Amazon Web Services examstopics aws Certified Associate Soa-c02 Reddit Questions by Romilly q61 vce pdf

Page: 7 / 19

Exam Name:	AWS Certified SysOps Administrator - Associate (SOA-C02)
Exam Code:	SOA-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	528 Q&A's	Shared By:	romilly

Question 28

A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users across the globe.

Which solution will meet these requirements?

Options:

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct CloudFront distribution based on where the request originates.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon Route 53 to create an alias record that points to the CloudFront distribution.

Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create an alias record that points to the ALB.

Create an Application Load Balancer (ALB) and a target group in two Regions. Create an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in each target group. Store the website content on the EC2 instances. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy to route traffic to the correct ALB based on where the request originates.

Discussion

Question 29

A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization.

The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether they comply with this requirement.

Which combination of steps should the SysOps administrator take to collect this data? {Select TWO).

Options:

Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.

Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket

Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the s3-bucket-public-read-prohibited rule for the entire organization.

Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.

Use the AWS Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.

Discussion

Question 30

Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.

To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:

What is the reason for the rejected traffic?

Options:

The security group of the EC2 instances has no Allow rule for the traffic from the NLB.

The security group of the NLB has no Allow rule for the traffic from the on-premises environment.

The ACL of the on-premises environment does not allow traffic to the AWS environment.

The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.

Discussion

Marley

Hey, I heard the good news. I passed the certification exam!

Jaxson Oct 5, 2024

Yes, I passed too! And I have to say, I couldn't have done it without Cramkey Dumps.

Rosalie

I passed. I would like to tell all students that they should definitely give Cramkey Dumps a try.

Maja Aug 30, 2024

That sounds great. I'll definitely check them out. Thanks for the suggestion!

Nadia

Why these dumps are important? Can I pass my exam without these dumps?

Julian Oct 22, 2024

The questions in the Cramkey dumps are explained in detail and there are also study notes and reference materials provided. This made it easier for me to understand the concepts and retain the information better.

Inaaya

Are these Dumps worth buying?

Fraser Oct 9, 2024

Yes, of course, they are necessary to pass the exam. They give you an insight into the types of questions that could come up and help you prepare effectively.

Ilyas

Definitely. I felt much more confident and prepared because of the Cramkey Dumps. I was able to answer most of the questions with ease and I think that helped me to score well on the exam.

Saoirse Sep 25, 2024

That's amazing. I'm glad you found something that worked for you. Maybe I should try them out for my next exam.

Question 31

A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.

Which solution will meet this requirement?

Options:

Configure Amazon Cognito to detect any compromised 1AM credentials.

Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.

Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.

Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.