Amazon Exam, SOA-C02 Exam Dumps, SOA-C02 Exam Questions, SOA-C02 PDF Dumps, SOA-C02 VCE Dumps

[December-2023]New Braindump2go SOA-C02 PDF and SOA-C02 VCE Dumps[Q434-Q473]

December/2023 Latest Braindump2go SOA-C02 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go SOA-C02 Real Exam Questions!

QUESTION 434
A company has deployed an application on Amazon EC2 instances in a single VPC. The company has placed the EC2 instances in a private subnet in the VPC.
The EC2 instances need access to Amazon S3 buckets that are in the same AWS Region as the EC2 instances. A SysOps administrator must provide the EC2 instances with access to the S3 buckets without requiring any changes to the EC2 instances or the application. The EC2 instances must not have access to the internet.
Which solution will meet these requirements?

A. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint.
B. Create an S3 interface endpoint. Associate the EC2 instances with the interface endpoint.
C. Configure a NAT gateway. Associate the private subnet with the NAT gateway.
D. Configure a proxy EC2 instance. Update the private subnet route tables to route traffic through the proxy EC2 instance. Configure the proxy to route all S3 requests to the target S3 bucket.

Answer: A
Explanation:
Amazon S3 supports both gateway endpoints and interface endpoints. With a gateway endpoint, you can access Amazon S3 from your VPC, without requiring an internet gateway or NAT device for your VPC, and with no additional cost. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost.
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
Interface endpoints – These endpoints are directly accessible from applications that are on premises over VPN and AWS Direct Connect, or in a different AWS Region over VPC peering.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html

QUESTION 435
A SysOps administrator manages the caching of an Amazon CloudFront distribution that serves pages of a website, The SysOps administrator needs to configure the distribution so that the TTL of individual pages can vary. The TTL of the individual pages must remain within the maximum TLL and the minimum TTL that are set for the distribution.
Which solution will meet these requirements?

A. Create an AWS Lambda function that calls the Createlnvalidation API operation when a change in cache time is necessary.
B. Add a Cache-Control: max-age directive to the object at the origin when content is being returned to CloudFront.
C. Add a no-cache header through a Lambda@Edge function in response to the Viewer response.
D. Add.an Expires header through a CloudFront function in response to the Viewer response.

Answer: B
Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html#expiration-individual-objects
“The Cache-Control max-age directive lets you specify how long (in seconds) that you want an object to remain in the cache before CloudFront gets the object again from the origin server”
“The Expires header field lets you specify an expiration date and time using the format specified in RFC 2616, Hypertext Transfer Protocol — HTTP/1.1 Section 3.3.1, Full Date, for example:
Sat, 27 Jun 2015 23:59:59 GMT”

QUESTION 436
A company has a public web application that experiences rapid traffic increases after advertisements appear on local television. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is not keeping up with the traffic surges after an advertisement runs. The company often needs to scale out to 100 EC2 instances during the traffic surges.
The instance startup times are lengthy because of a boot process that creates machine-specific data caches that are unique to each instance. The exact timing of when the advertisements will appear on television is not known. A SysOps administrator must implement a solution so that the application can function properly during the traffic surges.
Which solution will meet these requirements?

A. Create e warm pool. Keep enough instances in the Stopped state to meet the increased demand.
B. Start 100 instances. Allow the boot process to finish running. Store this data on the instance store volume before stopping the instances.
C. Increase the value of the instance warmup time in the scaling policy
D. Use predictive scaling for the Auto Scaling group.

Answer: A
Explanation:
A warm pool gives you the ability to decrease latency for your applications that have exceptionally long boot times, for example, because instances need to write massive amounts of data to disk.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html

QUESTION 437
A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances.
Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota.
The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of the EC2 instance service quota.
Which solution will meet these requirements in the MOST operationally efficient manner?

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Answer: C
Explanation:
https://docs.aws.amazon.com/servicequotas/latest/userguide/configure-cloudwatch.html

QUESTION 438
A SysOps administrator needs to update an AWS account name.
What should the SysOps administrator do to accomplish this goal?

A. Add the AdministratorAccess policy to the SysOps administrator’s IAM user.
B. Add the AWS_ConfigureRole policy to the SysOps administrator’s IAM user.
C. Change the AWS account name through the AWS Trusted Advisor interface.
D. Sign in as the AWS account root user to make the change.

Answer: D
Explanation:
“To edit your AWS account name, root user password, or root user email address”
“Minimum permissions”
“To perform the following steps, you must have at least the following IAM permissions:”
“You must sign in as the AWS account root user, which requires no additional IAM permissions. You can’t perform these steps as an IAM user or role.”
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html

QUESTION 439
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team’s applications later process these files.
A SysOps administrator sets up a new S3 bucket, DOC-EXAMPLE-BUCKET, to support a new workload, The rew S3 bucket also receives regular uploads cf large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing $3 buckets provide
What should the SysOps administrator do to remediate this issue?

A. Provision an Amazon ElastiCache for Redis cluster for the new S3 bucket. Provide the developers with the configuration endpoint of the cluster for use in their API calls
B. Add the new S3 bucket to a new Amazon CloudFront distribution. Provide the developers with the domain name of the new distribution for use in their API calls.
C. Enable S3 Transfer Acceleration for the new S3 bucket. Verify that the developers are using the DOC-EXAMPLE-BUCKET.s3-accelerate.amazonaws.com endpoint name in their API calls.
D. Use S3 multipart upload for the new S3 bucket. Verify that the developers are using Region-specific S3 endpoint names such as DOC-EXAMPLE-BUCKETS3, [Region] amazonaws.com in their API calls.

Answer: C
Explanation:
After researching this realize that the “s3-accelerate” domain in the special URL (e.g.: “acloudguru.s3-accelerate.amazonaws.com”) will resolve to the nearest edge globally, and therefore there is only one url that can be used globally to make use of transfer acceleration, albeit at some additional cost for the data transfer. Setting must be enabled on bucket though.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration-examples.html

QUESTION 440
A SysOps administrator wants to use AWS Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances.
Which solution will meet these requirements?

A. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Add an auto-approval delay to each patch group. Create a single maintenance window.
B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.
C. Use tags to identity development instances and production instances. In Patch Manager, create two patch groups and one patch baseline, Create two separate maintenance windows, each with an auto-approval delay.
D. Use tags to identify development instances. In Patch Manager, create one patch group and one patch baseline. Specify auto-approval delays in the patch baseline, Add development instances to the new patch group. Use predefined Patch Manager patch baselines for all remaining instances. Create a single maintenance window.

Answer: B
Explanation:
https://aws.amazon.com/blogs/mt/patching-your-windows-ec2-instances-using-aws-systems-manager-patch-manager/

QUESTION 441
A SysOps administrator must analyze Amazon CloudWatch logs across 10 AWS Lambda functions for historical errors. The logs are in JSON format and are stored in Amazon S3. Errors sometimes do not appear in the same field, but all errors begin with the same string prefix.
What is the MOST operationally efficient way for the SysOps administrator to analyze the log files?

A. Use S3 Select to write a query to search for errors. Run the query across all log groups of interest.
B. Create an AWS Glue processing job to index the logs of interest. Run a query in Amazon Athena to search for errors.
C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run the query across all log groups of interest.
D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across all log groups of interest.

Answer: C
Explanation:
CloudWatch Logs Insights automatically discovers fields in logs from AWS services such as Amazon Route 53, AWS Lambda, AWS CloudTrail, and Amazon VPC, and any application or custom log that emits log events as JSON.

QUESTION 442
A company has a policy that all Amazon EC2 instance logs must be published to Amazon CloudWatch Logs. A SysOps administrator is troubleshooting an EC2 instance that is running Amazon Linux 2. The EC2 instance is not publishing logs to CloudWatch Logs. The Amazon CloudWatch agent is running on the EC2 instance, and the agent configuration file is correct.
What should the SysOps administrator do to resolve the issue?

A. Configure the AWS CLI on the EC2 instance. Create a cron job that calls the PutLogEvents API operation to push the log files to CloudWatch every 5 minutes.
B. Inspect the retention period of the CloudWatch Logs log group. Ensure that the retention period is set to a value that is greater than 1 day.
C. Set up an Amazon Kinesis data stream that is running in the same AWS Region as the EC2 instance. Configure the CloudWatch agent on the EC2 instance to send CloudWatch events to the data stream.
D. Ensure that the IAM role that is attached to the EC2 instance has permissions in CloudWatch Logs for the CreateLogGroup, CreateLogStream, PutLogEvents, and DescribeLogStreams actions.

Answer: D
Explanation:
Amazon EC2 instances need the appropriate permissions to interact with Amazon CloudWatch Logs. These permissions are granted through an IAM (Identity and Access Management) role attached to the EC2 instance.

QUESTION 443
A company runs a workload on an Amazon EC2 instance. The workload needs a temporary cache that contains data that changes frequently. The workload does not need to retain the cache across instance restarts.
Which storage option will provide the HIGHEST performance for the cache?

A. General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume
B. Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume
C. Throughput Optimized HDD (st1) Amazon Elastic Block Store (Amazon EBS) volume
D. EC2 instance store

Answer: D
Explanation:
The “Instance Store” volume is actually stored in local memory, which is why it is non-persistent but will also always have higher performance than any attached EBS volume.

QUESTION 444
A company runs multiple workloads across an organization in AWS Organizations. The company’s finance team needs detailed dashboards to track cost changes and provide detailed cost metrics. The finance team needs to track trends as granular as every hour.
What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?

A. Generate Amazon CloudWatch dashboards by using CloudWatch insights and AWS Cost Explorer data.
B. Generate an AWS Cost and Usage Report. Store the report in Amazon S3. Use Amazon Athena to query the data. Use Amazon QuickSight to develop dashbosrds based on the data in the AWS Cost and Usage Report.
C. Create an AWS Lambda function that runs once a day and assumes a role in every account in the organization. Configure the Lambda function to read AWS Cost Explorer data in each account and to store the cost data in an Amazon S3 bucket. Use Amazon Athena to query the data. Use Amazon QuickSight to display the data in dashboards.
D. Create an IAM user for the finance team. Grant permissions to the IAM user to view AWS Cost Explorer data and billing data in the management account.

Answer: B
Explanation:
https://docs.aws.amazon.com/wellarchitected/2023-10-03/framework/cost_monitor_usage_detailed_source.html
Use AWS Glue to prepare the data for analysis, and use Amazon Athena to perform data analysis, using SQL to query the data. You can also use Amazon QuickSight to build custom and complex visualizations and distribute them throughout your organization.

QUESTION 445
A company has a core application that must run 24 hours a day, 7 days a week. The application uses Amazon EC2. AWS Fargate, and AWS Lambda. The company uses a combination of operating systems across different AWS Regions.
The company needs to maximize cost savings while committing to a pricing model that offers flexibility to make changes.
What should the company do to meet these requirements?

A. Purchase a Compute Savings Plan that is based on Savings Plans recommendations
B. Purchase an EC2 Instance Savings Plan that covers the EC2 instance types and the Fargate and Lambda vCPU equivalents.
C. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy,
D. Use EC2 Spot Instances that match the type and size of existing instances that run in each Region.

Answer: A
Explanation:
All mentioned services are compute related service that can be benefited from compute saving plans.

QUESTION 446
A company’s architecture team must receive immediate email notification whenever new Amazon EC2 instances are launched in the company’s main AWS production account.
What should a SysOps administrator do to meet this requirement?

A. Create a user data script that sends an email message through a smart host connector. Include the architecture team’s email address in the user data script as the recipient. Ensure that all new EC2 instances include the user data script as part of a standardized build process.
B. Create an Amazon Simple Notification Service (Amazon SNS) topic and a subscription that uses the email protocol. Enter the architecture team’s email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SNS topic as the rule’s target.
C. Create an Amazon Simple Queue Service (Amazon SQS) queue and a subscription that uses the email protocol. Enter the architecture team’s email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SQS queue as the rule’s target.
D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure AWS Systems Manager to publish EC2 events to the SNS topic. Create an AWS Lambda function to poll the SNS topic. Configure the Lambda function to send any messages to the architecture team’s email address.

Answer: B

QUESTION 447
A SysOps administrator manages an AWS account where developers run CPU-intensive tasks on Amazon EC2 instances. The tasks can take several days to finish running and sometimes need to be repeated several times. The developers often forget to terminate the instances when the tasks are complete.
The SysOps administrator needs to implement a solution to monitor EC2 CPU utilization and automatically terminate underutilized instances.
Which solution will meet these requirements?

A. Configure an Amazon GuardDuty finding that is based on EC2 CPU utilization. Associate an AWS Lambda function with the GuardDuty finding to terminate any instances that are identified as idle.
B. Configure an Amazon Simple Notification Service (Amazon SNS) topic to receive EC2 utilization messages from the AWS Health Dashboard. Create an AWS Lambda function. Subscribe the Lambda function to the SNS topic. Use the ec2.stop_instances operation to terminate idle instances.
C. Configure a Low Utilization Amazon EC2 Instances check in AWS Trusted Advisor to publish status changes to an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function. Subscribe the Lambda function to the SNS topic. Use the ec2.stop_instances operation to terminate idle instances.
D. Configure an Amazon EventBridge rule for the Low Utilization Amazon EC2 Instances check in AWS Trusted Advisor. Select the EC2 Terminatelnstances API call as the target.

Answer: D
Explanation:
https://docs.aws.amazon.com/awssupport/latest/user/cloudwatch-events-ta.html

QUESTION 448
A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.
What should a SysOps administrator do to implement this requirement?

A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
B. Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
D. Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Answer: C
Explanation:
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/getstarted-CFN.html

QUESTION 449
A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation.
Which solution will meet these requirements?

A. Create an AWS::SecretsManager::Secret resource in the CloudF ormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
C. Create an AWS::SSM::Parameter resource in he CloudFormation template. Reference the credentias in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.

Answer: A
Explanation:
AWS::SecretsManager::Secret resource to create secret and resolve:secretsmanager dynamic reference for AWS::RDS::DBInstance resource to reference it.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html

QUESTION 450
A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.
What is the MOST operationally efficient solution that meets this requirement?

A. Create a rule in Amazon EventBridge that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
D. Create a rule in Amazon EventBridge with a managed rule to evaluate all created or updated resources for the specified tags.

Answer: C
Explanation:
https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html

QUESTION 451
A company creates a new Amazon FSx for Windows File Server file system. To help manage costs, the company configures the storage capacity for the file system with minimal room for growth.
The company creates an Amazon Simple Notification Service (Amazon SNS) topic in the same AWS account whore the file system resides. The company subscribes a SysOps administrator’s email address to the SNS topic. The SysOps administrator needs to receive email notification when the file system has less than 100 GB of space available.
Which combination of steps should the SysOps administrator take to meet this requirement? (Choose two.)

A. Create an Amazon EventBridge rule for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).
B. Create an Amazon CloudWatch alarm for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).
C. Create an AWS Lambda function that will run when the Amazon CloudWatch alarm enters ALARM state. Configure the Lambda function to publish to the SNS topic.
D. Configure the Amazon EventBridge rule’s alarm action to publish to the SNS topic when the rule enters ALARM state.
E. Configure the Amazon CloudWatch alarm action to publish to the SNS topic when the alarm enters ALARM state.

Answer: BE
Explanation:
https://docs.aws.amazon.com/fsx/latest/WindowsGuide/creating_alarms.html

QUESTION 452
A company decides to stop non-production Amazon EC2 instances during the EC2 instances. The company’s IT manager must receive notification in near real time whenever an EC2 instance that has an environment type tag value of non-production is started during the night.
Which solution will meet this requirement with the MOST operational efficiency?

A. Configure an AWS Lambda function with an SMTP client library. Subscribe the Lambda function to the AWS Health Dashboard to receive notification whenever an EC2 instance is in the running state. Configure the Lambda function to use Amazon Pinpoint to send email notifications to the IT manager. Deploy a second Lambda function to throttle calls from the first Lambda function during the daytime.
B. Deploy an AWS Lambda function that queries the Amazon EC2 API to determine the state of each EC2 instance. Use the EC2 instance scheduler to configure the Lambda function to run every minute during the night and to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.
C. Create an Amazon EventBridge rule that includes the EC2 Instance State-change Notification event type. Filter the event to capture only the running state. Create an AWS Lambda function as a target of the rule. Configure the Lambda function to check the current time and the EC2 instances’ tags to determine the environment type. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target of the Lambda function for notifications. Subscribe the IT manager’s email address to the SNS topic.
D. Store the EC2 instance metadata, including the environment type, in an Amazon DynamoDB table. Deploy a custom application to an EC2 instance. Configure the custom application to poll the DynamoDB data every minute during the night and to query the Amazon EC2 API to determine the state of each instance. Additionally, configure the custom application to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.

Answer: C

QUESTION 453
A company’s SysOps administrator manages a fleet of Windows Amazon EC2 instances that run in a single AWS account. The instances have a tag that includes a key of 揙S” and a value of “Windows.” The company uses AWS Systems Manager to patch the instances.
The company has installed the Amazon CloudWatch agent on the instances, but the configuration is inconsistent. The SysOps administrator needs to reconfigure every instance to use the same predefined CloudWatch configuration.
Which combination of steps will meet these requirements? (Choose two.)

A. Store the CloudWatch agent configuration file in an Amazon S3 bucket.
B. Store the contents of the CloudWatch agent configuration file in Systems Manager OpsCenter.
C. Store the contents of the CloudWatch agent configuration file in Systems Manager Parameter Store.
D. Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document. Select Systems Manager as an optional configuration source. Target the instances based on tag values.
E. Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document. Configure the document to use the S3 bucket location as the configuration source. Target the instances based on tag value.

Answer: CD
Explanation:
“Uploading the CloudWatch agent configuration file to Systems Manager Parameter Store”
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html
Command to start CloudWatch agent by loading configuration file previously saved in Systems Manager Parameter store:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:configuration-parameter-store-name
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance-fleet.html

QUESTION 454
A company is experiencing issues with legacy software running on Amazon EC2 instances. Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A short-term solution is required while the software is being rewritten. A SysOps administrator is tasked with creating a solution to restart the instances when the CPU utilization rises above 80%.
Which solution meets these requirements with the LEAST operational overhead?

A. Write a script that monitors the CPU utilization of the EC2 instances and reboots the instances when utilization exceeds 80%. Run the script as a cron job.
B. Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action to reboot the EC2 instances.
C. Create an Amazon EventBridge rule using the predefined patterns for CPU utilization of the EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function to restart the instances.
D. Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS Systems Manager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.

Answer: B
Explanation:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html
“For Whenever this alarm, choose State is ALARM. For Take this action, choose Reboot this instance.”

QUESTION 455
A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com.
What should the SysOps administrator do to resolve this issue?

A. Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.
B. Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.
C. Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.
D. Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.

Answer: A

QUESTION 456
A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources and Amazon RDS resources. The backup strategy must meet the following retention requirements:
Daily backups: must be kept for 6 days
Weekly backups: must be kept for 4 weeks:
Monthly backups: must be kept for 11 months
Yearly backups: must be kept for 7 years
Which backup strategy will meet these requirements with the LEAST administrative effort?

A. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period.
B. Use AWS Backup to create a new backup plan for each retention requirement with a backup frequency of daily, weekly, monthly, or yearly. Set the retention period to match the requirement. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags.
C. Create an AWS Lambda function. Program the Lambda function to use native tooling to take backups of file systems in Amazon EC2 and to make copies of databases in Amazon RDS. Create an Amazon EventBridge rule to invoke the Lambda function.
D. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period. In Amazon RDS, activate automated backups on the required DB instances.

Answer: B
Explanation:
“Use Amazon Data Lifecycle Manager when you want to automate the creation, retention, and deletion of EBS snapshots. Use AWS Backup to manage and monitor backups across the AWS services you use, including EBS volumes, from a single plac”
https://aws.amazon.com/backup/faqs/

QUESTION 457
An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180, with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?

A. Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.
B. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.
C. Create an auto scaling policy with a target metric of 195 DatabaseConnections.
D. Modify the DB cluster by increasing the Aurora Replica instance size.

Answer: C
Explanation:
Aurora Auto Scaling “Policy details:” (*) “Average connections of Aurora Replicas”, “Target value:” 195

QUESTION 458
A company hosts a production database on an Amazon Elastic Block Store (Amazon EBS) backed Amazon EC2 instance. As part of an annual disaster recovery exercise, the company needs to restore recent EBS snapshots to a new EC2 instance in a second Availability Zone.
After the snapshots are restored to EBS volumes, the resulting volumes must deliver all of their provisioned performance. The company must perform validation tests on the restored data as quickly as possible.
Which configuration will meet these requirements?

A. Enable EBS fast snapshot restore (FSR) on the snapshots for the second Availability Zone. Create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.
B. Enable EBS fast snapshot restore (FSR) on the snapshots for the current Availability Zone. Create new EBS volumes in the second Availability Zone from the snapshots, Attach the new EBS volumes to a new EC2 instance.
C. Specify Provisioned IOPS on the snapshots, Create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.
D. Specify Provisioned IOPS on the existing EBS volumes. Create the snapshots. After the snapshots are completed, create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.

Answer: A
Explanation:
“To get started, enable fast snapshot restore for specific snapshots in specific Availability Zones. Each snapshot and Availability Zone pair refers to one fast snapshot restore.”
“When you create a volume from one of these snapshots in one of its enabled Availability Zones, the volume is restored using fast snapshot restore.”
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html
https://aws.amazon.com/blogs/aws/new-amazon-ebs-fast-snapshot-restore-fsr/

QUESTION 459
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t3.large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes.
What change should be made to alleviate the performance problem?

A. Change the Amazon EBS volume to Provisioned IOPs.
B. Upgrade to a compute-optimized instance.
C. Add additional t2.large instances to the application.
D. Purchase Reserved Instances.

Answer: B
Explanation:
Since the application is CPU-heavy and can only be scaled vertically, the best option to alleviate the performance problem would be to upgrade to a compute-optimized instance. Compute-optimized instances provide a higher ratio of vCPUs to memory than other families and are optimized for compute-bound applications that benefit from high-performance processors. Upgrading to a compute-optimized instance would provide more CPU resources for the application, which should help alleviate the performance problem.

QUESTION 460
A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com.
A SysOps administrator reviews the VPC configuration and learns the following information:
– The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0
– The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0
– The inbound security group for the EC2 instance allows ports 22 and 443 from the user’s IP address.
– The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0
Which action will allow the user to complete the curl request successfully?

A. Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.
B. Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.
C. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
D. Add an additional outbound security group rule for port 80 to the user’s IP address.

Answer: C

QUESTION 461
A company’s financial department needs to view the cost details of each project in an AWS account. A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer.
Which solution will meet this requirement?

A. Activate cost allocation tags. Add a project tag to the appropriate resources.
B. Configure consolidated billing. Create AWS Cost and Usage Reports.
C. Use AWS Budgets. Create AWS Budgets reports.
D. Use cost categories to define custom groups that are based on AWS cost and usage dimensions.

Answer: A
Explanation:
Cost allocation tags are used to track AWS costs on a detailed level. By activating cost allocation tags and adding a project tag to the appropriate resources, the financial department will be able to view the cost details of each project in Cost Explorer.

QUESTION 462
A SysOps administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?

A. AWS/ApplicationELB HealthyHostCount <= 0
B. AWS/ApplicationELB UnhealthyHostCount >= 1
C. AWS/EC2 StatusCheckFailed <= 0
D. AWS/EC2 StatusCheckFailed >= 1

Answer: A
Explanation:
“all target instances” means zero Healthy, not one Healthy. “<= 0” means less than or equal to zero

QUESTION 463
A company uses AWS Organizations to manage its multi-account environment. The organization contains a dedicated account for security and a dedicated account for logging. A SysOps administrator needs to implement a centralized solution that provides alerts when a resource metric in any account crosses a standard defined threshold.
Which solution will meet these requirements?

A. Deploy an AWS CloudFormation stack set to the accounts in the organization. Use a template that creates the required Amazon CloudWatch alarms and references an Amazon Simple Notification Service (Amazon SNS) topic in the logging account with publish permissions for all the accounts.
B. Deploy an AWS CloudFormation stack in each account. Use the stack to deploy the required Amazon CloudWalch alarms and the required Amazon Simple Notification Service (Amazon SNS) topic.
C. Deploy an AWS Lambda function on a cron job in each account. Configure the Lambda function to read resources that are in the account and to invoke an Amazon Simple Notification Service (Amazon SNS) topic if any metrics cross the defined threshold.
D. Deploy an AWS CloudFormation change set to the organization. Use a template to create the required Amazon CloudWatch alarms and to send alerts to a verified Amazon Simple Email Service (Amazon SES) identity.

Answer: A
Explanation:
To implement a centralized solution for monitoring resource metrics and receiving alerts across multiple accounts in an AWS Organizations environment, using AWS CloudFormation stack sets is a suitable approach.

QUESTION 464
A company has an application that uses a scheduled AWS Lambda function to retrieve datasets from external sources over the internet. The function is not associated with a VPC. The company is modifying the application to store the information that the Lambda function retrieves on an Amazon RDS DB instance in a private subnet. The VPC has two public subnets and two private subnets.
A SysOps administrator must deploy a solution that allows the Lambda function to access the new database and continue to access the internet.
Which solution meets these requirements?

A. Create a new Lambda function with VPC access and an Elastic IP address. Attach the function to public subnets in two Availability Zones. Associate a security group with the Elastic IP address. Configure the security group outbound rules to allow Lambda to access the required resources.
B. Create a new Lambda function with VPC access and two public IP addresses. Attach the function to public subnets in the same Availability Zones that the database uses. Associate a security group with the function. Configure the security group inbound rules to allow Lambda to access the required resources.
C. Reconfigure the Lambda function for VPC access. Add NAT gateways to the public subnets in the VPAdd route table entries in the private subnets to route through the NAT gateways to the internet. Attach the function to the private subnets that support the database. Associate a security group with the function. Configure the security group outbound rules to allow Lambda to access the internet.
D. Reconfigure the Lambda function for VPC access. Attach the function to the private subnets. Add route table entries in the private subnets to route through the internet gateway to the internet. Associate a security group with the subnets. Configure the security group inbound rules to allow Lambda to access the required resources through the internet gateway.

Answer: C
Explanation:
Since the Lambda function needs to access the Amazon RDS DB instance in a private subnet while still accessing the internet, it should be configured to run within the VPC.

QUESTION 465
A company is running production workloads that use a Multi-AZ deployment of an Amazon RDS for MySQL db.m6g.xlarge (general purpose) standard DB instance. Users report that they are frequently encountering a “too many connections” error. A SysOps administrator observes that the number of connections on the database is high.
The SysOps administrator needs to resolve this issue while keeping code changes to a minimum.
Which solution will meet these requirements MOST cost-effectively?

A. Modify the RDS for MySQL DB instance to a larger instance size.
B. Modify the RDS for MySQL DB instance to Amazon DynamoDB.
C. Configure RDS Proxy. Modify the application configuration file to use the RDS Proxy endpoint.
D. Modify the RDS for MySQL DB instance to a memory optimized DB instance.

Answer: C
Explanation:
The “too many connections” error indicates that the Amazon RDS for MySQL DB instance is reaching its maximum allowed connections, causing users to encounter issues. RDS Proxy is a highly recommended solution to manage database connections and improve scalability and availability.
By implementing RDS Proxy and updating the application’s configuration to use the proxy endpoint, you can effectively manage connections and alleviate the “too many connections” issue without making significant code changes.

QUESTION 466
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.
Which solution will meet this requirement?

A. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.
B. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
C. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.
D. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.

Answer: B

QUESTION 467
A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure.
What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.
B. Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.
C. Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application
D. Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance failure, restore the EBS volume from a snapshot.

Answer: D

QUESTION 468
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances’ data, even if someone deletes the stack.
Which solution will meet these requirements?

A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in the CloudFormation template.
B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
C. Create a backup plan in AWS Backup.
D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in the CloudFormation template.

Answer: D
Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html

QUESTION 469
Accompany wants to monitor the number of Amazon EC2 instances that it is running. The company also wants to automate a service quota increase when the number of instances reaches a specific threshold.
Which solution meets these requirements?

A. Create an Amazon CloudWatch alarm to monitor Service Quotas. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.
B. Create an AWS Config rule to monitor Service Quotas. Call an AWS Lambda function to remediate the action and increase the quota.
C. Create an Amazon CloudWateh alarm to monitor the AWS Health Dashboard. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.
D. Create an Amazon CloudWatch alarm to monitor AWS Trusted Advisor service quotas. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to increase the quota.

Answer: A
Explanation:
SNS cannot request a service limit increase, however CloudWatch can trigger an AWS Lambda function to automatically request a quota increase.

QUESTION 470
A SysOps administrator is responsible for more than 50 Amazon EC2 instances that are deployed in a single production AWS account. The EC2 instances are running several different operating systems. The company’s standards require patching to be completed at least once a month.
The SysOps administrator wants to use AWS Systems Manager to reduce the number of hours the company spends on operating system patching each month.
Which combination of steps should the SysOps administrator take to meet these requirements? (Choose three.)

A. Group similar EC2 instances together into resource groups by using AWS Resource Groups.
B. Create a schedule in Systems Manager Patch Manager. Specify the appropriate resource group as the target.
C. Specify Systems Manager Automation runbooks to patch the operating systems. Register the runbooks as tasks in the maintenance window. Specify the appropriate resource group as the target.
D. Create a Systems Manager Automation runbook to monitor and control the state of the patches required. Apply the runbook to Systems Manager Patch Manager.
E. Create a single Systems Manager maintenance window for each resource group.
F. Configure Systems Manager Fleet Manager to apply a Systems Manager Automation runbook to the appropriate resource group.

Answer: ACE
Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-ssm-documents.html

QUESTION 471
A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.
What is the MOST operationally efficient solution to control the production account?

A. Create a customer managed policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production account.
B. Create a job function policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production OU.
C. Create a service control policy (SCP). Apply the SCP to the production OU.
D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Answer: C

QUESTION 472
A company has applications that process transaction requests multiple times each minute. The applications write transaction data to a single Amazon RDS DB instance. As the company begins to process more transactions, the company becomes concerned that it has no failover solution in place for disaster recovery (DR). The company needs the DB instance to fail over automatically without losing any committed transactions.
Which solution will meet these requirements?

A. Create an RDS read replica in the same AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
B. Create an RDS read replica in a different AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
C. Modify the DB instance to be a Multi-AZ deployment.
D. Setup an Amazon CloudWatch alarm that monitors the DB instance memory utilization with a threshold greater than 90%. Invoke an AWS Lambda function to restart the DB instance.

Answer: C
Explanation:
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-is-different-in-the-cloud.html
https://aws.amazon.com/rds/features/multi-az/?nc1=h_ls

QUESTION 473
ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds.
How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?

A. The Auto Scaling group will launch an additional EC2 instance every time the RequestCountPerTarget metric exceeds the predefined limit.
B. The Auto Scaling group will launch one EC2 instance and will wait for the default cooldown period before launching another instance.
C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not add new EC2 instances until the load is normalized.
D. The Auto Scaling group will try to distribute the traffic among all EC2 instances before launching another instance.

Answer: B
Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/consolidated-view-of-warm-up-and-cooldown-settings.html


Resources From:

1.2023 Latest Braindump2go SOA-C02 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/soa-c02.html

2.2023 Latest Braindump2go SOA-C02 PDF and SOA-C02 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1SwmRv-OKTAJzLTMirp_O8l8tjGIFElzz?usp=sharing

3.2023 Free Braindump2go SOA-C02 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/SOA-C02-PDF-Dumps(434-473).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!