• ホーム
  • ブログ
  • 更新されたPDF(2024年最新)実際にあるAmazon SOA-C02試験問題 [Q78-Q96]

更新されたPDF(2024年最新)実際にあるAmazon SOA-C02試験問題 [Q78-Q96]

Share

更新されたPDF(2024年最新)実際にあるAmazon SOA-C02試験問題

検証済みのSOA-C02試験問題集PDF[2024年最新] 成功の秘訣はGoShiken


試験は65問の複数選択肢および複数回答の問題で構成され、時間制限は130分です。扱われるトピックには、システムの管理と展開、データストレージの実装と管理、ネットワークの構成と管理、システムの監視とトラブルシューティングが含まれます。試験は、セキュリティのベストプラクティスとコンプライアンス要件、AWSシステムの自動化と最適化技術もカバーしています。合格者は、業界で高く評価され、世界中の雇用主に認められているAWS Certified SysOps Administrator - Associate認定を受けます。

 

質問 # 78
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts.
The organization has become concerned that the file system is not encrypted.
How can this be resolved?

  • A. Enable encryption on each host's connection to the Amazon EFS volume.
    Each connection must be recreated for encryption to take effect.
  • B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
  • C. Enable encryption on a newly created volume and copy all data from the original volume.
    Reconnect each host to the new volume.
  • D. Enable encryption on each host's local drive.
    Restart each host to encrypt the drive.

正解:C

解説:
Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. You can enable encryption of data at rest when creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system.
https://docs.aws.amazon.com/efs/latest/ug/encryption.html


質問 # 79
An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the SysOps administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Choose two.)

  • A. Add an additional node to the ElastiCache cluster.
  • B. Increase the ElastiCache time to live (TTL).
  • C. Increase the individual node size inside the ElastiCache cluster.
  • D. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.
  • E. Put an Elastic Load Balancer in front of the ElastiCache cluster.

正解:A、C


質問 # 80
On an Amazon EC2 instance, an application is running that makes use of Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must guarantee that an application is capable of reading, writing, and deleting messages from SQS queues.
Which solution satisfies these criteria the SAFEST way possible?

  • A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
    Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
  • B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
    Embed the IAM user's credentials in the application's configuration.
  • C. Create and associate an IAM role that allows EC2 instances to call AWS services.Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
  • D. Create and associate an IAM role that allows EC2 instances to call AWS services.
    Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.

正解:C


質問 # 81
A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more.
Which solution will meet this requirement In the MOST operationally efficient manner?

  • A. Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown If CPU utilization is less than 10%.
  • B. Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
  • C. Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
  • D. Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.

正解:B


質問 # 82
A SysOps administrator manages policies for many AWS member accounts in an AWS Organizations structure. Administrators on other teams have access to the account root user credentials of the member accounts. The SysOps administrator must prevent all teams, including their administrators, from using Amazon DynamoDB. The solution must not affect the ability of the teams to access other AWS services.
Which solution will meet these requirements?

  • A. Remove the default service control policy (SCP) in the management account. Create a replacement SCP that includes a single statement that denies all DynamoDB actions.
  • B. In all member accounts, configure 1AM policies that deny access to all DynamoDB resources for all users, including the root user.
  • C. Create a service control policy (SCP) in the management account to deny all DynamoDB actions. Apply the SCP to the root of the organization
  • D. In all member accounts, configure 1AM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.

正解:C

解説:
To prevent all teams within an AWS Organizations structure from using Amazon DynamoDB while allowing access to other AWS services, the most effective solution is to use a Service Control Policy (SCP). SCPs apply at the organization, organizational unit (OU), or account level and can override individual IAM policies, including the root user's permissions:
B: Create a service control policy (SCP) in the management account to deny all DynamoDB actions. Apply the SCP to the root of the organization. This policy will effectively block DynamoDB actions across all member accounts without affecting the ability to access other AWS services. SCPs are powerful tools for centrally managing permissions in AWS Organizations and can enforce policy compliance across all accounts. Further information on SCPs and their usage can be found in the AWS documentation on Service Control Policies AWS Service Control Policies.


質問 # 83
A company updates its security policy to clarify cloud hosting arrangements for regulated workloads. Workloads that are identified as sensitive must run on hardware that is not shared with other customers or with other AWS accounts within the company.
Which solution will ensure compliance with this policy?

  • A. Deploy workloads only to Dedicated Instances.
  • B. Deploy workloads only to Reserved Instances.
  • C. Place all instances in a dedicated placement group.
  • D. Deploy workloads only to Dedicated Hosts.

正解:D

解説:
Dedicated hardware to support existing software licenses and improve compliance.
Dedicated instances segregate on hardware level as well, though other non-dedicated instances of the same account may run workloads on it. This isn't specified in the question, but AWS suggests dedicated hosts for extra visibility on instance placement when compliance is a requirement.


質問 # 84
A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances.
Which additional action must the SysOps administrator perform to meet this requirement?

  • A. Manually specify the instances to patch Instead of using tag-based selection.
  • B. Attach an 1AM instance profile with access to Systems Manager to the instances.
  • C. Add an inbound rule to the instances' security group.
  • D. Create a Systems Manager activation Then activate the fleet of instances.

正解:C


質問 # 85
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2. large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes.
What change should be made to alleviate the performance problem?

  • A. Change the Amazon EBS volume to Provisioned IOPs.
  • B. Add additional t2.large instances to the application.
  • C. Purchase Reserved Instances
  • D. Upgrade to a compute-optimized instance.

正解:D


質問 # 86
A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more.
Which solution will meet this requirement In the MOST operationally efficient manner?

  • A. Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization.
    Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
  • B. Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown If CPU utilization is less than 10%.
  • C. Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
  • D. Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than 10%.

正解:A

解説:
To automatically shut down EC2 instances with low CPU utilization:
* Create CloudWatch Alarms:
* Go to the CloudWatch console and create an alarm for each EC2 instance.
* Set the alarm to monitor the CPUUtilization metric with a period of 1 hour and a threshold of
10%.
Reference: Creating Amazon CloudWatch Alarms
Configure EC2 Action:
Configure the alarm to trigger an EC2 action that stops the instance when the alarm state is ALARM.
Reference: Stop EC2 Instances Using CloudWatch Alarms
This method is operationally efficient as it automates the monitoring and action without requiring manual intervention or additional infrastructure.


質問 # 87
A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times.
Which deployment policies satisfy this requirement? (Select TWO.)

  • A. All at once
  • B. Rebuild
  • C. Rolling
  • D. Rolling with additional batch
  • E. Immutable

正解:D、E

解説:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html


質問 # 88
A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately.
What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?

  • A. Add the AWS account to AWS Organizations.
    Enable CloudTrail in the management account.
  • B. Create an AWS Config rule that is invoked when CloudTrail configuration changes.
    Configure the rule to invoke an AWS Lambda function to enable CloudTrail.
  • C. Create an Amazon EventBridge (Amazon CloudWatch Event) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.
  • D. Create an AWS Config rule that is invoked when CloudTrail configuration changes.
    Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.

正解:D

解説:
To ensure that CloudTrail remains enabled in your account, AWS Config provides the cloudtrail- enabled managed rule. If CloudTrail is turned off, the cloudtrail-enabled rule automatically re- enables it by using automatic remediation.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-re-enable-aws- cloudtrail-by-using-a-custom-remediation-rule-in-aws-config.html


質問 # 89
A company's AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.
What should a SysOps administrator do to resolve this issue?

  • A. Turn off the AWS managed encryption.
  • B. Increase the amount of memory for the Lambda function.
  • C. Load the required code into a custom layer.
  • D. In the CPU launch options for the Lambda function, activate hyperthreading.

正解:B

解説:
Increasing the amount of memory for the Lambda function will help to improve the performance of the function. This is because the Lambda function is CPU-intensive and increasing the memory will give it access to more CPU resources and help it run faster. The other options (activating hyperthreading in the CPU launch options for the Lambda function, turning off the AWS managed encryption, and loading the required code into a custom layer) will not help to improve the performance of the Lambda function and are not the correct solutions for this issue.
https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console


質問 # 90
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

  • A. Enable S3 server access logging to track requests made to the log bucket for security audits.
  • B. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
  • C. Enable log file integrity validation and use digest files to verify the hash value of the log file.
  • D. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

正解:C

解説:
When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers.
Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a public and private key pair. After delivery, you can use the public key to validate the digest file.
CloudTrail uses different key pairs for each AWS region
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html


質問 # 91
A company has a large on-premises tape backup solution. The company has started to use AWS Storage Gateway. The company created a Tape Gateway to replace the existing on-premises hardware. The company's backup engineer noticed that some of the backup jobs that were supposed to write to AWS failed to run because of a "Not Enough Space" error.
The company does not want these failures to happen again. The company also wants to consistently have enough tape available on AWS.
What is the MOST operationally efficient way for a SysOps administrator to meet these requirements?

  • A. Create an additional Tape Gateway with its own set of tapes. Configure Amazon Simple Notification Service (Amazon SNS) to send a notification to the backup engineer if the tapes that are associated with the primary Tape Gateway do not have available space.
  • B. Create an AWS Lambda function that runs on an hourly basis and checks how many tapes have available space. If the available tapes are below a certain threshold, provision more.
  • C. Configure tape auto-create on the Tape Gateway. In the auto-create settings, configure a minimum number of tapes, an appropriate barcode prefix, and a tape pool.
  • D. Install the Amazon CloudWatch agent on the on-premises system. Push the log files to a CloudWatch log group. Create an AWS Lambda function that creates more tapes when the "Not Enough Space" error appears. Create a metric filter and a metric alarm that launches the Lambda function.

正解:C

解説:
https://docs.aws.amazon.com/storagegateway/latest/tgw/managing-automatic-tape-creation.html The Tape Gateway automatically creates new virtual tapes to maintain the minimum number of available tapes that you configure. It then makes these new tapes available for import by the backup application so that your backup jobs can run without interruption. Automatic tape creation removes the need for custom scripting in addition to the manual process for creating new virtual tapes.


質問 # 92
A compliance team requires all administrator passwords for Amazon RDS DB instances to be changed at least annually.
Which solution meets this requirement in the MOST operationally efficient manner?

  • A. Store the database credentials in AWS Secrets Manager.
    Configure automatic rotation for the secret every 365 days.
  • B. Store the database credentials in a private Amazon S3 bucket.
    Schedule an AWS Lambda function to generate a new set of credentials every 365 days.
  • C. Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter.Configure automatic rotation for the parameter every 365 days.
  • D. Store the database credentials as a parameter in the RDS parameter group.
    Create a database trigger to rotate the password every 365 days.

正解:A

解説:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html


質問 # 93
A company analyzes sales data for its customers. Customers upload files to one of the company's Amazon S3 buckets, and a message is posted to an Amazon Simple Queue Service (Amazon SQS) queue that contains the object Amazon Resource Name (ARN). An application that runs on an Amazon EC2 instance polls the queue and processes the messages. The processing time depends on the size of the file.
Customers are reporting delays in the processing of their files. A SysOps administrator decides to configure Amazon EC2 Auto Scaling as the first step. The SysOps administrator creates an Amazon Machine Image (AMI) that is based on the existing EC2 instance. The SysOps administrator also creates a launch template that references the AMI.
How should the SysOps administrator configure the Auto Scaling policy to improve the response time?

  • A. Create a custom metric based on the ASGAverageCPUUtilization metric and the GroupPendingInstances metric from the Auto Scaling group.
    Modify the application to calculate the metric and post the metric to Amazon CloudWatch once each minute.
    Create an Auto Scaling policy based on this metric to scale the number of instances.
  • B. Create a custom metric based on the ApproximateNumberOfMessagesVisible metric and the number of instances in the InService state in the Auto Scaling group.
    Modify the application to calculate the metric and post the metric to Amazon CloudWatch once each minute.Create an Auto Scaling policy based on this metric to scale the number of instances.
  • C. Create an Auto Scaling policy based on the ApproximateNumberOfMessagesDelayed metric to scale the number of instances based on the number of messages in the queue that have been delayed.
  • D. Add several different instance sizes in the launch template.
    Create an Auto Scaling policy based on the ApproximateNumberOfMessagesVisible metric to select the size of the instance based on the number of messages in the queue.

正解:B

解説:
When there are delays in processing files due to a high volume of messages in the queue, adding more instances using Auto Scaling can help to reduce the processing time. The ApproximateNumberOfMessagesVisible metric is a good indicator of the workload on the EC2 instances. By creating an Auto Scaling policy based on this metric, the number of instances can be scaled up or down depending on the number of messages in the queue.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric- math.html#metric-math-sqs-queue-backlog


質問 # 94
A company is using an Amazon DynamoDB table for data.
A SysOps administrator must configure replication of the table to another AWS Region for disaster recovery.
What should the SysOps administrator do to meet this requirement?

  • A. Enable DynamoDB Accelerator (DAX).
  • B. Enable DynamoDB Streams, and-add a global table Region.
  • C. Enable DynamoDB Streams, and add a global secondary index (GSI).
  • D. Enable point-in-time recovery.

正解:B


質問 # 95
A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out.
Which action should the SysOps administrator take to meet these requirements?

  • A. Enable instance scale-in protection.
  • B. Remove the listener from the ALB
  • C. Suspend the Launch and Terminate process types.
  • D. Place the instance into the Standby stale.

正解:C

解説:
To troubleshoot high CPU utilization during load testing without scaling out, the SysOps administrator should suspend the Launch and Terminate process types in the Auto Scaling group.
* Suspending Processes:
* Suspending the Launch and Terminate processes will temporarily stop the Auto Scaling group from adding or removing instances, allowing for troubleshooting without automatic scaling interruptions.
* This ensures that the root cause of the high CPU utilization can be investigated without the Auto Scaling group launching additional instances.
* Steps to Suspend Processes:
* Go to the Auto Scaling group in the AWS Management Console.
* Select the group and choose the "Suspend Processes" option.
* Suspend the Launch and Terminate processes.
* After troubleshooting, resume the processes to re-enable scaling.
Reference: Suspending and Resuming Scaling Processes


質問 # 96
......

ベストを体験せよ!SOA-C02試験問題トレーニングを提供しています:https://www.goshiken.com/Amazon/SOA-C02-mondaishu.html

練習サンプルと問題集と秘訣には2024年最新のSOA-C02有効なテスト問題集:https://drive.google.com/open?id=1LFwhwf8wQHXinS7BFLzBVLaoFZCFkqEI

関するブログ

もっと
SOA-C02無料問題集