How Many Questions Of SOA-C01 Actual Exam

NEW QUESTION 1
A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group?

• A. There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
• B. Configure the subnet as the source in the security group and allow traffic on all the protocols and ports
• C. Configure the security group itself as the source and allow traffic on all the protocols and ports
• D. The user has to use VPC peering to configure this

Answer: C

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If the user is using the default security group it will have a rule which allows the instances to communicate with other. For a new security group the user has to specify the rule, add it to define the source as the security group itself, and select all the protocols and ports for that source.

NEW QUESTION 2
You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region.
Which configuration would achieve that goal?

• A. Route53 record sets with weighted routing policy
• B. Route53 record sets with latency based routing policy
• C. Auto Scaling with scheduled scaling actions set
• D. Elastic Load Balancing with health checks enabled

Answer: A

Explanation:
The question is asking ??a controlled portion of your traffic??, that would be established with weighted routing policy.
See: http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

NEW QUESTION 3
An organization has created a Queue named ??modularqueue?? with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?

• A. AWS SQS sends notification after 15 days for inactivity on queue
• B. AWS SQS can delete queue after 30 days without notification
• C. AWS SQS marks queue inactive after 30 days
• D. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks.

Answer: B

Explanation:
Amazon SQS can delete a queue without notification if one of the following actions hasn't been performed on it for 30 consecutive days: SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission.

NEW QUESTION 4
A .NET application that you manage is running in Elastic Beanstalk. Your developers tell you they will need access to application log files to debug issues that arise. The infrastructure will scale up and down.
How can you ensure the developers will be able to access only the log files?

• A. Access the log files directly from Elastic Beanstalk
• B. Enable log file rotation to S3 within the Elastic Beanstalk configuration
• C. Ask your developers to enable log file rotation in the applications web.config file
• D. Connect to each Instance launched by Elastic Beanstalk and create a Windows Scheduled task to rotate the log files to S3.

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.loggingS3.title.html

NEW QUESTION 5
An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are added to the same group cloudacademy. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?

• A. https://999988887777.signin.aws.amazon.com/console/
• B. https:// signin.aws.amazon.com/cloudacademy/
• C. https:// cloudacademy.signin.aws.amazon.com/999988887777/console/
• D. https:// 999988887777.aws.amazon.com/ cloudacademy/

Answer: A

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console. The console login URL for the IAM user will be https:// AWS_Account_ID.signin.aws.amazon.com/console/. It uses only the AWS account ID and does not depend on the group or user ID.

NEW QUESTION 6
You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?

• A. The user should create a separate IAM user for each employee and provide access to them as per the policy
• B. The user should create an IAM role and attach STS with the rol
• C. The user should attach that role to the EC2 instance and setup AWS authentication on that server
• D. The user should create IAM groups as per the organization??s departments and add each user to the group for better access control
• E. Attach an IAM role with the organization??s authentication service to authorize each user for various AWS services

Answer: D

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user is managing an AWS account for an organization that already has an identity system, such as the login system for the corporate network (SSO. In this case, instead of creating individual IAM users or groups for each user who need AWS access, it may be more practical to use a proxy server to translate the user identities from the organization network into the temporary AWS security credentials. This proxy server will attach an IAM role to the user after authentication.

NEW QUESTION 7
An AWS root account owner is trying to create a policy to access RDS. Which of the below mentioned statements is true with respect to the above information?

• A. Create a policy which allows the users to access RDS and apply it to the RDS instances
• B. The user cannot access the RDS database if he is not assigned the correct IAM policy
• C. The root account owner should create a policy for the IAM user and give him access to the RDS services
• D. The policy should be created for the user and provide access for RDS

Answer: C

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the account owner wants to create a policy for RDS, the owner has to create an IAM user and define the policy which entitles the IAM user with various RDS services such as Launch Instance, Manage security group, Manage parameter group etc.

NEW QUESTION 8
A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

• A. Destination : 20.0.0.0/24 and Target : VPC
• B. Destination : 20.0.0.0/16 and Target : ALL
• C. Destination : 20.0.0.0/0 and Target : ALL
• D. Destination : 20.0.0.0/24 and Target : Local

Answer: D

NEW QUESTION 9
You have decided to change the Instance type for instances running In your application tier that are using Auto Scaling.
In which area below would you change the instance type definition?

• A. Auto Scaling launch configuration
• B. Auto Scaling group
• C. Auto Scaling policy
• D. Auto Scaling tags

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/WhatIsAutoScaling.html

NEW QUESTION 10
Your team is excited about the use of AWS because now they have access to ??programmable Infrastructure" You have been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development, test, QA, production).
Which approach addresses this requirement?

• A. Use cost allocation reports and AWS OpsWorks to deploy and manage your infrastructure.
• B. Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your infrastructure.
• C. Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructure.
• D. Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructure.

Answer: D

Explanation:
Reference:
?V Answer A: does not provide versioning
?V Answer B: does not provide versioning
?V Answer C: Beanstalk provide version control over your application (not infrastructure)
Extract from what is AWS CloudFormation: (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html)
Easily Control and Track Changes to Your Infrastructure In some cases, you might have underlying resources that you want to upgrade incrementally. For example, you might change to a higher performing instance type in your Auto Scaling launch configuration so that you can reduce the maximum number of instances in your Auto Scaling group. If problems occur after you complete the update, you might need to roll back your infrastructure to the original settings. To do this manually, you not only have to remember which resources were changed, you also have to know what the original settings were.
When you provision your infrastructure with AWS CloudFormation, the AWS CloudFormation template describes exactly what resources are provisioned and their settings. Because these templates are text files, you simply track differences in your templates to track changes to your infrastructure, similar to the way developers control revisions to source code. For example, you can use a version control system with your templates so that you know exactly what changes were made, who made them, and when. If at any point you need to reverse changes to your infrastructure, you can use a previous version of your template.

NEW QUESTION 11
A media company produces new video files on-premises every day with a total size of around 100GBS after compression All files have a size of 1 - 2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used.
What step(s) would ensure that the file uploads are able to complete in the allotted time window?

• A. Increase your network bandwidth to provide faster throughput to S3
• B. Upload the files in parallel to S3
• C. Pack all files into a single archive, upload it to S3, then extract the files in AWS
• D. Use AWS Import/Export to transfer the video files

Answer: B

Explanation:
Reference:
https://aws.amazon.com/blogs/aws/amazon-s3-multipart-upload/

NEW QUESTION 12
A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and started it back after 20 days. AWS throws up an ??InsufficientInstanceCapacity?? error. What can be the possible reason for this?

• A. AWS does not have sufficient capacity in that availability zone
• B. AWS zone mapping is changed for that user account
• C. There is some issue with the host capacity on which the instance is launched
• D. The user account has reached the maximum EC2 instance limit

Answer: A

Explanation:
When the user gets an ??InsufficientInstanceCapacity?? error while launching or starting an EC2 instance, it
means that AWS does not currently have enough available capacity to service the user request. If the user is requesting a large number of instances, there might not be enough server capacity to host them. The user can either try again later, by specifying a smaller number of instances or changing the availability zone if launching a fresh instance.

NEW QUESTION 13
Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers

• A. Create individual IAM users for everyone in your organization
• B. Configure MFA on the root account and for privileged IAM users
• C. Assign IAM users and groups configured with policies granting least privilege access
• D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

Answer: BC

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

NEW QUESTION 14
A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

• A. The client can connect over IPV4 or IPV6 using Dualstack
• B. ELB DNS supports both IPV4 and IPV6
• C. Communication between the load balancer and back-end instances is always through IPV4
• D. The ELB supports either IPV4 or IPV6 but not both

Answer: D

Explanation:
Elastic Load Balancing supports both Internet Protocol version 6 (IPv6. and Internet Protocol version 4 (IPv4.. Clients can connect to the user??s load balancer using either IPv4 or IPv6 (in EC2-Classic. DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 support for communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

NEW QUESTION 15
When an EC2 instance mat is backed by an S3-Dased AMI is terminated, what happens to the data on the root volume?

• A. Data is automatically deleted
• B. Data is automatically saved as an EBS snapshot.
• C. Data is unavailable until the instance is restarted
• D. Data is automatically saved as an EBS volume.

Answer: A

NEW QUESTION 16
A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario?

• A. By default ELB will select the first version of the security policy
• B. By default ELB will select the latest version of the policy
• C. ELB creation will fail without a security policy
• D. It is not required to have a security policy since SSL is already installed

Answer: B

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If
the user has created an HTTPS/SSL listener without associating any security policy, Elastic Load Balancing will, by default, associate the latest version of the ELBSecurityPolicy-YYYY-MM with the load balancer.

NEW QUESTION 17
Which features can be used to restrict access to data in S3? Choose 2 answers

• A. Set an S3 ACL on the bucket or the object.
• B. Create a CloudFront distribution for the bucket.
• C. Set an S3 bucket policy.
• D. Enable IAM Identity Federation
• E. Use S3 Virtual Hosting

Answer: AC

Explanation:
https://aws.amazon.com/s3/faqs/

NEW QUESTION 18
A SysOps Administrator is asked to create an Amazon VPC IPv4 subnet that will support a minimum of 30 network resources simultaneously.
What is the minimum CIDR netmask that will sustain this requirement?

• A. /25
• B. /26
• C. /27
• D. /28

Answer: C

Explanation:

NEW QUESTION 19
You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven??t made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows "impaired."
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?

• A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the "impaired" system status
• B. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the 'impaired" system status
• C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the ??impaired?? system status.
• D. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the "impaired" system status
• E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working properly, causing the "impaired" system status

Answer: A

NEW QUESTION 20
A SysOps Administrator must take a team's single existing AWS CloudFormation template and split it into smaller, service specific template. All of the service in the template reference a single, shared Amazon S3 bucket.
What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?

• A. Include the S3 bucket as a mapping in each template
• B. Add the S3 bucket as a resource in each template
• C. Create the S3 bucket in its own template and export it
• D. Generate the S3 bucket using StackSets

Answer: D

NEW QUESTION 21
A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

• A. The private and public address remains the same
• B. The Elastic IP remains associated with the instance
• C. The volume is preserved
• D. The instance runs on a new host computer

Answer: D

Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use the Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. The instance remains on the same host computer and maintains its public DNS name, private IP address, and any data on its instance store volumes. It typically takes a few minutes for the reboot to complete, but the time it takes to reboot depends on the instance configuration.

NEW QUESTION 22
A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

• A. Allow Inbound traffic on port 22 from the user??s network
• B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
• C. The user can connect to a instance in a private subnet using the NAT instance
• D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet

Answer: A

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data center, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data center. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data center. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22. from the data center??s network range.

NEW QUESTION 23
A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned
preconfigured policies supports this feature?

• A. ELBSecurity Policy-2014-01
• B. ELBSecurity Policy-2011-08
• C. ELBDefault Negotiation Policy
• D. ELBSample- OpenSSLDefault Cipher Policy

Answer: A

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the load balancer is configured to support the Server Order Preference, then the load balancer gets to select the first cipher in its list that matches any one of the ciphers in the client's list. When the user verifies the preconfigured policies supported by ELB, the policy ??ELBSecurity Policy-2014-01?? supports server order preference.

NEW QUESTION 24
......