amazon AWS Certified SysOps Administrator (SOA-C01) exam practice questions

Questions for the AWS CERTIFIED SYSOPS ADMINISTRATOR SOA C01 were updated on : Apr 10 ,2024

Page 1 out of 63. Viewing questions 1-15 out of 932

Question 1

You are designing a system that has a Bastion host. This component needs to be highly available without human
intervention. Which of the following approaches would you select?

  • A. Run the bastion on two instances one in each AZ
  • B. Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure
  • C. Configure the bastion instance in an Auto Scaling group. Specify the Auto Scaling group to include multiple AZs but have a min-size of 1 and max-size of 1
  • D. Configure an ELB in front of the bastion instance
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that
instances of the same subnet communicate with each other. How can the user configure this with the security group?

  • A. There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
  • B. Configure the subnet as the source in the security group and allow traffic on all the protocols and ports
  • C. Configure the security group itself as the source and allow traffic on all the protocols and ports
  • D. The user has to use VPC peering to configure this
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the users AWS account. AWS provides two features that the
user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If
the user is using the default security group, it will have a rule which allows the instances to communicate with other. For a
new security group, the user has to specify the rule, add it to define the source as the security group itself, and select all the
protocols and ports for that source.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

A database running on Amazon EC2 requires sustained IOPS performance.
Which kind of Amazon EBS volume should an Administrator choose for this solution?

  • A. Cloud HDD
  • B. General Purpose SSD
  • C. Provisioned IOPS SSD
  • D. Throughput Optimized HDD
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto
Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles
and responses to them in general there are more views of an article than there are responses to the article. On occasion, an
article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events?
(Choose three.)

  • A. Leverage CloudFront for the delivery of the articles.
  • B. Add RDS read-replicas for the read traffic going to your relational database
  • C. Leverage ElastiCache for caching the most frequently used data.
  • D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue.
  • E. Use Route53 health checks to fail over to an S3 bucket for an error page.
Answer:

A B C

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 5

A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully
deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at
the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection.
Which of the following may be causes of the connectivity problems? (Choose two.)

  • A. The security group for the database does not have the appropriate egress rule from the database to the web server.
  • B. The certificate used by the web server is not trusted by the RDS instance.
  • C. The security group for the database does not have the appropriate ingress rule from the web server to the database.
  • D. The database is still being created and is not available for connectivity.
Answer:

A C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?

  • A. Data is partially present in the instance store.
  • B. Data persists in the instance store.
  • C. Data is deleted from the instance store for security reasons.
  • D. Data in the instance store will be lost.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
The data in an instance store persists only during the lifetime of its associated instance. If an in-stance reboots (intentionally
or unintentionally), data in the instance store persists. However, data on instance store volumes is lost under the following
circumstances.
Failure of an underlying drive
The instance is stopped Terminating an instance Reference:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/InstanceStorage.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

A SysOps Administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that
has open access permissions. While discussing the issue the bucket owner, the Administrator realizes the S3 bucket is an
origin for an Amazon CloudFront web distribution.
Which action should the Administrator take to ensure that users access objects in Amazon S3 by using only CloudFront
URLs?

  • A. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
  • B. Create an origin access identity and grant it permissions to read objects in the S3 bucket
  • C. Assign an IAM user to the CoudFront distribution and whitelist the IAM user in the S3 bucket policy
  • D. Assign an IAM role to the CloudFront distribution and whitelist the IAM role in the S3 bucket policy
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-
s3.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

A developer created a new application that uses Spot Fleet for a variety of instance families across multiple Availability
Zones.
What should the developer do to ensure that the Spot Fleet is configured for cost optimization?

  • A. Deploy a capacityOptimized allocation strategy for provisioning Spot Instances.
  • B. Ensure instance capacity by specifying the desired target capacity and how much of that capacity must be On-Demand.
  • C. Use the lowestPrice allocation strategy with InstancePoolsToUseCount in the Spot Fleet request.
  • D. Launch instances up to the Spot Fleet target capacity or the maximum acceptable payment amount.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI
from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

  • A. AWS account ID
  • B. X.509 certificate and private key
  • C. AWS login ID to login to the console
  • D. Access key and secret access key
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an
AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the
following credentials:
AWS account ID;
AWS access and secret access key; X.509 certificate with private key.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

A company hosts its website on Amazon ECF2 instances behind an ELB Application Load Balancer. The company manages
its DNS with Amazon Route 53, and wants to point its domains zone apex to the website.
Which type of record should be used to meet these requirements?

  • A. An AAA record for the domain’s zone apex
  • B. An A record for the domain’s zone apex
  • C. A CNAME record for the domain’s zone apex
  • D. An alias record for the domain’s zone apex
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://aws.amazon.com/route53/faqs/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However,
access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC,
the Administrator is unable to connect to any of the domains that reside on the internet.
What additional route destination rule should the Administrator add to the route tables?

  • A. Route ::/0 traffic to a NAT gateway
  • B. Route ::/0 traffic to an internet gateway
  • C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
  • D. Route ::/0 traffic to an egress-only internet gateway
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

What does Amazon RDS stand for?

  • A. Amazon Regional Data Server
  • B. Amazon Regional Database Service
  • C. Amazon Relative Data Service
  • D. Amazon Relational Database Service
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Amazon RDS stands for Relational Database Service, which offers easy to scale and manage rela-tional databases on the
Cloud.
It provides cost-efficient and resizable capacity while managing time-consuming database admin-istration tasks, freeing you
up to focus on your applications and business. Amazon RDS provides you six familiar database engines to choose from,
including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. Reference:
http://aws.amazon.com/rds/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below mentioned
statements helps the user understand ELB traffic handling with respect to the SSL listener?

  • A. It is not possible to have the SSL listener both at ELB and back-end instances
  • B. ELB will modify headers to add requestor details
  • C. ELB will intercept the request to add the cookie details if sticky session is enabled
  • D. ELB will not modify the headers
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer (SSL. for both front-end and
back-end connections of the Elastic Load Balancer, the load balancer forwards the request to the back-end instances without
modifying the request headers unless the proxy header is enabled. SSL does not support sticky sessions. If the user has
enabled a proxy protocol it adds the source and destination IP to the header.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and started it
back after 20 days. AWS throws up an InsufficientInstanceCapacity error. What can be the possible reason for this?

  • A. AWS does not have sufficient capacity in that availability zone
  • B. AWS zone mapping is changed for that user account
  • C. There is some issue with the host capacity on which the instance is launched
  • D. The user account has reached the maximum EC2 instance limit
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
When the user gets an InsufficientInstanceCapacity error while launching or starting an EC2 instance, it means that AWS
does not currently have enough available capacity to service the user request. If the user is requesting a large number of
instances, there might not be enough server capacity to host them. The user can either try again later, by specifying a
smaller number of instances or changing the availability zone if launching a fresh instance.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic
Load balancing. Which of the below mentioned statements will help the user understand this functionality better?

  • A. ELB sends data to CloudWatch every minute only and does not charge the user
  • B. ELB will send data every minute and will charge the user extra
  • C. ELB is not supported by CloudWatch
  • D. It is not possible to setup detailed monitoring for ELB
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the
supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in
detailed monitoring a service sends data points to CloudWatch every minute. Elastic Load Balancing includes 10 metrics and
2 dimensions, and sends data to CloudWatch every minute. This does not cost extra.

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2