AWS Certified SysOps Administrator(SOA-C02)

The AWS Certified SysOps Administrator(SOA-C02) were last updated on today.
  • Viewing page 7 out of 208 pages.
  • Viewing questions 31-35 out of 1,040 questions
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #31 Topic 1

Developers are using IAM access keys to manage AWS resources using AWS CLI. Company policy requires that access keys are automatically disabled when the access key age is greater than 90 days. Which solution will accomplish this?

  • A Configure an Amazon CloudWatch alarm to trigger an AWS Lambda function that disables keys older than 90 days.
  • B Configure AWS Trusted Advisor to identify and disable keys older than 90 days.
  • C Set a password policy on the account with a 90-day expiration.
  • D Use an AWS Config rule to identify noncompliant keys. Create a custom AWS Systems Manager Automation document for remediation.
Suggested Answer: D
NOTE:
Question #32 Topic 1

A block device is a storage device that moves data in sequences. How many types of block devices does Amazon EC2 support?

  • A 2 -instance store volumes and EBS volumes
  • B 5 -General Purpose SSD, Provisioned IOPS SSD, Throughput Optimized HDD, Cold HDD, and Magnetic
  • C 3 -SSD, HDD, and Magnetic
  • D 1 -instance store volumes
Suggested Answer: A
NOTE: A block device is a storage device that moves data in sequences of bytes or bits (blocks). These de-vices support random access and generally use buffered I/O. Examples include hard disks, CD-ROM drives, and flash drives. A block device can be physically attached to a computer or accessed remotely as if it were physically attached to the computer. Amazon EC2 supports two types of block devices: Amazon EC2 supports two types of block devices. Instance store volumes (virtual devices whose underlying hardware is physically attached to the host computer for the instance) EBS volumes (remote storage devices) The SSD, HDD and Magnetic choices are all options for the type of storage offered via EBS vol-umes. They are not types of block devices. Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
Question #33 Topic 1

A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using a custom namespace. Which of the below mentioned options is recommended for this activi-ty?

  • A Create one csv file of all the data and send a single file to CloudWatch
  • B Aggregate the data with statistics, such as Min, max, Average, Sum and Sample data and send the data to CloudWatch
  • C It is not possible to send all the data in one call. Thus, it should be sent one by one. CloudWatch will aggregate the data automatically
  • D Send all the data values to CloudWatch in a single command by separating them with a comma. CloudWatch will parse automatically
Suggested Answer: B
NOTE: AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put-metric-data. It is recommended that when the user is having multiple data points per minute, he should aggregate the data so that it will minimize the number of calls to put-metric- data. In this case it will be single call to CloudWatch instead of 1000 calls if the data is aggregated. Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/publishingMetrics.html
Question #34 Topic 1

A SysOps Administrator has configured health checks a target group for an Application Load Balancer. An Amazon EC2 instance belonging to the target group fails the health check. What will happen next? (Choose two.)

  • A The load balancer will continue to perform the health check on the EC2 instance.
  • B The EC2 instance will be terminated based on the health check failure.
  • C The EC2 instance will be rebooted.
  • D The load balancer will stop sending traffic to the EC2 instance.
  • E A new EC2 instance will be deployed to replace the unhealthy instance.
Suggested Answer: AD
NOTE:
Question #35 Topic 1

AWS IAM permissions can be assigned in two ways:

  • A as role-based or as resource-based.
  • B as identity-based or as resource-based.
  • C as security group-based or as key-based.
  • D as user-based or as key-based.
Suggested Answer: B
NOTE: Permissions can be assigned in two ways: as identity-based or as resource-based. Identity-based, or IAM permissions, are attached to an IAM user, group, or role and let you specify what that user, group, or role can do. For example, you can assign permissions to the IAM user named Bob, stating that he has permission to use the Amazon Elastic Compute Cloud (Amazon EC2) RunInstances ac-tion and that he has permission to get items from an Amazon DynamoDB table named MyCompa-ny. The user Bob might also be granted access to manage his own IAM security credentials. Identi-ty-based permissions can be managed or inline. Resource-based permissions are attached to a resource. You can specify resource-based permissions for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, Amazon SQS queues, and AWS Key Management Service encryption keys. Resource-based permissions let you specify who has access to the resource and what actions they can perform on it. Resource-based policies are in-line only, not managed. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions.html
Previous Questions Next Questions