Become an AWS Certified SysOps Administrator Associate to demonstrate your knowledge of AWS deployment, administration, and operations. This post contains ten practice questions that were created following a comprehensive examination of the test blueprint and analysis of exam expectations. Try them out to see whether you’re prepared for the real thing!
Further Reading:
QUESTION 1
An ecommerce company uses an Amazon ElastiCache for memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the sysops administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Select Two)
A. Add an additional node to the ElasticCache cluster.
B. Increase the ElastiCache time to the live (TTL).
C. Increase the individual node size inside the ElasiCache cluster.
D. Put an Elastic load Balancer in front of the ElasticCache cluster.
E. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.
Correct Answer: AC
QUESTION 2
A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?
A. The warm-up period has not expired
B. The instances are still in the boot process
C. The instances have not been attached to the Auto Scaling group
D. The instances are included in a different set of metrics
Correct Answer: B
QUESTION 3
A SysOps administrator is managing a VPC network consisting of public and private subnets. Instances in the pnvate subnets access the internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creating the most network traffic.
How should this be accomplished?
A. Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses.
B. Run an AWS Cost and Usage report and group the findings by instance ID.
C. Use the VPC traffic mirroring feature to send traffic to Amazon QuickSight.
D. Use Amazon CloudWatch metrics generated by the NAT gateway for each individual instance.
Correct Answer: A
QUESTION 4
An application is running on multiple EC2 instances. As part of an initiative to improve overall infrastructure security, the EC2 instances were moved to a private subnet. However, since moving, the EC2 instances have not been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely.
Which two actions could the Administrator take to securely resolve these issues? (Choose two.)
A. Set up a bastion host in a public subnet, and configure security groups and route tables accordingly.
B. Set up a bastion host in the private subnet, and configure security groups accordingly.
C. Configure a load balancer in a public subnet, and configure the route tables accordingly.
D. Set up a NAT gateway in a public subnet, and change the private subnet route tables accordingly.
E. Set up a NAT gateway in a private subnet, and ensure that the route tables are configured accordingly.
Correct Answer: AD
QUESTION 5
A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.
Which AWS tool will provide the necessary information?
A. AWS Macie
B. AWS Artifact
C. AWS OpsWorks
D. AWS Organizations
Correct Answer: B
QUESTION 6
Which command must be present in a Cisco device configuration to enable the device to resolve an FQDN?
A. ip domain-name
B. ip domain-lookup
C. ip host
D. ip name-server
Correct Answer: B
QUESTION 7
A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.
How can a sysops administrator achieve this is with the LEAST amount of operational overhead?
A. Store AWS CloudTrail logs in Amazon S3 in each account Create a new account to store compliance data and replicate the objects into the newly created account
B. Store AWS CloudTrail logs in Amazon S3 in each account. Create an IAM user with read-only access to the CloudTrail logs
C. From the master account create an organization trail using AWS CloudTrail and apply it to all Regions Use 1AM roles to restrict access.
D. Use an AWS CloudFormation stack set to create an AWS CloudTrail trail in every account and restrict permissions to modify the logs
Correct Answer: C
QUESTION 8
A company has an application database on Amazon RDS that runs a resource-intensive reporting job. This is causing other applications using the database to run slowly What should the SysOps Administrator do to resolve this issue?
A. Create Amazon RDS backups
B. Create Amazon RDS read replicas to run the report
C. Enable Multi-AZ mode on Amazon RDS
D. Use Amazon RDS automatic host replacement
Correct Answer: B
QUESTION 9
A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach
How can the administrator accomplish this with the LEAST administrative overhead?
A. Use Amazon CloudFront to log the URL and forward the request
B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request
C. Use a Network Load Balancer (NLB) and do path-based routing
D. Use an Application Load Balancer (ALB) and do path-based routing
Correct Answer: D
QUESTION 10
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months
What is the process to rotate the key?
A. Enable automatic key rotation tor the CMK and specify a period of 6 months
B. Create a new CMK with new imported material and update the key alias to point to the new CMK
C. Delete the current key material and import new material into the existing CMK
D. Import a copy of the existing key material into a new CMK as a backup and set the rotation schedule for 6 months
Correct Answer: A
Conclusion
You put your confidence in SPOTO for SOA-C01 practice test and get the best results possible. Additionally, you won’t have to worry about obsolete information because we offer free AWS dumps updates throughout your subscription!
In addition, the Back to School Sale is only valid for this week! To better prepare for the future, buy now.
Comments