• ホーム
  • ブログ
  • [2024年07月13日] 最速合格には素晴らしいSOA-C02無料テストPDF本日更新です [Q102-Q121]

[2024年07月13日] 最速合格には素晴らしいSOA-C02無料テストPDF本日更新です [Q102-Q121]

Share

[2024年07月13日] 最速合格には素晴らしいSOA-C02無料テストPDF本日更新です

無料でゲット!最新の2024年最新の有効な練習AWS Certified Associate SOA-C02問題と解答でテストエンジン

質問 # 102
A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?

  • A. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the database. Create a new Lambda function called PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to update the secret within Parameter Store. Update each Lambda function to access the database password from Parameter Store.
  • B. Use AWS Secrets Manager to store credentials for the database. Create a Secrets Manager secret, and select the database so that Secrets Manager will use a Lambda function to update the database password automatically. Specify an automatic rotation schedule of 30 days. Update each Lambda function to access the database password from SecretsManager.
  • C. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each Lambda function. Grant each Lambda function access to the KMS key so that the database password can be decrypted when required. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.
  • D. Store the database password as an environment variable for each Lambda function. Create a new Lambda function that is named PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update the environment variable for each Lambda function.

正解:B

解説:
When you choose to enable rotation, Secrets Manager supports the following Amazon Relational Database Service (Amazon RDS) databases with AWS written and tested Lambda rotation function templates, and full configuration of the rotation process:
Amazon Aurora on Amazon RDS
MySQL on Amazon RDS
PostgreSQL on Amazon RDS
Oracle on Amazon RDS
MariaDB on Amazon RDS
Microsoft SQL Server on Amazon RDS
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html


質問 # 103
A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS volumes that store the data are encrypted, but some of the EBS volumes are unencrypted.
The company needs the backup data from all the EBS volumes to be encrypted.
Which solution will meet these requirements with the LEAST management overhead?

  • A. Create a point-in-time snapshot of the EBS volumes.
    Copy the snapshots to an Amazon S3 bucket that uses server-side encryption.
    Turn on S3 Cross-Region Replication on the S3 bucket.
  • B. Schedule an AWS Lambda function with the Python runtime.Configure the Lambda function to create the EBS volume snapshots, encrypt the unencrypted snapshots, and copy the snapshots to another Region.
  • C. Create a point-in-time snapshot of the EBS volumes.
    When the snapshot status is COMPLETED, copy the snapshots to another Region and set the Encrypted parameter to False.
  • D. Configure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enabled.
    Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS).

正解:D

解説:
To create cross-Region backups of EBS volumes with encryption, Amazon Data Lifecycle Manager (Amazon DLM) can be used. With Amazon DLM, it is possible to automate the creation, retention, and deletion of EBS volume snapshots. In this scenario, a lifecycle policy can be configured to create EBS volume snapshots with cross-Region backups enabled. The snapshot copies can be encrypted using AWS Key Management Service (AWS KMS).


質問 # 104
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it What address should be used to create the customer gateway resource?

  • A. The public IP address of the customer gateway device
  • B. The public IP address of the NAT device in front of the customer gateway device
  • C. The private IP address of the customer gateway device
  • D. The MAC address of the NAT device in front of the customer gateway device

正解:B


質問 # 105
A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC. the administrator is unable to connect to any of the domains that reside on the internet.
What additional route destination rule should the administrator add to the route tables?

  • A. Route ::/0 traffic to an egress-only internet gateway
  • B. Route 0.0.0.0/0 traffic to an egress-only internet gateway
  • C. Route ;:/0 traffic to a NAT gateway
  • D. Route ::/0 traffic to an internet gateway

正解:A

解説:
https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html


質問 # 106
A SysOps administrator has many Windows Amazon EC2 instances that need to share a file system between nodes. The SysOps administrator creates an Amazon Elastic File System (Amazon EFS) file share. After creation of the file share, the SysOps administrator is having trouble mounting the file share to the EC2 instances.
Which action should the SysOps administrator take so that the EC2 instances can share the files?

  • A. Configure NFSv4 support on the Windows operating system that is running on the EC2 instances.
  • B. Allow the correct port for NFS through the security group and network ACL.
  • C. Use the correct IAM credentials to mount the EFS file share.
  • D. Delete the EFS file share. Create an Amazon FSx for Windows File Server file share for the EC2 instances.

正解:D

解説:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AmazonEFS.html


質問 # 107
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.
Which solution will meet these requirements?

  • A. Purchase RIs in the management account. Disable Rl discount sharing in the member accounts.
  • B. Purchase RIs in individual member accounts. Disable Rl discount sharing in the member accounts.
  • C. Purchase RIs in the management account. Disable Rl discount sharing in the management account.
  • D. Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.

正解:D

解説:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/ RI discounts apply to accounts in an organization's consolidated billing family depending upon whether RI sharing is turned on or off for the accounts. By default, RI sharing for all accounts in an organization is turned on. The management account of an organization can change this setting by turning off RI sharing for an account. The capacity reservation for an RI applies only to the account the RI was purchased on, no matter whether RI sharing is turned on or off.


質問 # 108
A company has a high-performance Windows workload. The workload requires a storage volume that provides consistent performance of 10,000 IOPS. The company does not want to pay for additional unneeded capacity to achieve this performance.
Which solution will meet these requirements with the LEAST cost?

  • A. Use an Amazon FSx for Windows File Server file system that is configured with 10,000 IOPS.
  • B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10,000 provisioned IOPS.
  • C. Use an Amazon Elastic File System (Amazon EFS) file system with Max I/O mode.
  • D. Use a Provisioned IOPS SSD (io1) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10,000 provisioned IOPS.

正解:B

解説:
Max IOPS per volume - 16,000
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html#vol-type-ssd


質問 # 109
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.
Which solution will give the application the ability to resolve the internal domain names?

  • A. Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.
  • B. Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.
  • C. Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
  • D. Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.

正解:C

解説:
https://docs.aws.amazon.com/zh_tw/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html


質問 # 110
A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group.
Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances.
Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota.
The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of the EC2 instance service quota.
Which solution will meet these requirements in the MOST operationally efficient manner?

  • A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API.
    Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
  • B. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
  • C. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
  • D. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances.
    Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

正解:D

解説:
https://docs.aws.amazon.com/servicequotas/latest/userguide/configure-cloudwatch.html


質問 # 111
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

  • A. The Auto Scaling group was configured for only two Availability Zones.
  • B. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
  • C. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.
  • D. The ALB was configured for only two Availability Zones.

正解:A

解説:
the autoscaling group is responsable to add the instances in the subnets


質問 # 112
Users are periodically experiencing slow response times from a relational database. The database runs on a burstable Amazon EC2 instance with a 350 GB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. A SysOps administrator monitors the EC2 instance in Amazon CloudWatch and observes that the VolumeReadOps metric drops to less than 10% of its peak value during the periods of slow response.
What should the SysOps administrator do to ensure consistently high performance?

  • A. Activate unlimited mode on the EC2 instance.
  • B. Convert the EC2 instance to a memory optimized instance type.
  • C. Convert the gp2 volume to a Cold HDD (sc1) EBS volume.
  • D. Convert the gp2 volume to a General Purpose SSD (gp3) EBS volume.

正解:A

解説:
A burstable performance instance configured as unlimited can sustain high CPU utilization for any period of time whenever required. The hourly instance price automatically covers all CPU usage spikes if the average CPU utilization of the instance is at or below the baseline over a rolling 24- hour period or the instance lifetime, whichever is shorter.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances- unlimited-mode.html


質問 # 113
A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t3.large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes.
What change should be made to alleviate the performance problem?

  • A. Upgrade to a compute-optimized instance.
  • B. Purchase Reserved Instances.
  • C. Add additional t2.large instances to the application.
  • D. Change the Amazon EBS volume to Provisioned IOPs.

正解:A

解説:
Since the application is CPU-heavy and can only be scaled vertically, the best option to alleviate the performance problem would be to upgrade to a compute-optimized instance. Compute- optimized instances provide a higher ratio of vCPUs to memory than other families and are optimized for compute-bound applications that benefit from high-performance processors.
Upgrading to a compute-optimized instance would provide more CPU resources for the application, which should help alleviate the performance problem.


質問 # 114
A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are now being served the desktop version of the website.
Which action should a SysOps administrator take to resolve this issue?

  • A. Enable IPv6 on the ALB. Update the CloudFront distribution origin settings to use the dualstack endpoint.
  • B. Configure the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.
  • C. Enable IPv6 on the CloudFront distribution. Update the Route 53 record to use the dualstack endpoint.
  • D. Configure the CloudFront distribution behavior to forward the User-Agent header.

正解:D

解説:
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device


質問 # 115
A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.
A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.
Which action will ensure that the CloudWatch alarms function correctly?

  • A. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.
  • B. Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.
  • C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.
  • D. Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.

正解:A


質問 # 116
An application is running on an Amazon EC2 instance in a VPC with the default DHCP option set.
The application connects to an on-premises Microsoft SQL Server database with the DNS name mssql.example.com. The application is unable to resolve the database DNS name.
Which solution will fix this problem?

  • A. Create an Amazon Route 53 Resolver inbound endpoint.
    Add a forwarding rule for the domain example.com.
    Associate the forwarding rule with the VPC.
  • B. Create an Amazon Route 53 Resolver outbound endpoint.Add a system rule for the domain example.com.Associate the system rule with the VPC.
  • C. Create an Amazon Route 53 Resolver inbound endpoint.
    Add a system rule for the domain example.com.
    Associate the system rule with the VPC.
  • D. Create an Amazon Route 53 Resolver outbound endpoint.
    Add a forwarding rule for the domain example.com.
    Associate the forwarding rule with the VPC.

正解:D

解説:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-rules-managing.html
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound- queries.html


質問 # 117
A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS records.
Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

  • A. Geoproximity routing policy
  • B. Latency routing policy
  • C. Multivalue answer routing policy
  • D. Geolocation routing policy

正解:D

解説:
Reference:
geolocation "Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from. For example, you might want all queries from Europe to be routed to an ELB load balancer in the Frankfurt region." Could be confused with geoproximity - "Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources. You can also optionally choose to route more traffic or less to a given resource by specifying a value, known as a bias. A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource" the use case is not needed as per question.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html


質問 # 118
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?

  • A. Use backtracking to rewind the existing DB cluster to the desired recovery point.
  • B. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
  • C. Create an Aurora Replica. Promote the replica to replace the primary DB instance.
  • D. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.

正解:D


質問 # 119
A company analyzes sales data for its customers. Customers upload files to one of the company's Amazon S3 buckets, and a message is posted to an Amazon Simple Queue Service (Amazon SQS) queue that contains the object Amazon Resource Name (ARN). An application that runs on an Amazon EC2 instance polls the queue and processes the messages. The processing time depends on the size of the file.
Customers are reporting delays in the processing of their files. A SysOps administrator decides to configure Amazon EC2 Auto Scaling as the first step. The SysOps administrator creates an Amazon Machine Image (AMI) that is based on the existing EC2 instance. The SysOps administrator also creates a launch template that references the AMI.
How should the SysOps administrator configure the Auto Scaling policy to improve the response time?

  • A. Add several different instance sizes in the launch template.
    Create an Auto Scaling policy based on the ApproximateNumberOfMessagesVisible metric to select the size of the instance based on the number of messages in the queue.
  • B. Create an Auto Scaling policy based on the ApproximateNumberOfMessagesDelayed metric to scale the number of instances based on the number of messages in the queue that have been delayed.
  • C. Create a custom metric based on the ApproximateNumberOfMessagesVisible metric and the number of instances in the InService state in the Auto Scaling group.
    Modify the application to calculate the metric and post the metric to Amazon CloudWatch once each minute.Create an Auto Scaling policy based on this metric to scale the number of instances.
  • D. Create a custom metric based on the ASGAverageCPUUtilization metric and the GroupPendingInstances metric from the Auto Scaling group.
    Modify the application to calculate the metric and post the metric to Amazon CloudWatch once each minute.
    Create an Auto Scaling policy based on this metric to scale the number of instances.

正解:C

解説:
When there are delays in processing files due to a high volume of messages in the queue, adding more instances using Auto Scaling can help to reduce the processing time. The ApproximateNumberOfMessagesVisible metric is a good indicator of the workload on the EC2 instances. By creating an Auto Scaling policy based on this metric, the number of instances can be scaled up or down depending on the number of messages in the queue.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric- math.html#metric-math-sqs-queue-backlog


質問 # 120
A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources and Amazon RDS resources. The backup strategy must meet the following retention requirements:
* Daily backups: must be kept for 6 days
* Weekly backups: must be kept for 4 weeks:
* Monthly backups: must be kept for 11 months
* Yearly backups: must be kept for 7 years
Which backup strategy will meet these requirements with the LEAST administrative effort?

  • A. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period.
  • B. Use AWS Backup to create a new backup plan for each retention requirement with a backup frequency of daily, weekly, monthly, or yearly. Set the retention period to match the requirement. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags.
  • C. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period. In Amazon RDS, activate automated backups on the required DB instances.
  • D. Create an AWS Lambda function. Program the Lambda function to use native tooling to take backups of file systems in Amazon EC2 and to make copies of databases in Amazon RDS. Create an Amazon EventBridge rule to invoke the Lambda function.

正解:B

解説:
AWS Backup provides a centralized way to manage backups across AWS services. Here's how to implement the required backup strategy with minimal administrative effort:
Create Backup Plans: Set up different backup plans in AWS Backup, each configured for a specific backup frequency-daily, weekly, monthly, and yearly.
Set Retention Periods: For each backup plan, configure the retention settings to align with the required retention durations: 6 days, 4 weeks, 11 months, and 7 years respectively.
Tag Resources: Apply tags to each EC2 and RDS resource that needs to be backed up. This allows for the automated inclusion of these resources in the respective backup plans based on their tags.
Assign Resources to Backup Plans: Use the tags to define which resources are included in each backup plan, ensuring that all necessary resources are backed up according to the defined schedules and retention policies.
AWS Documentation Reference:
More details on setting up and managing AWS Backup can be found here: AWS Backup.


質問 # 121
......

SOA-C02問題集PDFで100%合格保証付き:https://www.goshiken.com/Amazon/SOA-C02-mondaishu.html

最新SOA-C02のPDF問題集リアル無料テスト本日更新です:https://drive.google.com/open?id=1MpogHgbE8wa6f-GQdKdxmLDAhPNH8Q7n

関するブログ

もっと
SOA-C02無料問題集