Questions for the AWS CERTIFIED SYSOPS ADMINISTRATOR SOA C01 were updated on : Jul 20 ,2024
You are designing a system that has a Bastion host. This component needs to be highly available without human
intervention. Which of the following approaches would you select?
C
A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that
instances of the same subnet communicate with each other. How can the user configure this with the security group?
C
Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the users AWS account. AWS provides two features that the
user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If
the user is using the default security group, it will have a rule which allows the instances to communicate with other. For a
new security group, the user has to specify the rule, add it to define the source as the security group itself, and select all the
protocols and ports for that source.
A database running on Amazon EC2 requires sustained IOPS performance.
Which kind of Amazon EBS volume should an Administrator choose for this solution?
C
Explanation:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto
Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles
and responses to them in general there are more views of an article than there are responses to the article. On occasion, an
article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events?
(Choose three.)
A B C
A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully
deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at
the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection.
Which of the following may be causes of the connectivity problems? (Choose two.)
A C
In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?
B
Explanation:
The data in an instance store persists only during the lifetime of its associated instance. If an in-stance reboots (intentionally
or unintentionally), data in the instance store persists. However, data on instance store volumes is lost under the following
circumstances.
Failure of an underlying drive
The instance is stopped Terminating an instance Reference:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/InstanceStorage.html
A SysOps Administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that
has open access permissions. While discussing the issue the bucket owner, the Administrator realizes the S3 bucket is an
origin for an Amazon CloudFront web distribution.
Which action should the Administrator take to ensure that users access objects in Amazon S3 by using only CloudFront
URLs?
B
Explanation:
Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-
s3.html
A developer created a new application that uses Spot Fleet for a variety of instance families across multiple Availability
Zones.
What should the developer do to ensure that the Spot Fleet is configured for cost optimization?
B
A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI
from the running instance. Which of the below mentioned credentials is not required while creating the AMI?
C
Explanation:
When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an
AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the
following credentials:
AWS account ID;
AWS access and secret access key; X.509 certificate with private key.
A company hosts its website on Amazon ECF2 instances behind an ELB Application Load Balancer. The company manages
its DNS with Amazon Route 53, and wants to point its domains zone apex to the website.
Which type of record should be used to meet these requirements?
B
Explanation:
Reference: https://aws.amazon.com/route53/faqs/
A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However,
access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC,
the Administrator is unable to connect to any of the domains that reside on the internet.
What additional route destination rule should the Administrator add to the route tables?
D
What does Amazon RDS stand for?
D
Explanation:
Amazon RDS stands for Relational Database Service, which offers easy to scale and manage rela-tional databases on the
Cloud.
It provides cost-efficient and resizable capacity while managing time-consuming database admin-istration tasks, freeing you
up to focus on your applications and business. Amazon RDS provides you six familiar database engines to choose from,
including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. Reference:
http://aws.amazon.com/rds/
A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below mentioned
statements helps the user understand ELB traffic handling with respect to the SSL listener?
D
Explanation:
When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer (SSL. for both front-end and
back-end connections of the Elastic Load Balancer, the load balancer forwards the request to the back-end instances without
modifying the request headers unless the proxy header is enabled. SSL does not support sticky sessions. If the user has
enabled a proxy protocol it adds the source and destination IP to the header.
A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and started it
back after 20 days. AWS throws up an InsufficientInstanceCapacity error. What can be the possible reason for this?
A
Explanation:
When the user gets an InsufficientInstanceCapacity error while launching or starting an EC2 instance, it means that AWS
does not currently have enough available capacity to service the user request. If the user is requesting a large number of
instances, there might not be enough server capacity to host them. The user can either try again later, by specifying a
smaller number of instances or changing the availability zone if launching a fresh instance.
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic
Load balancing. Which of the below mentioned statements will help the user understand this functionality better?
A
Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the
supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in
detailed monitoring a service sends data points to CloudWatch every minute. Elastic Load Balancing includes 10 metrics and
2 dimensions, and sends data to CloudWatch every minute. This does not cost extra.