Practice Test Free
  • QUESTIONS
  • COURSES
    • CCNA
    • Cisco Enterprise Core
    • VMware vSphere: Install, Configure, Manage
  • CERTIFICATES
No Result
View All Result
  • Login
  • Register
Quesions Library
  • Cisco
    • 200-301
    • 200-901
      • Multiple Choice
      • Drag Drop
    • 350-401
      • Multiple Choice
      • Drag Drop
    • 350-701
    • 300-410
      • Multiple Choice
      • Drag Drop
    • 300-415
      • Multiple Choice
      • Drag Drop
    • 300-425
    • Others
  • AWS
    • CLF-C02
    • SAA-C03
    • SAP-C02
    • ANS-C01
    • Others
  • Microsoft
    • AZ-104
    • AZ-204
    • AZ-305
    • AZ-900
    • AI-900
    • SC-900
    • Others
  • CompTIA
    • SY0-601
    • N10-008
    • 220-1101
    • 220-1102
    • Others
  • Google
    • Associate Cloud Engineer
    • Professional Cloud Architect
    • Professional Cloud DevOps Engineer
    • Others
  • ISACA
    • CISM
    • CRIS
    • Others
  • LPI
    • 101-500
    • 102-500
    • 201-450
    • 202-450
  • Fortinet
    • NSE4_FGT-7.2
  • VMware
  • >>
    • Juniper
    • EC-Council
      • 312-50v12
    • ISC
      • CISSP
    • PMI
      • PMP
    • Palo Alto Networks
    • RedHat
    • Oracle
    • GIAC
    • F5
    • ITILF
    • Salesforce
Contribute
Practice Test Free
  • QUESTIONS
  • COURSES
    • CCNA
    • Cisco Enterprise Core
    • VMware vSphere: Install, Configure, Manage
  • CERTIFICATES
No Result
View All Result
Practice Test Free
No Result
View All Result
Home Practice Exam Free

SOA-C02 Practice Exam Free

Table of Contents

Toggle
  • SOA-C02 Practice Exam Free – 50 Questions to Simulate the Real Exam
  • Free Access Full SOA-C02 Practice Exam Free

SOA-C02 Practice Exam Free – 50 Questions to Simulate the Real Exam

Are you getting ready for the SOA-C02 certification? Take your preparation to the next level with our SOA-C02 Practice Exam Free – a carefully designed set of 50 realistic exam-style questions to help you evaluate your knowledge and boost your confidence.

Using a SOA-C02 practice exam free is one of the best ways to:

  • Experience the format and difficulty of the real exam
  • Identify your strengths and focus on weak areas
  • Improve your test-taking speed and accuracy

Below, you will find 50 realistic SOA-C02 practice exam free questions covering key exam topics. Each question reflects the structure and challenge of the actual exam.

Question 1

A company uses flaws Organizations to manage its flaws accounts. A SysOps administrator must create a backup strategy for all Amazon EC2 instances across all the company’s flaws accounts.
Which solution will meet these requirements in the MOST operationally efficient way?

A. Deploy an flaws Lambda function to each account to run EC2 instance snapshots on a scheduled basis.

B. Create an flaws CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance.

C. Use flaws Backup in the management account to deploy policies for all accounts and resources.

D. Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account.

 


Correct Answer: C

Question 2

A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3.
Which action should a SysOps administrator take to meet this requirement?

A. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.

B. Create an Amazon ElastiCache cluster and enable caching for the S3 bucket.

C. Set up flaws Global Accelerator and configure it with the S3 bucket.

D. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files.

 


Correct Answer: D

Question 3

A SysOps administrator notices that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. The SysOps administrator needs to increase the cache hit ratio for the distribution, improve network performance, and reduce the load on the origin.
Which combination of actions should the SysOps administrator take to meet these requirements? (Choose two.)

A. Enable CloudFront Origin Shield for the required flaws Regions.

B. Change the viewer protocol policy to use HTTPS only.

C. Add a second origin. Create an origin group that includes both origins. Activate CloudFront origin failover.

D. Turn on automatic compression of objects in the cache behavior settings.

E. Increase the CloudFront TTL values in the cache behavior settings.

 


Correct Answer: CE

Question 4

A SysOps administrator created an flaws CloudFormation template that provisions an Amazon EventBridge rule that invokes an flaws Lambda function. The Lambda function is designed to write event details to an Amazon CloudWatch log group. The function has permissions to write events to Amazon CloudWatch Logs. However, the SysOps administrator discovered that the Lambda function is not running.
How should the SysOps administrator resolve the problem?

A. Update the CloudFormation stack to include an flaws::IAM::Role resource with the required IAM permissions for EventBridge to invoke the function. Assign the role to the EventBridge rule.

B. Update the CloudFormation stack to include an flaws::IAM::Role resource with the required IAM permissions for the function. Assign the role as the function execution role.

C. Update the CloudFormation stack with an flaws::Lambda::Permission resource to ensure events.amazonaws.com has permissions to invoke the function.

D. Update the CloudFormation stack with an flaws::Lambda::Permission resource to ensure lambda.amazonaws.com has permissions to invoke the function.

 


Correct Answer: C

Question 5

A global company operates out of five flaws Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instances.
The company requires the output to display the instance ID and tags.
What is the MOST operationally efficient way for the SysOps administrator to meet these requirements?

A. Create a tag-based resource group in flaws Resource Groups.

B. Use flaws Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.

C. Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.

D. Use Tag Editor in flaws Resource Groups. Select all Regions, and choose a resource type of flaws::EC2::Instance.

 


Correct Answer: D

Question 6

A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is configured to use a simple scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue.
Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the instances to accommodate the increased number of messages.
Which solution will meet these requirements?

A. Use CloudWatch to create a metric math expression to calculate the approximate age of the oldest message in the SQS queue. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.

B. Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.

C. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a target tracking scaling policy for the ALBRequestCountPerTarget metric to modify the Auto Scaling group.

D. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a scheduled scaling policy for the Auto Scaling group.

 


Correct Answer: B

Question 7

A company deployed a new web application on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group. Users report that they are frequently being prompted to log in.
What should a SysOps administrator do to resolve this issue?

A. Configure an Amazon CloudFront distribution with the ALB as the origin.

B. Enable sticky sessions (session affinity) for the target group of EC2 instances.

C. Redeploy the EC2 instances in a spread placement group.

D. Replace the ALB with a Network Load Balancer.

 


Correct Answer: C

Question 8

A company is expanding its use of flaws services across its portfolios. The company wants to provision flaws accounts for each team to ensure a separation of business processes for security, compliance, and billing. Account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A SysOps administrator needs to design a provisioning process that saves time and resources.
Which action should be taken to meet these requirements?

A. Automate using flaws Elastic Beanstalk to provision the flaws accounts, set up infrastructure, and integrate with flaws Organizations.

B. Create bootstrapping scripts in flaws OpsWorks and combine them with flaws CloudFormation templates to provision accounts and infrastructure.

C. Use flaws Config to provision accounts and deploy instances using flaws Service Catalog.

D. Use flaws Control Tower to create a template in Account Factory and use the template to provision new accounts.

 


Correct Answer: D

Question 9

A SysOps administrator is examining the following flaws CloudFormation template:
Why will the stack creation fail?

A. The Outputs section of the CloudFormation template was omitted.

B. The Parameters section of the CloudFormation template was omitted.

C. The PrivateDnsName cannot be set from a CloudFormation template.

D. The VPC was not specified in the CloudFormation template.

 


Correct Answer: C

Question 10

A SysOps administrator needs to develop a solution that provides email notification and inserts a record into a database every time a file is put into an Amazon S3 bucket.
What is the MOST operationally efficient solution that meets these requirements?

A. Set up an S3 event notification that targets an Amazon Simple Notification Service (Amazon SNS) topic. Create two subscriptions for the SNS topic. Use one subscription to send the email notification. Use the other subscription to invoke an flaws Lambda function that inserts the record into the database.

B. Set up an Amazon CloudWatch alarm that enters ALARM state whenever an object is created in the S3 bucket. Configure the alarm to invoke an flaws Lambda function that sends the email notification and inserts the record into the database.

C. Create an flaws Lambda function to send the email notification and insert the record into the database whenever a new object is detected in the S3 bucket. Invoke the function every minute with an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule.

D. Set up two S3 event notifications. Target a separate flaws Lambda function with each notification. Configure one function to send the email notification. Configure the other function to insert the record into the database.

 


Correct Answer: A

Question 11

A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The administrator must be alerted to potential issues.
What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications.

B. Use flaws CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.

C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.

D. Use flaws Trusted Advisor and enable email notification alerts for EC2 disk space.

 


Correct Answer: C

Question 12

A company uses flaws Organizations to manage multiple flaws accounts. The company’s SysOps team has been using a manual process to create and manage IAM roles. The team requires an automated solution to create and manage the necessary IAM roles for multiple flaws accounts.
What is the MOST operationally efficient solution that meets these requirements?

A. Create flaws CloudFormation templates. Reuse the templates to create the necessary IAM roles in each of the flaws accounts.

B. Use flaws Directory Service with flaws Organizations to automatically associate the necessary IAM roles with Microsoft Active Directory users.

C. Use flaws Resource Access Manager with flaws Organizations to deploy and manage shared resources across the flaws accounts.

D. Use flaws CloudFormation StackSets with flaws Organizations to deploy and manage IAM roles for the flaws accounts.

 


Correct Answer: D

Question 13

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues.
Which solution will meet these requirements in the MOST secure manner?

A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user’s credentials in the application’s configuration

B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:RecelveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user’s access key and secret access key as environment variables on the EC2 instance.

C. Create and associate an IAM role that allows EC2 instances to call flaws services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.

D. Create and associate an IAM role that allows EC2 instances to call flaws services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.

 


Correct Answer: D

Question 14

A company is managing multiple flaws accounts in flaws Organizations. The company is reviewing internal security of its flaws environment. The company’s security administrator has their own flaws account and wants to review the VPC configuration of developer flaws accounts.
Which solution will meet these requirements in the MOST secure manner?

A. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to an IAM user. Share the user credentials with the security administrator.

B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM user. Share the user credentials with the security administrator.

C. Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

D. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

 


Correct Answer: A

Question 15

A company runs hundreds of Amazon EC2 instances in a single flaws Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.
According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the company’s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.
Which action should the SysOps administrator take to meet these requirements?

A. Increase the size of the 1 GiB EBS volumes.

B. Add two additional elastic network interfaces on each EC2 instance.

C. Turn on Transfer Acceleration on the EBS volumes in the Region.

D. Add all the EC2 instances to a cluster placement group.

 


Correct Answer: A

Question 16

A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon
S3 bucket in the vendor's flaws account. The vendor is allowing the company to provide an flaws Key Management Service (flaws KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

A. Create a new KMS key. Add the vendor’s IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.

B. Create a new KMS key. Create a new IAM key. Add the vendor’s IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.

C. Configure encryption using the KMS managed S3 key. Add the vendor’s IAM role ARN to the KMS key policy. Provide the KMS managed S3 key ARN to the vendor.

D. Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor’s IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

 


Correct Answer: D

Question 17

A SysOps administrator is using flaws Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances.
Which additional action must the SysOps administrator perform to meet this requirement?

A. Add an inbound rule to the instances’ security group.

B. Attach an IAM instance profile with access to Systems Manager to the instances.

C. Create a Systems Manager activation. Then activate the fleet of instances.

D. Manually specify the instances to patch instead of using tag-based selection.

 


Correct Answer: B

Question 18

A company's VPC has an existing IPv4 configuration. The IPv4 configuration includes public subnets, private subnets, NAT gateways, default route tables, and ACLs.
The company associates an IPv6 CIDR block with the VPC. The company adds IPv6 allocations to each existing subnet and adds routes to the route tables. The company updates the ACLs to allow all IPv6 traffic.
Public subnets are working as expected, but private subnets are not allowing internet IPv6 connections.
What should a SysOps administrator do to allow outbound-only connectivity for the new IPv6 subnets?

A. Configure an egress-only internet gateway and associate it with the VPC. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the egress-only internet gateway.

B. Turn on IPv6 NAT on the NAT gateways. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the NAT gateways.

C. Configure a new IPv6-only NAT gateway. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the IPv6-only NAT gateway.

D. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the existing internet gateway.

 


Correct Answer: C

Question 19

A company is attempting to manage its costs in the flaws Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report.
What should the SysOps administrator do to meet this requirement?

A. Activate the tags as flaws generated cost allocation tags.

B. Activate the tags as user-defined cost allocation tags.

C. Create a new cost category. Select the account billing dimension.

D. Create a new flaws Cost and Usage Report. Include the resource IDs.

 


Correct Answer: B

Question 20

A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com.
What should the SysOps administrator do to resolve this issue?

A. Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.

B. Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.

C. Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.

D. Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.

 


Correct Answer: A

Question 21

A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not have outbound internet access. User logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same flaws Region.
Which solution will solve this problem?

A. Update the EC2 instance role policy to include s3:PutObject access to the target S3 bucket.

B. Update the EC2 security group to allow outbound traffic to 0.0.0.0/0 for port 80.

C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.

D. Update the S3 bucket policy to allow s3:PutObject access from the private subnet CIDR block.

 


Correct Answer: C

Question 22

A SysOps administrator created an flaws CloudFormation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.
What is the default behavior of CloudFormation in this scenario?

A. CloudFormation will roll back the stack and delete the stack.

B. CloudFormation will roll back the stack but will not delete the stack.

C. CloudFormation will prompt the user to roll back the stack or continue.

D. CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

 


Correct Answer: B

Question 23

A company has an application that uses an Amazon Elastic File System (Amazon EFS) file system. A recent incident that involved an application logic error corrupted several files. The company wants to improve its ability to back up and recover the EFS file system. The company must be able to recover individual files rapidly.
Which solution meets these requirements MOST cost-effectively?

A. Configure Amazon Data Lifecycle Manager (Amazon DLM) to archive a copy of the data to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.

B. Create a second EFS file system in another flaws Region. Configure flaws DataSync to copy the data to the backup file system. Recover files by copying them from the backup EFS file system.

C. Enable flaws Backup in Amazon EFS to back up the file system to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.

D. Enable flaws Backup in Amazon EFS to back up the file system to a backup vault. Use a partial restore job to retrieve individual files.

 


Correct Answer: D

Question 24

A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and ROP. If access is required, authorized staff can connect to instances by using flaws Systems Manager Session Manager.
Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has flaws Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances.
What should a SysOps administrator do to resolve this issue?

A. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.

B. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.

C. Configure the SSM Agent to log in with a user name of “ubuntu”.

D. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.

 


Correct Answer: B

Question 25

A company plans to migrate several of its high performance computing (HPC) virtual machines (VMs) to Amazon EC2 instances on flaws. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.
Which strategy should the SysOps administrator choose to meet these requirements?

A. Deploy the instances in a cluster placement group in one Availability Zone.

B. Deploy the instances in a partition placement group in two Availability Zones.

C. Deploy the instances in a partition placement group in one Availability Zone.

D. Deploy the instances in a spread placement group in two Availability Zones.

 


Correct Answer: A

Question 26

A company is building a web application on flaws. The company is using Amazon CloudFront with a domain name of www.example.com. All traffic to CloudFront must be encrypted in transit. The company already has provisioned an SSL certificate for www.example.com in flaws Certificate Manager (ACM).
Which combination of steps should a SysOps administrator take to encrypt the traffic in transit? (Choose two.)

A. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to redirect HTTP to HTTPS.

B. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to allow HTTP and HTTPS.

C. Enter the alternate domain name (CNAME) of www.example.com for the CloudFront distribution. Select the custom SSL certificate.

D. Configure an flaws WAF web ACL for the CloudFront distribution.

E. Configure CloudFront Origin Shield for the CloudFront origin.

 


Correct Answer: AC

Question 27

A company has a critical serverless application that uses multiple flaws Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?

A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.

B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.

C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

 


Correct Answer: A

Question 28

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.
What should the SysOps administrator do to meet these requirements?

A. Launch the instances into a cluster placement group in a single flaws Region.

B. Launch the instances into a partition placement group in multiple flaws Regions.

C. Launch the instances into a spread placement group in multiple flaws Regions.

D. Launch the instances into a spread placement group in a single flaws Region.

 


Correct Answer: B

Question 29

A company has a hybrid environment. The company has set up an flaws Direct Connect connection between the company's on-premises data center and a workload that runs in a VPC. The company uses Amazon Route 53 for DNS on flaws. The company uses a private hosted zone to manage DNS names for a set of services that are hosted on flaws.
The company wants the on-premises servers to use Route 53 for DNS resolution of the private hosted zone.
Which solution will meet these requirements?

A. Create a Route 53 inbound endpoint. Ensure that security groups and routing allow the traffic from the on-premises data center. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the IP addresses of the inbound endpoint.

B. Create a Route 53 outbound endpoint. Ensure that security groups and routing allow the traffic from the VPC. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the IP addresses of the outbound endpoint.

C. Edit the private hosted zone in Route 53 with a TXT record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.

D. Edit the private hosted zone in Route 53 with a PTR record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.

 


Correct Answer: A

Question 30

A company’s flaws Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.
What should a SysOps administrator do to resolve this issue?

A. In the CPU launch options for the Lambda function, activate hyperthreading.

B. Turn off the flaws managed encryption.

C. Increase the amount of memory for the Lambda function.

D. Load the required code into a custom layer.

 


Correct Answer: C

Question 31

A SysOps administrator is investigating a company’s web application for performance problems. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application receives large traffic increases at random times throughout the day. During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fast enough. As a result, users are experiencing poor performance.
The company wants to minimize costs without adversely affecting the user experience when web traffic surges quickly. The company needs a solution that adds more capacity to the Auto Scaling group for larger traffic increases than for smaller traffic increases.
How should the SysOps administrator configure the Auto Scaling group to meet these requirements?

A. Create a simple scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.

B. Create a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.

C. Create a target tracking scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.

D. Use Amazon EC2 Auto Scaling lifecycle hooks. Adjust the Auto Scaling group’s maximum number of instances after every scaling event.

 


Correct Answer: B

Question 32

Accompany wants to monitor the number of Amazon EC2 instances that it is running. The company also wants to automate a service quota increase when the number of instances reaches a specific threshold.
Which solution meets these requirements?

A. Create an Amazon CloudWatch alarm to monitor Service Quotas. Configure the alarm to invoke an flaws Lambda function to request a quota increase when the alarm reaches the threshold.

B. Create an flaws Config rule to monitor Service Quotas. Call an flaws Lambda function to remediate the action and increase the quota.

C. Create an Amazon CloudWateh alarm to monitor the flaws Health Dashboard. Configure the alarm to invoke an flaws Lambda function to request a quota increase when the alarm reaches the threshold.

D. Create an Amazon CloudWatch alarm to monitor flaws Trusted Advisor service quotas. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to increase the quota.

 


Correct Answer: A

Question 33

A company has an application that uses a scheduled flaws Lambda function to retrieve datasets from external sources over the internet. The function is not associated with a VPC. The company is modifying the application to store the information that the Lambda function retrieves on an Amazon RDS DB instance in a private subnet. The VPC has two public subnets and two private subnets.
A SysOps administrator must deploy a solution that allows the Lambda function to access the new database and continue to access the internet.
Which solution meets these requirements?

A. Create a new Lambda function with VPC access and an Elastic IP address. Attach the function to public subnets in two Availability Zones. Associate a security group with the Elastic IP address. Configure the security group outbound rules to allow Lambda to access the required resources.

B. Create a new Lambda function with VPC access and two public IP addresses. Attach the function to public subnets in the same Availability Zones that the database uses. Associate a security group with the function. Configure the security group inbound rules to allow Lambda to access the required resources.

C. Reconfigure the Lambda function for VPC access. Add NAT gateways to the public subnets in the VPAdd route table entries in the private subnets to route through the NAT gateways to the internet. Attach the function to the private subnets that support the database. Associate a security group with the function. Configure the security group outbound rules to allow Lambda to access the internet.

D. Reconfigure the Lambda function for VPC access. Attach the function to the private subnets. Add route table entries in the private subnets to route through the internet gateway to the internet. Associate a security group with the subnets. Configure the security group inbound rules to allow Lambda to access the required resources through the internet gateway.

 


Correct Answer: C

Question 34

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOps administrator notices that some of these EC2 instances show up as healthy in the Auto Scaling group but show up as unhealthy in the ALB target group.
What is a possible reason for this issue?

A. Security groups are not allowing traffic between the ALB and the failing EC2 instances.

B. The Auto Scaling group health check is configured for EC2 status checks.

C. The EC2 instances are failing to launch and failing EC2 status checks.

D. The target group health check is configured with an incorrect port or path.

 


Correct Answer: D

Question 35

A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files.
Which solution will meet these requirements?

A. Create an flaws Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.

B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Rekognition.

C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.

D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.

 


Correct Answer: D

Question 36

A company creates a new Amazon FSx for Windows File Server file system. To help manage costs, the company configures the storage capacity for the file system with minimal room for growth.
The company creates an Amazon Simple Notification Service (Amazon SNS) topic in the same flaws account whore the file system resides. The company subscribes a SysOps administrator's email address to the SNS topic. The SysOps administrator needs to receive email notification when the file system has less than 100 GB of space available.
Which combination of steps should the SysOps administrator take to meet this requirement? (Choose two.)

A. Create an Amazon EventBridge rule for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).

B. Create an Amazon CloudWatch alarm for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).

C. Create an flaws Lambda function that will run when the Amazon CloudWatch alarm enters ALARM state. Configure the Lambda function to publish to the SNS topic.

D. Configure the Amazon EventBridge rule’s alarm action to publish to the SNS topic when the rule enters ALARM state.

E. Configure the Amazon CloudWatch alarm action to publish to the SNS topic when the alarm enters ALARM state.

 


Correct Answer: BE

Question 37

A SysOps administrator is creating an Amazon EC2 Auto Scaling group in a new flaws account. After adding some instances, the SysOps administrator notices that the group has not reached the minimum number of instances. The SysOps administrator receives the following error message:
Launching a new EC2 instance. Status Reason: Your quota allows for 0 more running instance(s).
You requested at least 1. Launching EC2 instance failed.
Which action will resolve this issue?

A. Adjust the account spending limits for Amazon EC2 on the flaws Billing and Cost Management console.

B. Modify the EC2 quota for that flaws Region in the EC2 Settings section of the EC2 console.

C. Request a quota increase for the instance type family by using Service Quotas on the flaws Management Console.

D. Use the Rebalance action in the Auto Scaling group on the flaws Management Console.

 


Correct Answer: B

Question 38

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets.
How should a SysOps administrator configure the VPC to meet these requirements?

A. Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

B. Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.

C. Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.

D. Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

 


Correct Answer: D

Question 39

A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold.
What should the SysOps administrator do to collect this data?

A. Use the ALB’s RequestCount metric. Configure a time range of 2 weeks and a period of 1 minute. Examine the chart to determine peak traffic times and volumes.

B. Use Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week period. Sort by a 1-minute interval.

C. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances.

D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure an EC2 event matching pattern that creates a metric that is based on EC2 requests. Display the data in a graph.

 


Correct Answer: A

Question 40

A company’s financial department needs to view the cost details of each project in an flaws account. A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer.
Which solution will meet this requirement?

A. Activate cost allocation tags. Add a project tag to the appropriate resources.

B. Configure consolidated billing. Create flaws Cost and Usage Reports.

C. Use flaws Budgets. Create flaws Budgets reports.

D. Use cost categories to define custom groups that are based on flaws cost and usage dimensions.

 


Correct Answer: A

Question 41

A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?

A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.

B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.

C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.

D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

 


Correct Answer: A

Question 42

A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.
Which solution will meet these requirements?

A. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3.

B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3.

C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3.

D. Use server-side encryption with flaws KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.

 


Correct Answer: D

Question 43

A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance.
Which option would provide this information with the LEAST administrative overhead?

A. Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring.

B. List any instances with failed system status checks using the flaws Management Console.

C. Monitor flaws CloudTrail for StopInstances API calls.

D. Review the flaws Personal Health Dashboard.

 


Correct Answer: D

Question 44

A company has a private Amazon S3 bucket that contains sensitive information. A SysOps administrator needs to keep logs of the IP addresses from authentication failures that result from attempts to access objects in the bucket. The logs must be stored so that they cannot be overwritten or deleted for 90 days.
Which solution will meet these requirements?

A. Create an flaws CloudTrail trail. Configure the log files to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.

B. Create an flaws CloudTrail trail. Configure the log files to be saved to a different S3 bucket. Turn on CloudTrail log file integrity validation for 90 days.

C. Turn on access logging for the S3 bucket. Configure the access logs to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.

D. Turn on access logging for the S3 bucket. Configure the access logs to be saved in a second S3 bucket. Turn on S3 Object Lock on the second S3 bucket, and configure a default retention period of 90 days.

 


Correct Answer: D

Question 45

A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes. The EBS volumes are attached to Amazon EC2 Linux instances. A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%.
Which combination of steps must the SysOps administrator take to meet these requirements? (Choose three.)

A. Create an IAM role that includes the CloudWatchAgentServerPolicy flaws managed policy. Attach the role to the instances.

B. Create an IAM role that includes the CloudWatchApplicationInsightsReadOnlyAccess flaws managed policy. Attach the role to the instances.

C. Install and start the CloudWatch agent by using flaws Systems Manager or the command line.

D. Install and start the CloudWatch agent by using an IAM role. Attach the CloudWatchAgentServerPolicy flaws managed policy to the role.

E. Configure a CloudWatch alarm to enter ALARM state when the disk_used_percent CloudWatch metric is greater than 80%.

F. Configure a CloudWatch alarm to enter ALARM state when the disk_used CloudWatch metric is greater than 80% or when the disk_free CloudWatch metric is less than 20%.

 


Correct Answer: ACD

Question 46

A company wants to track its flaws costs in all member accounts that are part of an organization in flaws Organizations. Managers of the member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM permissions for all users are correct.
What could be the cause of this issue?

A. The management/payer account does not have billing alerts turned on.

B. The company has not configured flaws Resource Access Manager (flaws RAM) to share billing information between the member accounts and the management/payer account.

C. Amazon GuardDuty is turned on for all the accounts.

D. The company has not configured an flaws Config rule to monitor billing.

 


Correct Answer: A

Question 47

A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2 instances in eu-central-1 are unable to connect to the database in us-east-1.
What is the MOST operationally efficient solution that will resolve this connectivity issue?

A. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.

B. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.

C. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.

D. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.

 


Correct Answer: A

Question 48

A SysOps administrator needs to provision a new fleet of Amazon EC2 Spot Instances in an Amazon EC2 Auto Scaling group. The Auto Scaling group will use a wide range of instance types. The configured fleet must come from pools that have the most availability for the number of instances that are launched.
Which solution will meet these requirements?

A. Launch the Spot Instances up to the maximum capacity of the Auto Scaling group.

B. Launch the Spot Instances by using the diversified strategy.

C. Launch the Spot Instances by using the capacity optimized strategy.

D. Use the Spot Instance advisor to help determine the best Spot allocation strategy.

 


Correct Answer: C

Question 49

A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the appropriate permissions for flaws Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager.
What must the SysOps administrator do to fix this issue?

A. Ensure that all the EC2 instances have the correct tags for Systems Manager access.

B. Configure flaws Identity and Access Management Access Analyzer to determine and automatically remediate the issue.

C. Ensure that all the EC2 instances have an instance profile with Systems Manager access.

D. Configure Systems Manager to use an interface VPC endpoint.

 


Correct Answer: D

Question 50

A company's SysOps administrator maintains a highly available environment. The environment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.
Recently, the company conducted a failover test. The SysOps administrator needs to decrease the failover time of the RDS database by at least 10%.
Which solution will meet this requirement?

A. Increase the RDS instance size.

B. Modify the RDS cluster to run in a single Availability Zone.

C. Create a read replica in another flaws Region. Promote the read replica in case of failure.

D. Create an RDS proxy. Point the application to the proxy endpoint.

 


Correct Answer: D

Free Access Full SOA-C02 Practice Exam Free

Looking for additional practice? Click here to access a full set of SOA-C02 practice exam free questions and continue building your skills across all exam domains.

Our question sets are updated regularly to ensure they stay aligned with the latest exam objectives—so be sure to visit often!

Good luck with your SOA-C02 certification journey!

Share18Tweet11
Previous Post

SOA-C01 Practice Exam Free

Next Post

SSCP Practice Exam Free

Next Post

SSCP Practice Exam Free

SY0-501 Practice Exam Free

SY0-601 Practice Exam Free

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Network+ Practice Test

Comptia Security+ Practice Test

A+ Certification Practice Test

Aws Cloud Practitioner Exam Questions

Aws Cloud Practitioner Practice Exam

Comptia A+ Practice Test

  • About
  • DMCA
  • Privacy & Policy
  • Contact

PracticeTestFree.com materials do not contain actual questions and answers from Cisco's Certification Exams. PracticeTestFree.com doesn't offer Real Microsoft Exam Questions. PracticeTestFree.com doesn't offer Real Amazon Exam Questions.

  • Login
  • Sign Up
No Result
View All Result
  • Quesions
    • Cisco
    • AWS
    • Microsoft
    • CompTIA
    • Google
    • ISACA
    • ECCouncil
    • F5
    • GIAC
    • ISC
    • Juniper
    • LPI
    • Oracle
    • Palo Alto Networks
    • PMI
    • RedHat
    • Salesforce
    • VMware
  • Courses
    • CCNA
    • ENCOR
    • VMware vSphere
  • Certificates

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.