Winter Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: big60

Amazon Web Services Updated SOA-C02 Exam Questions and Answers by orin

Page: 8 / 18

Amazon Web Services SOA-C02 Exam Overview :

Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Exam Code: SOA-C02 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Associate
Questions: 485 Q&A's Shared By: orin
Question 32

The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.

Options:

Options:

A.

"kms:ReEncrypt", "kms:GenerateDataKey*", "kms:Encrypt", "kms:DescribeKey"

B.

"kms:ListAliases", "kms:GetKeyPolicy", "kms:Describe*", "kms:Decrypt"

C.

"kms:ListAliases", "kms:DescribeKey", "kms:Decrypt"

D.

"kms:Update*", "kms:TagResource", "kms:Revoke*", "kms:Put*", "kms:List*", "kms:Get*", "kms:Enable*", "kms:Disable*", "kms:Describe*", "kms:Delete*", "kms:Create*", "kms:CancelKeyDeletion"

Discussion
Question 33

A compliance learn requites all administrator passwords for Amazon RDS DB instances to be changed at least annually.

Which solution meets this requirement in the MOST operationally efficient manner?

Options:

A.

Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.

B.

Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.

C.

Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.

D.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Discussion
Victoria
Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.
Isabel Sep 21, 2024
Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.
Elise
I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?
Cian Sep 26, 2024
Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.
Syeda
I passed, Thank you Cramkey for your precious Dumps.
Stella Aug 25, 2024
That's great. I think I'll give Cramkey Dumps a try.
Joey
I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.
Dexter Aug 7, 2024
Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.
Wyatt
Passed my exam… Thank you so much for your excellent Exam Dumps.
Arjun Sep 18, 2024
That sounds really useful. I'll definitely check it out.
Question 34

A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available

Which action should the SysOps administrator take to meet this requirement?

Options:

A.

Reduce the scaling thresholds so that instances are added before traffic increases

B.

Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group

C.

Update the Auto Scaling group to launch instances that have a storage optimized instance type

D.

Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software

Discussion
Question 35

A company has an AWS Config rule that identifies open SSH ports in security groups. The rule has an automatic remediation action to delete the SSH inbound rule for noncompliant security groups. However, business units require SSH access and can provide a list of trusted IPs to restrict access.

Options:

Options:

A.

Create a new AWS Systems Manager Automation runbook that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

B.

Create a new AWS Systems Manager Automation runbook that updates the security group’s inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

C.

Create an AWS Lambda function that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

D.

Create an AWS Lambda function that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

Discussion
Page: 8 / 18
Title
Questions
Posted

SOA-C02
PDF

$42  $104.99

SOA-C02 Testing Engine

$50  $124.99

SOA-C02 PDF + Testing Engine

$66  $164.99