What Actual SOA-C01 Preparation Exams Is

NEW QUESTION 1
A company's customers are reporting increased latency while accessing static web contact from Amazon S3. A SysOps Administrator a very high rate of read operations on a particular S3 bucket. What will minimize latency by reducing lead on the S3 bucket?

• A. Migrate the S3 bucket to a region that is end users; geographic locations.
• B. Use cross-region replication to replicate all the data to another region
• C. Create an Amazon Cloud Front distribution with the bucket as the origin.
• D. Use Amazon ElastiCache to cache data being server from Amazon S3

Answer: C

Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within
a developer-friendly environment. CloudFront is integrated with AWS ?V both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers?? users and to customize the user experience. You can get started with the Content Delivery Network in minutes, using the same AWS tools that you're already familiar with: APIs, AWS Management Console, AWS CloudFormation, CLIs, and SDKs. Amazon's CDN offers a simple, pay-as-you-go pricing model with no upfront fees or required long-term contracts, and support for the CDN is included in your existing AWS Support subscription.

NEW QUESTION 2
A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

• A. Destination: 0.0.0.0/0 and Target: i-a12345
• B. Destination: 20.0.0.0/0 and Target: 80
• C. Destination: 20.0.0.0/0 and Target: i-a12345
• D. Destination: 20.0.0.0/24 and Target: i-a12345

Answer: A

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets. The main route table will have
the entry ??Destination: 0.0.0.0/0 and Target: ia12345??, which allows all the instances in the private subnet to connect to the internet using NAT.

NEW QUESTION 3
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?

• A. Data will be deleted and win no longer be accessible
• B. Data is automatically saved in an EBS volume.
• C. Data is automatically saved as an EBS snapshot
• D. Data is unavailable until the instance is restarted

Answer: A

Explanation:
See: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store- lifetime
However, data in the instance store is lost under the following circumstances:
?V The underlying disk drive fails
?V The instance stops
?V The instance terminates

NEW QUESTION 4
A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification?

• A. Email JSON
• B. HTTP
• C. AWS SQS
• D. AWS SES

Answer: D

Explanation:
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can select one the following transports as part of the subscription requests: ??HTTP??, ??HTTPS??,??Email??, ??Email-JSON??, ??SQS??, ??and SMS??.

NEW QUESTION 5
A user is planning to set up the Multi AZ feature of RDS. Which of the below mentioned conditions won't take advantage of the Multi AZ feature?

• A. Availability zone outage
• B. A manual failover of the DB instance using Reboot with failover option
• C. Region outage
• D. When the user changes the DB instance??s server type

Answer: C

Explanation:
Amazon RDS when enabled with Multi AZ will handle failovers automatically. Thus, the user can resume database operations as quickly as possible without administrative intervention. The primary DB instance switches over automatically to the standby replica if any of the following conditions occur:
An Availability Zone outage The primary DB instance fails
The DB instance's server type is changed
The DB instance is undergoing software patching
A manual failover of the DB instance was initiated using Reboot with failover

NEW QUESTION 6
A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?

• A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false
• B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring
• C. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true
• D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group

Answer: D

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates the AutoScaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. When the user has created a launch configuration with InstanceMonitoring.Enabled = false it will involve multiple steps to enable detail monitoring. The steps are:
Create a new Launch config with detailed monitoring enabled Update the Auto Scaling group with a new launch config Enable detail monitoring on each EC2 instance

NEW QUESTION 7
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user??s data centre. The user??s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

• A. Destination: 20.0.1.0/24 and Target: i-12345
• B. Destination: 0.0.0.0/0 and Target: i-12345
• C. Destination: 172.28.0.0/12 and Target: vgw-12345
• D. Destination: 20.0.0.0/16 and Target: local

Answer: A

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization??s DC will be routed to the VPN gateway.
Here are the valid entries for the main route table in this scenario:
Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance.
Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization??s data centre traffic to the VPN gateway.
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 8
A user has launched an EC2 instance store backed instance in the US-East-1a zone. The user created AMI #1 and copied it to the Europe region. After that, the user made a few updates to the application running in the US-East-1a zone. The user makes an AMI#2 after the changes. If the user launches a new instance in Europe from the AMI #1 copy, which of the below mentioned statements is true?

• A. The new instance will have the changes made after the AMI copy as AWS just copies the reference of the original AMI during the copyin
• B. Thus, the copied AMI will have all the updated data
• C. The new instance will have the changes made after the AMI copy since AWS keeps updating the AMI
• D. It is not possible to copy the instance store backed AMI from one region to another
• E. The new instance in the EU region will not have the changes made after the AMI copy

Answer: D

Explanation:
Within EC2, when the user copies an AMI, the new AMI is fully independent of the source AMI; there is no link to the original (source. AMI. The user can modify the source AMI without affecting the new AMI and vice a versa. Therefore, in this case even if the source AMI is modified, the copied AMI of the EU region will not have the changes. Thus, after copy the user needs to copy the new source AMI to the destination region to get those changes.

NEW QUESTION 9
A Syslog Administrator is troubleshooting an Amazon EC2 server and discovers a bottleneck in reading and writing data to the attached Amazon EBS block storage volume. The instance is a larger and the EBS is io1 with 1,000 IOPS provisioned initially, the Administrator increase the provisioned IOPS to 2,000, but performance does not improve.
What should the Administrator do next?

• A. Change the instance type to a t2 large.
• B. Change the volume to gp2 and make it larger.
• C. Change the instance type to c4 xlarge.
• D. Change the volume to Amazon S3 and introduce random key prepending

Answer: D

NEW QUESTION 10
You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group. Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events?
Choose 3 answers

• A. Leverage CloudFront for the delivery of the articles.
• B. Add RDS read-replicas for the read traffic going to your relational database
• C. Leverage ElastiCache for caching the most frequently used data.
• D. Use SQS to queue up the requests for the technical posts and deliver them out of the queue.
• E. Use Route53 health checks to fail over to an S3 bucket for an error page.

Answer: ABC

Explanation:
The questions mention RDS so an answer that includes that as part of the solution makes sense. Also, Route53 does nothing to alleviate pressure on the infrastructure, it??s for failover. E is counterproductive. It talks about failing over to an error page on S3.

NEW QUESTION 11
A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below mentioned AWS services will help in this scenario?

• A. None because the user infrastructure is in the private cloud
• B. AWS SNS
• C. AWS SES
• D. AWS SMS

Answer: B

Explanation:
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can be used to make push notifications to mobile devices. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service
(SQS. queues or to any HTTP endpoint. In this case user can use the SNS apis to send SMS.

NEW QUESTION 12
A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?

• A. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday
• B. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
• C. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM
• D. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM

Answer: B

Explanation:
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. In this case the load increases by Thursday and decreases by Friday. Thus, the user can setup the scaling activity based on the predictable traffic patterns of the web application using Auto Scaling scale by Schedule.
http://docs.aws.amazon.com/cli/latest/reference/opsworks/set-time-based-auto-scaling.html

NEW QUESTION 13
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned security policies is supported by ELB?

• A. Dynamic Security Policy
• B. All the other options
• C. Predefined Security Policy
• D. Default Security Policy

Answer: C

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. ELB supports two policies:
Predefined Security Policy, which comes with predefined cipher and SSL protocols; Custom Security Policy, which allows the user to configure a policy.

NEW QUESTION 14
How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

• A. Simply create a new volume in the other AZ and specify the original volume as the source.
• B. Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.
• C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
• D. Detach the volume and attach it to another EC2 instance in the other AZ.

Answer: C

Explanation:
Snapshots can be used to create multiple new EBS volumes, expand the size of a volume, or move volumes across Availability Zones.
See: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

NEW QUESTION 15
A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?

• A. SAML-based Identity Federation
• B. Cross-Account Access
• C. AWS Identity and Access Management roles
• D. Web Identity Federation

Answer: D

NEW QUESTION 16
You have established a virtual private cloud (VPC) peering relationship between VPC 1 and VPC 2. VPC 1 has routes to VPC 2, yet hosts in VPC 1 cannot connect to hosts in VPC 2. Which of the following is possible cause?

• A. Security groups to VPC2 are blocking the traffic
• B. The network access control list applied to VPC2 denies by default
• C. The subnet route table in VPC 2 does not have routes to VPC 1
• D. The VPCs have not been attached to virtual private gateway

Answer: B

NEW QUESTION 17
An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it?

• A. AWS S3
• B. AWS Glacier
• C. AWS RDS
• D. AWS RRS

Answer: D

Explanation:
Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy Storage and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files. Reduced Redundancy is little cheaper as it provides less durability in comparison to S3. In this case since the log files are not mission critical files, RRS will be a better option.

NEW QUESTION 18
An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance's security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?

• A. The outbound security group needs to be modified to allow outbound traffic.
• B. The outbound network ACL needs to be modified to allow outbound traffic.
• C. Nothing, it can be accessed from any IP address using SSH.
• D. Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.

Answer: B

Explanation:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

NEW QUESTION 19
You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS.
Which option will provide the most scalable solution for communicating between the application and SQS?

• A. Ensure the application instances are properly configured with an Elastic Load Balancer
• B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
• C. Ensure the application instances are launched in public subnets with the associate-public-IP- address=true option enabled
• D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Answer: D

Explanation:
The question is about most ??scalable solution for communicating?? for SQS that is parallel processing of SQS messages.
See also:
?V https://aws.amazon.com/articles/1464
?Vhttp://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/throughput.html

NEW QUESTION 20
Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to accomplish this. First you created a stack and added an App Server layer with an instance running in it. Next you added an application to the instance, and now you need to deploy a MySQL RDS database instance.
Which of the following answers accurately describe how to add a backend database server to an OpsWorks stack? Choose 3 answers

• A. Add a new database layer and then add recipes to the deploy actions of the database and App Server layers.
• B. Use OpsWorks' "Clone Stack" feature to create a second RDS stack in another Availability Zone for redundancy in the event of a failure in the Primary A
• C. To switch to the secondary RDS instance, set the [:database] attributes to values that are appropriate for your server which you can do by using custom JSON.
• D. The variables that characterize the RDS database connection?Xhost, user, and so on?Xare set using the corresponding values from the deploy JSON's [:deploy][:app_name][:database] attributes.
• E. Cookbook attributes are stored in a repository, so OpsWorks requires that the "password": "your_password" attribute for the RDS instance must be encrypted using at least a 256-bit key.
• F. Set up the connection between the app server and the RDS layer by using a custom recip
• G. The recipe configures the app server as required, typically by creating a configuration fil
• H. The recipe gets the connection data such as the host and database name from a set of attributes in the stack configuration and deployment JSON that AWS OpsWorks installs on every instance.

Answer: BCE

NEW QUESTION 21
A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?

• A. The application does not have enough IO for the volume
• B. The instance is EBS optimized
• C. The EC2 instance has 10 Gigabit Network connectivity
• D. The volume size is too large

Answer: D

Explanation:
When the application does not experience the expected IOPS or throughput of the PIOPS EBS volume that was provisioned, the possible root cause could be that the EC2 bandwidth is the limiting factor and the instance might not be either EBS-optimized or might not have 10 Gigabit network connectivity. Another possible cause for not experiencing the expected IOPS could also be that the user is not driving enough I/O to the EBS volumes. The size of the volume may not affect IOPS.

NEW QUESTION 22
A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user??s datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization??s proxy policy. How can the user make this happen?

• A. Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
• B. Setting up a proxy policy in the internet gateway connected with the public subnet
• C. It is not possible to setup the proxy policy for a public subnet
• D. Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

Answer: D

Explanation:
The user can create subnets within a VPC. If the user wants to connect to VPC from his own data centre, he can setup public and VPN only subnets which uses hardware VPN access to connect with his data centre. When the user has configured this setup, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. By default, the internet traffic of the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet is routed through the internet gateway. The user can set up the route and security group rules. These rules enable the traffic to come from the organization??s network over the virtual private gateway to the public subnet to allow proxy settings on that public subnet.

NEW QUESTION 23
A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using the custom namespace. Which of the below mentioned options is recommended for this activity?

• A. Aggregate the data with statistics, such as Min, max, Average, Sum and Sample data and send the data to CloudWatch
• B. Send all the data values to CloudWatch in a single command by separating them with a comm
• C. CloudWatch will parse automatically
• D. Create one csv file of all the data and send a single file to CloudWatch
• E. It is not possible to send all the data in one cal
• F. Thus, it should be sent one by on
• G. CloudWatch willaggregate the data automatically

Answer: A

Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put- metric-data. It is recommended that when the user is having multiple data points per minute, he should aggregate the data so that it will minimize the number of calls to put-metric-data. In this case
it will be single call to CloudWatch instead of 1000 calls if the data is aggregated.

NEW QUESTION 24
......