Amazon Web Services certsexpert download Full Version Soa-c02 Exam by Michal q61 vce pdf

Page: 11 / 17

Exam Name:	AWS Certified SysOps Administrator - Associate (SOA-C02)
Exam Code:	SOA-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	460 Q&A's	Shared By:	michal

Question 44

A company has developed a service that is deployed on a fleet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving the underlying cause of the service failure could take several weeks.

A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances.

Which solutions will meet this requirement? (Select TWO.)

Options:

Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails.

Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes.

Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunSheIIScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes.

Update the EC2 user data that is specified in the Auto Scaling group's launch template to include a script that runs on a cron schedule every 5 minutes.

Update the EC2 user data that is specified in the Auto Scaling group's launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template.

Discussion

Answer:

A, C

Explanation:

The requirement is to automate recovery if the service crashes on any of the EC2 instances.

Option A: Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails . This is a valid solution because the CloudWatch agent can be configured to monitor the service and take action (restart the service) if the health check fails .

Option C: Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes678. This is a valid solution because AWS Systems Manager State Manager can be used to maintain a consistent state of the EC2 instances. It can run a script to check if the service is running and start the service if it’s not running678.

Option B: Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes . This is not a valid solution because AWS Lambda functions are not designed to log in to EC2 instances and restart services. They are used for running serverless applications.

Option D: Update the EC2 user data that is specified in the Auto Scaling group’s launch template to include a script that runs on a cron schedule every 5 minutes131415. This is not a valid solution because user data scripts are run only during the launch of an EC2 instance. They are not designed to run on a schedule.

Option E: Update the EC2 user data that is specified in the Auto Scaling group’s launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template131416. This is not a valid solution because while user data can be used to ensure that the service runs during startup, it does not provide a solution for when the service crashes after the EC2 instance has started.

Question 45

A company has a compliance requirement that no security groups can allow SSH ports to be open to all IP addresses. A SysOps administrator must implement a solution that will notify the company's SysOps team when a security group rule violates this requirement. The solution also must remediate the security group rule automatically.

Which solution will meet these requirements?

Options:

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a security group changes. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on all ports, and notify the SysOps team if the security group is noncompliant.

Create an AWS CloudTrail metric filter for security group changes. Create an Amazon CloudWatch alarm to notify the SysOps team through an Amazon Simple Notification Service (Amazon SNS) topic when (he metric is greater than 0. Subscribe an AWS Lambda function to the SNS topic to remediate the security group rule by removing the rule.

Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to the AWS Config rule by using the AWS Systems Manager Automation AWS-

DisablePublicAccessForSecurityGroup runbook. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.

Create an AWS CloudTrail metric filter for security group changes. Create an Amazon CloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manager action to the CloudWatch alarm to suspend the security group by using the Systems Manager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarm is in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as a second target to notify the

Discussion

Nia

Why are these Dumps so important for students these days?

Mary Oct 9, 2024

With the constantly changing technology and advancements in the industry, it's important for students to have access to accurate and valid study material. Cramkey Dumps provide just that. They are constantly updated to reflect the latest changes and ensure that the information is up-to-date.

Neve

Will I be able to achieve success after using these dumps?

Rohan Oct 24, 2024

Absolutely. It's a great way to increase your chances of success.

Ernest

That's amazing. I think I'm going to give Cramkey Dumps a try for my next exam. Thanks for telling me about them! CramKey admin please share more questions……You guys are amazing.

Nate Sep 15, 2024

I failed last week, I never know this site , but amazed to see all these questions were in my exam week before. I feel bad now, why I didn’t bother this site. Thanks Cramkey, Excellent Job.

Ace

No problem! I highly recommend Cramkey Dumps to anyone looking to pass their certification exams. They will help you feel confident and prepared on exam day. Good luck!

Harris Oct 31, 2024

That sounds amazing. I'll definitely check them out. Thanks for the recommendation!

River

Hey, I used Cramkey Dumps to prepare for my recent exam and I passed it.

Lewis Sep 11, 2024

Yeah, I used these dumps too. And I have to say, I was really impressed with the results.

Question 46

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.

Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

Options:

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.

Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.

Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Discussion

Question 47

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but

the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets.

How should a SysOps administrator configure the VPC to meet these requirements?

Options:

Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.

Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.

Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.