SOA-C02 Amazon Web Services AWS Certified SysOps Administrator - Associate (SOA-C02) Free Practice Exam Questions (2025 Updated)

The error message indicates that the current quota for the number of EC2 instances allowed in the specified region has been reached. To resolve this issue, a quota increase must be requested.

Request Quota Increase:

Open the Service Quotas console at Service Quotas Console.

Navigate to Amazon EC2 service.

Find the specific quota for the instance type family that you need to increase.

Select the quota and choose Request quota increase.

Provide the necessary details and submit the request.

This action will initiate a request to AWS to increase the limit, allowing you to launch additional instances once the request is approved.

Service Quotas

Requesting a Quota Increase

Amazon CloudWatch Logs Insights allows you to interactively search and analyze your log data. This can be used to quickly identify the top internet destinations accessed by the EC2 instances.

Steps:

Open CloudWatch Logs Insights:

Open the Amazon CloudWatch console.

In the navigation pane, choose "Logs Insights".

Select the Log Group:

Select the log group that contains the VPC flow logs for the NAT gateway.

Run a Query:

Use the following query to identify the top five internet destinations:

sql

Copy code

fields @timestamp, dstAddr

| stats count(*) as requestCount by dstAddr

| sort requestCount desc

| limit 5

This query will count the number of requests to each destination address, sort them in descending order, and limit the results to the top five.

Analyze Results:

Review the output to identify the top five internet destinations that the EC2 instances communicate with for downloads.

The reason is that it uses the Amazon CloudWatch billing alarm which is a built-in service specifically designed to monitor and alert on cost usage of your AWS account, which makes it a more suitable solution for this use case. The alarm can be configured to detect when costs reach 75% of the threshold and when it is triggered, it can publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. The email distribution list can be subscribed to the topic, so that they will receive the alerts when costs reach 75% of the threshold.

AWS Budgets allows you to track and manage your costs, but it doesn't specifically focus on data transfer costs between regions, and it might not provide as much granularity as CloudWatch Alarms.

To efficiently transfer a significant amount of data between VPCs in different regions, establishing an inter-region VPC peering connection is the most cost-effective method. This setup allows direct network connectivity between two VPCs in different regions, which can handle large data transfers without the need for intermediate devices or services. Option C is the most straightforward and economical choice for this requirement. Further details can be found in the AWS documentation on VPC Peering VPC Peering.

To fulfill the requirement of sharing the same data across multiple EC2 instances in multiple Availability Zones with scalability, the most appropriate solution is Amazon Elastic File System (EFS).

Deploy Amazon EFS:

Amazon EFS provides a scalable and fully managed NFS file system for use with AWS Cloud services and on-premises resources.

It is designed to grow and shrink automatically as you add and remove files, so your applications have the storage they need, when they need it.

Create Mount Targets:

Go to the EFS console and create a new file system.

Create mount targets in each subnet within your VPC across the multiple Availability Zones.

Attach the EFS file system to your EC2 instances by mounting the EFS file system using the mount target IP addresses or DNS names.

Scalability:

EFS can scale to petabytes without the need to provision storage in advance.

It provides high availability and durability, automatically replicating data across multiple Availability Zones.

Amazon EFS Documentation

Creating EFS File Systems

To improve RDS performance during peak traffic when resources are over-utilized due to read traffic, the SysOps administrator can take the following actions:

Add a Read Replica:

Amazon RDS Read Replicas provide enhanced performance and durability for database instances.

By creating a read replica, you can offload read traffic from the primary database instance to the replica.

This reduces the load on the primary instance and improves overall performance.

Amazon RDS Read Replicas

Modify the Application to Use Amazon ElastiCache for Memcached:

Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud.

By using ElastiCache for Memcached, you can cache frequently accessed data, reducing the number of read requests to the RDS instance.

This can significantly improve the performance of the database during peak traffic.

To host a static website on Amazon S3, the SysOps administrator needs to configure the bucket for public access and set up the static website hosting. Here's how to complete this process:

Turn off "Block all public access": Amazon S3 buckets have "Block all public access" settings enabled by default for security. Since the webpage needs to be accessible publicly, this setting must be disabled. This step is crucial to allow public read access to the web content.

Set a bucket policy: After disabling "Block all public access," set a bucket policy that explicitly allows public read access to the S3 bucket. This policy should allow the s3:GetObject action for everyone, which can be set by specifying "Principal": "*". This policy ensures that anyone can view the webpage but does not grant permissions to modify or delete the content.

Create an index.html document and configure static website hosting: The next step is to create an index.html file, which will serve as the entry point of the website. After creating this file, upload it to the bucket. Then, configure the bucket for static website hosting through the S3 management console. This setting enables the S3 bucket to serve the webpage directly from the index.html file.

Combining these actions, the S3 bucket will be properly configured to host and serve the static website with minimal operational overhead and maximum accessibility.

C: Ensures logs are ingested into CloudWatch from EC2 via the CloudWatch agent.

E: Allows creation of metric filters and alarms based on log patterns (e.g., "rejected web requests").

From CloudWatch Logs & Alarms documentation:

You can extract metric data from log events using metric filters and then create CloudWatch alarms based on these filters.

This is the most efficient and least operational overhead solution.

To enable debug or info-level logging in Lambda Insights, you need to configure an environment variable that controls the log level.

From AWS Lambda Insights Documentation:

To enable debug logging for Lambda Insights, set the environment variable:

LAMBDA_INSIGHTS_LOG_LEVEL=debug or info.

This variable allows you to adjust the verbosity of telemetry logs, which helps in performance analysis.

❌ Why the other options are incorrect:

A: pdb.set_trace() is a Python-level debugger, not related to Lambda Insights.

B and D: These are invalid parameters and not recognized by the Lambda runtime or Insights agent.

The key requirements are:

Minimize application downtime

Minimize risk of failed deployment

From AWS Deployment Strategies:

Blue/Green deployment:Deploys new version alongside the old one, then switches traffic. Allows easy rollback and zero downtime.

Immutable deployment:Deploys a new environment (new EC2 instances) and switches traffic to it, without modifying existing instances.

Both provide safe, low-risk deployments with high availability.

Systems Manager Quick Setup is the recommended method for enabling Systems Manager capabilities across all accounts in an organization.

From AWS Systems Manager Quick Setup documentation:

You can use Quick Setup in the management account of your organization to automatically configure Systems Manager in all current and future member accounts.

The "Default Host Management Configuration" enables:

Instance registration

SSM Agent setup

IAM role association

This meets the requirement with the least ongoing maintenance.

To address the issue of an errant process consuming an entire processor and running at 100%, the SysOps administrator can automate the restarting of the instance using Amazon CloudWatch and AWS Systems Manager.

Enable Detailed Monitoring:

Ensure that detailed monitoring is enabled on the EC2 instance. Detailed monitoring provides data in 1-minute periods, which is crucial for detecting the 2-minute threshold accurately.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html

Syntax The DependsOn attribute can take a single string or list of strings. "DependsOn" : [ String, ... ] Example The following template contains an AWS::EC2::Instance resource with a DependsOn attribute that specifies myDB, an AWS::RDS::DBInstance. When CloudFormation creates this stack, it first creates myDB, then creates Ec2Instance.

Enable deletion protection for the DynamoDB tables:

Deletion protection is a feature that prevents accidental deletion of DynamoDB tables. When enabled, it requires an additional step to disable this protection before the table can be deleted.

Steps:

Go to the AWS Management Console.

Navigate to DynamoDB.

Select the table you want to protect.

Choose the "Overview" tab.

Under "Deletion protection," click "Enable deletion protection."

AWS DynamoDB Deletion Protection

Enable point-in-time recovery (PITR) for the DynamoDB tables:

PITR provides continuous backups of your DynamoDB tables. You can restore the table to any point in time within the last 35 days.

Steps:

Go to the AWS Management Console.

Navigate to DynamoDB.

Select the table you want to enable PITR for.

Choose the "Backups" tab.

Click on "Enable Point-in-Time Recovery."

If a table is accidentally deleted, you can restore it using PITR.

Go to the DynamoDB console.

Select "Backups" from the navigation pane.

Find the table backup and choose "Restore."

The best combination of steps to meet this requirement is to sign in to the new account by using root user credentials and change the support plan, and to create an IAM user that has administrator privileges in the new account.

Signing in to the new account by using root user credentials will allow the SysOps administrator to access the account and change the support plan to AWS Business Support. Additionally, creating an IAM user that has administrator privileges in the new account will ensure that the SysOps administrator has the necessary access to manage the account and make changes to the support plan if necessary.

Aurora Auto Scaling:

Aurora Auto Scaling adjusts the number of Aurora Replicas in response to changes in connectivity or workload.

Steps:

Go to the AWS Management Console.

Navigate to RDS and select the Aurora cluster.

Under "Actions," choose "Add Aurora Replica" to initially add replicas if needed.

Go to the "Auto Scaling" section and create an auto scaling policy.

Set the target value for the DatabaseConnections metric to 195.

Define the minimum and maximum number of replicas.

Save the configuration.

This ensures that the Aurora cluster scales automatically when the number of connections approaches the threshold, improving read performance.

Aurora Auto Scaling

Using AWS Systems Manager Distributor and State Manager is an automated and scalable solution for managing software installation across EC2 instances.

Systems Manager Distributor: Allows packaging and distributing the auditing software across multiple Regions.

State Manager Association: Automates software installation on both existing and new instances, ensuring consistent deployment across all managed instances.

Manually connecting to instances or using Lambda is not scalable or efficient for this type of ongoing software management.

To enable HTTPS support on an Application Load Balancer, you must:

Use a public SSL/TLS certificate

Associate it with the HTTPS listener on the ALB

From the AWS Certificate Manager and ALB documentation:

You can use ACM to provision, manage, and deploy public SSL/TLS certificates for your load balancers.

After the certificate is issued, you can attach it to your ALB's HTTPS listener.

https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/

RI discounts apply to accounts in an organization's consolidated billing family depending upon whether RI sharing is turned on or off for the accounts. By default, RI sharing for all accounts in an organization is turned on. The management account of an organization can change this setting by turning off RI sharing for an account. The capacity reservation for an RI applies only to the account the RI was purchased on, no matter whether RI sharing is turned on or off.