Free Practice Amazon SOA-C02 Exam Questions 2025

Stay ahead with 100% Free AWS Certified SysOps Administrator - Associate SOA-C02 Dumps Practice Questions

Page: 1 / 120

Total 600 Questions | Updated On: Feb 15, 2025

Add To Cart

Question 1

A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps administrator must restrict access to certain countries.
What is the MOST operationally efficient solution that meets these requirements?

A : Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition.

B : Create a secondary origin access identity (OAI). Configure the S3 bucket policy to prevent access from unauthorized countries.

C : Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries.

D : Update the application to generate signed CloudFront URLs only for IP addresses in authorized countries.

Answer: C

Question 2

A company runs a web application that users access using the name www example com. The company manages the domain name example.com using Amazon Route 53. The company created an Amazon CloudFront distribution in front of the application and would like www.example.com to access the application through CloudFront.

What is the MOST cost-effective way to achieve this?

A : Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL.

B : Create an ALIAS record in Amazon Route 53 that points to the CioudFront distribution URL.

C : Create an A record in Amazon Route 53 that points to the public IP address of the web application,

D : Create a PTR record in Amazon Route 53 that points to the public IP address of the web application.

Answer: B

Question 3

A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.
Which AWS service will mitigate this issue?

A : AWS Shield Standard

B : AWS WAF

C : Elastic Load Balancing

D : Amazon Cognito

Answer: B

Question 4

A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

A : Add a bucket policy that grants everyone read access to the bucket.

B : Add a bucket policy that grants everyone read access to the bucket objects.

C : Remove the default bucket policy that denies read access to the bucket.

D : Configure cross-origin resource sharing (CORS) on the bucket.

Answer: B

Question 5

The SysOps administrator needs to configure a website for CloudFront when the DNS CNAME record points to an S3 URL instead of CloudFront.

A : Disable S3 Block Public Access on the S3 bucket.

B : Create an S3 access point in the same AWS Region where the S3 bucket is located. Configure the access point policy to allow CloudFront to read from the S3 bucket. Point the CNAME record to the S3 access point name.

C : Modify the value of the DNS CNAME record to be arn:aws:s3:::example-com-website-files instead of the S3 URI.

D : Modify the value of the DNS CNAME record to be dllllllabcdef8.cloudfront.net instead of the S3 URI.

Answer: D

Page: 1 / 120

Total 600 Questions | Updated On: Feb 15, 2025

Add To Cart