Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

AWS Certified Associate SOA-C02 Updated Exam

Page: 9 / 20
Total 528 questions

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question 33

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.

B.

Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon S3 object. The security team can use the information in the tag to verify the integrity of the delivered files.

C.

Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.

D.

Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Question 34

A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in the file system.

What should a SysOps administrator do to resolve this issue?

Options:

A.

Extend the file system with operating system-level tools to use the new storage capacity.

B.

Reattach the EBS volume to the EC2 instance.

C.

Reboot the EC2 instance that is attached to the EBS volume.

D.

Take a snapshot of the EBS volume. Replace the original volume with a volume that is created from the snapshot.

Question 35

A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.

A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservations.

Which purchasing option will meet these requirements?

Options:

A.

Compute Savings Plans for 1 year with the No Upfront payment option

B.

Compute Savings Plans for 1 year with the Partial Upfront payment option

C.

EC2 Instance Savings Plans for 1 year with the All Upfront payment option

D.

EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Question 36

A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:

403 Forbidden - Access Denied

What change should be made to fix this error?

Options:

A.

Add a bucket policy that grants everyone read access to the bucket.

B.

Add a bucket policy that grants everyone read access to the bucket objects.

C.

Remove the default bucket policy that denies read access to the bucket.

D.

Configure cross-origin resource sharing (CORS) on the bucket.

Page: 9 / 20
Total 528 questions