Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Amazon
  3. SOA-C02

Amazon SOA-C02 Exam (page: 9)
Amazon AWS Certified SysOps Administrator (SOA-C01)
Updated on: 09-Feb-2026

Viewing Page 9 of 61
SOA-C02 PDF 932 Questions

The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.
Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

  1. AWS Trusted Advisor
  2. Amazon Inspector
  3. AWS Config
  4. AWS Organizations

Answer(s): A

Explanation:


Reference:

https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor-check-reference.html#iam-policies



A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.example.com and the S3 bucket name DOC-EXAMPLE-BUCKET. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.
Which of the following is a cause of this?

  1. The S3 bucket must be configured with Amazon CloudFront first.
  2. The Route 53 record set must have an IAM role that allows access to the S3 bucket.
  3. The Route 53 record set must be in the same region as the S3 bucket.
  4. The S3 bucket name must match the record set name in Route 53.

Answer(s): D

Explanation:


Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/route-53-no-targets/



A SysOps administrator has used AWS CloudFormation to deploy a serverless application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS CloudFormation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS CloudFormation stack?

  1. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack.
  2. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.
  3. Enable termination protection on the AWS CloudFormation stack.
  4. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTable action.

Answer(s): A



A SysOps administrator is notified that an Amazon EC2 instance has stopped responding. The AWS Management Console indicates that the system checks are failing.
What should the administrator do first to resolve this issue?

  1. Reboot the EC2 instance so it can be launched on a new host.
  2. Stop and then start the EC2 instance so that it can be launched on a new host.
  3. Terminate the EC2 instance and relaunch it.
  4. View the AWS CloudTrail log to investigate what changed on the EC2 instance.

Answer(s): B



A software development company has multiple developers who work on the same product. Each developer must have their own development environments, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?

  1. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.
  2. Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.
  3. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance.
  4. Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment resources.

Answer(s): B



A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon
S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

  1. Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
  2. Create a new KMS key. Create a new IAM key. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
  3. Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS key policy. Provide the KMS managed S3 key ARN to the vendor.
  4. Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

Answer(s): A

Explanation:


Reference:

https://bookdown.org/bingweiliu11/aws-tutorial-book/use-case.html



A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances.
Which additional action must the SysOps administrator perform to meet this requirement?

  1. Add an inbound rule to the instances' security group.
  2. Attach an IAM instance profile with access to Systems Manager to the instances.
  3. Create a Systems Manager activation. Then activate the fleet of instances.
  4. Manually specify the instances to patch instead of using tag-based selection.

Answer(s): B



A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2 instances in eu-central-1 are unable to connect to the database in us-east-1.
What is the MOST operationally efficient solution that will resolve this connectivity issue?

  1. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.
  2. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.
  3. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.
  4. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.

Answer(s): A



Viewing Page 9 of 61



Share your comments for Amazon SOA-C02 exam with other users:

tomAws 7/18/2023 5:05:00 AM

nice questions
BRAZIL