Free SOA-C02 Exam Dumps

Question 6

Solution:

Does this meet the goal?

A. Yes
B. No

Correct Answer:A

Question 7

An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?

A. EBS General Purpose SSD volumes
B. RDS PostgreSQL database
C. Amazon EFS file systems
D. S3 objects within a bucket

Correct Answer:B

Question 8

A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts. Which solution will meet these requirements?

A. Purchase RIs in individual member account
B. Disable RI discount sharing in the management account.
C. Purchase RIs in individual member account
D. Disable RI discount sharing in the member accounts.
E. Purchase RIs in the management accoun
F. Disable RI discount sharing in the management account.
G. Purchase RIs in the management accoun
H. Disable RI discount sharing in the member accounts.

Correct Answer:B

Question 9

A company wants to automate the process of patching managed instances and applying patches for
operating systems and applications.
Which service should a SysOps administrator use to meet this requirement?

A. AWS Systems Manager Patch Manager
B. AWS Systems Manager Patch Upgrader
C. AWS Systems Manager Patch Processor
D. AWS Systems Manager Patch Automation

Correct Answer:A
AWS Systems Manager Patch Manager is the correct answer. AWS Systems Manager Patch Manager
automates the process of patching managed instances with both security-related and other types of
updates. You can use Patch Manager to apply patches for both operating systems and applications.
(On Windows Server, application support is limited to updates for Microsoft applications.) You can use
Patch Manager to install Service Packs on Windows instances and perform minor version upgrades on
Linux instances.
Patch Manager uses patch baselines, which include rules for auto-approving patches within days of
their release, as well as a list of approved and rejected patches. You can install patches on a regular
basis by scheduling patching to run as a Systems Manager maintenance window task. You can also
install patches individually or to large groups of instances by using Amazon EC2 tags.
The rest answers are fictitious AWS services.

Question 10

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps administrator take to meet these requirements?

A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
B. Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.

Correct Answer:B