Free Practice Amazon SOA-C02 Exam Questions 2025

Stay ahead with 100% Free AWS Certified SysOps Administrator - Associate SOA-C02 Dumps Practice Questions

Page: 1 / 120

Total 600 Questions | Updated On: Mar 28, 2025

Add To Cart

Question 1

A company is using AWS to deploy a critical application on a fleet of Amazon EC2 instances Thecompany is rewriting the application because the application failed a security review The applicationwill take 12 months to rewrite While this rewrite happens, the company needs to rotate IAM accesskeys that the application uses.A SysOps administrator must implement an automated solution that finds and rotates IAM access Keys that are at least 30 days old. The solution must then continue to rotate the IAM access Keysevery 30 days.Which solution will meet this requirement with the MOST operational efficiency?

A : Use an AWS Config rule to identify IAM access Keys that are at least 30 days old. Configure AWSConfig to invoKe an AWS Systems Manager Automation runbook to rotate the identified IAM accesskeys.

B : Use AWS Trusted Advisor to identify IAM access Keys that are at least 30 days old. ConfigureTrusted Advisor to invoke an AWS Systems Manager Automation runbook to rotate the identifiedIAM access keys

C : Create a script that checks the age of IAM access Keys and rotates them if they are at least 30 daysold. Launch an EC2 instance. Schedule the script to run as a cron expression on the EC2 instanceevery day.

D : Create an AWS Lambda function that checks the age of IAM access keys and rotates them if theyare at least 30 days old Use an Amazon EventBridge rule to invoke the Lambda function every time anew IAM access key is created.

Answer: D

Question 2

A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address.

How should the SysOps administrator deploy the application to meet this requirement?

A : Behind an Amazon API Gateway API

B : Behind an Application Load Balancer

C : Behind an internet-facing Network Load Balancer

D : In an Amazon CloudFront distribution

Answer: C

Question 3

A company has users that deploy Amazon EC2 instances that have more disk performance capacity than is required. A SysOps administrator needs to review all Amazon Elastic Block Store (Amazon EBS) volumes that are associated with the instances and create cost optimization recommendations based on IOPS and throughput.

What should the SysOps administrator do to meet these requirements in the MOST operationally efficient way?

A : Use the monitoring graphs in the EC2 console to view metrics for EBS volumes. Review the consumed space against the provisioned space on each volume. Identify any volumes that have low utilization.

B : Stop the EC2 instances from the EC2 console. Change the EC2 instance type for Amazon EBS-optimized. Start the EC2 instances.

C : Opt in to AWS Compute Optimizer. Allow sufficient time for metrics to be gathered. Review the Compute Optimizer findings for EBS volumes.

D : Install the fio tool onto the EC2 instances and create a .cfg file to approximate the required workloads. Use the benchmark results to gauge whether the provisioned EBS volumes are of the most appropriate type.

Answer: C

Question 4

The company’s ecommerce website running on EC2 instances behind an ALB intermittently returns HTTP 500 errors. The Auto Scaling group is only using EC2 status checks.

A : Replace the ALB with a Network Load Balancer.

B : Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.

C : Update the target group configuration on the ALB. Enable session affinity (sticky sessions).

D : Install the Amazon CloudWatch agent on all the instances. Configure the agent to reboot the instances.

Answer: B

Question 5

The company’s security team needs to consolidate Security Hub findings to reduce duplicate notifications for the same misconfigurations.

A : Turn on consolidated control findings in the Security Hub delegated administrator account.

B : Export the Security Hub findings. Consolidate the findings based on control ID. Visualize the findings in Amazon QuickSight.

C : Set up an AWS Config aggregator instead of Security Hub. Deploy a custom conformance pack by consolidating AWS Config rules.

D : Launch an Amazon EC2 instance in the organization's management account. Configure a custom script to assume a role in each linked account to extract and consolidate findings from the accounts.

Answer: A

Page: 1 / 120

Total 600 Questions | Updated On: Mar 28, 2025

Add To Cart