A Review Of Certified SOA-C01 Sample Question

NEW QUESTION 1
A user is planning to scale up an application by 8 AM and scale down by 7 PM daily using Auto Scaling. What should the user do in this case?

• A. Setup the scaling policy to scale up and down based on the CloudWatch alarms
• B. The user should increase the desired capacity at 8 AM and decrease it by 7 PM manually
• C. The user should setup a batch process which launches the EC2 instance at a specific time
• D. Setup scheduled actions to scale up or down at a specific time

Answer: A

Explanation:
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. To configure the Auto Scaling group to scale based on a schedule, the user needs to create scheduled actions. A scheduled action tells Auto Scaling to perform a scaling action at a
certain time in the future.

NEW QUESTION 2
A sys admin is trying to understand EBS snapshots. Which of the below mentioned statements will not be useful to the admin to understand the concepts about a snapshot?

• A. The snapshot is synchronous
• B. It is recommended to stop the instance before taking a snapshot for consistent data
• C. The snapshot is incremental
• D. The snapshot captures the data that has been written to the hard disk when the snapshot command was executed

Answer: A

Explanation:
The AWS snapshot is a point in time backup of an EBS volume. When the snapshot command is executed it will capture the current state of the data that is written on the drive and take a backup. For a better and consistent snapshot of the root EBS volume, AWS recommends stopping the instance. For additional volumes it is recommended to unmount the device. The snapshots are asynchronous and incremental.

NEW QUESTION 3
An Amazon EC2 instance is unable to connect to an SMTP server in a different subnet. Other instances are successfully communication with the SMTP servers, however Flow Logs have been enabled on the SMTP server's network interface and show the following information

• A. Add the instance to the security group for the SMTP server and ensure that it is permitted to communicate over TCP port 25.
• B. Disable the iptables server on the SMTP server so that the instance can properly communicate over the network.
• C. Install an email on the instance to ensure that it communicates correctly on TCP port 25 to theSMTP server.
• D. Add a rule to the security group for the instance to explicit permit TCP port 25 outbound to any address.

Answer: D

NEW QUESTION 4
A SysOps Administrator management a fleet of instance store-backed Amazon Linux EC2 instances. The SSH key used to access these instances has been lost. How can SSH access be restored?

• A. Contact AWS Support lo retrieve a backup of the SSH key after authentication
• B. Create a new SSH key slop the EC2 instances apply the new key, and restart the EC2 instances
• C. Create a new SSH key and apply the new key to the running EC2 instances
• D. Launch a new fleet of EC2 instances wilt a newly created SSH key

Answer: A

Explanation:
Resolution
Warning: Do not perform this procedure if your EC2 instance is an instance store-backed instance. This recovery procedure requires a stop and start of your instance, which means that data on instance store volumes will be lost. For more information, see Determining the Root Device Type of Your Instance.
To recover access to your Linux instance using AWS Systems Manager (SSM) automation, run the AWSSupport-ResetAccess Automation automation document. For more information, see Reset Passwords and SSH Keys on Amazon EC2 Instances.
Or, to manually recover access to your Linux instance, create a new key pair to replace the lost key pair. For more information, see Connecting to Your Linux Instance If You Lose Your Private Key.

NEW QUESTION 5
An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as ??InstanceName/HR??, ??CostCenter/HR??. What will AWS do in this case?

• A. InstanceName is a reserved tag for AW
• B. Thus, AWS will not allow this tag
• C. AWS will not allow the tags as the value is the same for different keys
• D. AWS will allow tags but will not show correctly in the cost allocation report due to the same value ofthe two separate keys
• E. AWS will allow both the tags and show properly in the cost distribution report

Answer: D

Explanation:
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. It is required that the key should be different for each tag. The value can be the same for different keys. In this case since the value is different, AWS will properly show the distribution report with the correct values.

NEW QUESTION 6
Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users? Choose 2 answers

• A. Configure multi-factor authentication for privileged 1AM users
• B. Create 1AM users for privileged accounts
• C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service
• D. Enable the 1AM single-use password policy option for privileged users

Answer: AB

Explanation:
See also: http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Enable MFA for privileged users
For extra security, enable multifactor authentication (MFA) for privileged IAM users (users who are allowed access to sensitive resources or APIs). With MFA, users have a device that generates a unique authentication code (a one-time password, or OTP) and users must provide both their normal credentials (like their user name and password) and the OTP. The MFA device can either be a special piece of hardware, or it can be a virtual device (for example, it can run in an app on a smartphone).

NEW QUESTION 7
A SysOps Administrator must monitor a fleet of Amazon EC2 Linux instance with the constraint that no agent be installed. The SysOps administrator Chooses Amazon CloudWatch as the monitoring tool.
Which metrics can be measured given the constraints? (Select THREE.)

• A. CPU Utilization
• B. Disk Read Operations
• C. Memory Utilization
• D. Network Packets in
• E. Network Packets Dropped
• F. CPU Ready Time

Answer: ABD

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html

NEW QUESTION 8
A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?

• A. Change the Disable button for notification to ??Yes?? in the RDS console
• B. Set the send mail flag to false in the DB event notification console
• C. The only option is to delete the notification from the console
• D. Change the Enable button for notification to ??No?? in the RDS console

Answer: D

Explanation:
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event notifications are sent to the addresses that the user has provided while creating the subscription. The user can easily turn off the notification without deleting a subscription by setting the Enabled radio button to No in the Amazon RDS console or by setting the Enabled parameter to false using the CLI or Amazon RDS API.

NEW QUESTION 9
A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group. Which of the below mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?

• A. GroupTotalInstances
• B. GroupSumInstances
• C. It is not possible to get a count of all the three metrics togethe
• D. The user has to find the individual number of running, terminating and pending instances and sum it
• E. GroupInstancesCount

Answer: A

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. For Auto Scaling, CloudWatch provides various metrics to get the group information, such as the Number of Pending, Running or Terminating instances at any moment. If the user wants to get the total number of Running, Pending and Terminating instances at any moment, he can use the GroupTotalInstances metric.

NEW QUESTION 10
A user is launching an instance. He is on the ??Tag the instance?? screen. Which of the below mentioned information will not help the user understand the functionality of an AWS tag?

• A. Each tag will have a key and value
• B. The user can apply tags to the S3 bucket
• C. The maximum value of the tag key length is 64 Unicode characters
• D. AWS tags are used to find the cost distribution of various resources

Answer: C

Explanation:
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. The maximum size of a tag key is 128 Unicode characters.

NEW QUESTION 11
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?

• A. TLS 1.3
• B. TLS 1.2
• C. SSL 2.0
• D. SSL 3.0

Answer: A

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. Elastic Load Balancing supports the following versions of the SSL protocol:
TLS 1.2
TLS 1.1
TLS 1.0
SSL 3.0
SSL 2.0

NEW QUESTION 12
Amazon EBS snapshots have which of the following two characteristics? Choose 2 answers

• A. EBS snapshots only save incremental changes from snapshot to snapshot
• B. EBS snapshots can be created in real-time without stopping an EC2 instance
• C. EBS snapshots can only be restored to an EBS volume of the same size or smaller
• D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume

Answer: AB

NEW QUESTION 13
Which of the following are characteristics of Amazon VPC subnets? Choose 2 answers

• A. Each subnet maps to a single Availability Zone
• B. A CIDR block mask of /25 is the smallest range supported
• C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.
• D. By default, all subnets can route between each other, whether they are private or public
• E. Each subnet spans at least 2 Availability zones to provide a high-availability environment

Answer: AD

Explanation:
You can create a VPC that spans multiple Availability Zones. For more information, see Creating a VPC. After creating a VPC, you can add one or more subnets in each Availability Zone. Each subnet must reside entirely within one Availability Zone and cannot span zones. Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location. AWS assigns a unique ID to each subnet.
?V B is wrong: /28 is the smallest
?V C is wrong: private subnet should go via NAT (EIP only in public subnet)
?V E is wrong: subnet can only map to ONE AZ (not span multiple)

NEW QUESTION 14
After a particularly high bill, an organization wants to review the use of AWS services.
What AWS service will allow the SysOps Administrator to quickly view this information to shared it, and will also forest expenses for the billing period?

• A. AWS Trusted Advisor
• B. Amazon QuickSight
• C. AWS Cost and Usage Report
• D. AWS Cost Explorer

Answer: C

NEW QUESTION 15
A user has launched 5 instances in EC2-CLASSIC and attached 5 elastic IPs to the five different
instances in the US East region. The user is creating a VPC in the same region. The user wants to assign an elastic IP to the VPC instance. How can the user achieve this?

• A. The user has to request AWS to increase the number of elastic IPs associated with the account
• B. AWS allows 10 EC2 Classic IPs per region; so it will allow to allocate new Elastic IPs to the same region
• C. The AWS will not allow to create a new elastic IP in VPC; it will throw an error
• D. The user can allocate a new IP address in VPC as it has a different limit than EC2

Answer: D

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. A user can have 5 IP addresses per region with EC2 Classic. The user can have 5 separate IPs with VPC in the same region as it has a separate limit than EC2 Classic.

NEW QUESTION 16
You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database.
Which configuration will allow you to securely serve private content to your users?

• A. Generate pre-signed URLs for each user as they request access to protected S3 content
• B. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user
• C. Create an S3 bucket policy that limits access to your private content to only your subscribed users' credentials
• D. Create a CloudFront Origin Identity user for your subscribed users and assign the GetObject permission to this user

Answer: D

Explanation:
Reference:
https://java.awsblog.com/post/Tx1VE22EWFR4H86/Accessing-Private-Content-in-Amazon- CloudFront

NEW QUESTION 17
A user is planning to use AWS CloudFormation. Which of the below mentioned functionalities does not help him to correctly understand CloudFormation?

• A. CloudFormation follows the DevOps model for the creation of Dev & Test
• B. AWS CloudFormation does not charge the user for its service but only charges for the AWS resources created with it.
• C. CloudFormation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, ELB, etc.
• D. CloudFormation provides a set of application bootstrapping scripts which enables the user to install Software.

Answer: A

Explanation:
AWS CloudFormation is an application management tool which provides application modelling, deployment, configuration, management and related activities. It supports a wide variety of AWS services, such as EC2, EBS, AS, ELB, RDS, VPC, etc. It also provides application bootstrapping scripts which enable the user to install software packages or create folders. It is free of the cost and only charges the user for the services created with it. The only challenge is that it does not follow any model, such as DevOps; instead customers can define templates and use them to provision and manage the AWS resources in an orderly way.

NEW QUESTION 18
A Sysops Administrator Amazon EC2 instance in two different VPS in private subnets to be able communication. A peering connection between the two VPCs has been created using the AWS Management Console and shows a status of active. The instance are still to send traffic to each other. Why are the EC2 instance unable to communicate?

• A. One or both of the VPCs do not have an internet gateway attached.
• B. The route tables are not been updated.
• C. The peering connection has not been properly tagged.
• D. One or both of the instances do not have an Elastic IP address assigned.

Answer: C

Explanation:
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html

NEW QUESTION 19
A user has launched an EC2 Windows instance from an instance store backed AMI. The user has also set the Instance initiated shutdown behavior to stop. What will happen when the user shuts down the OS?

• A. It will not allow the user to shutdown the OS when the shutdown behaviour is set to Stop
• B. It is not possible to set the termination behaviour to Stop for an Instance store backed AMI instance
• C. The instance will stay running but the OS will be shutdown
• D. The instance will be terminated

Answer: B

Explanation:
When the EC2 instance is launched from an instance store backed AMI, it will not allow the user to configure the shutdown behaviour to ??Stop??. It gives a warning that the instance does not have the EBS root volume.

NEW QUESTION 20
A user is configuring the Multi AZ feature of an RDS DB. The user came to know that this RDS DB does not use the AWS technology, but uses server mirroring to achieve H

• A. Which DB is the user using right now?
• B. My SQL
• C. Oracle
• D. MS SQL
• E. PostgreSQL

Answer: C

Explanation:
Amazon RDS provides high availability and failover support for DB instances using Multi AZ deployments. In a Multi AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. Multi AZ deployments for Oracle, PostgreSQL, and MySQL DB instances use Amazon technology, while SQL Server (MS SQL. DB instances use SQL Server Mirroring.

NEW QUESTION 21
A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the status of the alarms on the EBS volume?

• A. OK
• B. Insufficient Data
• C. Alarm
• D. The EBS cannot be detached until all the alarms are removed

Answer: B

Explanation:
Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and
inactive the state will be Insufficient.

NEW QUESTION 22
A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?

• A. The user cannot delete the VPC since the subnet is not deleted
• B. All network interface attached with the instances will be deleted
• C. When the user launches a new instance it cannot use the same subnet
• D. The subnet to which the instances were launched with will be deleted

Answer: B

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. When the user terminates the instance all the network interfaces attached with it are also deleted.

NEW QUESTION 23
A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL. negotiation configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?

• A. SSL Protocols
• B. Client Order Preference
• C. SSL Ciphers
• D. Server Order Preference

Answer: B

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. A security policy is a combination of SSL Protocols, SSL Ciphers, and the Server Order Preference option.

NEW QUESTION 24
......