SOA-C01 Exam Dumps Update, Which Is Real Exam Material

On By passitdump

The updated SOA-C01 exam dumps are the real preparation material for your AWS Certified SysOps Administrator – Associate (SOA-C01) exam. PassITDump updated the SOA-C01 exam dumps to help you prepare for the SOA-C01 exam. To get the latest preparation materials – PassITDump SOA-C01 exam dumps.

These questions are from SOA-C01 free dumps. All questions in SOA-C01 dumps are from the latest SOA-C01 real exams.

Question 1:

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block

B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Correct Answer: B

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

Question 2:

When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit? (Choose three.)

A. Gather evidence of your IT operational controls

B. Request and obtain applicable third-party audited AWS compliance reports and certifications

C. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review

D. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system\’s Instances and endpoints

E. Schedule meetings with AWS\’s third-party auditors to provide evidence of AWS compliance that maps to your control objectives

Correct Answer: ABD

Question 3:

You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?

A. Ensure the application instances are properly configured with an Elastic Load Balancer

B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled

C. Ensure the application instances are launched in public subnets with the associate-public-IPaddress=true option enabled

D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Correct Answer: D

Explanation:

Bandwidth literally means network not IO Bandwidth. Having alerts to scale the Autoscaling is most

sophisticated option.

Question 4:

You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading

data Into Amazon S3 In the same region.

How do you remedy this situation?

A. Add an additional ENI

B. Change to a larger Instance

C. Use DirectConnect between EC2 and S3

D. Use EBS PIOPS on the local volume

Correct Answer: B

Explanation:

https://media.amazonwebservices.com/AWS_Amazon_EMR_Best_Practices.pdf

Question 5:

When attached to an Amazon VPC, which two components provide connectivity with external networks? (Choose two.)

A. Elastic IPS (EIP)

B. NAT Gateway (NAT)

C. Internet Gateway {IGW)

D. Virtual Private Gateway (VGW)

Correct Answer: CD

Question 6:

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well. Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks. Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.

What should you do to avoid potential service disruptions during the ramp up in traffic?

A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches

B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.

C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign

D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

Correct Answer: D

Explanation:

Amazon ELB is able to handle the vast majority of use cases for our customers without requiring “prewarming” (configuring the load balancer to have the appropriate level of capacity based on

expected traffic).

Reference:

https://aws.amazon.com/articles/1636185810492479#pre-warming

Question 7:

You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that

instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check,

but these unhealthy instances are not being terminated.

What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and

replaced?

A. Change the thresholds set on the Auto Scaling group health check

B. Add an Elastic Load Balancing health check to your Auto Scaling group

C. Increase the value for the Health check interval set on the Elastic Load Balancer

D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

Correct Answer: A

Question 8:

Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options? (Choose two.)

A. Amazon S3

B. Amazon RDS

C. Amazon EBS

D. Amazon Red shift

Correct Answer: BD

By default, and at no additional charge, Amazon RDS enables automated backups of your DB Instance

with a 1-day retention period.

By default, Amazon Redshift enables automated backups of your data warehouse cluster with a 1-day

retention period.

Question 9:

Which of the following are characteristics of Amazon VPC subnets? (Choose two.)

A. Each subnet maps to a single Availability Zone

B. A CIDR block mask of /25 is the smallest range supported

C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.

D. By default, all subnets can route between each other, whether they are private or public

E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment

Correct Answer: AD

“Each subnet must reside entirely within one Availability Zone and cannot span zones.”

“Every subnet that you create is automatically associated with the main route table for the VPC.”

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Question 10:

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request?

A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role

B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data

C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group

D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Correct Answer: A

Explanation: Creates an IAM role is always the best practice to give permissions to EC2 instances in order to interact with other AWS services

Question 11:

When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?

A. Data is automatically saved as an E8S volume.

B. Data is automatically saved as an ESS snapshot.

C. Data is automatically deleted.

D. Data is unavailable until the instance is restarted.

Correct Answer: C

Explanation:

We recommend that you use AMIs backed by Amazon EBS, because they launch faster and use

persistent storage.

Reference:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html#choose-an-ami-by-rootdevice

Question 12:

The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company\’s existing application user management processes. What option would you implement to successfully launch this application1?

A. Create a second, independent LOAP server in AWS for your application to use for authentication

B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers

C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication

D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

Correct Answer: C

Explanation:

Create read replica(RODC) of main LDAP server so that LDAP read replica or RODC can authenticate

with application locally.

Creating new domain and trust relationship would require lot of work and changes in exiting ldap

configuration so D cannot be answer here.

Question 13:

You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80. Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW\’EIP. NACLs etc) are properly configured {and you haven\’t made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows “impaired.” Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?

A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the “impaired” system status

B. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the \’impaired” system status

C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the “impaired” system status.

D. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the “impaired” system status

E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working properly, causing the “impaired” system status

Correct Answer: A

Question 14:

What is a placement group?

A. A collection of Auto Scaling groups in the same Region

B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections

C. A collection of Elastic Load Balancers in the same Region or Availability Zone

D. A collection of authorized Cloud Front edge locations for a distribution

Correct Answer: B

Question 15:

Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application. Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else? If so how?

A. No, two instances in two different AZ\’s can\’t talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundaries

B. Yes, both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP

C. Yes, the security group for the monitoring instance needs to allow outbound ICMP and the application instance\’s security group needs to allow Inbound ICMP

D. Yes, both the monitoring instance\’s security group and the application instance\’s security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol

Correct Answer: C

Explanation:

Even though ICMP is not a connection-oriented protocol, Security Groups are stateful. “Security groups

are stateful — responses to allowed inbound traffic are allowed to flow outbound

regardless of outbound rules, and vice versa”.

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html