AWS SOA-C00 Certified Sys Ops Administrator Associate Exam Set 4

A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?


Options are :

  • TLS 1.3 (Correct)
  • TLS 1.2
  • SSL3.0
  • SSL 2.0

Answer : TLS 1.3

An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?


Options are :

  • Stop the scaling process until research is completed
  • Delete Auto Scaling until research is completed
  • Suspend the scaling process until research is completed (Correct)
  • It is not possible to find the root cause from that instance without triggering scaling

Answer : Suspend the scaling process until research is completed

A user is trying to understand the Cloud Watch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?


Options are :

  • AWS/Cloud Trail (Correct)
  • AWS/Elastic Cache
  • AWS/Storage Gateway
  • AWS/SWF

Answer : AWS/Cloud Trail

A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned preconfigured policies supports this feature?


Options are :

  • ELB Sam pie- Open SSL Default Cipher Policy
  • ELB Security Policy-2014-01 (Correct)
  • ELB Security Policy-2011-08
  • ELB Default Negotiation Policy

Answer : ELB Security Policy-2014-01

A user has configured Auto Scaling with 3 instances. The user had created a new AMI after updating one of the instances. If the user wants to terminate two specific instances to ensure that Auto Scaling launches an instances with the new launch configuration, which command should he run?


Options are :

  • as-terminate-instance-in-auto-scaling-group —update-desired-capacity
  • as-delete-instance-in-auto-scaling-group —no-decrement-desiredcapacity
  • as-terminate-instance-in-auto-scaling-group —decrement-desired-capacity (Correct)
  • as-terminate-instance-in-auto-scaling-group —no-decrement-desiredcapacity

Answer : as-terminate-instance-in-auto-scaling-group —decrement-desired-capacity

George has launched three EC2 instances inside the US-East-la zone with his AWS account. Ray has launched two EC2 instances in the US-East-la zone with his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ. concept better?


Options are :

  • The US-East-la region of George and Ray can be different availability zones (Correct)
  • Al the instances of George and Ray can communicate over a private IP with a minimal cost
  • The instances of George and Ray will be running in the same data centre
  • Al the instances of George and Ray can communicate over a private IP without any cost

Answer : The US-East-la region of George and Ray can be different availability zones

A user has launched 5 instances in EC2-CLASSIC and attached 5 elastic IPs to the five different instances in the US East region. The user is creating a VPC in the same region. The user wants to assign an elastic IP to the VPC instance. How can the user achieve this?


Options are :

  • The user can allocate a new IP address in VPC as it has a different limit than EC2 (Correct)
  • The user has to request AWS to increase the number of elastic IPs associated with the account
  • The AWS will not allow to create a new elastic IP in VPC; it will throw an error
  • AWS allows 10 EC2 Classic IPs per region; so it will allow to allocate new Elastic Ps to the same region

Answer : The user can allocate a new IP address in VPC as it has a different limit than EC2

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-1 2345. to connect to the users data centre. The users data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (I_I23456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?


Options are :

  • Destination: 20.0.0.0/16 and Target: local
  • Destination: 20.0.1.0/24 and Target: I-I 2345 (Correct)
  • Destination: 0.0.0.0/0 and Target: I-I 2345
  • Destination: 172.28.0.0/12 and Target: vgw-1 2345

Answer : Destination: 20.0.1.0/24 and Target: I-I 2345

An organization has setup multiple IAM users. The organization wants that each lAM user accesses the IAM console only within the organization and not from outside. How can it achieve this?


Options are :

  • Create an IAM policy with the security group and use that security group for AWS console login
  • Configure the EC2 instance security group which allows traffic only from the organization?s IP range
  • Create an IAM policy with VPC and allow a secure gateway between the organization and AWS Console
  • Create an AM policy with a condition which denies access when the P address range is not from the organization (Correct)

Answer : Create an AM policy with a condition which denies access when the P address range is not from the organization

A user has created a queue named News module with SOS. One of the consumers of queue is down for 3 days and then becomes available. Will that component receive message from queue?


Options are :

  • No, since SQS sends message to consumers who are available that time
  • No, since SOS by default stores message for 1 day only
  • Yes, since SQS will not delete message until it is delivered to all consumers
  • Yes, since SQS by default stores message for 4 days (Correct)

Answer : Yes, since SQS by default stores message for 4 days

A user has setup a Cloud Watch alarm on the EC2 instance for CPU utilization. The user has setup to receive a notification on email when the CPU utilization is higher than 60%. The user is running a virus scan on the same instance at a particular time. The user wants to avoid receiving an email at this time. What should the user do?


Options are :

  • Remove the alarm
  • Disable the alarm for a while using the console
  • Disable the alarm for a while using CLI (Correct)
  • Modify the CPU utilization by removing the email alert

Answer : Disable the alarm for a while using CLI

A user is observing the EC2 CPU utilization metric on Cloud Watch. The user has observed some interesting patterns while filtering over the 1 week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with Cloud Watch?


Options are :

  • The user can zoom a particular period by specifying the aggregation data for that period
  • The user can zoom a particular period by double clicking on that period with the mouse
  • The user can zoom a particular period by specifying the period in the Time Range
  • The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse (Correct)

Answer : The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse

A user has created a VPC with CIDR 20.0.0.0/24. The user has used all the IPs of CIDR and wants to increase the size of the VPC. The user has two subnets: public (20.0.0.0/28. and private (20.0.1.0/28.. How can the user change the size of the VPC?


Options are :

  • The user can add a subnet with a higher range so that it will automatically increase the size of the VPC
  • The user can delete all the instances of the subnet. Change the size of the subnets to 20.0.0.0/32 and 20.0.1.0/32, respectively. Then the user can increase the size of the VPC using CLI
  • It is not possible to change the size of the VPC once it has been created (Correct)
  • The user can delete the subnets first and then modify the size of the VPC

Answer : It is not possible to change the size of the VPC once it has been created

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. Which of the below mentioned statements is true with respect to this scenario?


Options are :

  • The user would need to create an internet gateway and then attach an elastic IP to the instance to connect from internet (Correct)
  • The instance will never launch if the public IP is not assigned
  • The user can directly attach an elastic P to the instance
  • The instance will always have a public DNS attached to the instance by default

Answer : The user would need to create an internet gateway and then attach an elastic IP to the instance to connect from internet

A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet (20.0.1.0/24. and a public subnet (20.0.0.0/24.. The user?s data centre has CIDR of 20.0.54.0/24 and 20.1.0.0/24. If the private subnet wants to communicate with the data centre, what will happen?


Options are :

  • It will not allow traffic communication on any of the data centre CIDRs
  • It will not allow traffic with data centre on CIDR 20.1.0.0/24 but allows traffic communication on 20.0.54.0/24
  • It will allow traffic with data centre on CIDR 20.1.0.0/24 but does not allow on 20.0.54.0/24 (Correct)
  • It will allow traffic communication on both the CIDRs of the data centre

Answer : It will allow traffic with data centre on CIDR 20.1.0.0/24 but does not allow on 20.0.54.0/24

A user has configured ELB with two EBS backed instances. The user has stopped the instances for 1 week to save costs. The user restarts the instances after 1 week. Which of the below mentioned statements will help the user to understand the ELB and instance registration better?


Options are :

  • The instances will automatically get registered with ELB
  • The user cannot stop the instances if they are registered with ELB
  • There is no way to register the stopped instances with ELB
  • If the instances have the same Elastic IP assigned after reboot they will be registered with ELB (Correct)

Answer : If the instances have the same Elastic IP assigned after reboot they will be registered with ELB

A user has configured ELB with a TCP listener at ELB as well as on the back-end instances. The user wants to enable a proxy protocol to capture the source and destination IP information in the header. Which of the below mentioned statements helps the user understand a proxy protocol with TCP configuration?


Options are :

  • If the end user is requesting behind a proxy server then the user should not enable a proxy protocol on ELB (Correct)
  • Whether the end user is requesting from a proxy server or directly, it does not make a difference for the proxy protocol
  • ELB does not support a proxy protocol when it is listening on both the load balancer and the back-end instances
  • If the end user is requesting behind the proxy then the user should add the „is proxy

Answer : If the end user is requesting behind a proxy server then the user should not enable a proxy protocol on ELB

An organization has applied the below mentioned policy on an IAM group which has selected the IAM users. What entitlements do the IAM users avail with this policy?


Options are :

  • It allows full access to all AWS services for the IAM users who are a part of this group (Correct)
  • The policy is for the group. Thus, the IAM user cannot have any entitlement to this
  • The policy is not created correctly. It will throw an error for wrong resource name
  • If this policy is applied to the EC2 resource, the users of the group will have full access to the EC2 Resources

Answer : It allows full access to all AWS services for the IAM users who are a part of this group

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1 .0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for the public subnet (Web Sec GRP. and the private subnet (DB Sec GRP.. Which of the below mentioned entries is required in the web server security group (Web Sec GRP.?


Options are :

  • Configure Destination as DB Security group ID (Db Sec GRP. for port 3306Outbound (Correct)
  • Configure port 3306 for source 20.0.0.0/24 In Bound
  • 80 for Destination 0.0.0.0/0 Outbound
  • Configure port 80 In Bound for source 20.0.0.0/16

Answer : Configure Destination as DB Security group ID (Db Sec GRP. for port 3306Outbound

A user had aggregated the Cloud Watch metric data on the AMI ID. The user observed some abnormal behavior of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that data with his manager. How can the user achieve this easily with the AWS console?


Options are :

  • The user has to find the period and data and provide all the aggregation information to the manager
  • The user can use the copy URL functionality of Cloud Watch to share the exact details (Correct)
  • The user can use the export data option from the Cloud Watch console to export the current data point
  • The user can use the Cloud Watch data copy functionality to copy the current data points

Answer : The user can use the copy URL functionality of Cloud Watch to share the exact details

A user has launched an EC2 Windows instance from an instance store backed AMI. The user has also set the Instance initiated shutdown behavior to stop. What will happen when the user shuts down the OS?


Options are :

  • The instance will stay running but the OS will be shutdown
  • It is not possible to set the termination behavior to Stop for an Instance store backed AMI instance (Correct)
  • The instance will be terminated
  • It will not allow the user to shutdown the OS when the shutdown behavior is set to Stop

Answer : It is not possible to set the termination behavior to Stop for an Instance store backed AMI instance

A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?


Options are :

  • 2 hours
  • 30 minutes
  • 1 hour (Correct)
  • 5 minutes

Answer : 1 hour

A user is trying to understand the detailed Cloud Watch monitoring concept. Which of the below mentioned services provides detailed monitoring with Cloud Watch without charging the user extra?


Options are :

  • AWS Route 53 (Correct)
  • AWS Auto Scaling
  • AWSEMR
  • AWSSNS

Answer : AWS Route 53

A user is configuring the Multi AZ feature of an RDS DB. The user came to know that this RDS DB does not use the AWS technology, but uses server mirroring to achieve HA. Which DB is the user using right now?


Options are :

  • Postgre SQL
  • MS SQL (Correct)
  • Oracle
  • My SQL

Answer : MS SQL

A sys admin has enabled logging on RB. Which of the below mentioned fields will not be a part of the log file name?


Options are :

  • S3 bucket name www.l
  • Load Balancer P
  • EC2 instance IP (Correct)
  • Random string UAI

Answer : EC2 instance IP

A user is trying to understand the detailed Cloud Watch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with Cloud Watch?


Options are :

  • AWS Route53
  • AWS EMR (Correct)
  • AWS ELB
  • AWS RDS

Answer : AWS EMR

A user has launched an RDS My SQL DB with the Multi AZ feature. The user has scheduled the scaling of instance storage during maintenance window. What is the correct order of events during maintenance window? Perform maintenance on standby Promote standby to primary Perform maintenance on original primary Promote original master back as primary


Options are :

  • 2, 3, 1, 4
  • None
  • 1,2,3 (Correct)
  • 1,2,3,4

Answer : 1,2,3

A user is trying to connect to a running EC2 instance using SSH. However, the user gets a Host key not found error. Which of the below mentioned options is a possible reason for rejection?


Options are :

  • The instance CPU is heavily loaded
  • The access key to connect to the instance is wrong
  • The user has provided the wrong user name for the OS login (Correct)
  • The security group is not configured properly

Answer : The user has provided the wrong user name for the OS login

An organization has created one IAM user and applied the below mentioned policy to the user. What entitlements do the IAM users avail with this policy? “Version”: p201 2-1 0-17”, “Statement”: “Effect: “Allow?, “Action”: “ec2:Describe*”, „Resource”: “i” “Effect”: “Allow” “Action”: “cloud watch: List Metrics”, “cloud watch:Get Metric Slatistics”, “cloud watch: Describe*” “Resource&?: “k” „Effect?: “Allow”, “Action”: “auto scaling :Describe*”, “Resource&: “*“


Options are :

  • The policy will allow the user to perform all read only activities on the EC2 services
  • The policy will allow the user to perform all read and write activities on the EC2 services
  • The policy will allow the user to list all the EC2 resources except EBS
  • The policy will allow the user to perform all read only activities on the EC2 services except load Balancing (Correct)

Answer : The policy will allow the user to perform all read only activities on the EC2 services except load Balancing

A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C.. Which parameter is not required while making a call for SSE-C?


Options are :

  • x-amz-server-side-encryption-customer-key-AES-256 (Correct)
  • x-amzserver-side-encryption-customer-key-MD5
  • x-AMZ -server-side-encryption-customer-key
  • x-AMZ-server-side-encryption-customer-algorithm

Answer : x-amz-server-side-encryption-customer-key-AES-256

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions