AWS Certified SysOps Administrator(SOA-C02)

The AWS Certified SysOps Administrator(SOA-C02) were last updated on today.
  • Viewing page 9 out of 208 pages.
  • Viewing questions 41-45 out of 1,040 questions
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #41 Topic 1

Network ACLs are _______.

  • A stateful
  • B stateless
  • C asynchronous
  • D synchronous
Suggested Answer: B
NOTE: Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for out-bound traffic (and vice versa). Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
Question #42 Topic 1

You can create a CloudWatch alarm that watches a single metric. The alarm performs one or more actions based on the value of the metric relative to a threshold over a number of time periods. Which of the following states is possible for the CloudWatch alarm?

  • A OK
  • B ALERT
  • C THRESHOLD
  • D ERROR
Suggested Answer: A
NOTE: You can create a CloudWatch alarm that watches a single metric. The alarm performs one or more actions based on the value of the metric relative to a threshold over a number of time periods. The action can be an Amazon EC2 action, an Auto Scaling action, or a notification sent to an Amazon SNS topic. An alarm has three possible states: OK--The metric is within the defined threshold ALARM--The metric is outside of the defined threshold INSUFFICIENT_DATA--The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/AlarmThatSendsEmail.html
Question #43 Topic 1

Is it possible to create an S3 bucket accessible only by a certain IAM user using policies in a Cloud-Formation template?

  • A Yes, all these resources can be created using a CloudFormation template
  • B S3 is not supported by CloudFormation.
  • C No, you can only create the S3 bucket but not the IAM user.
  • D No, in the same template you can only create the S3 bucket and the relative policy.
Suggested Answer: A
NOTE: With AWS Identity and Access Management (IAM), you can create IAM users to control who has access to which resources in your AWS account. You can use IAM with AWS CloudFormation to control what AWS CloudFormation actions users can perform, such as view stack templates, create stacks, or delete stacks. In addition to AWS CloudFormation actions, you can manage what AWS services and resources are available to each user. Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html
Question #44 Topic 1

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization. What must you do to comply with this requirement for a web based profile management application running on EC2?

  • A Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
  • B Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
  • C Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
  • D Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile
Suggested Answer: C
NOTE:
Question #45 Topic 1

A company's auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled. A SysOps administrator is tasked to ensure this compliance requirement is met, while still permitting developers to create and use new S3 buckets. Which action should be taken to accomplish this?

  • A Add AWS CloudTrail logging for the S3 buckets.
  • B Implement IAM policies to allow only the storage team to create S3 buckets.
  • C Add the S3_BUCKET_LOGGING_ENABLED AWS Config managed rule.
  • D Create an AWS Lambda function to delete the S3 buckets if logging is not turned on.
Suggested Answer: C
NOTE: Reference: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html
Previous Questions Next Questions