Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Amazon
  3. SOA-C02

Amazon SOA-C02 Exam (page: 8)
Amazon AWS Certified SysOps Administrator (SOA-C01)
Updated on: 09-Feb-2026

Viewing Page 8 of 61
SOA-C02 PDF 932 Questions

A company uses an AWS Service Catalog portfolio to create and manage resources. A SysOps administrator must create a replica of the company's existing AWS infrastructure in a new AWS account.
What is the MOST operationally efficient way to meet this requirement?

  1. Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.
  2. In the new AWS account, manually create an AWS Service Catalog portfolio that duplicates the original portfolio.
  3. Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.
  4. Share the AWS Service Catalog portfolio with the new AWS account. Import the portfolio into the new AWS account.

Answer(s): D



A SysOps administrator must manage the security of an AWS account. Recently, an IAM user's access key was mistakenly uploaded to a public code repository.
The SysOps administrator must identify anything that was changed by using this access key.
How should the SysOps administrator meet these requirements?

  1. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events to an AWS Lambda function for analysis.
  2. Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe.
  3. Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.
  4. Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe.

Answer(s): C



A company runs a retail website on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The company must secure traffic to the website over an HTTPS connection.
Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)

  1. Attach the certificate to each EC2 instance.
  2. Attach the certificate to the AL
  3. Create a private certificate in AWS Certificate Manager (ACM).
  4. Create a public certificate in AWS Certificate Manager (ACM).
  5. Export the certificate, and attach it to the website.

Answer(s): B,D



SIMULATION
Instructions
If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C,
Command-V.
Configure Amazon EventBridge to meet the following requirements.
1. Use the us-east-2 Region for all resources.
2. Unless specified below, use the default configuration settings.
3. Use your own resource naming unless a resource name is specified below.
4. Ensure all Amazon EC2 events in the default event bus are replayable for the past 45 days.
5. Create a rule named RunFunction to send the exact message {"name":"example") every 15 minutes to an existing AWS Lambda function named LogEventFunction
6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:
Input path:
{`instance`:`detail.instance-id}
Input template:
`The EC2 Spot Instance <instance> has been interrupted.`
Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.

  1. See Explanation section for answer.

Answer(s): A

Explanation:































A company has a stateful, long-running workload on a single xlarge general purpose Amazon EC2 On-Demand Instance Metrics show that the service is always using 80% of its available memory and 40% of its available CPU. A SysOps administrator must reduce the cost of the service without negatively affecting performance.
Which change in instance type will meet these requirements?

  1. Change to one large compute optimized On-Demand Instance.
  2. Change to one large memory optimized On-Demand Instance.
  3. Change to one xlarge general purpose Spot Instance.
  4. Change to two large general purpose On-Demand Instances.

Answer(s): B



A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS
Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

  1. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
  2. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
  3. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
  4. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Answer(s): D



When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization's resources are affected?

  1. AWS Service Health Dashboard
  2. AWS Trusted Advisor
  3. AWS Personal Health Dashboard
  4. AWS Systems Manager

Answer(s): C

Explanation:


Reference:

https://docs.aws.amazon.com/health/latest/ug/getting-started-phd.html



A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months.
What is the process to rotate the key?

  1. Enable automatic key rotation for the CMK, and specify a period of 6 months.
  2. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
  3. Delete the current key material, and import new material into the existing CMK.
  4. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.

Answer(s): B

Explanation:


Reference:

https://aws.amazon.com/kms/faqs/



Viewing Page 8 of 61



Share your comments for Amazon SOA-C02 exam with other users:

tomAws 7/18/2023 5:05:00 AM

nice questions
BRAZIL