100% Free Amazon SOA-C02 Practice Test Questions

Question 1

A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company’s on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.

Which steps should the SysOps administrator take to resolve the issue?

A : Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.

B : Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.

C : Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center.

D : Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.

Answer: A

Question 2

A company’s SysOps administrator manages a fleet of Windows Amazon EC2 instances that run in a single AWS account. The instances have a tag that includes a key of “OS" and a value of "Windows." The company uses AWS Systems Manager to patch the instances.

The company has installed the Amazon CloudWatch agent on the instances, but the configuration is inconsistent. The SysOps administrator needs to reconfigure every instance to use the same predefined CloudWatch configuration.

Which combination of steps will meet these requirements? (Choose two.)

A : Store the CloudWatch agent configuration file in an Amazon S3 bucket.

B : Store the contents of the CloudWatch agent configuration file in Systems Manager OpsCenter.

C : Store the contents of the CloudWatch agent configuration file in Systems Manager Parameter Store.

D : Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document. Select Systems Manager as an optional configuration source. Target the instances based on tag values.

E : Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document. Configure the document to use the S3 bucket location as the configuration source. Target the instances based on tag value.

Answer: C,D

Question 3

A company deploys a new application on three Amazon EC2 instances across three Availability Zones The company uses a Network Load Balancer (NLB) to route traffic lo the EC2 instances. A SysOps administrator must implement a solution so that the EC2 instances allow traffic from only the NLB. What should the SysOps administrator do to meet these requirements with the LEAST operational overhead?

A : Configure the security group that is associated with the EC2 instances to allow traffic from only the security group that is associated with the NLB.

B : Configure the security group that is associated with the EC2 instances to allow traffic from only the elastic network interfaces that are associated with the NLB.

C : Create a network ACL. Associate the network ACL with the application subnets. Configure the network ACL to allow inbound traffic from only the CIDR ranges of the NLB.

D : Use a third-party firewall solution that is installed on a separate EC2 instance. Configure a firewall rule that allows traffic to the application's EC2 instances from only the subnets where the NLB is deployed

Answer: A

Question 4

The SysOps administrator needs to resolve high disk I/O issues during the bootstrap process of Nitro-based EC2 instances in an Auto Scaling group with gp3 EBS volumes. Options (Select TWO):

A : Increase the EC2 instance size.

B : Increase the EBS volume capacity.

C : Increase the EBS volume IOPS.

D : Increase the EBS volume throughput.

E : Change the instance type to an instance that is not Nitro-based.

Answer: C,D

Question 5

A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected The SysOps administrator configures an Amazon EC2 Auto Scaling Lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 distances When the configuration is complete, the Lambda function calls the complete Lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambda function is not invoked when the EC2 instances auto scale.

What should the SysOps administrator do to reserve this issue?

A : Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.

B : Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout.

C : Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.

D : Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event

Answer: A

Free Practice Amazon SOA-C02 Exam Questions 2025