FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 13: AWS Certified SysOps Administrator (SOA-C01)

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 291

Multiple Choice

Review LaterAdd Note

Review Later

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance. Which of the following are possible causes of this issue? (Choose two.)

A) A network ACL associated with the bastion's subnet is blocking the network traffic.
B) The instance does not have a private IP address.
C) The route table associated with the bastion's subnet does not have a route to the internet gateway.
D) The security group for the instance does not have an inbound rule on port 22.
E) The security group for the instance does not have an outbound rule on port 3389.

F) C) and D)
G) A) and B)

Correct Answer

verified

Show Answer

Question 292

Multiple Choice

Review LaterAdd Note

Review Later

An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances. After the change, traffic is not reaching the instances, and an error is being returned from the ALB. What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Choose two.)

A) Add the EC2 instances to the ALB target group, configure the health check, and ensure that the instances report healthy.
B) Add the EC2 instances to an Auto Scaling group, configure the health check to ensure that the instances report healthy, and remove the public IPs from the instances.
C) Create a new subnet in which EC2 instances and ALB will reside to ensure that they can communicate, and remove the public IPs from the instances.
D) Change the security group for the EC2 instances to allow access from only the ALB security group, and remove the public IPs from the instances.
E) Change the security group to allow access from 0.0.0.0/0, which permits access from the ALB.

F) A) and B)
G) B) and E)

Correct Answer

verified

Show Answer

Question 293

Multiple Choice

Review LaterAdd Note

How can you secure data at rest on an EBS volume?

Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?

A SysOps Administrator receives a connection timeout error when attempting to connect to an Amazon EC2 instance from a home network using SSH. The Administrator was able to connect to this EC2 instance using from their office network in the past. What caused the connection to time out?

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE . The Administrator identified and resolved the template issue causing the failure. How should the Administrator continue with the stack deployment?

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks. Which action will allow an Administrator to understand the impact of these changes before implementation?

A SysOps Administrator is responsible for maintaining an Amazon EC2 instance that acts as a bastion host. The Administrator can successfully connect to the instance using SSH, but attempts to ping the instance result in a timeout. What is one reason for the issue?

A SysOps Administrator stores crash dump files in Amazon S3. New security and privacy measures require that crash dumps older than 6 months be deleted. Which approach meets this requirement?

A storage admin wants to encrypt all the objects stored in S3 using server side encryption. The user does not want to use the AES 256 encryption key provided by S3. How can the user achieve this?

A company's customers are reporting increased latency while accessing static web content from Amazon S3. A SysOps Administrator observed a very high rate of read operations on a particular S3 bucket. What will minimize latency by reducing load on the S3 bucket?

A SysOps Administrator implemented the following bucket policy to allow only the corporate IP address range of 54.240.143.0/24 to access objects in an Amazon S3 bucket. Some employees are reporting that they are able to access the S3 bucket from IP addresses outside the corporate IP address range. How can the Administrator address this issue?

A SysOps administrator is implementing automated I/O load performance testing as part of the continuous integration/continuous delivery (CI/CD) process for an application. The application uses an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results. Which actions could the SysOps administrator take to accomplish this goal? (Choose two.)

A company's customers are reporting increased latency while accessing static web content from Amazon S3. A SysOps Administrator observed a very high rate of read operations on a particular S3 bucket. What will minimize latency by reducing load on the S3 bucket?

Which of the following requires a custom CloudWatch metric to monitor?

A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet (20.0.1.0/24. and a public subnet (20.0.0.0/24.. The user's data center has CIDR of 20.0.54.0/24 and 20.1.0.0/24. If the private subnet wants to communicate with the data center, what will happen?

A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster. Which remediation steps should be taken to resolve this issue? (Choose two.)

A Content Processing team has notified a SysOps Administrator that their content is sometimes taking a long time to process, whereas other times it processes quickly. The Content Processing submits messages to an Amazon Simple Queue Service (Amazon SQS) queue, which details the files that need to be processed. An Amazon EC2 instance polls the queue to determine which file to process next. How could the Administrator maintain a fast but cost-effective processing time?

A custom application must be installed on all Amazon EC2 instances. The application is small, updated frequently and can be installed automatically. How can the application be deployed on new EC2 instances?

A company has attached the following policy to an IAM user. Which of the following actions are allowed for the IAM user?