AWS Certified SysOps Administrator(SOA-C02)

The AWS Certified SysOps Administrator(SOA-C02) were last updated on today.
  • Viewing page 6 out of 208 pages.
  • Viewing questions 26-30 out of 1,040 questions
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #26 Topic 1

A customer enquires about whether all his data is secure on AWS, and is especially concerned about Elastic Map Reduce (EMR). You need to inform him of some of the security features in place for AWS. Which of the below statements is incorrect regarding EMR or S3?

  • A Every packet sent in the AWS network uses Internet Protocol Security (IPsec).
  • B Amazon S3 provides authentication mechanisms to ensure that stored data is secured against un-authorized access.
  • C Customers may encrypt the input data before they upload it to Amazon S3.
  • D Amazon EMR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.
Suggested Answer: A
NOTE: Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unau-thorized access. Unless the customer who is uploading the data specifies otherwise, only that cus-tomer can access the data. Amazon EMR customers can also choose to send data to Amazon S3 us-ing the HTTPS protocol for secure transmission. In addition, Amazon EMR always uses HTTPS to send data between Amazon S3 and Amazon EC2. For added security, customers may encrypt the input data before they upload it to Amazon S3 (using any common data compression tool); they then need to add a decryption step to the beginning of their cluster when Amazon EMR fetches the data from Amazon S3. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. Amazon supports Internet Protocol security (IPsec) VPN connections, but does not protect all data packets at this level. Reference: https://aws.amazon.com/elasticmapreduce/faqs/
Question #27 Topic 1

You are setting up a VPC and you need to set up a public subnet within that VPC. Which following requirement must be met for this subnet to be considered a public subnet?

  • A Subnet's traffic is not routed to an internet gateway but has its traffic routed to a virtual private gateway.
  • B Subnet's traffic is routed to an internet gateway.
  • C Subnet's traffic is not routed to an internet gateway.
  • D None of these answers can be considered a public subnet.
Suggested Answer: B
NOTE: A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC: you can select its IP ad-dress range, create subnets, and configure route tables, network gateways, and security settings. A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won't be connected to the Internet. If a subnet's traffic is routed to an in-ternet gateway, the subnet is known as a public subnet. If a subnet doesn't have a route to the Inter-net gateway, the subnet is known as a private subnet. If a subnet doesn't have a route to the internet gateway, but has its traffic routed to a virtual private gateway, the subnet is known as a VPN-only subnet. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
Question #28 Topic 1

A company wants to store sensitive data in Amazon S3. The S3 bucket and its contents must be accessible only from the on-premises corporate network. What should a SysOps administrator do to configure the S3 bucket policy statement?

  • A Use a Deny effect with a condition based on the aws:sourceVpc key.
  • B Use a Deny effect with a condition based on the NotIpAddress key.
  • C Use an Allow effect with a condition based on the IpAddress key.
  • D Use an Allow effect with a condition based on the s3:LocationConstraint key.
Suggested Answer: A
NOTE:
Question #29 Topic 1

Which of the following Identity and Access Management (IAM) policy keys of AWS Direct Con-nect is used for date/time conditions?

  • A aws:CurrentTime
  • B aws:UserAgent
  • C aws:SourceIp
  • D aws:SecureTransport
Suggested Answer: A
NOTE: AWS Direct Connect implements the following policy keys of Identity and Access Management: aws:CurrentTime (for date/time conditions) aws:EpochTime (the date in epoch or UNIX time, for use with date/time conditions) aws:SecureTransport (Boolean representing whether the request was sent using SSL) aws:SourceIp (the requester's IP address, for use with IP address conditions) aws:UserAgent (in-formation about the requester's client application, for use with string conditions) Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.html
Question #30 Topic 1

A SysOps administrator has set up a new public Application Load Balancer (ALB) in front of a pair of private web servers in multiple Availability Zones. After deploying an updated AWS CloudFormation template with many changes, user traffic now goes to one web server only. What is the MOST likely reason that the traffic is not being balanced between both servers?

  • A The faulty server is returning HTTP 200 codes and has been removed.
  • B Sticky sessions have been disabled in the ALB for the working server.
  • C The ALB is using a custom ping path that is not found on the faulty server.
  • D The web clients are using HTTP/2, which is terminated at the ALB.
Suggested Answer: A
NOTE:
Previous Questions Next Questions