[2024年11月22日]SOA-C02試験ブレーン問題集で学習注釈と理論
合格させるAmazon SOA-C02テスト練習テスト問題試験問題集
SOA-C02試験は、2021年7月に廃止されたSOA-C01試験の更新版です。新しい試験には、AWSによって導入された新しいサービスや機能を含む更新されたコンテンツが含まれています。試験は現在、英語、日本語、韓国語、簡体字中国語で利用可能です。試験は監視された環境で実施され、オンラインまたはテストセンターで対面で受験できます。
Amazon SOA-C02 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
質問 # 218
If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.
If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.
Configure Amazon EventBridge to meet the following requirements.
1. use the us-east-2 Region for all resources,
2. Unless specified below, use the default configuration settings.
3. Use your own resource naming unless a resource
name is specified below.
4. Ensure all Amazon EC2 events in the default event
bus are replayable for the past 90 days.
5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.
6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:
Input Path:
{"instance" : "$.detail.instance-id"}
Input template:
" The EC2 Spot Instance <instance> has been on account.
正解:
解説:
See the Explanation for solution.
Explanation:
Here are the steps to configure Amazon EventBridge to meet the above requirements:
* Log in to the AWS Management Console by using the AWS Management Console shortcut from the VM desktop. Make sure that you are logged in to the desired AWS account.
* Go to the EventBridge service in the us-east-2 Region.
* In the EventBridge service, navigate to the "Event buses" page.
* Click on the "Create event bus" button.
* Give a name to your event bus, and select "default" as the event source type.
* Navigate to "Rules" page and create a new rule named "RunFunction"
* In the "Event pattern" section, select "Schedule" as the event source and set the schedule to run every 15 minutes.
* In the "Actions" section, select "Send to Lambda" and choose the existing AWS Lambda function named "LogEventFunction"
* Create another rule named "SpotWarning"
* In the "Event pattern" section, select "EC2" as the event source, and filter the events on "EC2 Spot Instance interruption"
* In the "Actions" section, select "Send to SNS topic" and create a new standard Amazon SNS topic named "TopicEvents"
* In the "Input Transformer" section, set the Input Path to {"instance" : "$.detail.instance-id"} and Input template to "The EC2 Spot Instance <instance> has been interrupted on account.
* Now all Amazon EC2 events in the default event bus will be replayable for past 90 days.
Note:
* You can use the AWS Management Console, AWS CLI, or SDKs to create and manage EventBridge resources.
* You can use CloudTrail event history to replay events from the past 90 days.
* You can refer to the AWS EventBridge documentation for more information on how to configure and use the service: https://aws.amazon.com/eventbridge/
質問 # 219
A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The application's usage varies by season and by day of the week.
The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple times.
A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency.
Which solution will meet these requirements?
- A. Deploy an Aurora Replica for the DB cluster. Modify the application to use the reader endpoint for search operations. Use Aurora Auto Scaling to scale the number of replicas based on load. Most Voted
- B. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify the application to check the cache before the application issues new queries to the database. Add the results of any queries to the cache.
- C. Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.
- D. Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application. Use Aurora Auto Scaling to scale the instance size based on load.
正解:A
解説:
https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/aurora-replicas-adding.html
質問 # 220
A company has an application that uses an Amazon Elastic File System (Amazon EFS) file system. A recent incident that involved an application logic error corrupted several files. The company wants to improve its ability to back up and recover the EFS file system. The company must be able to recover individual files rapidly.
Which solution meets these requirements MOST cost-effectively?
- A. Enable AWS Backup in Amazon EFS to back up the file system to an Amazon S3 Glacier vault.
Use S3 Glacier retrieval requests to retrieve individual files. - B. Create a second EFS file system in another AWS Region. Configure AWS DataSync to copy the data to the backup file system. Recover files by copying them from the backup EFS file system.
- C. Enable AWS Backup in Amazon EFS to back up the file system to a backup vault. Use a partial restore job to retrieve individual files.
- D. Configure Amazon Data Lifecycle Manager (Amazon DLM) to archive a copy of the data to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.
正解:C
質問 # 221
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?
- A. Enable log file integrity validation and use digest files to verify the hash value of the log file.
- B. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
- C. Enable S3 server access logging to track requests made to the log bucket for security audits.
- D. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
正解:A
解説:
When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS region
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
質問 # 222
A developer creates an AWS Lambda function that runs when an object is put into an Amazon S3 bucket. The function reformats the object and places the object back into the S3 bucket. During testing, the developer notices a recursive invocation loop. The developer asks a SysOps administrator to immediately stop the recursive invocations.
What should the SysOps administrator do to stop the loop without errors?
- A. Update the S3 bucket policy to deny access for the function.
- B. Delete all the objects from the S3 bucket.
- C. Set the function's reserved concurrency to 0.
- D. Publish a new version of the function.
正解:C
解説:
https://aws.amazon.com/blogs/compute/avoiding-recursive-invocation-with-amazon-s3-and-aws- lambda/
質問 # 223
Lab Simulation 4
Instructions
If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C, Command-V.
Configure Amazon EventBridge to meet the following requirements.
1. Use the us-east-2 Region for all resources.
2. Unless specified below, use the default configuration settings.
3. Use your own resource naming unless a resource name is specified below.
4. Ensure all Amazon EC2 events in the default event bus are replayable for the past 45 days.
5. Create a rule named RunFunction to send the exact message {"name":"example") every 15 minutes to an existing AWS Lambda function named LogEventFunction
6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:
Input path:
{`instance`:`detail.instance-id}
Input template:
`The EC2 Spot Instance <instance> has been interrupted.`
Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.
正解:
解説:
Solution as given below.
質問 # 224
A company has deployed an application on AWS. The application runs on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is configured to use launch templates.
The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.
A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying files. The solution also must ensure that the data is consistent.
Which solution will meet these requirements?
- A. Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
- B. Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) file system. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
- C. Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
- D. Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a lifecycle hook during instance launch to configure the cron job on all the EC2 instances. Rotate out the older EC2 instances.
正解:C
解説:
The requirement to share the same underlying files among EC2 instances with data consistency is best met by using Amazon Elastic File System (EFS), which supports concurrent access from multiple EC2 instances. A new launch template version should include user data scripts that mount the EFS file system on each instance launched by the Auto Scaling group. Older instances can be cycled out to ensure all instances use the new configuration. Option A is correct and provides the necessary solution while ensuring data consistency and availability. For implementation guidance, refer to the AWS documentation on integrating EFS with EC2 Amazon EFS Integration with EC2.
質問 # 225
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log group.
What should a SysOps administrator do to meet this requirement?
- A. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.
- B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.
- C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
- D. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
正解:D
解説:
CloudWatch Logs Insights includes a purpose-built query language with a few simple but powerful commands. CloudWatch Logs Insights provides sample queries, command descriptions, query autocompletion, and log field discovery to help you get started. Sample queries are included for several types of AWS service logs.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
質問 # 226
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted How can this be resolved?
- A. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
- B. Enable encryption on each host's local drive Restart each host to encrypt the drive
- C. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
- D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume
正解:D
質問 # 227
A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement?
- A. Create one S3 bucket with a wildcard named '.example.com tor both the domain and subdomain.
- B. Create two S3 buckets named example.com and www.exdmpte.com. Configure the subdomain bucket to redirect requests to the domain bucket.
- C. Create two S3 buckets named http//example.com and http//" exampte.com. Configure the wildcard (') bucket to redirect requests to the domain bucket.
- D. Create one S3 bucket named example.com for both the domain and subdomain.
正解:B
解説:
To host a static website using Amazon S3 for both a domain and its subdomain, you need to create two separate buckets and configure one bucket to redirect to the other.
Steps:
* Create the Main Domain Bucket:
* Open the Amazon S3 console.
* Create a bucket named example.com.
* Enable static website hosting for the bucket and configure the index document (e.g., index.html).
* Create the Subdomain Bucket:
* Create another bucket named www.example.com.
* In the bucket properties, enable static website hosting.
* Set the website hosting configuration to redirect all requests to example.com.
* Update DNS Configuration:
* Open the Amazon Route 53 console.
* Create an A record for example.com and www.example.com pointing to the S3 bucket.
References:
* Hosting a Static Website on Amazon S3
* Configuring a Static Website Using a Custom Domain
質問 # 228
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.
Which solution will meet this requirement?
- A. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.
- B. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.
- C. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
- D. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.
正解:C
質問 # 229
A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.
Destination - 10.2.0.0/16
Target - local
Status - Active
Propagated - No
Destination - 0.0.0.0/0
Target - nat-xxxxxxx
Status - Blackhole
Propagated - No
What has caused the connectivity issue?
- A. The routes are no longer propagating.
- B. There is no route to the internet gateway.
- C. The NAT gateway no longer exists
- D. There is no route rule with a destination for the internet.
正解:C
質問 # 230
A company is experiencing issues with legacy software running on Amazon EC2 instances. Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A short-term solution is required while the software is being rewritten. A SysOps administrator is tasked with creating a solution to restart the instances when the CPU utilization rises above 80%.
Which solution meets these requirements with the LEAST operational overhead?
- A. Write a script that monitors the CPU utilization of the EC2 instances and reboots the instances when utilization exceeds 80%. Run the script as a cron job.
- B. Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action to reboot the EC2 instances.
- C. Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS Systems Manager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.
- D. Create an Amazon EventBridge rule using the predefined patterns for CPU utilization of the EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function to restart the instances.
正解:B
解説:
The simplest and most efficient solution to ensure that EC2 instances are restarted when CPU utilization exceeds 80% is to use Amazon CloudWatch alarms:
* Create a CloudWatch Alarm: Navigate to the CloudWatch dashboard in the AWS Management Console and create a new alarm. Set the alarm to monitor the CPU utilization metric of the EC2 instances.
* Set the Alarm Condition: Configure the alarm to trigger when the CPU utilization exceeds 80%. You can specify this threshold in the alarm settings.
* Configure Alarm Actions: In the actions settings of the alarm, select the option to reboot the instance.
This action ensures that the instance is automatically restarted whenever the alarm condition is met, without the need for manual intervention or additional scripts.
This method leverages AWS's native capabilities, minimizing operational overhead and eliminating the need for external tools or custom scripts.
質問 # 231
A company has a stateless application that runs on four Amazon EC2 instances. The application requires four instances at all times to support all traffic. A SysOps administrator must design a highly available, fault-tolerant architecture that continually supports all traffic if one Availability Zone becomes unavailable.
Which configuration meets these requirements?
- A. Deploy two Auto Scaling groups in two Availability Zones with a minimum capacity of two instances in each group.
- B. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of four instances.
- C. Deploy an Auto Scaling group across two Availability Zones with a minimum capacity of four instances.
- D. Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of six instances.
正解:B
質問 # 232
A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.
1. Use the us-east-2 Region for all resources.
2. Unless specified below, use the default configuration settings.
3. There is an existing hosted zone named lab-
751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.
4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document
5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.
6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.
7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.
正解:
解説:
Solution as given below.
質問 # 233
A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost.
What should the SysOps administrator do to tag the "No Tagkey" resources?
- A. Use Tag Editor to find and taq all the untaqqed resources.
- B. Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.
- C. Use Cost Explorer to find and tag all the untagged resources.
- D. Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.
正解:A
解説:
"You can add tags to resources when you create the resource. You can use the resource's service console or API to add, change, or remove those tags one resource at a time. To add tags to-or edit or delete tags of-multiple resources at once, use Tag Editor. With Tag Editor, you search for the resources that you want to tag, and then manage tags for the resources in your search results."
https://docs.aws.amazon.com/ARG/latest/userguide/tag-editor.html
質問 # 234
A SysOps administrator has Nocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future.
What is the MOST operationally efficient way to meet this requirement?
- A. Enable the s3-bucket-public-read-prohibited managed rule in AWS Config. Subscribe the AWS Config rule to an Amazon Simple Notification Service (Amazon SNS) topic.
- B. Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
- C. Enable S3 Event notified tons for each S3 bucket. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
- D. Create a cron script that uses the S3 API to check the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications
正解:A
質問 # 235
A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.
Which solution will meet these requirements?
- A. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.
- B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3.
- C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3.
- D. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3.
正解:A
解説:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#auditing_key_use
質問 # 236
......
厳密検証されたSOA-C02問題集と解答でSOA-C02問題集と正解付き:https://www.goshiken.com/Amazon/SOA-C02-mondaishu.html
ベストAWS Certified Associate学習ガイドSOA-C02試験:https://drive.google.com/open?id=1OmFL19B4YCTWTLyfq7fCBWgpff19TEbt