AWS Certified Associate

Pass Guarantee SOA-C01 Exam By Taking New SOA-C01 VCE And PDF Braindumps

Attention please! Here is the shortcut to pass your SOA-C01 exam! Get yourself well prepared for the AWS Certified Associate SOA-C01 AWS Certified SysOps Administrator – Associate (SOA-C01) exam is really a hard job. But don’t worry! We We, provides the most update SOA-C01 real exam questions. With We latest SOA-C01 actual tests, you’ll pass the AWS Certified Associate SOA-C01 AWS Certified SysOps Administrator – Associate (SOA-C01) exam in an easy way

Visit our site to get more SOA-C01 Q and As:https://www.itexamfun.com/AWS-SysOps.html (958 QAs Dumps)
Question 1:

When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit? (Choose three.)

A. Gather evidence of your IT operational controls

B. Request and obtain applicable third-party audited AWS compliance reports and certifications

C. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review

D. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system\’s Instances and endpoints

E. Schedule meetings with AWS\’s third-party auditors to provide evidence of AWS compliance that maps to your control objectives

Correct Answer: ABD


Question 2:

You have started a new job and are reviewing your company\’s infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (andB) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances in Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?

A. Set the ELB to only be attached to another AZ

B. Make sure Auto Scaling is configured to launch in both AZs

C. Make sure your AMI is available in both AZs

D. Make sure the maximum size of the Auto Scaling Group is greater than 4

Correct Answer: B


Question 3:

You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?

A. Ensure the application instances are properly configured with an Elastic Load Balancer

B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled

C. Ensure the application instances are launched in public subnets with the associate-public-IPaddress=true option enabled

D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Correct Answer: D

Explanation:

Bandwidth literally means network not IO Bandwidth. Having alerts to scale the Autoscaling is most

sophisticated option.


Question 4:

When attached to an Amazon VPC, which two components provide connectivity with external networks? (Choose two.)

A. Elastic IPS (EIP)

B. NAT Gateway (NAT)

C. Internet Gateway {IGW)

D. Virtual Private Gateway (VGW)

Correct Answer: CD


Question 5:

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well. Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks. Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.

What should you do to avoid potential service disruptions during the ramp up in traffic?

A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches

B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.

C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign

D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

Correct Answer: D

Explanation:

Amazon ELB is able to handle the vast majority of use cases for our customers without requiring “prewarming” (configuring the load balancer to have the appropriate level of capacity based on

expected traffic).

Reference:

https://aws.amazon.com/articles/1636185810492479#pre-warming


Question 6:

An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets (each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public subnets. The application s web tier leverages the ELB. Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential single points ft failure in this design. What step should you take to achieve this organization\’s objective?

A. Nothing, there are no single points of failure in this architecture.

B. Create and attach a second IGW to provide redundant internet connectivity.

C. Create and configure a second Elastic Load Balancer to provide a redundant load balancer.

D. Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

Correct Answer: A

You need multiple ELB if you want HA across regions.

“AWS Load Balancer –Cross Network

Many times it happens that after setting up your ELB, you experience significant drops in your

performance. The best way to handle this situation is to start with identifying whether your ELB is single AZ

or multiple AZ, as single AZ ELB is also considered as one of the Single Points of Failures on AWS Cloud.

Once you identify your ELB, it is necessary to make sure ELB loads are kept cross regions.”

Reference:

Eliminating Single Points of Failures on AWS Cloud


Question 7:

Which of the following are characteristics of Amazon VPC subnets? (Choose two.)

A. Each subnet maps to a single Availability Zone

B. A CIDR block mask of /25 is the smallest range supported

C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.

D. By default, all subnets can route between each other, whether they are private or public

E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment

Correct Answer: AD

“Each subnet must reside entirely within one Availability Zone and cannot span zones.”

“Every subnet that you create is automatically associated with the main route table for the VPC.”

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html


Question 8:

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request?

A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role

B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data

C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group

D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Correct Answer: A

Explanation: Creates an IAM role is always the best practice to give permissions to EC2 instances in order to interact with other AWS services


Question 9:

An application that you are managing has EC2 instances and Dynamo OB tables deployed to several AWS Regions in order to monitor the performance of the application globally, you would like to see two graphs:

1) Avg CPU Utilization across all EC2 instances 2) Number of Throttled Requests for all DynamoDB tables.

How can you accomplish this?

A. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs

B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline and store it for graphing in CloudWatch.

C. Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphing.

D. Add a CloudWatch agent to each instance and attach one to each DynamoDB table. When configuring the agent set the appropriate application name and view the graphs in CloudWatch.

Correct Answer: B

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tools.CLI.html


Question 10:

You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80. Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW\’EIP. NACLs etc) are properly configured {and you haven\’t made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows “impaired.” Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?

A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the “impaired” system status

B. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the \’impaired” system status

C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the “impaired” system status.

D. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the “impaired” system status

E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working properly, causing the “impaired” system status

Correct Answer: A


Question 11:

What is a placement group?

A. A collection of Auto Scaling groups in the same Region

B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections

C. A collection of Elastic Load Balancers in the same Region or Availability Zone

D. A collection of authorized Cloud Front edge locations for a distribution

Correct Answer: B


Question 12:

Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application. Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else? If so how?

A. No, two instances in two different AZ\’s can\’t talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundaries

B. Yes, both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP

C. Yes, the security group for the monitoring instance needs to allow outbound ICMP and the application instance\’s security group needs to allow Inbound ICMP

D. Yes, both the monitoring instance\’s security group and the application instance\’s security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol

Correct Answer: C

Explanation:

Even though ICMP is not a connection-oriented protocol, Security Groups are stateful. “Security groups

are stateful — responses to allowed inbound traffic are allowed to flow outbound

regardless of outbound rules, and vice versa”.

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html


Question 13:

You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast. How can you best resolve the issue of the application responses not meeting your SLA?

A. Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer

B. Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table

C. Cache the database responses in ElastiCache for more rapid access

D. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

Correct Answer: A

Explanation:

DynamoDB is automatically available across three facilities in an AWS Region. So moving in to a same AZ

is not possible / necessary.

In this case the DB layer is not the issue, the EC2 8xlarge is the issue; so add another one with a ELB in-

front of it.

See also: https://aws.amazon.com/dynamodb/faqs/


Question 14:

You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? (Choose two.)

A. Create an ELB to reroute traffic to a failover instance

B. Create a secondary ENI that can be moved to a failover instance

C. Use Route53 health checks to fail traffic over to a failover instance

D. Assign a secondary private IP address to the primary ENIO that can be moved to a failover instance

Correct Answer: BD


Question 15:

Which of the following statements about this S3 bucket policy is true?

A. Denies the server with the IP address 192 168 100 0 full access to the “mybucket” bucket

B. Denies the server with the IP address 192 168 100 188 full access to the “mybucket” bucket

C. Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket

D. Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket” bucket

Correct Answer: B

http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html


Visit our site to get more SOA-C01 Q and As:https://www.itexamfun.com/AWS-SysOps.html (958 QAs Dumps)