Amazon Web Services passcert soa-c02 Based On Real Exam Environment by Orin q183 vce pdf

Page: 8 / 18

Exam Name:	AWS Certified SysOps Administrator - Associate (SOA-C02)
Exam Code:	SOA-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	485 Q&A's	Shared By:	orin

Question 32

The SysOps administrator needs to complete the KMS key policy for least privilege read access for the DataEngineer role to decrypt S3 objects encrypted with a KMS key.

Options:

"kms:ReEncrypt", "kms:GenerateDataKey*", "kms:Encrypt", "kms:DescribeKey"

"kms:ListAliases", "kms:GetKeyPolicy", "kms:Describe*", "kms:Decrypt"

"kms:ListAliases", "kms:DescribeKey", "kms:Decrypt"

"kms:Update*", "kms:TagResource", "kms:Revoke*", "kms:Put*", "kms:List*", "kms:Get*", "kms:Enable*", "kms:Disable*", "kms:Describe*", "kms:Delete*", "kms:Create*", "kms:CancelKeyDeletion"

Discussion

Question 33

A compliance learn requites all administrator passwords for Amazon RDS DB instances to be changed at least annually.

Which solution meets this requirement in the MOST operationally efficient manner?

Options:

Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.

Store the database credentials as a parameter In the RDS parameter group. Create a database trigger to rotate the password every 365 days.

Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Discussion

Question 34

A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available

Which action should the SysOps administrator take to meet this requirement?

Options:

Reduce the scaling thresholds so that instances are added before traffic increases

Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group

Update the Auto Scaling group to launch instances that have a storage optimized instance type

Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software

Discussion

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd Oct 22, 2024

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

River

Hey, I used Cramkey Dumps to prepare for my recent exam and I passed it.

Lewis Sep 11, 2024

Yeah, I used these dumps too. And I have to say, I was really impressed with the results.

Rae

I tried using Cramkey dumps for my recent certification exam and I found them to be more accurate and up-to-date compared to other dumps I've seen. Passed the exam with wonderful score.

Rayyan Sep 14, 2024

I see your point. Thanks for sharing your thoughts. I might give it a try for my next certification exam.

Yusra

I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.

Alisha Aug 29, 2024

I recently used their dumps for the certification exam I took and I have to say, I was really impressed.

Question 35

A company has an AWS Config rule that identifies open SSH ports in security groups. The rule has an automatic remediation action to delete the SSH inbound rule for noncompliant security groups. However, business units require SSH access and can provide a list of trusted IPs to restrict access.

Options:

Create a new AWS Systems Manager Automation runbook that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

Create a new AWS Systems Manager Automation runbook that updates the security group’s inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

Create an AWS Lambda function that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

Create an AWS Lambda function that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.