configuration of a MAT instance
  • The configuration of the Routing Table
  • The configuration of SRC?DST checking
  • The configuration of the internet Gateway (1GW) (Correct)

Answer : The configuration of the internet Gateway (1GW)

When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for and audit? (Choose 3 answers)


Options are :

  • Schedule meetings with AWS?s third-party auditors to provide evidence of AWS compliance that maps to your control objective (Correct)
  • Request and obtain applicable third-party audited AWS compliance reports and certifications (Correct)
  • Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system?s Instances and endpoints (Correct)
  • Request and obtain a compliance and security tour of an AWS data center for a pre assessment security review
  • Gather evidence of your IT operational controls

Answer : Schedule meetings with AWS?s third-party auditors to provide evidence of AWS compliance that maps to your control objective Request and obtain applicable third-party audited AWS compliance reports and certifications Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system?s Instances and endpoints

A user is planning to use AWS Cloud formation for his automatic deployment requirements. Which of the below mentioned components are required as a part of the template?


Options are :

  • Outputs
  • Template version
  • Resources (Correct)
  • Parameters

Answer : Resources

You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the databases data is stored on. What two ways can you improve the performance of the databases storage while maintaining the current persistence of the data?


Options are :

  • Move to an SSD backed instance (Correct)
  • Move the database to an EBS-Optimized Instance
  • Use the ephemeral storage on an m2 4xiarge Instance Instead
  • T Use Provisioned IOPs EBS

Answer : Move to an SSD backed instance

You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives mil ions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide (he most scalable solution for communicating between the application and SOS?


Options are :

  • Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SOS queue size
  • Ensure the application instances are properly configured with an Elastic Load Balancer
  • Ensure the application instances are launched in private subnets with the EBSoptimized option enabled
  • Ensure the application instances are launched in public subnets with the associatepublic-IP address: true option enabled (Correct)

Answer : Ensure the application instances are launched in public subnets with the associatepublic-IP address: true option enabled

An organization has configured a VPC with an Internet Gateway (1GW). pairs of public and private subnets (each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public subnets The application s web tier leverages the ELB. Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential single points ft failure in this design. What step should you take to achieve this organization?s objective?


Options are :

  • Nothing, there are no single points of failure in this architecture.
  • Create and configure a second Elastic Load Balancer to provide a redundant load balancer. (Correct)
  • Create and attach a second 1GW to provide redundant internet connectivity.
  • Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

Answer : Create and configure a second Elastic Load Balancer to provide a redundant load balancer.

A media company produces new video files on-premises every day with a total size of around 1OOGBS after compression Al files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used. What step(s) would ensure that the file uploads are able to complete in the allotted time window?


Options are :

  • Increase your network bandwidth to provide faster throughput to S3
  • Use AWS Import/Export to transfer the video files (Correct)
  • Pack all files into a single archive, upload it to S3, then extract the files in AWS
  • Upload the files in parallel to S3

Answer : Use AWS Import/Export to transfer the video files

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions