100% Updated Amazon SOA-C02 Enterprise PDF Dumps [Q176-Q194]

100% Updated Amazon SOA-C02 Enterprise PDF Dumps

Use Valid Exam SOA-C02 by ValidVCE Books For Free Website

The SOA-C02 exam consists of multiple-choice and multiple-response questions, and it is available in both English and Japanese languages. SOA-C02 exam duration is 130 minutes, and the passing score is 720 out of 1000. SOA-C02 exam fee is $150 USD, and it can be taken at any Pearson VUE testing center worldwide.

 

NEW QUESTION # 176
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.
Which solution will meet these requirements?

• A. Purchase RIs in individual member accounts. Disable Rl discount sharing in the member accounts.
• B. Purchase RIs in the management account. Disable Rl discount sharing in the management account.
• C. Purchase RIs in the management account. Disable Rl discount sharing in the member accounts.
• D. Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.

Answer: D

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/ RI discounts apply to accounts in an organization's consolidated billing family depending upon whether RI sharing is turned on or off for the accounts. By default, RI sharing for all accounts in an organization is turned on. The management account of an organization can change this setting by turning off RI sharing for an account. The capacity reservation for an RI applies only to the account the RI was purchased on, no matter whether RI sharing is turned on or off.

NEW QUESTION # 177
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

• A. Configure Amazon Cognito to detect any compromised 1AM credentials.
• B. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.
• C. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
• D. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.

Answer: C

NEW QUESTION # 178
A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure.
What is the MOST operationally efficient solution that meets these requirements?

• A. Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance failure, restore the EBS volume from a snapshot.
• B. Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.
• C. Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.
• D. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.

Answer: A

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html

NEW QUESTION # 179
A company applies user-defined tags to resources that are associated with me company's AWS workloads Twenty days after applying the tags, the company notices that it cannot use re tags to filter views in the AWS Cost Explorer console.
What is the reason for this issue?

• A. The company has not created a usage budget in AWS Budgets
• B. The company has not activated the user-defined tags for cost allocation.
• C. The company has not created an AWS Cost and Usage Report
• D. It lakes at least 30 days to be able to use tags to filter views in Cost Explorer.

Answer: B

NEW QUESTION # 180
A SysOps administrator is troubleshooting a VPC with public and private subnets that leverage custom network ACLs. Instances in the private subnet are unable to access the internet. There is an internet gateway attached to the public subnet. The private subnet has a route to a NAT gateway that is also attached to the public subnet. The Amazon EC2 instances are associated with the default security group for the VPC.
What is causing the issue in this scenario?

• A. The default security group for the VPC blocks all inbound traffic to the EC2 instances.
• B. There is no NAT gateway deployed in the private subnet of the VPC.
• C. There is a network ACL on the private subnet set to deny all outbound traffic.
• D. The default security group for the VPC blocks all outbound traffic from the EC2 instances.

Answer: C

Explanation:
Network ACLs (Access Control Lists) are stateless and operate at the subnet level. If there is a network ACL on the private subnet that is configured to deny all outbound traffic, it would prevent instances in the private subnet from accessing the internet through the NAT gateway.

NEW QUESTION # 181
Accompany wants to monitor the number of Amazon EC2 instances that it is running. The company also wants to automate a service quota increase when the number of instances reaches a specific threshold.
Which solution meets these requirements?

• A. Create an Amazon CloudWatch alarm to monitor AWS Trusted Advisor service quotas. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to increase the quota.
• B. Create an Amazon CloudWatch alarm to monitor Service Quotas. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.
• C. Create an AWS Config rule to monitor Service Quotas. Call an AWS Lambda function to remediate the action and increase the quota.
• D. Create an Amazon CloudWateh alarm to monitor the AWS Health Dashboard. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.

Answer: B

Explanation:
SNS cannot request a service limit increase, however CloudWatch can trigger an AWS Lambda function to automatically request a quota increase.

NEW QUESTION # 182
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data.
Members of the company's geographically dispersed sales team are traveling.
They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory.
The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirement?

• A. Deploy an Amazon Cognito user pool.
  Configure Active Directory as an external identity provider for the user pool.
  Enable Amazon Cognito authentication for Kibana on Amazon ES.
• B. Configure Active Directory as an authentication provider in Amazon ES.
  Add the Active Directory server's domain name to Amazon ES.
  Configure Kibana to use Amazon ES authentication.
• C. Establish a trust relationship with Kibana on the Active Directory server.
  Enable Active Directory user authentication in Kibana.Add the Active Directory server's IP address to Kibana.
• D. Enable Active Directory user authentication in Kibana.
  Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.

Answer: A

Explanation:
https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-usingaws- singlesign-on/

NEW QUESTION # 183
A company must migrate its applications to AWS. The company is using Chef recipes for configuration management.
The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS.
What is the MOST operationally efficient solution that meets these requirements?

• A. Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.
• B. Use AWS CloudFormation to create a stack and add layers for Chef recipes.
• C. Use AWS OpsWorks to create a stack and add layers with Chef recipes.
• D. Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chef recipes.

Answer: C

Explanation:
https://docs.aws.amazon.com/opsworks/latest/userguide/welcome_opscm.html

NEW QUESTION # 184
A data storage company provides a service that gives users the ability to upload and download files as needed. The files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently during the first 30 days after the files are stored. Users rarely access files after 30 days.
The company's SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object availability and minimizes cost.
Which solution will meet these requirements?

• A. Move objects to S3 Glacier after 30 days.
• B. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
• C. Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
• D. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.

Answer: B

Explanation:
Reference:
https://aws.amazon.com/s3/storage-classes/

NEW QUESTION # 185
A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)

• A. Change to the least outstanding requests algorithm on the ALB target group.
• B. Configure cookie forwarding in the CloudFront distribution cache behavior.
• C. Configure header forwarding in the CloudFront distribution cache behavior.
• D. Enable sticky sessions on the ALB target group.
• E. Enable group-level stickiness on the ALB listener rule.

Answer: B,D

NEW QUESTION # 186
A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances.
Which additional action must the SysOps administrator perform to meet this requirement?

• A. Attach an 1AM instance profile with access to Systems Manager to the instances.
• B. Manually specify the instances to patch Instead of using tag-based selection.
• C. Add an inbound rule to the instances' security group.
• D. Create a Systems Manager activation Then activate the fleet of instances.

Answer: C

NEW QUESTION # 187
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website's apex domain name (for example,
"company.com") to the Application Load Balancer?

• A. TXT
• B. ALIAS
• C. SOA
• D. CNAME

Answer: B

NEW QUESTION # 188
A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times.
Which deployment policies satisfy this requirement? (Select TWO.)

• A. All at once
• B. Immutable
• C. Rolling
• D. Rebuild
• E. Rolling with additional batch

Answer: B,E

Explanation:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

NEW QUESTION # 189
A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.
Which AWS service will mitigate this issue?

• A. Amazon Cognito
• B. AWS WAF
• C. AWS Shield Standard
• D. Elastic Load Balancing

Answer: C

NEW QUESTION # 190
A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

What should be added to the private subnet's route table in order to address this issue, given the information provided?

• A. 10.0.1.0/24 NAT
• B. 0.0.0.0/0 NAT
• C. 0.0.0.0/0 IGW
• D. 10.0.1.0/24 IGW

Answer: B

NEW QUESTION # 191
A SysOps administrator has created a VPC that contains a public subnet and a private subnet.
Amazon EC2 instances that were launched in the private subnet cannot access the internet.
The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:
Which solution will provide the EC2 instances in the private subnet with access to the internet?

• A. Create a NAT gateway in the private subnet.Create a route f om the private subnet to the NAT gateway.
• B. Create a NAT gateway in the public subnet.
  Create a route from the private subnet to the NAT gateway.
• C. Create a NAT gateway in the private subnet.
  Create a route from the public subnet to the NAT gateway.
• D. Create a NAT gateway in the public subnet.
  Create a route from the public subnet to the NAT gateway.

Answer: B

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

NEW QUESTION # 192
Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.
To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:

What is the reason for the rejected traffic?

• A. The security group of the EC2 instances has no Allow rule for the traffic from the NLB.
• B. The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.
• C. The ACL of the on-premises environment does not allow traffic to the AWS environment.
• D. The security group of the NLB has no Allow rule for the traffic from the on-premises environment.

Answer: A

NEW QUESTION # 193
Lab Simulation 3
You want to update an existing AWS CloudFormation stack. If needed, a copy of the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket
1. Use the us-east-2 Region for all resources.
2. Unless specified below, use the default configuration settings.
3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:
a) Change the EC2 instance type to us-east-t2.nano.
b) Allow SSH to connect to the EC2 instance from the IP address range 192.168.100.0/30.
c) Replace the instance profile IAM role with IamRoleB.
4. Deploy the changes by updating the stack using the CFServiceR01e role.
5. Edit the stack options to prevent accidental deletion.
6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Answer:

Explanation:

NEW QUESTION # 194
......

Amazon SOA-C02 Official Cert Guide PDF: https://freedumps.validvce.com/SOA-C02-exam-collection.html