SOA-C01 Online Practice Questions and Answers

What is a placement group?

A. A collection of Auto Scaling groups in the same Region

B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections

C. A collection of Elastic Load Balancers in the same Region or Availability Zone

D. A collection of authorized Cloud Front edge locations for a distribution

A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?

A. In the CloudWatch dashboard the user should set the local time zone so that CloudWatch shows the data only in the local time zone

B. In the CloudWatch console select the local time zone under the Time Range tab to view the data as per the local timezone

C. The CloudWatch data is always in UTC; the user has to manually convert the data

D. The user should have send the local time zone while uploading the data so that CloudWatch will show the data only in the local time zone

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp)?

A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp)

B. Allow Inbound on port 3306 from source 20.0.0.0/16

C. Allow Outbound on port 3306 for Destination Web Server Security Group (WebSecGrp)

D. Allow Outbound on port 80 for Destination NAT Instance IP

A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

A. Destination: 0.0.0.0/0 and Target: i-a12345

B. Destination: 20.0.0.0/0 and Target: 80

C. Destination: 20.0.0.0/0 and Target: i-a12345

D. Destination: 20.0.0.0/24 and Target: i-a12345

A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using the custom namespace. Which of the below mentioned options is recommended for this activity?

A. Aggregate the data with statistics, such as Min, max, Average, Sum and Sample data and send the data to CloudWatch

B. Send all the data values to CloudWatch in a single command by separating them with a comma. CloudWatch will parse automatically

C. Create one csv file of all the data and send a single file to CloudWatch

D. It is not possible to send all the data in one call. Thus, it should be sent one by one. CloudWatch will aggregate the data automatically

What does Amazon VPC stand for?

A. Amazon Virtual Private Cloud

B. Amazon Variable Power Cluster

C. Amazon Virtual Private Computer

D. Amazon Virtual Public Cloud

A user has configured ELB with Auto Scaling. The user temporarily suspended the Auto Scaling terminate process. What might the Availability Zone Rebalancing process (AZRebalance) conse-quently cause during this period?

A. Auto Scaling will keep launching instances in all AZs until the maximum instance number is reached.

B. AZ Rebalancing might now allow Auto Scaling to launch or terminate any instances.

C. AZ Rebalancing might allow the number instances in an Availability Zone to remain higher than the maximum size

D. It is not possible to suspend the terminate process while keeping the launch active.

Which of the following Identity and Access Management (IAM) policy keys of AWS Direct Con-nect is used for date/time conditions?

A. aws:CurrentTime

B. aws:UserAgent

C. aws:SourceIp

D. aws:SecureTransport

A Systems Administrator is responsible for maintaining custom, approved AMIs for a company. These AMIs must be shared with each of the company's AWS accounts.

How can the Administrator address this issue?

A. Contact AWS Support for sharing AMIs with other AWS accounts.

B. Modify the permissions on the AMIs so that they are publicly accessible.

C. Modify the permissions on the IAM role that are associated with the AMI.

D. Share the AMIs with each AWS account using the console or CLI.

After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.

What should the SysOps Administrator analyze?

A. VPC Flow Logs

B. Elastic Load Balancing logs

C. Amazon CloudFront logs

D. Amazon RDS MySQL error logs

An Amazon EC2 instance is unable to connect an SMTP server in a different subnet. Other instances are successfully communicating with the SMTP server, however VPC Flow Logs have been enabled on the SMTP server's network interface and show the following information:

2 223342798652 eni-abe77dab 10.1.1.200 10.100.1.10 1123 25 17 70 48252 1515534437 1515535037 REJECT OK

What can be done to correct this problem?

A. Add the instance to the security group for the SMTP server and ensure that is permitted to communicate over TCP port 25.

B. Disable the iptables service on the SMTP server so that the instance can properly communicate over the network.

C. Install an email client on the instance to ensure that it communicates correctly on TCP port 25 to the SMTP server.

D. Add a rule to the security group for the instance to explicitly permit TCP port 25 outbound to any address.

An organization would like to set up an option for its Developers to receive an email whenever production Amazon EC2 instances are running over 80% CPU utilization.

How can this be accomplished using an Amazon CloudWatch alarm?

A. Configure the alarm to send emails to subscribers using Amazon SES.

B. Configure the alarm to send emails to subscribers using Amazon SNS.

C. Configure the alarm to send emails to subscribers using Amazon Inspector.

D. Configure the alarm to send emails to subscribers using Amazon Cognito.

An Amazon EC2 instance in a private subnet needs to copy data to an Amazon S3 bucket. For security reasons, the connection from the EC2 instance to Amazon S3 must not traverse across the Internet.

What action should the SysOps Administrator take to accomplish this?

A. Create a NAT instance and route traffic destined to Amazon S3 through it.

B. Create a VPN connection between the EC2 instance and Amazon S3.

C. Create an S3 VPC endpoint in the VPC where the EC2 instance resides.

D. Use AWS Direct Connect to maximize throughput and keep the traffic private.

A SysOps Administrator must remove public IP addresses from all Amazon EC2 instances to prevent exposure to the internet. However, many corporate applications running on those EC2 instances need to access Amazon S3 buckets. The Administrator is tasked with allowing the EC2 instances to continue to access the S3 buckets.

Which solutions can be used? (Choose two.)

A. Deploy a NAT gateway, and configure the route tables accordingly in the VPC where the EC2 instances are running.

B. Modify the network ACLs with private IP addresses in the routes to connect to Amazon S3.

C. Modify the security groups on the EC2 instances with private IP addresses in the routes to connect to Amazon S3.

D. Set up AWS Direct Connect, and configure a virtual interface between the EC2 instances and the S3 buckets.

E. Set up a VPC endpoint in the VPC where the EC2 instances are running, and configure the route tables accordingly.

A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified. How can a sysops administrator achieve this is with the LEAST amount of operational overhead?

A. Store AWS CloudTrail logs in Amazon S3 in each account Create a new account to store compliance data and replicate the objects into the newly created account

B. Store AWS CloudTrail logs in Amazon S3 in each account. Create an 1AM user with read-only access to the CloudTrail logs

C. From the master account create an organization trail using AWS CloudTrail and apply it to all Regions Use 1AM roles to restrict access.

D. Use an AWS CloudFormation stack set to create an AWS CloudTrail trail in every account and restrict permissions to modify the logs