最新的Amazon SOA-C01免費考試真題

問題1

Development teams are maintaining several workloads on AWS. Company management is concerned about rising costs and wants the SysOps Administrator to configure alerts so teams are notified when spending approaches preset limits.
Which AWS service will satisfy these requirements?

A. AWS Budgets

B. AWS Trusted Advisor

C. AWS Cost and Usage report

D. AWS Cost Explorer

正確答案: B

問題2

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.
Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)

A. Attach a NAT gateway to the VPC and configure routing

B. Configure a VPN connection back to the corporate office.

C. Configure an Application Load Balancer in front of the EC2 instances

D. Attach an internet gateway to the VPC and configure routing

E. Attach a virtual private gateway to the VPC and configure routing

正確答案: B,E

問題3

An application is running on an Amazon EC2 instance. A SysOps Administrator is tasked with allowing the application access to an Amazon S3 bucket.
What should be done to ensure optimal security?

A. Create and assign an IAM role tor Amazon S3 access to the EC2 instance.

B. Create an IAM user and create a script to inject the credentials on boot

C. Embed an AWS credential file for an IAM user inside the Amazon Machine Image (AMI)

D. Apply an S3 bucket policy to allow access from all EC2 instances

正確答案: D

問題4

A SysOps Administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the Internet.
Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

A. Add an entry to the route table for the subnet that points to an internet gateway

B. Attach a private address to the elastic network interface on the EC2 instance

C. Create an internet gateway and attach it to a VPC

D. Add a NAT gateway to a public subnet

E. Attach an Elastic IP address to the internet gateway

正確答案: A,C

問題5

A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

A. Implement IAM policies to allow only the Storage team to create S3 buckets.

B. Add AWS CloudTrail logging for the S3 buckets.

C. Add the AWS Config managed rule S3_BUCKET_LOGGING_ENABLED.

D. Create an AWS Lambda function to delete the S3 buckets if logging is not turned on.

正確答案: C

問題6

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?

A. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket

B. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits al S3 actions on the bucket to the VPC endpoint as the source

C. Create a VPC endpoint for the S3 bucket and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source

D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway

正確答案: C

問題7

A Systems Administrator is responsible for maintaining custom, approved AMIs for a company. These AMIs must be shared with each of the company's AWS accounts.
How can the Administrator address this issue?

A. Share the AMIs with each AWS account using the console or CLI.

B. Modify the permissions on the AMIs so that they are publicly accessible.

C. Modify the permissions on the IAM role that are associated with the AMI.

D. Contact AWS Support for sharing AMIs with other AWS accounts.

正確答案: A

問題8

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

A. Set up MFA Delete on all the S3 buckets to prevent the buckets from being ddeleted.

B. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

C. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

D. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

正確答案: C

問題9

A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals spikes in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A SysOps administrator is tasked with finding the process ID (PID) of the service or process that is consuming more CPU.
How can the administrator accomplish this with the LEAST amount of effort?

A. Use the default Amazon CloudWatch CPU utilization metric to capture the PID in the CloudWatch dashboard.

B. Configure the procstat plugin to collect and send CPU metrics for the running processes.

C. Log in to the EC2 Linux instance using a .pern key each night and then run the top command

D. Configure an AWS Lambda function in Python 3.7 to run every minute to capture the PID and send a notification.

正確答案: A

問題10

A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?

A. Configure a Simple Network Management Protocol (SNMP) agent to forward events to CloudWatch.

B. Configure AWS Config to forward events to CloudWatch.

C. Install and configure the unified CloudWatch agent.

D. Install and configure the Amazon Inspector agent.

正確答案: C

問題11

Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.
How can this be accomplished?

A. Send Cost and Usage Reports files to a central Amazon S3 bucket and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.

B. Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.

C. Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

D. Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.

正確答案: C

問題12

A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?

A. Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.

B. Create one public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers.

C. Create one public subnet for the Application Load Balancer, one public subnet for the servers, and private subnet for the database servers.

D. Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.

正確答案: B

問題13

A company is concerned about a security vulnerability impacting its Linux operating system.
What should the SysOps Administrator do to alleviate this concern?

A. Provide an AWS Trusted Advisor report showing which Amazon EC2 instances have been patched.

B. Patch the Linux operating system using AWS Systems Manager.

C. Patch the vulnerability with Amazon Inspector.

D. Redeploy the Amazon EC2 instances using AWS CloudFormation.

正確答案: B

問題14

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instance in an Auto Scaling group that terminates unhealthy instances. The Auto Scaling group is configured to determine the health status of EC2 instances using both EC2 status checks and ALB checks. The Development team wants to analyze the unhealthy instances before termination.
What should the SysOps Administrator do to accomplish this?

A. Configure an AWS Lambda function to take a snapshot of all instance before they are terminated.

B. Implement Amazon CloudWatch Events to capture lifecycle events and trigger an AWS Lambda function for remediation.

C. Configure the ALB health check to restart instances instead of terminating them.

D. Use an Amazon EC2 Auto Scaling lifecycle hook to pause instance termination after the instance has been removed from service.

正確答案: D

問題15

A company is operating a multi-account environment under a single organization using AWS Organizations. The Security team discovers that some employees are using AWS services in ways that violate company policies. A SysOps Administrator needs to prevent all users of an account, including the root user, from performing certain restricted actions.
What should be done to accomplish this?

A. Apply service control policies (SCPs) to allow approved actions only

B. Define permissions boundaries to prevent restricted actions

C. Apply service control policies (SCPs) to prevent restricted actions

D. Define permissions boundaries to allow approved actions only

正確答案: C

最新的Amazon AWS Certified SysOps Administrator - Associate - SOA-C01免費考試真題

聯系我們

站內鏈接

最新更新