amazon AWS Certified SysOps Administrator (SOA-C01) online exam

Question 1

You are designing a system that has a Bastion host. This component needs to be highly available without human
intervention. Which of the following approaches would you select?

• A. Run the bastion on two instances one in each AZ
• B. Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure
• C. Configure the bastion instance in an Auto Scaling group. Specify the Auto Scaling group to include multiple AZs but have a min-size of 1 and max-size of 1
• D. Configure an ELB in front of the bastion instance

Answer:

C

Question 2

A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that
instances of the same subnet communicate with each other. How can the user configure this with the security group?

• A. There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
• B. Configure the subnet as the source in the security group and allow traffic on all the protocols and ports
• C. Configure the security group itself as the source and allow traffic on all the protocols and ports
• D. The user has to use VPC peering to configure this

Answer:

C

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the users AWS account. AWS provides two features that the
user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If
the user is using the default security group, it will have a rule which allows the instances to communicate with other. For a
new security group, the user has to specify the rule, add it to define the source as the security group itself, and select all the
protocols and ports for that source.

Question 3

A database running on Amazon EC2 requires sustained IOPS performance.
Which kind of Amazon EBS volume should an Administrator choose for this solution?

• A. Cloud HDD
• B. General Purpose SSD
• C. Provisioned IOPS SSD
• D. Throughput Optimized HDD

Answer:

C

Explanation:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Question 4

You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto
Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles
and responses to them in general there are more views of an article than there are responses to the article. On occasion, an
article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events?
(Choose three.)

• A. Leverage CloudFront for the delivery of the articles.
• B. Add RDS read-replicas for the read traffic going to your relational database
• C. Leverage ElastiCache for caching the most frequently used data.
• D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue.
• E. Use Route53 health checks to fail over to an S3 bucket for an error page.

Answer:

A B C

Question 5

A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully
deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at
the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection.
Which of the following may be causes of the connectivity problems? (Choose two.)

• A. The security group for the database does not have the appropriate egress rule from the database to the web server.
• B. The certificate used by the web server is not trusted by the RDS instance.
• C. The security group for the database does not have the appropriate ingress rule from the web server to the database.
• D. The database is still being created and is not available for connectivity.

Answer:

A C

Question 6

In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?

• A. Data is partially present in the instance store.
• B. Data persists in the instance store.
• C. Data is deleted from the instance store for security reasons.
• D. Data in the instance store will be lost.

Answer:

B

Explanation:
The data in an instance store persists only during the lifetime of its associated instance. If an in-stance reboots (intentionally
or unintentionally), data in the instance store persists. However, data on instance store volumes is lost under the following
circumstances.
Failure of an underlying drive
The instance is stopped Terminating an instance Reference:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/InstanceStorage.html

Question 7

A SysOps Administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that
has open access permissions. While discussing the issue the bucket owner, the Administrator realizes the S3 bucket is an
origin for an Amazon CloudFront web distribution.
Which action should the Administrator take to ensure that users access objects in Amazon S3 by using only CloudFront
URLs?

• A. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
• B. Create an origin access identity and grant it permissions to read objects in the S3 bucket
• C. Assign an IAM user to the CoudFront distribution and whitelist the IAM user in the S3 bucket policy
• D. Assign an IAM role to the CloudFront distribution and whitelist the IAM role in the S3 bucket policy

Answer:

B

Explanation:
Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-
s3.html

Question 8

A developer created a new application that uses Spot Fleet for a variety of instance families across multiple Availability
Zones.
What should the developer do to ensure that the Spot Fleet is configured for cost optimization?

• A. Deploy a capacityOptimized allocation strategy for provisioning Spot Instances.
• B. Ensure instance capacity by specifying the desired target capacity and how much of that capacity must be On-Demand.
• C. Use the lowestPrice allocation strategy with InstancePoolsToUseCount in the Spot Fleet request.
• D. Launch instances up to the Spot Fleet target capacity or the maximum acceptable payment amount.

Answer:

B

Question 9

A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI
from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

• A. AWS account ID
• B. X.509 certificate and private key
• C. AWS login ID to login to the console
• D. Access key and secret access key

Answer:

C

Explanation:
When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an
AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the
following credentials:
AWS account ID;
AWS access and secret access key; X.509 certificate with private key.

Question 10

A company hosts its website on Amazon ECF2 instances behind an ELB Application Load Balancer. The company manages
its DNS with Amazon Route 53, and wants to point its domains zone apex to the website.
Which type of record should be used to meet these requirements?

• A. An AAA record for the domain’s zone apex
• B. An A record for the domain’s zone apex
• C. A CNAME record for the domain’s zone apex
• D. An alias record for the domain’s zone apex

Answer:

B

Explanation:
Reference: https://aws.amazon.com/route53/faqs/