Amazon SOA-C02 AWS Certified SysOps Administrator – Associate (SOA-C02) Free Practice Test — 30 Questions

Question 1

In a multi-account AWS environment, a company has implemented AWS Identity and Access Management (IAM) to manage user permissions across different accounts. The security team needs to ensure that developers can access specific resources in the production account without granting them full administrative privileges. They decide to create a role that allows developers to assume it when they need access. What is the most effective way to implement this role while ensuring that the principle of least privilege is maintained?

Accepted Answer

Create an IAM role in the production account with permissions limited to the specific resources needed by developers and allow developers from the development account to assume this role using a trust policy.

Question 2

A financial services company is implementing Multi-Factor Authentication (MFA) to enhance the security of its online banking platform. The company decides to use a combination of something the user knows (a password), something the user has (a mobile device for receiving a one-time password), and something the user is (biometric verification). During a security audit, it is discovered that the implementation of MFA has reduced unauthorized access attempts by 75%. If the company initially experienced 400 unauthorized access attempts per month, how many unauthorized access attempts are expected after the implementation of MFA?

Accepted Answer

100 attempts

Question 3

A company is deploying a web application on AWS that requires high availability and fault tolerance. They decide to use an Application Load Balancer (ALB) to distribute incoming traffic across multiple EC2 instances in different Availability Zones (AZs). The application is expected to handle a peak load of 10,000 requests per minute. Each EC2 instance can handle 200 requests per minute before reaching its maximum capacity. Given this scenario, how many EC2 instances should the company provision to ensure that the application can handle the peak load while maintaining a buffer for fault tolerance?

Accepted Answer

50 instances

Question 4

A company is implementing a new cloud-based application that will significantly alter its existing IT infrastructure. The change management team has been tasked with ensuring that the transition is smooth and minimizes disruption. As part of the change management process, they need to evaluate the potential impact of this change on various stakeholders, including employees, customers, and third-party vendors. Which of the following steps should the change management team prioritize to effectively manage this transition?

Accepted Answer

Conduct a comprehensive impact assessment to identify risks and benefits associated with the change.

Question 5

A company is deploying a web application that handles sensitive customer data. To enhance security, they decide to implement a Web Application Firewall (WAF) with specific rules to mitigate common threats such as SQL injection and cross-site scripting (XSS). The WAF is configured to log all requests that match certain patterns. During a security audit, the team discovers that legitimate traffic is being blocked due to overly restrictive rules. To address this, they need to adjust the WAF rules without compromising security. Which approach should they take to effectively refine the WAF rules while maintaining robust protection against threats?

Accepted Answer

Implement a rule set that uses positive security models to allow only known good traffic while continuously monitoring and adjusting based on legitimate traffic patterns.

Question 6

A company is analyzing the performance of its web application, which serves a global audience. They have collected response time data from various geographical regions and want to determine the distribution type of the response times to optimize their content delivery network (CDN). The response times (in milliseconds) are as follows: 50, 52, 53, 54, 55, 55, 56, 57, 58, 60, 62, 65, 70, 75, 80. Based on this data, which distribution type is most likely to represent the response times, considering the characteristics of the data and the implications for CDN optimization?

Accepted Answer

Normal Distribution

Question 7

A company is evaluating its cloud spending and is considering the use of Reserved Instances (RIs) and Savings Plans to optimize costs. They currently have a steady workload that requires 10 m5.large instances running continuously throughout the year. The on-demand pricing for an m5.large instance in the US East (N. Virginia) region is $0.096 per hour. The company is considering a one-year Standard Reserved Instance for the same instance type, which offers a 40% discount compared to on-demand pricing. Additionally, they are looking at a Compute Savings Plan that provides a 30% discount on the same instance type but requires a commitment to a minimum spend of $500 per month. If the company opts for the Standard Reserved Instance, what will be their total cost for the year, and how does this compare to the total cost if they choose the Compute Savings Plan?

Accepted Answer

$67,392 for Reserved Instances; $62,400 for Savings Plan

Question 8

A company operates an e-commerce platform that experiences significant traffic fluctuations throughout the week. To optimize costs and performance, the operations team decides to implement scheduled scaling for their Amazon EC2 Auto Scaling group. They plan to increase the instance count from 5 to 15 during peak hours (from 6 PM to 10 PM) and decrease it back to 5 during off-peak hours (from 10 PM to 6 PM). If the scaling policy is set to execute at the specified times, what will be the total number of EC2 instances running during the peak hours if the scaling action is executed precisely at 6 PM and the instances take 10 minutes to launch?

Accepted Answer

15

Question 9

A company is deploying a web application that experiences fluctuating traffic patterns throughout the day. They want to ensure that their application remains highly available and can handle sudden spikes in user requests without degrading performance. The application is hosted on multiple EC2 instances behind an Application Load Balancer (ALB). The company is considering implementing sticky sessions to improve user experience. What is the primary consideration they should keep in mind when using sticky sessions with their ALB?

Accepted Answer

Sticky sessions can lead to uneven load distribution among the EC2 instances.

Question 10

A company has implemented AWS Backup to manage backups for its Amazon RDS databases. The company has two RDS instances: one running MySQL and the other running PostgreSQL. The backup policy is set to create daily backups, retain them for 30 days, and perform weekly full backups every Sunday. If the company needs to restore the MySQL database to a point in time exactly 10 days ago, which of the following statements accurately describes the process and considerations involved in this restoration?

Accepted Answer

The company can restore the MySQL database to the desired point in time using the automated backups, as they are retained for 30 days and include transaction logs for point-in-time recovery.

Question 11

A company is managing a fleet of EC2 instances across multiple regions and needs to ensure that all instances are up to date with the latest security patches. They decide to implement AWS Systems Manager Patch Manager to automate the patching process. The company has a mix of Windows and Linux instances, and they want to schedule the patching to minimize downtime. They also need to ensure compliance with their internal security policies, which require that all critical patches are applied within 48 hours of release. Given this scenario, which of the following strategies would best ensure that the company meets its patching requirements while minimizing operational impact?

Accepted Answer

Create a patch baseline that includes all critical patches and configure Patch Manager to automatically apply these patches to the instances every 24 hours, using maintenance windows to control when the patches are applied.

Question 12

A company is planning to deploy a multi-region application on AWS to ensure high availability and low latency for users across different geographical locations. They are considering using AWS Regions and Availability Zones effectively. If the company has users primarily in North America and Europe, which architectural strategy should they adopt to optimize performance and resilience?

Accepted Answer

Deploy the application in two separate AWS Regions, one in North America and one in Europe, utilizing multiple Availability Zones in each Region for redundancy.

Question 13

A company is using the AWS CLI to automate the deployment of its applications across multiple regions. The deployment script needs to retrieve the latest version of an Amazon S3 bucket and then copy that version to a different bucket in another region. The script must also ensure that the copied object retains the same metadata as the original. Which command sequence should the script use to achieve this while ensuring that the operations are performed efficiently and correctly?

Accepted Answer

`aws s3 cp s3://source-bucket/latest-version s3://destination-bucket/ --metadata-directive REPLACE`

Question 14

A company is implementing a new cloud-based application that will significantly alter its existing IT infrastructure. The change management team is tasked with ensuring that this transition is smooth and minimizes disruption. They decide to conduct a risk assessment to identify potential issues that could arise during the implementation. Which of the following steps should be prioritized in the change management process to effectively manage risks associated with this transition?

Accepted Answer

Conducting a thorough impact analysis to understand how the change will affect existing systems and processes.

Question 15

A company has implemented AWS CloudTrail to monitor API calls made within their AWS account. They have configured CloudTrail to log events in a specific S3 bucket. The security team wants to ensure that they can detect any unauthorized access attempts to their AWS resources. They are particularly interested in identifying any changes made to IAM policies and roles. Which of the following configurations would best enable the security team to achieve their goal of monitoring unauthorized access attempts effectively?

Accepted Answer

Enable CloudTrail to log both management and data events, and configure the S3 bucket to trigger an SNS notification for any changes to IAM policies and roles.

Question 16

A company is using AWS Systems Manager Patch Manager to automate the patching of its EC2 instances. The organization has a mix of Windows and Linux instances across multiple regions. They want to ensure that all instances are patched according to their compliance requirements, which specify that critical patches must be applied within 24 hours of release, while non-critical patches can be applied within 7 days. The company has set up a maintenance window for patching every Sunday at 2 AM UTC. If a critical patch is released on a Friday at 3 PM UTC, what is the latest time the patch can be applied to remain compliant with the organization\'s requirements?

Accepted Answer

Sunday at 2 AM UTC

Question 17

A company is deploying a web application that handles sensitive customer data and is required to comply with PCI DSS regulations. They are considering implementing a Web Application Firewall (WAF) to protect against common web vulnerabilities. The security team is tasked with defining WAF rules to mitigate risks associated with SQL injection and cross-site scripting (XSS) attacks. Given the following scenarios, which rule configuration would best enhance the security posture of the application while ensuring compliance with PCI DSS?

Accepted Answer

Implement a rule that blocks requests containing SQL keywords such as "SELECT", "UNION", and "DROP" in the query string and headers, while also sanitizing user inputs to remove any script tags or event handlers.

Question 18

A company is deploying a web application using AWS OpsWorks and needs to ensure that the application can scale based on demand. The application consists of a front-end web server, a back-end application server, and a database. The company wants to implement a solution that automatically adjusts the number of instances based on the load. Which approach should the company take to achieve this?

Accepted Answer

Use AWS OpsWorks to create a stack with Auto Scaling enabled for the application layer.

Question 19

A company is deploying a new application that requires high availability and low latency for its users distributed across multiple geographic regions. They decide to implement an AWS Network Load Balancer (NLB) to manage incoming traffic. The application is expected to handle a peak load of 10,000 requests per second (RPS). Each request takes an average of 50 milliseconds to process. Given this scenario, what is the minimum number of NLB targets required to ensure that the application can handle the peak load without exceeding a target latency of 100 milliseconds per request?

Accepted Answer

5 targets

Question 20

A company is evaluating its cloud spending and is considering the use of Reserved Instances (RIs) and Savings Plans to optimize costs. They currently run a mix of on-demand and reserved instances across multiple regions. The company anticipates a steady increase in usage over the next three years. If they commit to a 3-year term for a Standard Reserved Instance at a 30% discount compared to on-demand pricing, and their current monthly on-demand cost is $10,000, what will be their total cost over the three years if they choose the Reserved Instance option? Additionally, how does this compare to a Savings Plan that offers a 20% discount for the same duration?

Accepted Answer

$252,000

Question 21

A company is planning to implement a new deployment policy for its applications hosted on AWS. The policy requires that all deployments must be rolled back automatically if they fail, and that the system must maintain a record of all deployment attempts for auditing purposes. The company also wants to ensure that the deployment process does not exceed a maximum downtime of 5 minutes. Which of the following strategies best aligns with these requirements while ensuring compliance with AWS best practices?

Accepted Answer

Implement AWS CodeDeploy with automatic rollback configurations and enable CloudTrail for logging deployment events.

Question 22

A company is running a web application on AWS that experiences fluctuating traffic patterns. The application is currently hosted on an EC2 instance with 4 vCPUs and 16 GB of RAM. During peak hours, the application requires 80% of the CPU and 70% of the memory. However, during off-peak hours, the resource utilization drops to 20% CPU and 10% memory. The company wants to optimize costs by right-sizing their resources. If the company decides to switch to a smaller instance type that provides 2 vCPUs and 8 GB of RAM, what would be the expected impact on performance during peak hours, and what alternative strategy could be employed to maintain performance while reducing costs?

Accepted Answer

The smaller instance will likely lead to performance degradation during peak hours; implementing Auto Scaling could help manage resource allocation dynamically.

Question 23

A financial services company is implementing AWS Key Management Service (KMS) to manage encryption keys for sensitive customer data. They have a requirement to ensure that keys are rotated automatically every year and that access to these keys is strictly controlled. The company also needs to comply with regulatory standards that mandate logging of all key usage for auditing purposes. Which of the following configurations would best meet these requirements while ensuring optimal security and compliance?

Accepted Answer

Enable automatic key rotation for the KMS keys, set up IAM policies to restrict access to the keys based on user roles, and enable AWS CloudTrail to log all KMS key usage events.

Question 24

A company is experiencing high latency issues when serving static content from its web application hosted on AWS. To improve performance, the company decides to implement Amazon CloudFront as a content delivery network (CDN). They have a dynamic web application that generates personalized content for users. Which caching strategy should the company adopt to ensure that the personalized content is served efficiently while minimizing cache misses?

Accepted Answer

Use cache invalidation to remove outdated content and set a short Time-to-Live (TTL) for personalized content.

Question 25

A company is deploying a multi-tier application using AWS CloudFormation. The architecture consists of a web tier, an application tier, and a database tier. The web tier needs to scale based on incoming traffic, while the application tier requires a fixed number of instances. The database tier should be deployed in a Multi-AZ configuration for high availability. Which of the following CloudFormation resources should be used to achieve this architecture effectively?

Accepted Answer

AWS::AutoScaling::AutoScalingGroup for the web tier, AWS::EC2::Instance for the application tier, and AWS::RDS::DBInstance for the database tier

Question 26

A company is using Amazon RDS for its production database, which is critical for its operations. The database is set to perform automated backups every day at 2 AM UTC. The company has a retention period of 14 days for these backups. If the company needs to restore the database to its state as of 5 days ago, which of the following statements accurately describes the process and implications of this restoration?

Accepted Answer

The company can restore the database to its state from 5 days ago using the automated backup taken at 2 AM UTC on that day, and the restoration will overwrite the current database state.

Question 27

A company is implementing a new cloud-based application that processes sensitive customer data. To ensure compliance with the General Data Protection Regulation (GDPR), the company must establish a data protection strategy that includes encryption, access controls, and regular audits. Which of the following strategies best aligns with GDPR requirements for protecting personal data in this scenario?

Accepted Answer

Implementing end-to-end encryption for data at rest and in transit, restricting access to authorized personnel only, and conducting quarterly audits of data access logs.

Question 28

A company is deploying a multi-tier web application using AWS OpsWorks. The application consists of a front-end layer, a back-end layer, and a database layer. The company wants to ensure that the application scales automatically based on the load. They decide to use OpsWorks Stacks to manage their application. Which of the following configurations would best enable automatic scaling for the application while ensuring that each layer can be independently managed and updated?

Accepted Answer

Create separate OpsWorks stacks for each layer of the application and configure Auto Scaling for each stack based on CloudWatch metrics.

Question 29

A company is using the AWS CLI to automate the deployment of its applications across multiple regions. They need to ensure that their deployment scripts can dynamically select the appropriate AWS region based on the environment (development, testing, production). The company has set up a configuration file that specifies the default region but wants to override this setting based on the environment variable. Which command should they use to achieve this dynamic region selection in their deployment scripts?

Accepted Answer

`aws configure set region $ENVIRONMENT_REGION`

Question 30

A company is experiencing performance issues with its Amazon Elastic Block Store (EBS) volumes. They have a critical application that requires a minimum of 1000 IOPS (Input/Output Operations Per Second) for optimal performance. The current EBS volume is a General Purpose SSD (gp2) type, which provides 3 IOPS per GiB of storage. If the company has allocated 200 GiB to this volume, what is the maximum IOPS they can achieve with the current configuration, and what steps should they take to meet the performance requirement?

Accepted Answer

Increase the volume size to at least 334 GiB or switch to a Provisioned IOPS SSD (io1) volume type.

Amazon SOA-C02 AWS Certified SysOps Administrator – Associate (SOA-C02) Free Practice Test — 30 Questions

A lot more is already mapped out

About the Amazon SOA-C02 AWS Certified SysOps Administrator – Associate (SOA-C02) Certification