Notes: Hi all, AWS Certified SysOps Administrator Associate SOA-Co2 Practice Exam Part 8 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take AWS Certified SysOps Administrator Associate SOA-Co2  Actual Exam Version because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.

281. A SysOps Administrator needs to retrieve a file from the GLACIER storage class of Amazon S3. The Administrator wants to receive an Amazon SNS notification when the file is available for access. What action should be taken to accomplish this?

A. Create an Amazon CloudWatch Events event for file restoration from Amazon S3 Glacier using the GlacierJobDescription API and send the event to an SNS topic the Administrator has subscribed to.
B. Create an AWS Lambda function that performs a HEAD request on the object being restored and checks the storage class of the object. Then send a notification to an SNS topic the Administrator has subscribed to when the storage class changes to STANDARD.
C. Enable an Amazon S3 event notification for the s3:ObjectCreated:Post event that sends a notification to an SNS topic the Administrator has subscribed to.
D. Enable S3 event notification for the s3:ObjectCreated:Completed event that sends a notification to an SNS topic the Administrator has subscribed to.

282. A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled for maintenance. The instance runs a critical production workload that must be available during normal business hours. Which steps will ensure that the instance maintenance does not produce an outage?

A. Configure an Amazon Lambda function to automatically start the instance if it is stopped.
B. Create an Amazon Machine Image (AMI) of the instance and use the AMI to launch a new instance once the existing instance is retired.
C. Enable termination protection on the EC2 instance.
D. Stop and start the EC2 instance during a maintenance window outside of normal business hours.

283. Security has identified an IP address that should be explicitly denied for both ingress and egress requests for all services in an Amazon VPC immediately. Which feature can be used to meet this requirement?

A. Host-based firewalls
B. NAT Gateway
C. Network access control lists
D. Security Groups

284. An Application Load Balancer (ALB) is configured in front of Amazon EC2 instances. The current target group health check configuration is: Interval: 30 seconds Unhealthy threshold: 10 Healthy threshold: 5 Which steps should a SysOps Administrator take to reduce the amount of time needed to remove unhealthy instances? (Choose two.)

A. Change the healthy threshold configuration to 1.
B. Change the interval configuration to 15.
C. Change the interval configuration to 60.
D. Change the unhealthy threshold configuration to 15.
E. Change the unhealthy threshold configuration to 5.

285. A company has a web application that is used across all company divisions. Each application request contains a header that includes the name of the division making the request. The SysOps Administrator wants to identify and count the requests from each division. Which condition should be added to the web ACL of the AWS WAF to accomplish this?

A. Cross-site scripting
B. Geo match
C. IP match
D. String match

286. A SysOps Administrator is deploying an Amazon EC2 instance and is using third-party VPN software to route traffic to an on-premises data center. Based on the shared responsibility model, AWS is responsible for managing which element of this deployment?

A. Configuring Ipsec tunnels for the VPN.
B. Ensuring high availability of the EC2 instance.
C. Ensuring high availability of the VPN connection.
D. Managing the health of the underlying EC2 host.

287. A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred. What are possible causes for this? (Choose two.)

A. A read contention on the database.
B. A storage failure on the primary database.
C. A write contention on the database.
D. Database corruption errors.
E. The database instance type was changed.

288. A recent AWS CloudFormation stack update has failed and returned the error UPDATE_ROLLBACK_FAILED. A SysOps Administrator is tasked with returning the CloudFormation stack to its previous working state. What must be done to accomplish this?

A. Fix the error that caused the rollback to fail, then select the Continue Update Rollback action in the console.
B. Select the Update Stack action with a working template in the console.
C. Update the password of the IAM user, then select the Continue Update Rollback action in the console.
D. Use the AWS CLI to manually change the stack status to UPDATE_COMPLETE, then continue updating the stack with a working template.

289. A company needs to run a distributed application that processes large amount of data across multiple Amazon EC2 instances. The application is designed to tolerate processing interruptions. What is the MOST cost-effective Amazon EC2 pricing model for these requirements?

A. Dedicated Hosts
B. On-Demand Instances
C. Reserved Instances
D. Spot Instances

290. A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future. What will be the result of this configuration?

A. Amazon CloudWatch will not capture the data because it is in the future.
B. Amazon CloudWatch will accept the custom metric data and record it.
C. The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.
D. The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

291. A company recently performed a security audit of all its internal applications developed in house. Certain business-critical applications that handle sensitive data were flagged because they use Amazon ES clusters that are open for read/write to a wider user group that intended. Who is responsible for correcting the issue?

A. AWS Premium Support
B. the Amazon ES team
C. the AWS IAM team
D. a SysOps Administrator

292. A SysOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team. Members of the team are part of an IAM group to which the following IAM policy has been assigned:

Which of the following actions will be allowed on the bucket? (Choose two.)

A. Get the bucket region.
B. Delete an object.
C. Delete the bucket.
D. Download an object.
E. List all the buckets in the account.

293. A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps Administrator take to meet these requirements?

A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
B. Create a VPC endpoint for the S3 bucket, and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.

294. A Chief Financial Officer has asked for a breakdown of costs per project in a single AWS account using Cost Explorer. Which combination of options should be set to accomplish this? (Choose two.)

A. Activate AWS Budgets.
B. Activate cost allocation tags.
C. Create an organization using AWS Organizations.
D. Create and apply resources tags.
E. Enable AWS Trusted Advisor.

295. A SysOps Administrator has implemented a VPC network design with the following requirements:
– Two Availability Zones (AZs)
– Two private subnets
– Two public subnets
– One internet gateway
– One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?

A. A single virtual private gateway, because it can be associated with a single AZ only.
B. A single internet gateway, because it is not redundant across both AZs.
C. A single NAT gateway, because it is not redundant across both AZs.
D. The default VPC route table, because it can be associated with a single AZ only.

296. A SysOps Administration team is supporting an application that stores a configuration file in an Amazon S3 bucket. Previous revisions of the configuration file must be maintained for change control and rollback. How should the S3 bucket be configured to meet these requirements?

A. Enable a lifecycle policy on the S3 bucket.
B. Enable cross-origin resource sharing on the S3 bucket.
C. Enable object tagging on the S3 bucket.
D. Enable versioning on the S3 bucket.

297. A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times. Which actions should be taken to improve the performance of the website? (Choose two.)

A. Add Amazon CloudFront caching for static content.
B. Change the load balancer listener from HTTPS to TCP.
C. Enable Amazon Route 53 latency-based routing.
D. Implement Amazon EC2 Auto Scaling for the web servers.
E. Move the static content from Amazon S3 to the web servers.

298. An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years. What Amazon Glacier configuration option should be used to meet this compliance requirement?

A. A Glacier data retrieval policy
B. A Glacier vault access policy
C. A Glacier vault lock policy
D. A Glacier vault notification

299. A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps Administrator has been asked to determine what is causing this increase. What is the MOST comprehensive tool that will accomplish this task?

A. AWS Cost Explorer
B. AWS Trusted Advisor
C. Cost allocation tags
D. Resource groups

300. A company has deployed its infrastructure using AWS CloudFormation. Recently, the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template. Which solution will ensure all the changes are captured?

A. Create a new CloudFormation stack based on the changes that were made. Delete the old stack and deploy the new stack.
B. Update the CloudFormation stack using a change set. Review the changes and update the stack.
C. Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed.
D. Use drift detection on the CloudFormation stack. Use the output to update the CloudFormation template and redeploy the stack.

301. A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume. What should the Administrator do to restore the user’s file from the snapshot?

A. Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.
B. Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.
C. Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.
D. Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.

302. Each SysOps Administrator at a company has a unique IAM user account. Each user is a member of the SysOps IAM group that has an IAM policy applied. A recent change to the IT security policy states that employees must now use their on-premises Active Directory user accounts to access the AWS Management Console. Which solution should be used to satisfy these requirements?

A. Configure the on-premises Active Directory to use AWS Direct Connect.
B. Enable an Active Directory federation in an Amazon Route 53 private zone.
C. Implement a VPN tunnel and configure an Active Directory connector.
D. Implement multi-factor authentication for IAM and Active Directory.

303. A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible. How should this be achieved within a VPC?

A. Create one public subnet for the Application Load Balancer, one public subnet for the web servers, and one private subnet for the database servers.
B. Create one public subnet for the Application Load Balancer, two public subnets for the web servers, and two private subnets for the database servers.
C. Create two public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers.
D. Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.

304. A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours. What should be done to MINIMIZE disruption to the business?

A. Reboot the instance as soon as possible to perform the system maintenance before the scheduled retirement.
B. Reboot the instance outside business hours to perform the system maintenance before the scheduled retirement.
C. Stop/start the instance outside business hours to move to a new host before the scheduled retirement.
D. Write an AWS Lambda function to restore the system when the scheduled retirement occurs.

305. A company has a business application hosted on Amazon EC2 instances behind an Application Load Balancer. Amazon CloudWatch metrics show that the CPU utilization on the EC2 instances is very high. There are also reports from users that receive HTTP 503 and 504 errors when they try to connect to the application. Which action will resolve these issues?

A. Place the EC2 instances into an AWS Auto Scaling group.
B. Configure the ALB’s Target Group to use more frequent health checks.
C. Enable sticky sessions on the Application Load Balancer.
D. Increase the idle timeout setting of the Application Load Balancer.

306. A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The Administrator notices an increase in the HTTPCode_ELB_5xx_Count Amazon CloudWatch metric for the load balancer. What is a possible cause for this increase?

A. The ALB is associated with private subnets within the VPC.
B. The ALB received a request from a client, but the client closed the connection.
C. The ALB security group is not configured to allow inbound traffic from the users.
D. The ALB target group does not contain healthy EC2 instances.

307. An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements, the EC2 instances cannot have access to the public internet. SysOps Administrators require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks. Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirements? (Choose two.)

A. Attach a NAT gateway to the VPC and configure routing
B. Attach a virtual private gateway to the VPC and configure routing
C. Attach an internet gateway to the VPC and configure routing
D. Configure a VPN connection back to the corporate office
E. Configure an Application Load Balancer in front of the EC2 instances

308. A developer is deploying a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) and notices that the application is not receiving all the expected elements from HTTP requests. The developer suspects users are not sending the correct query string. How should a sysops administrator verify this?

A. Monitor the ALB default Amazon CloudWatch metrics. Verify that the requests contain the expected query string.
B. configure the ALB to store access logs within Amazon S3. Verify that log entries contain the expected query string.
C. Open the ALB logs in Amazon CloudWatch. Verify that requests contain the expected query string. D. Create a custom Amazon CloudWatch metric to store requests. Verify that the metric contains the expected query string.

309. A company’s IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account, and the Finance team wants to determine the service costs incurred by each Developer. What should a SysOps Administrator do to collect this information? (Choose two.)

A. Activate the created By tag in the account
B. Activate the usage with Amazon CloudWatch dashboards
C. Analyze the usage with Cost Explorer
D. Configure AWS Trusted Advisor to track resource usage
E. Create a billing alarm in AWS Budgets

310. An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the sysops administrator notices a large number of evictions. Which of the following actions will reduce these evictions? (Choose two.)

A. Add an additional node to the ElastiCache cluster
B. Increase the ElastiCache time to live (TTL)
C. Increase the individual node size inside the ElastiCache cluster
D. Put an Elastic Load Balancer in front of the ElastiCache cluster
E. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster

311. A sysops administrator created an AWS Lambda function within a VPC with no access to the Internet. The Lambda function pulls messages from an Amazon SQS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance. Which of the following are possible causes for this? (Choose two.)

A. A VPC endpoint has not been created for Amazon RDS
B. A VPC endpoint has not been created for Amazon SQS
C. The RDS security group is not allowing connections from the Lambda function
D. The subnet associated with the Lambda function does not have an internet gateway attached
E. The subnet associated with the Lambda function has a NAT gateway

312. A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create and delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company’s AWS accounts, and should be available to the Data Scientists, but no other users within the accounts. Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?

A. Create an Amazon Machine Image (AMI) of the EC2 instance. Share the AMI with authorized accounts owned by the company. Allow the Data Scientists to create EC2 instances with this AMI.
B. Distribute an AWS CloudFormation template containing the EC2 instance configuration to the Data Scientists from an Amazon S3 bucket. Set the S3 template object to be readable from the AWS Organizations orgId.
C. Publish the instance configuration to the Private Marketplace. Share the Private Marketplace with the company’s AWS accounts. Allow the Data Scientists to subscribe and launch the product from the Private Marketplace.
D. Upload an AWS CloudFormation template to AWS Service Catalog. Allow the Data Scientists to provision and deprovision products from the company’s AWS Service Catalog portfolio.

313. A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored. Which combination of actions must be taken to accomplish this? (Choose two.)

A. Enable detailed monitoring on the instance within Amazon CloudWatch.
B. Implement an AWS Lambda function to track memory metrics.
C. Install Amazon CloudWatch agent to track memory metrics.
D. Publish the memory metrics to Amazon CloudWatch Events.
E. Publish the memory metrics using Amazon CloudWatch Logs.

314. An Application team has asked a SysOps Administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs. An AWS CloudFormation template has been created to deploy resources in us-east-1. What must the SysOps Administrator do to provision the application quickly?

A. Copy the AMI to each region using aws ec2 copy-image. Update the CloudFormation mapping to include mappings for the copied AMIs.
B. Create a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI. C. Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.
D. Update the CloudFormation template to include the additional regions in the Auto Scaling group. Update the existing stack in us-east-1.

315. A company wants to identify specific Amazon EC2 instances that are underutilized and the estimated cost savings for each instance. How can this be done with MINIMAL effort?

A. Use AWS Budgets to report on low utilization of EC2 instances.
B. Run an AWS Systems Manager script to check for low memory utilization of EC2 instances.
C. Run Cost Explorer to look for low utilization of EC2 instances.
D. Use Amazon CloudWatch metrics to identify EC2 instances with low utilization.

316. A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access? (Choose two.)

A. Attach an IAM policy to the users or groups that require access to the EC2 instances.
B. Attach an IAM role to control access to the EC2 instances.
C. Create a placement group for the EC2 instances and add a specific tag.
D. Create a service account and attach it to the EC2 instances that need to be controlled.
E. Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.

317. A company is planning to deploy multiple ecommerce websites across the eu-west-1, ap-east-1, and us-west-1 Regions. The websites consist of Amazon S3 buckets, Amazon EC2 instances, Amazon RDS databases, and Elastic Load Balancers. Which method will accomplish the deployment with the LEAST amount of effort?

A. Configure deployment automation using AWS OpsWorks
B. Configure S3 cross-Region replication
C. Use AWS CloudFormation stack sets to deploy the application
D. Use AWS Elastic Beanstalk to deploy the application

318. A company manages multiple AWS accounts and wants to provide access to AWS from a single management account using an existing on-premises Microsoft Active Directory domain. Which solution will meet these requirements with the LEAST amount of effort?

A. Create an Active Directory connector using AWS Directory Service. Create IAM users in the target accounts with the appropriate trust policy.
B. Create an Active Directory connector using AWS Directory Service. Associate the directory with AWS Single Sign-On (AWS SSO). Configure user access to target accounts through AWS SSO.
C. Create an Amazon Cognito federated identity pool. Associate the pool identity with the on premises directory. Configure the IAM roles with the appropriate trust policy.
D. Create an identity provider in AWS IAM associated with the on-premises directory. Create IAM roles in the target accounts with the appropriate trust policy.

319. A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2, the security team is denied from accessing services other than AWS CloudTrail, and IT can access any resource. Which solution meets these requirements with the LEAST amount of operational overhead?

A. Create a role for each department within AWS IAM and assign each role the necessary permissions.
B. Create a user for each department within AWS IAM and assign each user the necessary permissions.
C. Implement service control policies within AWS Organizations to determine which resources each department can access.
D. Place each department into an organizational unit (OU) within AWS Organizations and use IAM policies to determine which resources they can access.

320. A company runs an image-processing application on a serverless infrastructure. Each processing job runs in a single AWS Lambda execution. A sysops administrator is tasked with ensuring there is enough capacity to run 500 simultaneous jobs even if other Lambda functions are being run for other applications. The administrator has already increased service limits within the Region. Which action should be taken?

A. Configure a dead-letter queue to retry any throttled executions
B. Modify the memory settings on the Lambda function to allow for 500 parallel executions
C. Move the image-processing logic to AWS Step Functions
D. Set the reserved concurrency for the image-processing Lambda function to 500