Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

SOA-C01 AWS Certified SysOps Administrator - Associate Questions and Answers

Questions 4

A company is managing multiple AWS accounts using AWS Organizations. One of these accounts is used only for retaining logs in an Amazon S3 bucket The company wants to make sure that compute resources cannot be used in the account.

How can this be accomplished with the LEAST administrative effort?

Options:

A.

Apply an 1AM policy to all 1AM entities in the account with a statement to explicitly deny NotAction: s3:

B.

Configure AWS Config to terminate compute resources that have been created in the accounts.

C.

Configure AWS CloudTrail to block any action where the event source is not s3.amazonaws.com.

D.

Update the service control policy on the account to deny the unapproved services.

Buy Now
Questions 5

A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.

What is the MOST efficient approach to accomplish this?

Options:

A.

Write a AWS lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.

B.

Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.

C.

Redesign the aggregation of logs so that each team’s relevant parts are sent to a separate log group, then subscribe each team to its respective log group.

D.

Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull streams, look for patterns, and send notifications to relevant teams.

Buy Now
Questions 6

A SysOps Administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select two.)

Options:

A.

Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings

B.

Change the Viewer Protocol Policy to use HTTPS only

C.

Configure the distribution to use presigned cookies and URLs to restrict access to the distribution

D.

Enable automatic compression of objects in the Cache Behavior Settings

E.

Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Buy Now
Questions 7

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?

Options:

A.

change sets What features of AWS CloudFormation will

B.

Nested stacks

C.

Stack policies

D.

StacksSets

Buy Now
Questions 8

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

Options:

A.

AWS/ApplicationELB HealthyHostCount <= 0

B.

AWS/ApplicationELB UnhealthyHostCount >= 1

C.

AWS/EC2 StatusCheckFailed <= 0

D.

AWS/EC2 StatusCheckFailed >= 1

Buy Now
Questions 9

A security officer has requested Ifial internet access be removed from subnets in a VPC. The subnets currently route internet-bound traffic to a NAT gateway. A SysOps administrator needs to remove this access while allowing access to Amazon S3.

Which solution will meet these requirements?

Options:

A.

Set up an internet gateway. Update the route table on the subnets to use the internet gateway to route traffic to Amazon S3

B.

Set up an S3 VPC gateway endpoint. Update the route table on the subnets to use the gateway endpoint to route traffic to Amazon S3.

C.

Set up additional NAT gateways in each Availability Zone. Update the route table on the subnets to use the NAT gateways to route traffic to Amazon S3.

D.

Set up an egress-only internet gateway. Update the route table on the subnets to use the egress-only internet gateway to route traffic to Amazon S3.

Buy Now
Questions 10

A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.

What should the sysops administrator do to prevent similar attacks?

Options:

A.

Install Amazon Inspector on the EC2 instances and configure a rules package Use the findings reports to identify and block SQL injection attacks.

B.

Modify the security group of the ALB Use the IP addresses from the logs to block the IP addresses where SQL injection originated.

C.

Create an AWS WAF web ACL in front of the ALB. Add an SQL injection rule to the web ACL Associate the web ACL to the ALB

D.

Enable Amazon GuardDuty in the AWS Region Use Amazon CloudWatch Events to trigger an AWS Lambda function response every time an SQL injection finding is discovered

Buy Now
Questions 11

A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.

What should a sysops administrator use to validate the calls mode to SQS?

Options:

A.

Amazon CloudWatch

B.

Amazon S3 server access logs

C.

AWS CloudTrail

D.

AWS Cost Explorer

Buy Now
Questions 12

A SysOps administrator must deploy a company's infrastructure as code (laC) The administrator needs to write a single template that can be reused for multiple environments in a safe, repeatable manner

How should the administrator meet this requirement by using AWS Cloud Formation?

Options:

A.

Use duplicate resource definitions for each environment selected based on conditions

B.

Use nested stacks to provision the resources

C.

Use parameter references and mappings for resource attributes

D.

Use AWS Cloud Formation StackSets to provision the resources

Buy Now
Questions 13

A SysOps administrator is running an automatically scaled application behind an Application Load Balancer. Scaling out Is triggered when the CPU Utilization instance metric is more than 75% across the Auto Scaling group. The administrator noticed aggressive scaling out. Developers suspect an application memory leak that is causing aggressive garbage collection cycles.

How can the administrator troubleshoot the application without triggering the scaling process?

Options:

A.

Create a scale down trigger when the CPUUtilization instance metric is at 70%.

B.

Delete the Auto Scaling group and recreate it when troubleshooting is complete

C.

Remove impacted instances from the Application Load Balancer.

D.

Suspend the scaling process before troubleshooting.

Buy Now
Questions 14

A SysOps Administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the Internet.

Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

Options:

A.

Add a NAT gateway to a public subnet

B.

Attach a private address to the elastic network interface on the EC2 instance

C.

Attach an Elastic IP address to the internet gateway

D.

Add an entry to the route table for the subnet that points to an internet gateway

E.

Create an internet gateway and attach it to a VPC

Buy Now
Questions 15

A SysOps Administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency alter a few minutes

What change should be made to alleviate the performance problem?

Options:

A.

Change the Amazon EBS volume to Provisioned lOPs

B.

Upgrade to a compute optimized instance

C.

Add additional t2 large instances to the application

D.

Purchase Reserved Instances

Buy Now
Questions 16

A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.

Which metric can be measured given the constraints? (Select Three)

Options:

A.

CPU Utilization

B.

Disk Read Operations

C.

Memory Utilization

D.

Network Packets In

E.

Network Packets Dropped

F.

CPU Ready Time

Buy Now
Questions 17

A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.

Which action should be taken to meet these requirements?

Options:

A.

Edit the template to remove the RDS resources and update the stack.

B.

Enable termination protection on the stack.

C.

Set the deletionPolicy attributes for RDS resources to retain in the template.

D.

Set the deletion-protection parameter on RDS resources.

Buy Now
Questions 18

A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.

What steps should be the Administrator take to complete this task?

Options:

A.

Select the AWS Namespace, filter by metric name, then add to the dashboard.

B.

Add a text widget, select the appropriate metric from the custom namespace, then add to the dashboard.

C.

Select the appropriate widget and metrics from the custom namespace, then add to the dashboard.

D.

Open the CloudWatch console, from the CloudWatch Events, add all custom metrics.

Buy Now
Questions 19

A SysOps administrator is implementing automated I/O load performance testing as part of lite continuous integraliorVcontinuous delivery (CI'CD) process for an application The application uses an Amazon Elastic Block Store (Amazon E8S) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.

Which actions could the SysOps administrator take to accomplish this goal? (Select TWO.)

Options:

A.

Restore the EBS volume from the snapshot with fast snapshot restore enabled

B.

Restore the EBS volume from the snapshot using the cold HDD volume type.

C.

Restore the EBS volume from the snapshot and pre-warm the volume by reading all of the blocks.

D.

Restore the EBS volume from the snapshot and configure encryption.

E.

Restore the EBS volume from the snapshot and configure I/O block sizes at random

Buy Now
Questions 20

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

Options:

A.

Create an AWS Lambda function K> look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

B.

Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

C.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.

D.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

Buy Now
Questions 21

A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the Administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the Administrator add to the route tables?

Options:

A.

Route ::/0 traffic to a NAT gateway

B.

Route ::/0 traffic to an internet gateway

C.

Route 0.0.0.0/0 traffic to an egress-only internet gateway

D.

Route ::/0 traffic to an egress-only internet gateway

Buy Now
Questions 22

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

Options:

A.

Enable the CloudTrail log file integrity check in AWS Config Rules.

B.

Use CloudWatch Events to scan log files hourly.

C.

Enable CloudTrail log file integrity validation.

D.

Turn on Amazon S3 MFA Delete for the CloudTrail bucket.

E.

Implement a DENY ALL bucket policy on the CloudTrail bucket.

Buy Now
Questions 23

Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user “arn:aws:iam::111111111111:user/application”. The following S3 bucket policy is in use:

How should a SysOps Administrator modify the S3 bucket policy to fix the issue?

Options:

A.

Change the “Effect” from “Allow” to “Deny”

B.

Change the “Action” from “s3:List*” to “s3:ListBucket”

C.

Change the “Resource” from “arn:aws:s3:::bucketname/*” to “arn:aws:s3:::bucketname”

D.

Change the “Principal” from “arn:aws:iam::111111111111:user/application” to “arn:aws:iam::111111111111: role/application”

Buy Now
Questions 24

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)

Options:

A.

Active AWS Budgets.

B.

Active cost allocation tags

C.

Create an organization using AWS Organization

D.

Create and apply resource tags

E.

enable AWS trusted advisor

Buy Now
Questions 25

A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.

Which actions will restore the objects? (Choose two.)

Options:

A.

Use the AWS Management Console to delete the object delete markers.

B.

Create a new lifecycle rule to delete the object delete markers that were created.

C.

Use the AWS CLI to delete the object delete markers while specifying the version IDs of the delete markers.

D.

Modify the existing lifecycle rule to delete the object delete markers that were created.

E.

Use the AWS CLI to delete the object delete markers while specifying the name of the objects only.

Buy Now
Questions 26

A company's application infrastructure was deployed using AWS CloudFormation and is composed of Amazon EC2 instances behind an Application Load Balancer. The instances run an EC2 Auto Scaling group across multiple Availability Zones. When releasing a new version of the application, the update deployment must avoid DNS changes and allow rollback.

Which solution should a sysops administrator use to meet the deployment requirements for this new release?

Options:

A.

Configure the Auto Scaling group to use lifecycle hooks. Deploy now instances with the new application version. Complete the lifecycle hook action once healthy.

B.

Create a new Amazon Machine Image (AMI) containing the updated code. Create a launch configuration with the AMI. Update Auto Scaling group to use the new lauch configuration.

C.

Deploy a second CloudFormation stack. Wait for the application to be available Cut over to the new Application Load Balancer

D.

Modify the CloudFormation template to use an AutoScalingReplacingUpdate policy. Update the stack. Perform a second update with the new release

Buy Now
Questions 27

A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1. A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage. Data will be replicated from the primary region to the secondary region. The Information Security team’s compliance requirements specify that all data must be encrypted and must not traverse the public internet.

How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?

Options:

A.

Configure EC2 instances to act as VPN appliances, then configure route tables.

B.

Configure inter-region VPC peering between the two VPCs, then configure route tables.

C.

Configure NAT gateways in both VPCs, then configure route tables.

D.

Configure an internet gateway in each VPC, and use these as the targets for the VPC route tables.

Buy Now
Questions 28

The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.

What should the SysOps Administrator do to provide near real-time compliance reporting?

Options:

A.

Enable AWS Trusted Advisor and show the Security team that the Security Groups unrestricted access check will alarm.

B.

Schedule an AWS Lambda function to run hourly to scan and evaluate all security groups, and send a report to the Security team.

C.

Use AWS Config to enable the restricted-common-ports rule, and add port 80 to the parameters.

D.

Use Amazon Inspector to evaluate the security groups during scans, and send the completed reports to the Security team.

Buy Now
Questions 29

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?

Options:

A.

Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances

B.

Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric

C.

Use a target tracking scaling policy based on the ALB’s ActiveConnectionCount metric

D.

Use a target tracking scaling policy based on the ALB’s RequestCountPerTarget metric

Buy Now
Questions 30

A company needs to run a distributed application that processes large amounts of data across multiple EC2 instances. The application is designed to tolerate processing interruptions.

What is the MOST cost-effective Amazon EC2 pricing model for these requirements?

Options:

A.

Dedicated Hosts

B.

On-Demand instances

C.

Reserved instances

D.

Spot instances

Buy Now
Questions 31

An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account. How can a SysOps administrator achieve this while maintaining the security of the application?

Options:

A.

Create an encrypted Amazon Machine Image (AMI) of the instance and make it public to allow the other account to search and launch an instance from it.

B.

Create an AMI of the instance, add permissions for the AMI to the other AWS account, and start a new instance in the new region by using that AMI.

C.

Create an AMI of the instance, copy the AMI to the new region, add permissions for the AMI to the other AWS account, and start the new instance.

D.

Create an encrypted snapshot of the instance and make it public Provide only permissions to decrypt to the other AWS account.

Buy Now
Questions 32

Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.

How can this be accomplished?

Options:

A.

Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.

B.

Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

C.

Send Cost and Usage Reports files to a central Amazon S3 bucket and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.

D.

Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.

Buy Now
Questions 33

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.

Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)

Options:

A.

Attach a NAT gateway to the VPC and configure routing

B.

Attach a virtual private gateway to the VPC and configure routing

C.

Attach an internet gateway to the VPC and configure routing

D.

Configure a VPN connection back to the corporate office.

E.

Configure an Application Load Balancer in front of the EC2 instances

Buy Now
Questions 34

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?

Options:

A.

Change the root user password by using the AWS CLI routinely.

B.

Periodically use the AWS CLI to rotate access keys and secret keys for the root user.

C.

Use AWS Trusted Advisor security checks to review the configuration of the root user.

D.

Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.

Buy Now
Questions 35

A company is operating a multi-account environment under a single organization using AWS Organizations. The Security team discovers that some employees are using AWS services in ways that violate company policies. A SysOps Administrator needs to prevent all users of an account, including the root user, from performing certain restricted actions.

What should be done to accomplish this?

Options:

A.

Apply service control policies (SCPs) to allow approved actions only

B.

Apply service control policies (SCPs) to prevent restricted actions

C.

Define permissions boundaries to allow approved actions only

D.

Define permissions boundaries to prevent restricted actions

Buy Now
Questions 36

A company's Marketing department generates gigabytes of assets each day and stores them locally. They would like to protect the files by backing them up to AWS All the assets should be stored on the cloud but the most recent assets should be available locally for tow latency access

Which AWS service meets the requirements?

Options:

A.

Amazon EBS

B.

Amazon EFS

C.

Amazon S3

D.

AWS Storage Gateway

Buy Now
Questions 37

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead''

Options:

A.

Create a role for each department within AWS 1AM and assign each role the necessary permissions.

B.

Create a user for each department within AWS 1AM and assign each user the necessary permissions.

C.

Implement service control policies within AWS Organizations to determine which resources each department can access

D.

Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

Buy Now
Questions 38

A SysOps Administrator at an ecommerce company discovers that several 404 errors are being sent to one IP address every minute. The Administrator suspects a bot is collecting information about products listed on the company’s website.

Which service should be used to block this suspected malicious activity?

Options:

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWS Shield Standard

D.

AWS WAF

Buy Now
Questions 39

The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.

Which action should a SysOps Administrator take to accomplish this?

Options:

A.

Add each existing account to the central organization using AWS IAM.

B.

Create a new organization in each account and join them to the central organization.

C.

Log in to each existing account an add them to the central organization.

D.

Send each existing account an invitation from the central organization.

D18912E1457D5D1DDCBD40AB3BF70D5D

Buy Now
Exam Code: SOA-C01
Exam Name: AWS Certified SysOps Administrator - Associate
Last Update: Jun 15, 2025
Questions: 263
SOA-C01 pdf

SOA-C01 PDF

$29.75  $84.99
 Add to Cart
SOA-C01 Engine

SOA-C01 Testing Engine

$35  $99.99
 Add to Cart
SOA-C01 PDF + Engine

SOA-C01 PDF + Testing Engine

$47.25  $134.99
 Add to Cart