Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

SOA-C01 Amazon Web Services AWS Certified SysOps Administrator - Associate Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Amazon Web Services SOA-C01 AWS Certified SysOps Administrator - Associate certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Amazon Web Services SOA-C01 Premium Access     Download Demo    
Page: 3 / 4
Total 263 questions

A SysOps Administrator is responsible for maintaining an Amazo EC2 instance that acts as a bastion host. The Administrator can sucessfully connect to the instance using SSH, but attempts to ping the instance result in a timeout.

What is one reason for the issue?

A.

The instance does not have an Elastic IP address.

B.

The instance has security group that does not allow Internet Control Message Protocol (ICMP) traffic

C.

The instance is not set up in a VPC using AWS Direct Connect.

D.

The instance is running in a peered VPC.

A company’s website went down for several hours. The root cause was a full disk on one of the company’s Amazon EC2 instances.

Which steps should the SysOps Administrator take to prevent this from happening in this future?

A.

Configure Amazon CloudWatch Events to filter and forward AWS Health events for disk space utilization to an Amazon SNS topic to notify the Administrator.

B.

Create an AWS Lambda function to describe the volume status for each EC2 instance. Post a notification to an Amazon SNS topic when a volume status is impaired.

C.

Enable detailed monitoring for the EC2 instances. Create an Amazon CloudWatch alarm to notify the

Administrator when disk space is running low.

D.

Use the Amazon CloudWatch agent on the EC2 instances to collect disk metrics. Create a CloudWatch alarm to notify the Administrator when disk space is running low.

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead''

A.

Create a role for each department within AWS 1AM and assign each role the necessary permissions.

B.

Create a user for each department within AWS 1AM and assign each user the necessary permissions.

C.

Implement service control policies within AWS Organizations to determine which resources each department can access

D.

Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.

What will be the result of this configuration?

A.

Amazon CloudWatch will not capture the data because it is in the future.

B.

Amazon CloudWatch will accept the custom metric data and record it.

C.

The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.

D.

The Amazon CloudWatch agent will agent check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1. A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage. Data will be replicated from the primary region to the secondary region. The Information Security team’s compliance requirements specify that all data must be encrypted and must not traverse the public internet.

How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?

A.

Configure EC2 instances to act as VPN appliances, then configure route tables.

B.

Configure inter-region VPC peering between the two VPCs, then configure route tables.

C.

Configure NAT gateways in both VPCs, then configure route tables.

D.

Configure an internet gateway in each VPC, and use these as the targets for the VPC route tables.

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

A.

Create a service control policy in AWS Organizations and apply it to the development account.

B.

Create a customer managed policy in IAM and apply it to all users within the development account.

C.

Create a job function policy in IAM and apply it to all users within the development account.

D.

Create an IAM policy and apply it in API Gateway to restrict the development account.

A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the Administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the Administrator add to the route tables?

A.

Route ::/0 traffic to a NAT gateway

B.

Route ::/0 traffic to an internet gateway

C.

Route 0.0.0.0/0 traffic to an egress-only internet gateway

D.

Route ::/0 traffic to an egress-only internet gateway

A company is storing monthly reports on Amazon S3. The company’s security requirement states that traffic from the client VPC to Amazon S3 cannot traverse the internet.

What should the SysOps Administrator do to meet this requirement?

A.

Use AWS Direct Connect and a public virtual interface to connect to Amazon S3.

B.

Use a managed NAT gateway to connect to Amazon S3.

C.

Deploy a VPC endpoint to connect to Amazon S3.

D.

Deploy an internet gateway to connect to Amazon S3.

A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access? (Select TWO)

A.

Attach an IAM policy to the users or groups that require access to the EC2 instances

B.

Attach an IAM role to control access to the EC2 instances

C.

Create a placement group for the EC2 instances and add a specific tag

D.

Create a service account and attach it to the EC2 instances that need to be controlled

E.

Create an IAM policy that grants access to any EC2 instances with a tag specified in the condition element

Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration. Which log type will confirm whether users are trying to connect to the correct port?

A.

AWS CloudTrail logs

B.

Elastic Load Balancer access logs

C.

Amazon S3 access logs

D.

VPC Flow Logs

An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data A new company policy requires the secondary volume to be encrypted at rest. Which solution will meet this requirement?

A.

Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.

B.

Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.

C.

Stop the EC2 instance. Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.

D.

Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.

A company’s use of AWS Cloud services is quickly growing, so a SysOps Administrator has been asked to generate details of daily spending to share with management.

Which method should the Administrator choose to produce this data?

A.

Share the monthly AWS bill with management.

B.

Use AWS CloudTrail Logs to access daily costs in JSON format.

C.

Set up daily Cost and Usage Report and download the output from Amazon S3.

D.

Monitor AWS costs with Amazon Cloud Watch and create billing alerts and notifications.

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance

Which of the following are possible causes of this issue? (Select TWO.)

A.

A network ACL associated with the bastion's subnet is blocking the network traffic

B.

The instance does not have a private IP address.

C.

The route table associated with the bastion's subnet does not have a route to the internet gateway

D.

The security group for the instance does not have an inbound rule on port 22

E.

The security group for the instance does not have an outbound rule on port 3389.

A company's application running on Amazon EC2 Linux recently crashed because it ran out ot available memory. Management wants to be alerted if this ever happens again. Which combination of steps will accomplish this? (Select TWO.)

A.

Create an Amazon CloudWatch dashboard to monitor the memory usage metrics on the Instance over time.

B.

Create an alarm on the dashboard that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

C.

Create an alarm on the metric that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

D.

Create an alarm on the AWS Personal Health Dashboard that publishes an Amazon SNS notification to alert the CIO when the system is out of memory.

E.

Configure the Amazon CloudWatch agent to collect and push memory usage metrics on the instance.

A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.

Which action should be taken to meet these requirements?

A.

Edit the template to remove the RDS resources and update the stack.

B.

Enable termination protection on the stack.

C.

Set the deletionPolicy attributes for RDS resources to retain in the template.

D.

Set the deletion-protection parameter on RDS resources.

A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet information security guidelines.

Which option would meet the requirement?

A.

Create a new CMK every 7 days to manually rotate the encryption keys.

B.

Enable key rotation on the CMKs and set the rotation period 7 days.

C.

Switch to using AWS CloudHSM as AWS KMS does not support key rotation.

D.

Use data keys for each encryption task to avoid the need to rotate keys.

An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.

How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?

A.

Deploy a second CloudFormation stack and use Amazon Route 53 to redirect traffic to the new stack.

B.

Run the awa cloudformation update-attack command with the —rollback-configuration option.

C.

Set an AutoScal ingRollingUpdate policy in the CloudFormation template to update the stack.

D.

Update the CloudFormation template with the new AMI ID. then reboot the EC2 instances.

A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred.

What are possible causes for this? (Choose two.)

A.

A read contention on the database.

B.

A storage failure on the primary database.

C.

A write contention on the database.

D.

Database corruption errors.

E.

The database instance type was changed.

A company with dozens of AWS accounts wants to ensure that governance rules are being applied across all accounts. The CIO has recommended that AWS Config rules be deployed using an AWS Cloud Formation template.

How should this be accomplished?

A.

Create a Cloud Form at ion stack in the master account of AWS Organizations and execute the Cloud Formation template to create AWS Config rules in all accounts.

B.

Create a CloudFormation stack set. then select the Cloud Formation template and use It to configure the AWS accounts.

C.

Use AWS Organizations to execute the CloudFormation template in all accounts.

D.

Write a script that iterates over the company's AWS accounts and executes the Cloud Formation template in each account.

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?

A.

change sets What features of AWS CloudFormation will

B.

Nested stacks

C.

Stack policies

D.

StacksSets

Amazon Web Services SOA-C01 Premium Access     Download Demo    
Page: 3 / 4
Total 263 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved