AWS Certified SysOps Administrator(SOA-C02)

The AWS Certified SysOps Administrator(SOA-C02) were last updated on today.
  • Viewing page 8 out of 208 pages.
  • Viewing questions 36-40 out of 1,040 questions
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #36 Topic 1

A route table in VPC can be associated with multiple subnets. However, a subnet can be associated with only ______ route table(s) at a time.

  • A four
  • B two
  • C three
  • D one
Suggested Answer: D
NOTE: Every subnet in your VPC must be associated with exactly one route table at a time. However, the same route table can be associated with multiple subnets. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
Question #37 Topic 1

Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to accomplish this. First you created a stack and added an App Server layer with an instance running in it. Next you added an application to the instance, and now you need to deploy a MySQL RDS database instance. Which of the following answers accurately describe how to add a backend database server to an OpsWorks stack? (Choose three.)

  • A Add a new database layer and then add recipes to the deploy actions of the database and App Server layers.
  • B Use OpsWorks' "Clone Stack" feature to create a second RDS stack in another Availability Zone for redundancy in the event of a failure in the Primary AZ. To switch to the secondary RDS instance, set the [:database] attributes to values that are appropriate for your server which you can do by using custom JSON.
  • C The variables that characterize the RDS database connectionג€"host, user, and so onג€"are set using the corresponding values from the deploy JSON's [:depioy][:app_name][:database] attributes.
  • D Cookbook attributes are stored in a repository, so OpsWorks requires that the "password": "your_password" attribute for the RDS instance must be encrypted using at least a 256-bit key.
  • E Set up the connection between the app server and the RDS layer by using a custom recipe. The recipe configures the app server as required, typically by creating a configuration file. The recipe gets the connection data such as the host and database name from a set of attributes in the stack configuration and deployment JSON that AWS OpsWorks installs on every instance.
Suggested Answer: ACE
NOTE:
Question #38 Topic 1

A company's audit shows that users have been changing cost-related tags on Amazon EC2 instances after deployment. The company has an organization in AWS Organizations with many AWS accounts. The company needs a solution to detect the EC2 instances automatically. The solution must require the least possible operational overhead. Which solution meets these requirements?

  • A Use service control policies (SCPs) to track EC2 instances that do not have the required tags.
  • B Use Amazon Inspector to run a report to identify EC2 instances that do not have the required tags.
  • C Use an AWS Config rule to track EC2 instances that do not have the required tags.
  • D Use AWS Well-Architected Tool (AWS WA Tool) to run a report to identify EC2 instances that do not have the required tags.
Suggested Answer: A
NOTE:
Question #39 Topic 1

True or False: Amazon Route 53 provides highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services.

  • A False, you can only import an existing domain using Amazon Route 53.
  • B True, however, it only provides .com domains.
  • C FALSE
  • D TRUE
Suggested Answer: D
NOTE: Amazon Route 53 provides highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. Reference: http://aws.amazon.com/route53/faqs/
Question #40 Topic 1

AWS Cloud Hardware Security Modules (HSMs) are designed to _____.

  • A store your AWS keys safely
  • B provide another level of login security specifically for LDAP
  • C allow AWS to audit your infrastructure
  • D securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance
Suggested Answer: D
NOTE: A Hardware Security Module (HSM) is a hardware appliance that provides secure key storage and cryptographic operations within a tamper-resistant hardware device. They are designed to securely store cryptographic key material and also to be able to use this key material without exposing it out-side the cryptographic boundary of the appliance. Reference: https://aws.amazon.com/cloudhsm/faqs/
Previous Questions Next Questions