SOA-C01 | Refresh SOA-C01 Free Exam Questions For AWS Certified SysOps Administrator - Associate Certification

Our pass rate is high to 98.9% and the similarity percentage between our SOA-C01 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Amazon-Web-Services SOA-C01 exam in just one try? I am currently studying for the Amazon-Web-Services SOA-C01 exam. Latest Amazon-Web-Services SOA-C01 Test exam practice questions and answers, Try Amazon-Web-Services SOA-C01 Brain Dumps First.

Online Amazon-Web-Services SOA-C01 free dumps demo Below:

A user is using the AWS EC2. The user wants to make so that when there is an issue in the EC2 server, such as instance status failed, it should start a new instance in the user??s private cloud. Which AWS service helps to achieve this automation?

  • A. AWS CloudWatch + Cloudformation
  • B. AWS CloudWatch + AWS AutoScaling + AWS ELB
  • C. AWS CloudWatch + AWS VPC
  • D. AWS CloudWatch + AWS SNS

Answer: D

Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can configure a web service (HTTP End point. in his data centre which receives data and launches an instance in the private cloud. The user should configure the CloudWatch alarm to send a notification to SNS when the ??StatusCheckFailed?? metric is true for the EC2 instance. The SNS topic can be configured to send a notification to the user??s HTTP end point which launches an instance in the private cloud.

A user has created an EBS volume of 10 GB and attached it to a running instance. The user is trying to access EBS for first time. Which of the below mentioned options is the correct statement with respect to a first time EBS access?

  • A. The volume will show a size of 8 GB
  • B. The volume will show a loss of the IOPS performance the first time
  • C. The volume will be blank
  • D. If the EBS is mounted it will ask the user to create a file system

Answer: B

A user can create an EBS volume either from a snapshot or as a blank volume. If the volume is from a
snapshot it will not be blank. The volume shows the right size only as long as it is mounted. This shows that the file system is created. When the user is accessing the volume the AWS EBS will wipe out the block storage or instantiate from the snapshot. Thus, the volume will show a loss of IOPS. It is recommended that the user should pre warm the EBS before use to achieve better IO.

You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses.
Which two options meet this security requirement? Choose 2 answers

  • A. Configure web server VPC security groups to allow traffic from your customers' IPs
  • B. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for" header
  • C. Configure ELB security groups to allow traffic from your customers' IPs and deny all outbound traffic
  • D. Configure a VPC NACL to allow web traffic from your customers' IPs and deny all outbound traffic

Answer: CD

A user is trying to delete an Auto Scaling group from CLI. Which of the below mentioned steps are to be performed by the user?

  • A. Terminate the instances with the ec2-terminate-instance command
  • B. Terminate the Auto Scaling instances with the as-terminate-instance command
  • C. Set the minimum size and desired capacity to 0
  • D. There is no need to change the capacit
  • E. Run the as-delete-group command and it will reset all values to 0

Answer: C

If the user wants to delete the Auto Scaling group, the user should manually set the values of the minimum and desired capacity to 0. Otherwise Auto Scaling will not allow for the deletion of the group from CLI. While trying from the AWS console, the user need not set the values to 0 as the Auto Scaling console will automatically do so.

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR The public subnet uses CIDR The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp.. Which of the below mentioned entries is required in the web server security group (WebSecGrp.?

  • A. Configure Destination as DB Security group ID (DbSecGr
  • B. for port 3306 Outbound
  • C. 80 for Destination Outbound
  • D. Configure port 3306 for source InBound
  • E. Configure port 80 InBound for source

Answer: A

A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the public subnet can receive inbound traffic directly from the internet. Thus, the user should configure port 80 with source in InBound. The user should configure that the instance in the public subnet can send traffic to the private subnet instances on the DB port. Thus, the user should configure the DB security group of the private subnet (DbSecGrp. as the destination for port 3306 in Outbound.

An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85baf1fc, and it is actively used by 10 Amazon EC2 hosts.
The organization has become concerned that the file system is not encrypted. How can this be resolved?

  • A. Enable encryption on each hosts connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
  • B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
  • C. Enable encryption on each host's local drive Restart each host to encrypt the drive
  • D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume

Answer: A


Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to accomplish this. First you created a stack and added an App Server layer with an instance running in it. Next you added an application to the instance, and now you need to deploy a MySQL RDS database instance.
Which of the following answers accurately describe how to add a backend database server to an OpsWorks stack? Choose 3 answers

  • A. Add a new database layer and then add recipes to the deploy actions of the database and App Server layers.
  • B. Use OpsWorks' "Clone Stack" feature to create a second RDS stack in another Availability Zone for redundancy in the event of a failure in the Primary A
  • C. To switch to the secondary RDS instance, set the [:database] attributes to values that are appropriate for your server which you can do by using custom JSON.
  • D. The variables that characterize the RDS database connection?Xhost, user, and so on?Xare set using the corresponding values from the deploy JSON's [:deploy][:app_name][:database] attributes.
  • E. Cookbook attributes are stored in a repository, so OpsWorks requires that the "password": "your_password" attribute for the RDS instance must be encrypted using at least a 256-bit key.
  • F. Set up the connection between the app server and the RDS layer by using a custom recip
  • G. The recipe configures the app server as required, typically by creating a configuration fil
  • H. The recipe gets the connection data such as the host and database name from a set of attributes in the stack configuration and deployment JSON that AWS OpsWorks installs on every instance.

Answer: BCE

A Sysops Administrator Amazon EC2 instance in two different VPS in private subnets to be able communication. A peering connection between the two VPCs has been created using the AWS Management Console and shows a status of active. The instance are still to send traffic to each other. Why are the EC2 instance unable to communicate?

  • A. One or both of the VPCs do not have an internet gateway attached.
  • B. The route tables are not been updated.
  • C. The peering connection has not been properly tagged.
  • D. One or both of the instances do not have an Elastic IP address assigned.

Answer: C


Which of the following requires a custom CloudWatch metric to monitor?

  • A. Data transfer of an EC2 instance
  • B. Disk usage activity of an EC2 instance
  • C. Memory Utilization of an EC2 instance
  • D. CPU Utilization of an EC2 instance

Answer: C


You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. You notice in CloudWatch that Evictions and GetMisses are Doth very high.
What two actions could you take to rectify this? Choose 2 answers

  • A. Increase the number of nodes in your cluster
  • B. Tweak the max_item_size parameter
  • C. Shrink the number of nodes in your cluster
  • D. Increase the size of the nodes in the duster

Answer: AB

Explanation: nitor.html

An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as ??InstanceName/HR??, ??CostCenter/HR??. What will AWS do in this case?

  • A. InstanceName is a reserved tag for AW
  • B. Thus, AWS will not allow this tag
  • C. AWS will not allow the tags as the value is the same for different keys
  • D. AWS will allow tags but will not show correctly in the cost allocation report due to the same value ofthe two separate keys
  • E. AWS will allow both the tags and show properly in the cost distribution report

Answer: D

AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. It is required that the key should be different for each tag. The value can be the same for different keys. In this case since the value is different, AWS will properly show the distribution report with the correct values.

A user has created a VPC with CIDR The user has created a public subnet with CIDR The user is trying to create the private subnet with CIDR Which of the below mentioned statements is true in this scenario?

  • A. It will not allow the user to create the private subnet due to a CIDR overlap
  • B. It will allow the user to create a private subnet with CIDR as
  • C. This statement is wrong as AWS does not allow CIDR
  • D. It will not allow the user to create a private subnet due to a wrong CIDR range

Answer: B

When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC., or a subset (to enable multiple subnets. If the user creates more than one subnet in a VPC, the CIDR blocks of the subnets must not overlap. Thus, in this case the user has created a VPC with the CIDR block, which supports 256 IP addresses ( to The user can break this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses the CIDR block (for addresses - and the other uses the CIDR block (for addresses -

An organization has configured two single availability zones. The Auto Scaling groups are configured in separate zones. The user wants to merge the groups such that one group spans across multiple zones. How can the user configure this?

  • A. Run the command as-join-auto-scaling-group to join the two groups
  • B. Run the command as-update-auto-scaling-group to configure one group to span across zones and delete the other group
  • C. Run the command as-copy-auto-scaling-group to join the two groups
  • D. Run the command as-merge-auto-scaling-group to merge the groups

Answer: B

If the user has configured two separate single availability zone Auto Scaling groups and wants to merge them then he should update one of the groups and delete the other one. While updating the first group it is recommended that the user should increase the size of the minimum, maximum and desired capacity as a summation of both the groups.

An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?

  • A. Stop the scaling process until research is completed
  • B. It is not possible to find the root cause from that instance without triggering scaling
  • C. Delete Auto Scaling until research is completed
  • D. Suspend the scaling process until research is completed

Answer: D

Auto Scaling allows the user to suspend and then resume one or more of the Auto Scaling processes in the Auto Scaling group. This is very useful when the user wants to investigate a configuration problem or some other issue, such as a memory leak with the web application and then make changes to the application, without triggering the Auto Scaling process.

An organization is generating digital policy files which are required by the admins for verification. Once the files are verified they may not be required in the future unless there is some compliance issue. If the organization wants to save them in a cost effective way, which is the best possible solution?

  • A. AWS RRS
  • B. AWS S3
  • C. AWS RDS
  • D. AWS Glacier

Answer: D

Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Reduced redundancy is for less critical files. Glacier is for archival and the files which are accessed infrequently. It is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup.

A user has created a VPC with CIDR The user has created public and VPN only subnets along with hardware VPN access to connect to the user??s datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization??s proxy policy. How can the user make this happen?

  • A. Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
  • B. Setting up a proxy policy in the internet gateway connected with the public subnet
  • C. It is not possible to setup the proxy policy for a public subnet
  • D. Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

Answer: D

The user can create subnets within a VPC. If the user wants to connect to VPC from his own data centre, he can setup public and VPN only subnets which uses hardware VPN access to connect with his data centre. When the user has configured this setup, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. By default, the internet traffic of the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet is routed through the internet gateway. The user can set up the route and security group rules. These rules enable the traffic to come from the organization??s network over the virtual private gateway to the public subnet to allow proxy settings on that public subnet.

A new network is needed to run secure Amazon EC2 instance. This network cannot have direct access to the internet and must be separate from existing production instances. The instances will be manager using SSH from a Developer in a home office with a fixed IP address but without a VPN- capable router.
How should a SysOps Administrator create this network and manage these servers?

  • A. Create a new subnet in an existing VP
  • B. Configure access rules to allow SSH access from the Developer's IP addres
  • C. Use AWS Shield to select the instances that should not have access to the internet.
  • D. Associated an internet gateway with a new VPC with two subne
  • E. Set up a bastion instance with an Elastic IP address Configure security groups and routing to allow SSH access to the bastion instance from the Developer's Ip address and SSH access from the bastion hot to the private subnet.
  • F. Configure a new VPC with one public subnet no internet gatewa
  • G. Configure the security for the instance to allow SSH from the Developer's IP address.
  • H. Setup a new VPC with one private subne
  • I. When deployment the instance use the User data to install and configure a third-party management tool for the instances Connect to the instance using the third-party tool.

Answer: C

A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI. Which of the below mentioned CloudWatch endpoint URLs should the user use?

  • A.
  • B.
  • C.
  • D.

Answer: A

The CloudWatch resources are always region specific and they will have the end point as region specific. If the user is trying to access the metric in the US-East-1 region, the endpoint URL will be:

A user has created a queue named ??myqueue?? in US-East region with AWS SQS. The user??s AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use?

  • A.
  • B.
  • C. http://sq
  • D.
  • E. http:// 123456789012.sq
  • F.

Answer: A

When creating a new queue in SQS, the user must provide a queue name that is unique within the scope of all queues of user??s account. If the user creates queues using both the latest WSDL and a previous version, he will have a single namespace for all his queues. Amazon SQS assigns each queue created by user an identifier called a queue URL, which includes the queue name and other components that Amazon SQS determines. Whenever the user wants to perform an action on a queue, he must provide its queue URL. The queue URL for the account id 123456789012 & queue name ??myqueue?? in US-East-1 region will be http://

A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event categories is not supported by RDS for this snapshot source type?

  • A. Backup
  • B. Creation
  • C. Deletion
  • D. Restoration

Answer: A

Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event categories for a snapshot source type include: Creation, Deletion, and Restoration. The Backup is a part of DB instance source type.


P.S. Easily pass SOA-C01 Exam with 639 Q&As Certleader Dumps & pdf Version, Welcome to Download the Newest Certleader SOA-C01 Dumps: (639 New Questions)