• ホーム
  • ブログ
  • 最新 [2022年01月25日]Amazon SOA-C02リアル試験問題集PDF [Q39-Q59]

最新 [2022年01月25日]Amazon SOA-C02リアル試験問題集PDF [Q39-Q59]

Share

最新 [2022年01月25日]Amazon SOA-C02リアル試験問題集PDF

SOA-C02練習テスト問題は更新された146問題あります


Amazon SOA-C02 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • ネットワーク機能と接続を実装する
  • サービス制御ポリシーと権限境界を検証する
トピック 2
  • バックアップと復元の戦略を実装する
  • AWS AutoScalingプランを作成して維持する
トピック 3
  • フォールトトレラントワークロードを実装する
  • 単一のアベイラビリティーゾーンの使用とマルチAZ展開を区別する
トピック 4
  • AmazonRDSレプリカとAmazonAuroraレプリカを実装する
  • モニタリングと可用性の指標に基づいて問題を修正する
トピック 5
  • AmazonS3クロスリージョンレプリケーションの構成
  • デプロイメントシナリオとサービスの選択
トピック 6
  • 通知とアラームに基づいてトラブルシューティングまたは修正措置を講じる
  • CloudWatchエージェントを使用してメトリクスとログを収集する
トピック 7
  • AWSサービスを使用して自動化されたタスクをスケジュールする
  • ドメイン、DNSサービス、およびコンテンツ配信を構成する
トピック 8
  • ユースケースに基づいてスナップショットとバックアップを自動化
  • 高可用性と復元力のある環境を実装する
トピック 9
  • 複数のAWSリージョンとアカウントにリソースをプロビジョニングする
  • AWS Systems Manager Automationドキュメントを使用して、AWSConfigルールに基づいてアクションを実行する
トピック 10
  • Elastic LoadBalancerとAmazonRoute53ヘルスチェックを設定する
  • アクションをトリガーするようにAmazonEventBridgeルールを設定する
トピック 11
  • データとインフラストラクチャの保護戦略を実装する
  • セキュリティとコンプライアンスのポリシーを実装および管理する

 

質問 39
An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

Which entry must a SysOps administrator add to the route table to meet this requirement?

  • A. A route for 0.0.0.0/0 that points to an elastic network interface
  • B. A route for 0.0.0.0/0 that points to an egress-only internet gateway
  • C. A route for 0.0.0.0/0 that points to an internet gateway
  • D. A route for 0.0.0.0/0 that points to a NAT gateway

正解: C

 

質問 40
An AWS Lambda function is intermittently failing several times a day A SysOps administrator must find out how often this error has occurred in the last 7 days Which action will meet this requirement in the MOST operationally efficient manner?

  • A. Use Amazon Elasticsearch Service (Amazon ES) to stream the Amazon CloudWatch logs for the Lambda function
  • B. Use Amazon Athena to query the Amazon CloudWatch logs that are associated with the Lambda function
  • C. Use Amazon Athena to query the AWS CloudTrail logs that are associated with the Lambda function
  • D. Use Amazon CloudWatch Logs Insights to query the associated Lambda function logs

正解: D

 

質問 41
A company has a stateless application that runs on four Amazon EC2 instances. The application requires tour instances at all times to support all traffic. A SysOps administrator must design a highly available, fault-tolerant architecture that continually supports all traffic if one Availability Zone becomes unavailable.
Which configuration meets these requirements?

  • A. Deploy an Auto Scaling group across two Availability Zones with a minimum capacity of four instances.
  • B. Deploy two Auto Scaling groups in two Availability Zones with a minimum capacity of two instances in each group.
  • C. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of six instances.
  • D. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of four instances.

正解: D

 

質問 42
A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

  • A. Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.
  • B. Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC endpoint to the VPC route table.
  • C. Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints to each subnet inside the VPC.
  • D. Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC endpoints to each subnet inside the VPC.

正解: B

 

質問 43
A company is using an AWS KMS customer master key (CMK) with imported key material The company references the CMK by its alias in the Java application to encrypt data The CMK must be rotated every 6 months What is the process to rotate the key?

  • A. Delete the current key material, and import new material into the existing CMK
  • B. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months
  • C. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
  • D. Enable automatic key rotation for the CMK and specify a period of 6 months

正解: C

 

質問 44
A company is testing Amazon Elasticsearch Service (Amazon ES) as a solution for analyzing system logs from a fleet of Amazon EC2 instances. During the test phase, the domain operates on a single-node cluster. A SysOps administrator needs to transition the test domain into a highly available production-grade deployment.
Which Amazon ES configuration should the SysOps administrator use to meet this requirement?

  • A. Use a cluster of four data nodes across two AWS Regions. Deploy four dedicated master nodes in each Region.
  • B. Use a cluster of six data nodes across three Availability Zones. Use six dedicated master nodes.
  • C. Use a cluster of six data nodes across three Availability Zones. Use three dedicated master nodes.
  • D. Use a cluster of eight data nodes across two Availability Zones. Deploy four master nodes in a failover AWS Region.

正解: C

 

質問 45
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

  • A. The ALB was configured for only two Availability Zones.
  • B. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
  • C. The Auto Scaling group was configured for only two Availability Zones.
  • D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

正解: C

解説:
Reference:
the autoscaling group is responsable to add the instances in the subnets

 

質問 46
A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.
What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

  • A. Modify the existing EFS file system and activate Provisioned Throughput mode.
  • B. Modify the existing EFS file system and activate Max I/O performance mode.
  • C. Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.
  • D. Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.

正解: D

 

質問 47
A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the administrator to alter the application code.
The MOST effective way to reduce latency is to relaunch the EC2 instances in:

  • A. a single Availability Zone.
  • B. a dedicated VPC.
  • C. a placement group.
  • D. a single subnet inside the VPC.

正解: C

 

質問 48
A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoOB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

  • A. Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.
  • B. Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.
  • C. Enable termination protection on the AWS Cloud Formation stack.
  • D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

正解: A

 

質問 49
A company website contains a web tier and a database tier on AWS. The web tier consists of Amazon EC2 instances that run in an Auto Scaling group across two Availability Zones. The database tier runs on an Amazon ROS for MySQL Multi-AZ DB instance. The database subnet network ACLs are restricted to only the web subnets that need access to the database. The web subnets use the default network ACL with the default rules.
The company's operations team has added a third subnet to the Auto Scaling group configuration. After an Auto Scaling event occurs, some users report that they intermittently receive an error message. The error message states that the server cannot connect to the database. The operations team has confirmed that the route tables are correct and that the required ports are open on all security groups.
Which combination of actions should a SysOps administrator take so that the web servers can communicate with the DB instance? (Select TWO.)

  • A. On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.
  • B. On the default ACL, create outbound Allow rules of type MySQL/Aurora (3306). Specify the destinations as the database subnets.
  • C. On the default ACL. create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.
  • D. On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.
  • E. On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet.

正解: D,E

 

質問 50
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
  • B. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon S3 object. The security team can use the information in the tag to verify the integrity of the delivered files.
  • C. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
  • D. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.

正解: C

解説:
Reference:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
"When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. Validated log files are invaluable in security and forensic investigations"

 

質問 51
A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?

  • A. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
  • B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
  • C. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
  • D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

正解: A

 

質問 52
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.
Which solution will meet these requirements?

  • A. Purchase RIs in the management account. Disable Rl discount sharing in the member accounts.
  • B. Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.
  • C. Purchase RIs in the management account. Disable Rl discount sharing in the management account.
  • D. Purchase RIs in individual member accounts. Disable Rl discount sharing in the member accounts.

正解: A

 

質問 53
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.
Which solution will meet these requirements?

  • A. Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
  • B. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
  • C. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topic. Subscribe the SysOps team email address to the SNS topic.
  • D. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Seating group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).

正解: A

解説:
Reference:
You can create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically recovers the instance if it becomes impaired due to an underlying hardware failure or a problem that requires AWS involvement to repair. Terminated instances cannot be recovered. A recovered instance is identical to the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata. If the impaired instance has a public IPv4 address, the instance retains the public IPv4 address after recovery. If the impaired instance is in a placement group, the recovered instance runs in the placement group. When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you selected when you created the alarm and associated the recover action. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html

 

質問 54
A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.
The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.
Which solution will securely share the AMI with the other AWS accounts?

  • A. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to make it public.
  • B. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the CMK. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
  • C. In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
  • D. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

正解: A

 

質問 55
A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?

  • A. Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
  • B. Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
  • C. Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources
  • D. Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update

正解: B

 

質問 56
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.
Which solution will meet these requirements?

  • A. Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
  • B. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
  • C. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topic. Subscribe the SysOps team email address to the SNS topic.
  • D. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Seating group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).

正解: B

 

質問 57
A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance in the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.
Which solution will meet these requirements?

  • A. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the StatusCheckFailed_Instance metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
  • B. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
  • C. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
  • D. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).

正解: A

 

質問 58
A company has launched a social media website that gives users the ability to upload images directly to a centralized Amazon S3 bucket. The website is popular in areas that are geographically distant from the AWS Region where the S3 bucket is located. Users are reporting that uploads are slow. A SysOps administrator must improve the upload speed.
What should the SysOps administrator do to meet these requirements?

  • A. Enable cross-origin resource sharing (CORS) on the S3 bucket.
  • B. Create an accelerator in AWS Global Accelerator for the S3 bucket.
  • C. Enable S3 Transfer Acceleration on the S3 bucket.
  • D. Create S3 access points in Regions that are closer to the users.

正解: C

 

質問 59
......

Amazon SOA-C02問題集で一発合格できる問題を試そう!:https://www.goshiken.com/Amazon/SOA-C02-mondaishu.html

SOA-C02問題集を掴み取れ![最新2022]Amazon試験問題を提供しています:https://drive.google.com/open?id=1LFwhwf8wQHXinS7BFLzBVLaoFZCFkqEI

関するブログ

もっと
SOA-C02無料問題集