2025/November Latest Braindump2go SOA-C02 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go SOA-C02 Real Exam Questions!
QUESTION 241
A SysOps administrator is responsible for managing a company’s cloud infrastructure with AWS CloudFormation. The SysOps administrator needs to create a single resource that consists of multiple AWS services. The resource must support creation and deletion through the CloudFormation console.
Which CloudFormation resource type should the SysOps administrator create to meet these requirements?
A. AWS::EC2::Instance with a cfn-init helper script
B. AWS::OpsWorks::Instance
C. AWS::SSM::Document
D. Custom::MyCustomType
Answer: D
Explanation:
Custom resources enable you to write custom provisioning logic in templates that AWS CloudFormation runs anytime you create, update (if you changed the custom resource), or delete stacks. For example, you might want to include resources that aren’t available as AWS CloudFormation resource types. You can include those resources by using custom resources. That way you can still manage all your related resources in a single stack.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html
QUESTION 242
A company is implementing security and compliance by using AWS Trusted Advisor. The company’s SysOps team is validating the list of Trusted Advisor checks that it can access.
Which factor will affect the quantity of available Trusted Advisor checks?
A. Whether at least one Amazon EC2 instance is in the running state
B. The AWS Support plan
C. An AWS Organizations service control policy (SCP)
D. Whether the AWS account root user has multi-factor authentication (MFA) enabled
Answer: B
Explanation:
https://aws.amazon.com/premiumsupport/plans/
QUESTION 243
A SysOps administrator is using AWS CloudFormation StackSets to create AWS resources in two AWS Regions in the same AWS account.
A stack operation fails in one Region and returns the stack instance status of OUTDATED.
What is the cause of this failure?
A. The CloudFormation template changed on the local disk and has not been submitted to CloudFormation.
B. The CloudFormation template is trying to create a global resource that is not unique.
C. The stack has not yet been deployed to the Region.
D. The SysOps administrator is using an old version of the CloudFormation API.
Answer: B
Explanation:
Common reasons for stack operation failure
Problem: A stack operation failed, and the stack instance status is OUTDATED.
Cause: There can be several common causes for stack operation failure.
The template could be trying to create global resources that must be unique but aren’t, such as S3 buckets.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-troubleshooting.html
QUESTION 244
A SysOps administrator must configure Amazon S3 to host a simple nonproduction webpage. The SysOps administrator has created an empty S3 bucket from the AWS Management Console. The S3 bucket has the default configuration in place.
Which combination of actions should the SysOps administrator take to complete this process? (Choose two.)
A. Configure the S3 bucket by using the “Redirect requests for an object” functionality to point to the bucket root URL.
B. Turn off the “Block all public access” setting.
Allow public access by using a bucket ACL that contains <Permission>WEBSITE</Permission>.
C. Turn off the “Block all public access” setting.
Allow public access by using a bucket ACL that allows access to the AuthenticatedUsers grantee.
D. Turn off the “Block all public access” setting.
Set a bucket policy that allows “Principal”: the s3:GetObject action.
E. Create an index.html document.
Configure static website hosting, and upload the index document to the S3 bucket.
Answer: DE
Explanation:
Step 1: Create a bucket
Step 2: Enable static website hosting
Step 3: Edit Block Public Access settings
Step 4: Add a bucket policy that makes your bucket content publicly available
Step 5: Configure an index document
Step 6: Configure an error document
Step 7: Test your website endpoint
Step 8: Clean up
https://docs.aws.amazon.com/AmazonS3/latest/userguide/HostingWebsiteOnS3Setup.html
QUESTION 245
A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in the file system.
What should a SysOps administrator do to resolve this issue?
A. Extend the file system with operating system-level tools to use the new storage capacity.
B. Reattach the EBS volume to the EC2 instance.
C. Reboot the EC2 instance that is attached to the EBS volume.
D. Take a snapshot of the EBS volume. Replace the original volume with a volume that is created from the snapshot.
Answer: A
Explanation:
After you increase the size of an EBS volume, use the Windows Disk Management utility or PowerShell to extend the disk size to the new size of the volume. You can begin resizing the file system as soon as the volume enters the optimizing state.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/recognize-expanded-volume-windows.html
QUESTION 246
A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?
A. Create access keys to access the DynamoDB table.
Assign the access keys to the EC2 instance profile.
B. Create an EC2 key pair to access the DynamoDB table.
Assign the key pair to the EC2 instance profile.
C. Create an IAM user to access the DynamoDB table.
Assign the IAM user to the EC2 instance profile.
D. Create an IAM role to access the DynamoDB table.
Assign the IAM role to the EC2 instance profile.
Answer: D
Explanation:
Access to Amazon DynamoDB requires credentials. Those credentials must have permissions to access AWS resources, such as an Amazon DynamoDB table or an Amazon Elastic Compute Cloud (Amazon EC2) instance. The following sections provide details on how you can use AWS Identity and Access Management (IAM) and DynamoDB to help secure access to your resources.
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/authentication-and-access-control.html
QUESTION 247
A SysOps administrator wants to protect objects in an Amazon S3 bucket from accidental overwrite and deletion. Noncurrent objects must be kept for 90 days and then must be permanently deleted. Objects must reside within the same AWS Region as the original S3 bucket.
Which solution meets these requirements?
A. Create an Amazon Data Lifecycle Manager (Amazon DLM) lifecycle policy for the S3 bucket.
Add a rule to the lifecycle policy to delete noncurrent objects after 90 days.
B. Create an AWS Backup policy for the S3 bucket.
Create a backup rule that includes a lifecycle to expire noncurrent objects after 90 days.
C. Enable S3 Cross-Region Replication on the S3 bucket.
Create an S3 Lifecycle policy for the bucket to expire noncurrent objects after 90 days.
D. Enable S3 Versioning on the S3 bucket.
Create an S3 Lifecycle policy for the bucket to expire noncurrent objects after 90 days.
Answer: D
Explanation:
Enabling Versioning on the S3 bucket will protect accidental overwritten and deletion of data.
https://cloudacademy.com/blog/s3-lifecycle-policies-versioning-encryption-aws-security/
QUESTION 248
A company has an application that customers use to search for records on a website. The application’s data is stored in an Amazon Aurora DB cluster. The application’s usage varies by season and by day of the week.
The website’s popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple times.
A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency.
Which solution will meet these requirements?
A. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster.
Modify the application to check the cache before the application issues new queries to the database.
Add the results of any queries to the cache.
B. Deploy an Aurora Replica for the DB cluster.
Modify the application to use the reader endpoint for search operations.
Use Aurora Auto Scaling to scale the number of replicas based on load.
C. Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.
D. Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application.
Use Aurora Auto Scaling to scale the instance size based on load.
Answer: B
Explanation:
Caching will not solve the performance issue in this scenario, as the same search is rarely performed multiple times. Thus read replicas will be better.
https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/aurora-replicas-adding.html
QUESTION 249
A company uses AWS Organizations to manage multiple AWS accounts. Corporate policy mandates that only specific AWS Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of Amazon EC2 instances in unauthorized Regions by anyone in the company.
What is the MOST operationally efficient solution that meets these requirements?
A. Configure AWS CloudTrail in all Regions to record all API activity.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule in all unauthorized Regions for ec2:RunInstances events.
Use AWS Lambda to terminate the launched EC2 instances.
B. In each AWS account, create a managed IAM policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions.
Attach this policy to all IAM groups in each AWS account.
C. In each AWS account, create an IAM permissions boundary policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions.
Attach the permissions boundary policy to all IAM users in each AWS account.
D. Create a service control policy (SCP) in AWS Organizations to deny the ec2:RunInstances action in all unauthorized Regions.
Attach this policy to the root level of the organization.
Answer: D
QUESTION 250
A company has a private Amazon S3 bucket that contains sensitive information. A SysOps administrator needs to keep logs of the IP addresses from authentication failures that result from attempts to access objects in the bucket. The logs must be stored so that they cannot be overwritten or deleted for 90 days.
Which solution will meet these requirements?
A. Create an AWS CloudTrail trail.
Configure the log files to be saved to Amazon CloudWatch Logs.
Configure the log group with a retention period of 90 days.
B. Create an AWS CloudTrail trail.
Configure the log files to be saved to a different S3 bucket.
Turn on CloudTrail log file integrity validation for 90 days.
C. Turn on access logging for the S3 bucket.
Configure the access logs to be saved to Amazon CloudWatch Logs.
Configure the log group with a retention period of 90 days.
D. Turn on access logging for the S3 bucket.
Configure the access logs to be saved in a second S3 bucket.
Turn on S3 Object Lock on the second S3 bucket, and configure a default retention period of 90 days.
Answer: D
Explanation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
QUESTION 251
A SysOps administrator migrates NAT instances to NAT gateways. After the migration, an application that is hosted on Amazon EC2 instances in a private subnet cannot access the internet.
Which of the following are possible reasons for this problem? (Choose two.)
A. The application is using a protocol that the NAT gateway does not support.
B. The NAT gateway is not in a security group.
C. The NAT gateway is in an unsupported Availability Zone.
D. The NAT gateway is not in the Available state.
E. The port forwarding settings do not allow access to internal services from the internet.
Answer: AD
Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html#nat-gateway-troubleshooting-no-internet-connection
QUESTION 252
A company runs an application on an Amazon EC2 instance. A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand. However, the EC2 instances are failing the health check.
What should the SysOps administrator do to troubleshoot this issue?
A. Verify that the Auto Scaling group is configured to use all AWS Regions.
B. Verify that the application is running on the protocol and the port that the listener is expecting.
C. Verify the listener priority in the ALB.
Change the priority if necessary.
D. Verify the maximum number of instances in the Auto Scaling group.
Change the number if necessary.
Answer: B
Explanation:
Target.FailedHealthChecks
Verify that the target is listening for traffic on the health check port. You can use the ss command on Linux targets to verify which ports your server is listening on. For Windows targets, you can use the netstat command.
https://aws.amazon.com/premiumsupport/knowledge-center/elb-fix-failing-health-checks-alb/
QUESTION 253
A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.
Which action will the administrator of the second account be able to perform?
A. Add a product from the imported portfolio to a local portfolio.
B. Add new products to the imported portfolio.
C. Change the launch role for the products contained in the imported portfolio.
D. Customize the products in the imported portfolio.
Answer: A
Explanation:
When you share a portfolio using account-to-account sharing or AWS Organizations, you allow an AWS Service Catalog administrator of another AWS account to import your portfolio into his or her account and distribute the products to end users in that account.
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_sharing.html
QUESTION 254
A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families.
During initial testing, a SysOps administrator identifies performance issues on selected EC2 instances. The company has a strict budget allocation policy, so the SysOps administrator must use the right resource types with the performance characteristics to match the workload.
What should the SysOps administrator do to meet this requirement?
A. Purchase regional Reserved Instances (RIs) for immediate cost savings.
Review and take action on the EC2 rightsizing recommendations in Cost Explorer.
Exchange the RIs for the optimal instance family after rightsizing.
B. Purchase zonal Reserved Instances (RIs) for the existing instances.
Monitor the RI utilization in the AWS Billing and Cost Management console.
Make adjustments to instance sizes to optimize utilization.
C. Review and take action on AWS Compute Optimizer recommendations.
Purchase Compute Savings Plans to reduce the cost that is required to run the compute resources.
D. Review resource utilization metrics in the AWS Cost and Usage Report.
Rightsize the EC2 instances.
Create On-Demand Capacity Reservations for the rightsized resources.
Answer: C
Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recommendations.html
QUESTION 255
A SysOps administrator is attempting to deploy resources by using an AWS CloudFormation template. An Amazon EC2 instance that is defined in the template fails to launch and produces an InsufficientInstanceCapacity error.
Which actions should the SysOps administrator take to resolve this error? (Choose two.)
A. Create a separate AWS CloudFormation template for the EC2 instance.
B. Modify the AWS CloudFormation template to not specify an Availability Zone for the EC2 instance.
C. Modify the AWS CloudFormation template to use a different EC2 instance type.
D. Use a different Amazon Machine Image (AMI) for the EC2 instance.
E. Use the AWS CLI’s validate-template command before creating a stack from the template.
Answer: BC
Explanation:
If you’re launching an instance, submit a new request without specifying an Availability Zone.
If you’re launching an instance, submit a new request using a different instance type (which you can resize at a later stage). For more information, see Change the instance type.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/troubleshooting-launch.html#troubleshooting-launch-capacity
QUESTION 256
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic.
The company also has a static website that is configured in an Amazon S3 bucket.
A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated.
Which combination of actions will meet these requirements? (Choose two.)
A. Create a primary failover routing policy record.
Configure the value to be the ALB.
B. Create an AWS Lambda function to switch from the primary website to the secondary website when the health check fails.
C. Create a primary failover routing policy record.
Configure the value to be the ALB. Associate the record with a Route 53 health check.
D. Create a secondary failover routing policy record.
Configure the value to be the static website.
Associate the record with a Route 53 health check.
E. Create a secondary failover routing policy record.
Configure the value to be the static website.
Answer: CE
Explanation:
In the Create the failover endpoint section: For Associate with Health Check, choose No.
https://aws.amazon.com/pt/premiumsupport/knowledge-center/fail-over-s3-r53/
QUESTION 257
A data analytics application is running on an Amazon EC2 instance. A SysOps administrator must add custom dimensions to the metrics collected by the Amazon CloudWatch agent.
How can the SysOps administrator meet this requirement?
A. Create a custom shell script to extract the dimensions and collect the metrics using the Amazon CloudWatch agent.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to evaluate the required custom dimensions and send the metrics to Amazon Simple Notification Service (Amazon SNS).
C. Create an AWS Lambda function to collect the metrics from AWS CloudTrail and send the metrics to an Amazon CloudWatch Logs group.
D. Create an append_dimensions field in the Amazon CloudWatch agent configuration file to collect the metrics.
Answer: D
Explanation:
In custom metrics, the –dimensions parameter is common. A dimension further clarifies what the metric is and what data it stores. You can have up to 30 dimensions assigned to one metric, and each dimension is defined by a name and value pair.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html
QUESTION 258
A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files.
Which solution will meet these requirements?
A. Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Rekognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.
Answer: D
Explanation:
To discover sensitive data with Amazon Macie, you create and run sensitive data discovery jobs. A sensitive data discovery job analyzes objects in Amazon Simple Storage Service (Amazon S3) buckets to determine whether the objects contain sensitive data, and it provides detailed reports of the sensitive data that it finds and the analysis that it performs. By creating and running jobs, you can automate discovery, logging, and reporting of sensitive data in S3 buckets.
https://docs.aws.amazon.com/macie/latest/user/data-classification.html
QUESTION 259
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)
A. A network ACL associated with the bastion’s subnet is blocking the network traffic.
B. The instance does not have a private IP address.
C. The route table associated with the bastion’s subnet does not have a route to the internet gateway.
D. The security group for the instance does not have an inbound rule on port 22.
E. The security group for the instance does not have an outbound rule on port 3389.
Answer: AC
Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshoot-connect-windows-instance.html
QUESTION 260
A SysOps administrator is examining the following AWS CloudFormation template:
Why will the stack creation fail?
A. The Outputs section of the CloudFormation template was omitted.
B. The Parameters section of the CloudFormation template was omitted.
C. The PrivateDnsName cannot be set from a CloudFormation template.
D. The VPC was not specified in the CloudFormation template.
Answer: C
Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html
Only available is PrivateDnsNameOptions.
QUESTION 261
A compliance team requires all administrator passwords for Amazon RDS DB instances to be changed at least annually.
Which solution meets this requirement in the MOST operationally efficient manner?
A. Store the database credentials in AWS Secrets Manager.
Configure automatic rotation for the secret every 365 days.
B. Store the database credentials as a parameter in the RDS parameter group.
Create a database trigger to rotate the password every 365 days.
C. Store the database credentials in a private Amazon S3 bucket.
Schedule an AWS Lambda function to generate a new set of credentials every 365 days.
D. Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter.
Configure automatic rotation for the parameter every 365 days.
Answer: A
Explanation:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
QUESTION 262
A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?
A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.
Answer: A
Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
QUESTION 263
A company has a stateful, long-running workload on a single xlarge general purpose Amazon EC2 On-Demand Instance Metrics show that the service is always using 80% of its available memory and 40% of its available CPU. A SysOps administrator must reduce the cost of the service without negatively affecting performance.
Which change in instance type will meet these requirements?
A. Change to one large compute optimized On-Demand Instance.
B. Change to one large memory optimized On-Demand Instance.
C. Change to one xlarge general purpose Spot Instance.
D. Change to two large general purpose On-Demand Instances.
Answer: B
Explanation:
CPU utilisation is rather low for using an xlarge instance, so a memory optimized large instance is a cheaper option that should meet the workload requirements.
QUESTION 264
On an Amazon EC2 instance, an application is running that makes use of Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must guarantee that an application is capable of reading, writing, and deleting messages from SQS queues.
Which solution satisfies these criteria the SAFEST way possible?
A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
Embed the IAM user’s credentials in the application’s configuration.
B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
Export the IAM user’s access key and secret access key as environment variables on the EC2 instance.
C. Create and associate an IAM role that allows EC2 instances to call AWS services.
Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
D. Create and associate an IAM role that allows EC2 instances to call AWS services.
Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
Answer: D
QUESTION 265
A new website will be hosted on Amazon EC2 instances that will be routed via an Application Load Balancer. DNS records will be managed through Amazon Route 53.
Which Route 53 record should be used to link the website’s apex domain name (for example, “company.com”) to the Application Load Balancer?
A. CNAME
B. SOA
C. TXT
D. ALIAS
Answer: D
Explanation:
https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/setting-up-route53-zoneapex-elb.html
QUESTION 266
A SysOps administrator is responsible for the administration of an online application that utilizes an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 inside a VPC. All services are logged. The administrator must conduct an investigation into the HTTP Layer 7 status codes returned by the web application.
Where are the status codes stored in the log files? (Choose two.)
A. VPC Flow Logs
B. AWS CloudTrail logs
C. ALB access logs
D. CloudFront access logs
E. RDS logs
Answer: CD
Explanation:
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
You can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
QUESTION 267
A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.
Which solution should a SysOps administrator choose to meet these requirements?
A. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance.
Use RDS Proxy to handle the increases in database connections.
B. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance.
Use RDS read replicas to handle the increases in database connections.
C. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance.
Use RDS Proxy to handle the increases in database connections.
D. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance.
Use RDS read replicas to handle the increases in database connections.
Answer: C
Explanation:
Amazon RDS Proxy is available for Amazon Aurora with MySQL compatibility, Amazon Aurora with PostgreSQL compatibility, Amazon RDS for MariaDB, Amazon RDS for MySQL, and Amazon RDS for PostgreSQL.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html
QUESTION 268
An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the SysOps administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Choose two.)
A. Add an additional node to the ElastiCache cluster.
B. Increase the ElastiCache time to live (TTL).
C. Increase the individual node size inside the ElastiCache cluster.
D. Put an Elastic Load Balancer in front of the ElastiCache cluster.
E. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.
Answer: AC
Explanation:
Scale Out and or Scale Up.
https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS-Certified-SysOps-Administrator-Associate_Sample-Questions_C02.pdf
QUESTION 269
A company is deploying a third-party unit testing solution that is delivered as an Amazon EC2 Amazon Machine Image (AMI). All system configuration data is stored in Amazon DynamoDB. The testing results are stored in Amazon S3.
A minimum of three EC2 instances are required to operate the product. The company’s testing team wants to use an additional three EC2 Instances when the Spot Instance prices are at a certain threshold. A SysOps administrator must Implement a highly available solution that provides this functionality.
Which solution will meet these requirements with the LEAST operational overhead?
A. Define an Amazon EC2 Auto Scaling group by using a launch configuration.
Use the provided AMI In the launch configuration.
Configure three On-Demand Instances and three Spot Instances.
Configure a maximum Spot Instance price In the launch configuration.
B. Define an Amazon EC2 Auto Scaling group by using a launch template.
Use the provided AMI in the launch template.
Configure three On-Demand Instances and three Spot Instances.
Configure a maximum Spot Instance price In the launch template.
C. Define two Amazon EC2 Auto Scaling groups by using launch configurations.
Use the provided AMI in the launch configurations.
Configure three On-Demand Instances for one Auto Scaling group.
Configure three Spot Instances for the other Auto Scaling group.
Configure a maximum Spot Instance price in the launch configuration for the Auto Scaling group that has Spot Instances.
D. Define two Amazon EC2 Auto Scaling groups by using launch templates.
Use the provided AMI in the launch templates.
Configure three On-Demand Instances for one Auto Scaling group.
Configure three Spot Instances for the other Auto Scaling group.
Configure a maximum Spot Instance price in the launch template for the Auto Scaling group that has Spot Instances.
Answer: B
Explanation:
AWS actually encourages a mixture of On-Demand & Spot Instances within a single ASG.
“You can launch and automatically scale a fleet of On-Demand Instances and Spot Instances within a single Auto Scaling group. In addition to receiving discounts for using Spot Instances, you can use Reserved Instances or a Savings Plan to receive discounted rates of the regular On-Demand Instance pricing. All of these factors combined help you to optimize your cost savings for EC2 instances and help you get the desired scale and performance for your application.”
“Although you can use one instance type, it’s a best practice to use multiple instance types. This way, Amazon EC2 Auto Scaling can launch another instance type if there is insufficient instance capacity in your chosen Availability Zones.”
https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html
QUESTION 270
A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket.
The company’s risk team must receive immediate notification about any delete events.
Which solution will meet these requirements?
A. Enable S3 server access logging for audit logs.
Set up an Amazon Simple Notification Service (Amazon SNS) notification for the S3 bucket.
Select DeleteObject tor the event type for the alert system.
B. Enable S3 server access logging for audit logs.
Launch an Amazon EC2 instance for the alert system.
Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.
C. Use Amazon CloudWatch Logs for audit logs.
Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.
D. Use Amazon CloudWatch Logs for audit logs.
Launch an Amazon EC2 instance for the alert system.
Run a cron job on the EC2 Instance each day to compare the list of the items with the list from the previous day.
Configure the cron job to send a notification if an item is missing.
Answer: A
Explanation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types
QUESTION 271
A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any security groups that use 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block that corresponds with the company’s intranet.
Which set of actions should the SysOps administrator take to create a solution?
A. Create an AWS Config rule to detect noncompliant security groups.
Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDR block.
B. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as the source address.
Attach this IAM policy to every user in the company.
C. Create an AWS Lambda function to inspect new and existing security groups.
Check for a noncompliant 0.0.0.0/0 source address and change the source address to the approved CIDR block.
D. Create a service control policy (SCP) for the organizational unit (OU) to deny the creation of security groups that have the 0.0.0.0/0 source address.
Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDR block.
Answer: A
Explanation:
https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-open-only-to-authorized-ports.html
Resources From:
1.2025 Latest Braindump2go SOA-C02 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/soa-c02.html
2.2025 Latest Braindump2go SOA-C02 PDF and SOA-C02 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1SwmRv-OKTAJzLTMirp_O8l8tjGIFElzz?usp=sharing
3.2025 Free Braindump2go SOA-C02 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/SOA-C02-VCE-Dumps(241-271).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!