Amazon Web Services surepassexam free Soa-c02 Questions Attempt by Reeva q31 vce pdf

Page: 19 / 19

Amazon Web Services SOA-C02 Exam Overview :

Exam Name:	AWS Certified SysOps Administrator - Associate (SOA-C02)
Exam Code:	SOA-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	528 Q&A's	Shared By:	reeva

Question 76

A global company operates out of five AWS Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instances.

The company requires the output to display the instance ID and tags.

What is the MOST operationally efficient way for the SysOps administrator to meet these requirements?

Options:

Create a tag-based resource group in AWS Resource Groups.

Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.

Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.

Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resource type of AWS::EC2::Instance.

Discussion

Question 77

A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and RDP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.

Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an 1AM group that has Session Manager permission for all instances.

What should a SysOps administrator do to resolve this issue?

Options:

Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.

Assign the AmazonSSMManagedlnstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.

Configure the SSM Agent to log in with a user name of "ubuntu".

Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.

Discussion

Josie

I just passed my certification exam using their dumps and I must say, I was thoroughly impressed.

Fatimah Oct 24, 2024

You’re right. The dumps were authentic and covered all the important topics. I felt confident going into the exam and it paid off.

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel Sep 21, 2024

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Hassan

Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.

Kasper Oct 20, 2024

Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.

Aryan

Absolutely rocked! They are an excellent investment for anyone who wants to pass the exam on the first try. They save you time and effort by providing a comprehensive overview of the exam content, and they give you a competitive edge by giving you access to the latest information. So, I definitely recommend them to new students.

Jessie Sep 28, 2024

did you use PDF or Engine? Which one is most useful?

Ella-Rose

Amazing website with excellent Dumps. I passed my exam and secured excellent marks!!!

Alisha Aug 17, 2024

Extremely accurate. They constantly update their materials with the latest exam questions and answers, so you can be confident that what you're studying is up-to-date.

Question 78

An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted These objects must be encrypted, and all future objects must be encrypted at the time they are written

Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO )

Options:

Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place

Edit the properties of the S3 bucket to enable default server-side encryption

Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with encryption enabled

Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS"

Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found

Discussion

Question 79

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon FC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified

Which solution will meet this requirement?

Options:

Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance

Use VPC flow logs with Amazon Athena to block traffic to the external IP address

Create a network ACL Add an outbound deny rule tor traffic to the external IP address

Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC