Exam 13: AWS Certified SysOps Administrator (SOA-C01)

A Systems Administrator is responsible for maintaining custom, approved AMIs for a company. These AMIs must be shared with each of the company's AWS accounts. How can the Administrator address this issue?

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the web server security group (WebSecGrp)?

A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned preconfigured policies supports this feature?

A security policy allows instances in the Production and Development accounts to write application logs to an Amazon S3 bucket belonging to the Security team's account. Only the Security team should be allowed to delete logs from the S3 bucket. Using the "myAppRole" EC2 role, the production and development teams report that the application servers are not able to write to the S3 bucket. Which changes need to be made to the policy to allow the application logs to be written to the S3 bucket? Production Account: 111111111111 Dev Account: 222222222222 Security Account: 555555555555

A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There is high latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that is efficient, cost-effective, and allows for scaling with future demand. Which action should be taken to accomplish this?

How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to an instance in the public or private subnet?

Can you configure multiple Load Balancers with a single Auto Scaling group?

A company needs to migrate an on-premises asymmetric key management system into AWS. Which AWS service should be used to accomplish this?

A local agency plans to deploy 500 Raspberry Pi devices throughout a city. All the devices need to be managed centrally, and their configurations need to be consistent. What is the BEST service for managing these devices?

Can you use CloudWatch to monitor memory and disk utilization usage for your Amazon EC2 Linux instances?

You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly. Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? (Choose two.)

A photo-sharing site delivers content worldwide from a library on Amazon S3 using Amazon CloudFront. Users are trying to access photos that either do not exist or they are not authorized to view. What should be monitored to better understand the extent of this issue?

A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?

A user has setup Auto Scaling with ELB on the EC2 instances. The user wants to configure that whenever the CPU utilization is below 10%, Auto Scaling should remove one instance. How can the user configure this?

A user is planning to set up the Multi AZ feature of RDS. Which of the below mentioned conditions won't take advantage of the Multi AZ feature?

A user has launched an EC2 instance store backed instance in the US-East-1a zone. The user created AMI #1 and copied it to the Europe region. After that, the user made a few updates to the application running in the US-East-1a zone. The user makes an AMI#2 after the changes. If the user launches a new instance in Europe from the AMI #1 copy, which of the below mentioned statements is true?

A SysOps administrator needs a secure way to connect to AWS Key Management Service (AWS KMS) within a VPC. The SysOps administrator must ensure that connections to AWS KMS do not traverse the internet. What is the MOST secure solution that meets these requirements?

A company has a web application that is deployed in a VPC. Inbound traffic to this web application comes in through an internet gateway and arrives at a Network Load Balancer (NLB). From there, the traffic travels to multiple Amazon EC2 instances in two private subnets. The company wants to perform deep packet inspection on the inbound traffic to identify potential hacking attempts. Which solution meets these requirements?

A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. The bucket has both AWS. j p g and index.html objects. What does this policy define?