Amazon SOA-C02 Exam Practice Test Instant Access

Question 1

A company uses AWS Cloud Formation to deploy its infrastructure. The company recently retired an application. A cloud operations engineer initiates CloudFormation stack deletion, and the stack gets stuck in DELETE FAILED status.

A SysOps administrator discovers that the stack had deployed a security group. The security group is referenced by other security groups in the environment. The SysOps administrator needs to delete the stack without affecting other applications.

Which solution will meet these requirements m the MOST operationally efficient manner?

ACreate a new security group that has a different name Apply identical rules to the new security group. Replace all other security groups that reference the new security group. Delete the stack.

BCreate a CloudFormation change set to delete the security group. Deploy the change set.

CDelete the stack again. Specify that the security group be retained.

DPerform CloudFormation drift detection Delete the stack.

Answer : C

Retain the Security Group:

When deleting a CloudFormation stack, you can specify resources to be retained instead of deleted.

Steps:

Go to the AWS Management Console.

Navigate to CloudFormation and select the stack.

Choose to delete the stack.

In the deletion options, specify that the security group should be retained.

This will delete the stack but keep the security group, ensuring no impact on other applications.

Question 2

A SysOps administrator is responsible for more than 50 Amazon EC2 instances mat are deployed in a single production AWS account The EC2 instances are running several different operating systems The company's standards require patching to be completed at least once a month.

The SysOps administrator wants to use AWS Systems Manager to reduce the number of hours the company spends on operating system patching each month.

Which combination of steps should the SysOps administrator take to meet these requirements? (Select THREE.)

AGroup similar EC2 instances together into resource groups by using AWS Resource Groups

BCreate a schedule in Systems Manager Patch Manager. Specify the appropriate resource group as the target

CSpecify Systems Manager Automation runbooks to patch the operating systems. Register the runbooks as tasks in the maintenance window. Specify the appropriate resource group as the target

DCreate a Systems Manager Automation runbook to monitor and control the state of the patches required. Apply the runbook to Systems Manager Patch Manager

ECreate a single Systems Manager maintenance window for each resource group.

EConfigure Systems Manager Fleet Manager to apply a Systems Manager Automation runbook to the appropriate resource group.

Answer : A, B, E, E

Group EC2 Instances Using Resource Groups:

Resource groups help organize and manage AWS resources based on tags and other criteria.

Steps:

Go to the AWS Management Console.

Navigate to AWS Resource Groups.

Create resource groups for similar EC2 instances based on tags or other criteria.

Create a Schedule in Patch Manager:

AWS Systems Manager Patch Manager automates the process of patching managed instances.

Steps:

Go to the AWS Management Console.

Navigate to Systems Manager and select Patch Manager.

Create a patch baseline if not already created.

Create a schedule for patching and specify the resource group as the target.

Create Maintenance Windows for Resource Groups:

Maintenance windows define a period of time for performing administrative tasks on instances.

Steps:

Go to the AWS Management Console.

Navigate to Systems Manager and select Maintenance Windows.

Create a maintenance window for each resource group.

Specify tasks and targets (resource groups) for each maintenance window.

Question 3

A company is using an Amazon CloudWatch alarm lo monitor the FreeLocalStorage metric for an Amazon Aurora PostgreSQL production database The alarm goes into ALARM state and indicates that the database is running low on temporary storage. A SysOps administrator discovers that a weekly report is using most of the temporary storage that is currently allocated.

What should the SysOps administrator do to solve this problem?

ATurn on Aurora PostgreSQL query plan management.

BModify the configuration of the DB cluster to turn on storage auto scaling.

CAdd an Aurora read replica to the DB cluster. Modify the report lo use the new read replica.

DModify the DB instance class for each DB instance In the DB cluster to increase the instance size.

Answer : B

Storage Auto Scaling:

Aurora storage auto scaling automatically increases the storage capacity of the database cluster when free storage space is running low.

Steps:

Go to the AWS Management Console.

Navigate to RDS and select your Aurora DB cluster.

Modify the DB cluster configuration to enable storage auto scaling.

Apply the changes.

Question 4

A company receives an alert from an Amazon CloudWatch alarm The alarm indicates that a web application that Is running on Amazon EC2 instances is not responding to requests The EC2 instances have a Red Hat Enterprise Linux operating system and are in an Auto Scaling group. The Auto Scaling group has a minimum capacity of 2 and a maximum capacity of 5.

An Investigation reveals that the web application is experiencing oul-of-memory errors. The company adds memory lo the web application and wants to track operating system memory utilization. A CloudWatch memory metric does not currently exist tor the EC2 Instances in the Auto Scaling group

What should a SysOps administrator do to provide a CloudWatch memory metric for the EC2 instances?

AUse an Amazon Machine Image (AMI) that includes the CloudWatch agent.

BTurn on CloudWatch detailed monitoring

CTurn on Instance Metadata Service Version 2 (IMOSv2).

DUse an Amazon Machine Image (AMI) that is based on Amazon Linux.

Answer : A

Using an AMI with CloudWatch Agent:

The CloudWatch agent can collect memory utilization metrics and send them to CloudWatch.

Steps:

Create or use an existing AMI that includes the CloudWatch agent installed and configured.

Ensure the CloudWatch agent is configured to collect memory metrics.

Use this AMI for instances in the Auto Scaling group.

Question 5

A company is using AWS to deploy a critical application on a fleet of Amazon EC2 instances The company is rewriting the application because the application failed a security review The application will take 12 months to rewrite While this rewrite happens, the company needs to rotate IAM access keys that the application uses.

A SysOps administrator must implement an automated solution that finds and rotates IAM access Keys that are at least 30 days old. The solution must then continue to rotate the IAM access Keys every 30 days.

Which solution will meet this requirement with the MOST operational efficiency?

AUse an AWS Config rule to identify IAM access Keys that are at least 30 days old. Configure AWS Config to invoKe an AWS Systems Manager Automation runbook to rotate the identified IAM access keys.

BUse AWS Trusted Advisor to identify IAM access Keys that are at least 30 days old. Configure Trusted Advisor to invoke an AWS Systems Manager Automation runbook to rotate the identified IAM access keys

CCreate a script that checks the age of IAM access Keys and rotates them if they are at least 30 days old. Launch an EC2 instance. Schedule the script to run as a cron expression on the EC2 instance every day.

DCreate an AWS Lambda function that checks the age of IAM access keys and rotates them if they are at least 30 days old Use an Amazon EventBridge rule to invoke the Lambda function every time a new IAM access key is created.

Answer : D

Lambda Function to Rotate IAM Access Keys:

A Lambda function can be used to automate the rotation of IAM access keys based on their age.

Steps:

Write a Lambda function that checks the age of IAM access keys.

The function should rotate keys that are at least 30 days old.

Deploy the Lambda function.

Amazon EventBridge Rule:

EventBridge can trigger the Lambda function periodically and when a new key is created.

Steps:

Create an EventBridge rule that triggers the Lambda function on a schedule (e.g., daily) and on IAM key creation events.

Question 6

Users of a company's internal web application recently experienced application performance issues for a brief period The application includes frontend web servers that run in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application also includes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.

A SysOps administrator determines that the source of the performance issues was high utilization of the DB cluster. The single writer instance experienced more than 90% utilization for 11 minutes The cause of the high utilization was an automated report that is scheduled to run one time each week

What should the SysOps administrator do to ensure that users do not experience performance Issues each week when the report runs?

AIncrease the size of the DB instance. Monitor the performance during the next scheduled run of the report

BAdd a reader instance. Change the database connection string of the report application to use the newly created reader instance.

CAdd another writer instance Change the database connection string of the report application to use the newly created writer instance.

DConfigure auto scaling for the DB cluster Set the minimum capacity units, maximum capacity units, and target utilization

Answer : A

Increasing DB Instance Size:

Increasing the instance size provides more CPU and memory resources, which can help handle higher loads.

Steps:

Go to the AWS Management Console.

Navigate to RDS and select the DB instance.

Modify the instance to increase its size.

Apply the changes during the next maintenance window or immediately if it is a critical issue.

Monitoring Performance:

After resizing, monitor the instance during the next report run to ensure that it handles the load effectively.

Question 7

A company has a list of pre-appf oved Amazon Machine Images (AMIs) for developers lo use to launch Amazon EC2 instances However, developers are still launching EC2 instances from unapproved AMIs.

A SysOps administrator must implement a solution that automatically terminates any instances that are launched from unapproved AMIs.

Which solution will meet mis requirement?

ASet up an AWS Config managed rule to check if instances are running from AMIs that are on the list of pre-approved AMIs. Configure an automatic remediation action so that an AWS Systems Manager Automation runbook terminates any instances that are noncompliant with the rule

BStore the list of pre-approved AMIs in an Amazon DynamoDB global table that is replicated to all AWS Regions that the developers use. Create Regional EC2 launch templates. Configure the launch templates to check AMIs against the list and to terminate any instances that are not on the list

CSelect the Amazon CloudWatch metric that shows all running instances and the AMIs that the instances were launched from Create a CloudWatch alarm that terminates an instance if the metric shows the use of an unapproved AMI.

DCreate a custom Amazon Inspector finding to compare a running instance's AMI against the list of pre-approved AMIs Create an AWS Lambda function that
terminates instances. Configure Amazon Inspector to report findings of unapproved AMIs to an Amazon Simple Queue Service (Amazon SQS) queue to invoke the Lambda function.

Answer : A

AWS Config Managed Rule:

AWS Config can be used to assess, audit, and evaluate the configurations of AWS resources. The managed rule can check if instances are launched from approved AMIs.

Steps:

Go to the AWS Management Console.

Navigate to AWS Config.

Create a managed rule that checks for EC2 instances running approved AMIs.

Configure the rule to use a list of approved AMIs.

Automatic Remediation with Systems Manager Automation:

AWS Systems Manager Automation runbooks can automate the process of remediating non-compliant resources.

Steps:

Create a Systems Manager Automation runbook that terminates instances not running approved AMIs.

Attach the runbook to the AWS Config rule for automatic remediation.

Amazon SOA-C02 AWS Certified SysOps Administrator - Associate Exam Practice Test