Amazon AWS Certified SysOps Administrator - Associate SOA-C02 Dumps in PDF

Free Amazon SOA-C02 Real Questions (page: 7)

A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service.
The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?

  1. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
  2. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
  3. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
  4. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Answer(s): B



A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)

  1. A network ACL associated with the bastion's subnet is blocking the network traffic.
  2. The instance does not have a private IP address.
  3. The route table associated with the bastion's subnet does not have a route to the internet gateway.
  4. The security group for the instance does not have an inbound rule on port 22.
  5. The security group for the instance does not have an outbound rule on port 3389.

Answer(s): A,C



A SysOps administrator is examining the following AWS CloudFormation template:
Why will the stack creation fail?

  1. The Outputs section of the CloudFormation template was omitted.
  2. The Parameters section of the CloudFormation template was omitted.
  3. The PrivateDnsName cannot be set from a CloudFormation template.
  4. The VPC was not specified in the CloudFormation template.

Answer(s): C



A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection
Which of the following may be causes of the connectivity problems? (Choose two.)

  1. The security group for the database does not have the appropriate egress rule from the database to the web server.
  2. The certificate used by the web server is not trusted by the RDS instance.
  3. The security group for the database does not have the appropriate ingress rule from the web server to the database.
  4. The port used by the application developer does not match the port specified in the RDS configuration.
  5. The database is still being created and is not available for connectivity.

Answer(s): C,D



A compliance team requires all administrator passwords for Amazon RDS DB instances to be changed at least annually.
Which solution meets this requirement in the MOST operationally efficient manner?

  1. Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.
  2. Store the database credentials as a parameter in the RDS parameter group. Create a database trigger to rotate the password every 365 days.
  3. Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.
  4. Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Answer(s): A



A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?

  1. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
  2. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
  3. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
  4. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Answer(s): A



A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at rest.
Which solution will meet these requirements?

  1. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS managed customer master key (CMK). Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  2. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256. Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  3. Create an Amazon S3 bucket that is configured with default server-side encryption that uses AES-256. Configure CloudFront to use the S3 bucket as a log destination.
  4. Create an Amazon S3 bucket that is configured with no default encryption. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination.

Answer(s): C



An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.
How can this be resolved?

  1. Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
  2. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
  3. Enable encryption on each host's local drive. Restart each host to encrypt the drive.
  4. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.

Answer(s): D



Share your comments for Amazon SOA-C02 exam with other users:

R
ribrahim
8/1/2023 6:05:00 AM

hey guys, just to let you all know that i cleared my 312-38 today within 1 hr with 100 questions and passed. thank you so much brain-dumps.net all the questions that ive studied in this dump came out exactly the same word for word "verbatim". you rock brain-dumps.net!!! section name total score gained score network perimeter protection 16 11 incident response 10 8 enterprise virtual, cloud, and wireless network protection 12 8 application and data protection 13 10 network défense management 10 9 endpoint protection 15 12 incident d

A
Andrew
8/23/2023 6:02:00 PM

very helpful

L
latha
9/7/2023 8:14:00 AM

useful questions

I
ibrahim
11/9/2023 7:57:00 AM

page :20 https://exam-dumps.com/snowflake/free-cof-c02-braindumps.html?p=20#collapse_453 q 74: true or false: pipes can be suspended and resumed. true. desc.: pausing or resuming pipes in addition to the pipe owner, a role that has the following minimum permissions can pause or resume the pipe https://docs.snowflake.com/en/user-guide/data-load-snowpipe-intro

F
Franklin Allagoa
7/5/2023 5:16:00 AM

i want hcia exam dumps

S
SSA
12/24/2023 1:18:00 PM

good training

B
BK
8/11/2023 12:23:00 PM

very useful

D
Deepika Narayanan
7/13/2023 11:05:00 PM

yes need this exam dumps

B
Blessious Phiri
8/15/2023 3:31:00 PM

these questions are a great eye opener

J
Jagdesh
9/8/2023 8:17:00 AM

thank you for providing these questions and answers. they helped me pass my exam. you guys are great.

T
TS
7/18/2023 3:32:00 PM

good knowledge

A
Asad Khan
11/1/2023 2:44:00 AM

answer 10 should be a because only a new project will be created & the organization is the same.

R
Raj
9/12/2023 3:49:00 PM

can you please upload the dump again

C
Christian Klein
6/23/2023 1:32:00 PM

is it legit questions from sap certifications ?

A
anonymous
1/12/2024 3:34:00 PM

question 16 should be b (changing the connector settings on the monitor) pc and monitor were powered on. the lights on the pc are on indicating power. the monitor is showing an error text indicating that it is receiving power too. this is a clear sign of having the wrong input selected on the monitor. thus, the "connector setting" needs to be switched from hdmi to display port on the monitor so it receives the signal from the pc, or the other way around (display port to hdmi).

N
NSPK
1/18/2024 10:26:00 AM

q 10. ans is d (in the target org: open deployment settings, click edit next to the source org. select allow inbound changes and save

M
mohamed abdo
9/1/2023 4:59:00 AM

very useful

T
Tom
3/18/2022 8:00:00 PM

i purchased this exam dumps from another website with way more questions but they were all invalid and outdate. this exam dumps was right to the point and all from recent exam. it was a hard pass.

E
Edrick GOP
10/24/2023 6:00:00 AM

it was a good experience and i got 90% in the 200-901 exam.

A
anonymous
8/10/2023 2:28:00 AM

hi please upload this

B
Bakir
7/6/2023 7:24:00 AM

please upload it

A
Aman
6/18/2023 1:27:00 PM

really need this dump. can you please help.

N
Neela Para
1/8/2024 6:39:00 PM

really good and covers many areas explaining the answer.

K
Karan Patel
8/15/2023 12:51:00 AM

yes, can you please upload the exam?

N
NISHAD
11/7/2023 11:28:00 AM

how many questions are there in these dumps?

P
Pankaj
7/3/2023 3:57:00 AM

hi team, please upload this , i need it.

D
DN
9/4/2023 11:19:00 PM

question 14 - run terraform import: this is the recommended best practice for bringing manually created or destroyed resources under terraform management. you use terraform import to associate an existing resource with a terraform resource configuration. this ensures that terraform is aware of the resource, and you can subsequently manage it with terraform.

Z
Zhiguang
8/19/2023 11:37:00 PM

please upload dump. thanks in advance.

D
deedee
12/23/2023 5:51:00 PM

great great

A
Asad Khan
11/1/2023 3:10:00 AM

answer 16 should be b your organizational policies require you to use virtual machines directly

S
Sale Danasabe
10/24/2023 5:21:00 PM

the question are kind of tricky of you didnt get the hnag on it.

L
Luis
11/16/2023 1:39:00 PM

can anyone tell me if this is for rhel8 or rhel9?

H
hik
1/19/2024 1:47:00 PM

good content

B
Blessious Phiri
8/15/2023 2:18:00 PM

pdb and cdb are critical to the database

AI Tutor 👋 I’m here to help!