Exam Code : SOA-C02
Exam Name : AWS Certified SysOps Administrator - Associate (SOA-C02)
Vendor Name :
"Amazon"
SOA-C02 Dumps SOA-C02 Braindumps
SOA-C02 Real Questions SOA-C02 Practice Test SOA-C02 Actual Questions
AWS Certified SysOps Administrator - Associate (SOA-C02)
https://killexams.com/pass4sure/exam-detail/SOA-C02
Question: 386
An organization is planning to create 5 different AWS accounts considering various security requirements. The organization wants to use a single payee account by using the consolidated billing option.
Which of the below mentioned statements is true with respect to the above information?
A . Master (Payee. account will get only the total bill and cannot see the cost incurred by each account B . Master (Payee. account can view only the AWS billing details of the linked accounts
C . It is not recommended to use consolidated billing since the payee account will have access to the linked accounts D . Each AWS account needs to create an AWS billing policy to provide permission to the payee account
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. Consolidated billing enables the organization to see a combined view of the AWS charges incurred by each account as well as obtain a detailed cost report for each of the individual AWS accounts associated with the paying account. The payee account will not have any other access than billing data of linked accounts.
Question: 387
A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?
A . The user cannot delete the VPC since the subnet is not deleted
B . All network interface attached with the instances will be deleted
C . When the user launches a new instance it cannot use the same subnet D . The subnet to which the instances were launched with will be deleted
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. When the user terminates the instance all the network interfaces attached with it are also deleted.
Question: 388
You are tasked with setting up a cluster of EC2 Instances for a NoSQL database. The database requires random read I/O disk performance up to a 100,000 IOPS at 4KB block side per node.
Which of the following EC2 instances will perform the best for this workload?
A . A High-Memory Quadruple Extra Large (m2.4xlarge) with EBS-Optimized set to true and a PIOPs EBS volume B . A Cluster Compute Eight Extra Large (cc2.8xlarge) using instance storage
C . High I/O Quadruple Extra Large (hi1.4xlarge) using instance storage
D . A Cluster GPU Quadruple Extra Large (cg1.4xlarge) using four separate 4000 PIOPS EBS volumes in a RAID 0 configuration
The SSD storage is local to the instance. Using PV virtualization, you can expect 120,000 random read IOPS (Input/Output Operations Per Second) and between 10,000 and 85,000 random write IOPS, both with 4K blocks. For HVM and Windows AMIs, you can expect 90,000 random read IOPS and 9,000 to 75,000 random write IOPS. https://aws.amazon.com/blogs/aws/new-high-io-ec2-instance-type-hi14xlarge/
Question: 389
You use S3 to store critical data for your company. Several users within your group currently have lull permissions to your S3 buckets. You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects.
Which two options will address this issue? (Choose two.) A . Enable versioning on your S3 Buckets
B . Configure your S3 Buckets with MFA delete
C . Create a Bucket policy and only allow read only permissions to all users at the bucket level
D . Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier
Versioning allows easy recovery of previous file version. MFA delete requires additional MFA authentication to delete files. Won’t impact the users current access. http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html
Question: 390
A user has launched an EC2 Windows instance from an instance store backed AMI. The user wants to convert the AMI to an EBS backed AMI.
How can the user convert it?
A . Attach an EBS volume to the instance and unbundle all the AMI bundled data inside the EBS B . A Windows based instance store backed AMI cannot be converted to an EBS backed AMI
C . It is not possible to convert an instance store backed AMI to an EBS backed AMI
D . Attach an EBS volume and use the copy command to copy all the ephermal content to the EBS Volume
Generally, when a user has launched an EC2 instance from an instance store backed AMI, it can be converted to an EBS backed AMI provided the user has attached the EBS volume to the instance and unbundles the AMI data to it.
However, if the instance is a Windows instance, AWS does not allow this. In this case, since the instance is a Windows instance, the user cannot convert it to an EBS backed AMI.
Question: 391
A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance.
Which of the below mentioned credentials is not required while creating the AMI? A . AWS account ID
C . 509 certificate and private key
D . AWS login ID to login to the console E . Access key and secret access key
When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials:
AWS account ID; AWS access and secret access key;
X.509 certificate with private key.
Question: 392
A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3?
A . User Access Policy
B . S3 Object Access Policy C . S3 Bucket Access Policy D . S3 ACL
Amazon S3 provides a set of operations to work with the Amazon S3 resources. Managing S3 resource access refers to granting others permissions to work with S3. There are three ways the root account owner can define access with S3: S3 ACL: The user can use ACLs to grant basic read/write permissions to other AWS accounts. S3 Bucket Policy: The
policy is used to grant other AWS accounts or IAM users permissions for the bucket and the objects in it. User Access Policy: Define an IAM user and assign him the IAM policy which grants him access to S3.
Question: 393
If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a predetermined private IP address you should:
A . Assign a group or sequential Elastic IP address to the instances B . Launch the instances in a Placement Group
C . Launch the instances in the Amazon virtual Private Cloud (VPC).
D . Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already E . Launch the Instance from a private Amazon Machine image (Mil)
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-ip-addressing.html
Question: 394
A root account owner is trying to understand the S3 bucket ACL.
Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?
A . Authenticated user group B . All users group
C . Log Delivery Group D . Canonical user group
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. AWS S3 has the following predefined groups: Authenticated Users group:
It represents all AWS accounts. All Users group: Access permission to this group allows anyone to access the resource. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.
Question: 395
An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has purchased a Reserved Instance (RI. of a small instance size in the US-East-1a zone. All other AWS accounts are running instances of a small size in the same zone.
What will happen in this case for the RI pricing?
A . Only the account that has purchased the RI will get the advantage of RI pricing
B . One instance of a small size and running in the US-East-1a zone of each AWS account will get the benefit of RI
pricing
C . Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are running in the same zone and are of the same size
D . If there are more than one instances of a small size running across multiple accounts in the same zone no one will get the benefit of RI
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, consolidated billing treats all the accounts on the consolidated bill as one account. This means that all accounts on a consolidated bill can receive the hourly cost benefit of the Amazon EC2 Reserved Instances purchased by any other account. In this case only one Reserved Instance has been purchased by one account. Thus, only a single instance from any of the accounts will get the advantage of RI. AWS will implement the blended rate for each instance if more than one instance is running concurrently.
Question: 396
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest.
If the user is supplying his own keys for encryption (SSE-C), what is recommended to the user for the purpose of security?
A . The user should not use his own security key as it is not secure
B . Configure S3 to rotate the user’s encryption key at regular intervals C . Configure S3 to store the user’s keys securely with SSL
D . Keep rotating the encryption key manually at the client side
AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C). Since S3 does not store the encryption keys in SSE-C, it is recommended that the user should manage keys securely and keep rotating them regularly at the client side version.
Question: 397
A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI.
Which of the below mentioned CloudWatch endpoint URLs should the user use? A . monitoring.us-east-1.amazonaws.com
B . monitoring.us-east-1-a.amazonaws.com C . monitoring.us-east-1a.amazonaws.com D . cloudwatch.us-east-1a.amazonaws.com
The CloudWatch resources are always region specific and they will have the end point as region specific. If the user is trying to access the metric in the US-East-1 region, the endpoint URL will be: monitoring.us-east- 1.amazonaws.com
Question: 398
A user is planning to setup notifications on the RDS DB for a snapshot.
Which of the below mentioned event categories is not supported by RDS for this snapshot source type? A . Backup
B . Creation C . Deletion
D . Restoration
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event categories for a snapshot source type include: Creation, Deletion, and Restoration. The Backup is a part of DB instance source type.
Question: 399
A user has configured Auto Scaling with the minimum capacity as 2 and the desired capacity as 2. The user is trying to terminate one of the existing instance with the command:
What will Auto Scaling do in this scenario?
A . Terminates the instance and does not launch a new instance B . Terminates the instance and updates the desired capacity to 1
C . Terminates the instance and updates the desired capacity and minimum size to 1 D . Throws an error
The Auto Scaling command as-terminate-instance-in-auto-scaling-group <Instance ID> will terminate the specific instance ID. The user is required to specify the parameter as –decrementdesired-capacity. Then Auto Scaling will terminate the instance and decrease the desired capacity by 1. In this case since the minimum size is 2, Auto Scaling will not allow the desired capacity to go below 2. Thus, it will throw an error.
Question: 400
A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling.
If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue? A . 600 seconds
B . 3600 seconds C . 300 seconds D . 0 seconds
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can specify a maximum time (3600 seconds. for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds.
Question: 401
A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in- flight requests are supported by ELB even though the instance is being deregistered.
What time out period should the user specify for connection draining? A . 5 minutes
B . 1 hour
C . 30 minutes D . 2 hours
When you enable connection draining, you can specify a maximum time for the load balancer to keep connections alive before reporting the instance as de-registered. The maximum timeout value can be set between 1 and 3,600 seconds (the default is 300 seconds). When the maximum time limit is reached, the load balancer forcibly closes connections to the de-registering instance. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-conn-drain.html
Question: 402
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? (Choose two.)
A . Amazon Elastic Map Reduce B . Elastic Load Balancing
C . AWS Elastic Beanstalk D . Amazon Elasticache
E . Amazon Relational Database service
Only the below services provide Root level access
EC2
Elastic Beanstalk
Elastic MapReduce C Master Node
Opswork