Amazon Web Services passcert soa-c02 Based On Real Exam Environment by Orin q183 vce pdf

Page: 8 / 18

Exam Name:	AWS Certified SysOps Administrator - Associate (SOA-C02)
Exam Code:	SOA-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	485 Q&A's	Shared By:	orin

Question 32

The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.

Options:

"kms:ReEncrypt", "kms:GenerateDataKey*", "kms:Encrypt", "kms:DescribeKey"

"kms:ListAliases", "kms:GetKeyPolicy", "kms:Describe*", "kms:Decrypt"

"kms:ListAliases", "kms:DescribeKey", "kms:Decrypt"

"kms:Update*", "kms:TagResource", "kms:Revoke*", "kms:Put*", "kms:List*", "kms:Get*", "kms:Enable*", "kms:Disable*", "kms:Describe*", "kms:Delete*", "kms:Create*", "kms:CancelKeyDeletion"

Discussion

Question 33

A compliance learn requites all administrator passwords for Amazon RDS DB instances to be changed at least annually.

Which solution meets this requirement in the MOST operationally efficient manner?

Options:

Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.

Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.

Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Discussion

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel Sep 21, 2024

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Elise

I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?

Cian Sep 26, 2024

Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.

Syeda

I passed, Thank you Cramkey for your precious Dumps.

Stella Aug 25, 2024

That's great. I think I'll give Cramkey Dumps a try.

Joey

I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Dexter Aug 7, 2024

Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.

Wyatt

Passed my exam… Thank you so much for your excellent Exam Dumps.

Arjun Sep 18, 2024

That sounds really useful. I'll definitely check it out.

Question 34

A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available

Which action should the SysOps administrator take to meet this requirement?

Options:

Reduce the scaling thresholds so that instances are added before traffic increases

Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group

Update the Auto Scaling group to launch instances that have a storage optimized instance type

Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software

Discussion

Question 35

A company has an AWS Config rule that identifies open SSH ports in security groups. The rule has an automatic remediation action to delete the SSH inbound rule for noncompliant security groups. However, business units require SSH access and can provide a list of trusted IPs to restrict access.

Options:

Create a new AWS Systems Manager Automation runbook that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

Create a new AWS Systems Manager Automation runbook that updates the security group’s inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

Create an AWS Lambda function that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

Create an AWS Lambda function that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.