New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

AWS Certified Associate Changed SOA-C02 Questions

Page: 13 / 17
Question 52

A SysOps administrator is responsible for a company's security groups. The company wants to maintain a documented trail of any changes that are made to the security groups. The SysOps administrator must receive notification whenever the security groups change.

Which solution will meet these requirements?

Options:

A.

Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SOS) queue for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SQS queue.

B.

Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.

C.

Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.

D.

Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.

Question 53

The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.

Options (Select THREE):

Options:

A.

Create a new Systems Manager parameter to store the AMI value in the standard parameter tier.

B.

Create a new Systems Manager parameter to store the AMI value in the advanced parameter tier.

C.

Enable trusted access with Organizations.

D.

Enable resource sharing with Organizations.

E.

Create a resource share by using AWS Resource Access Manager (AWS RAM). Specify the new parameter as the resource. Specify the entire organization as the principal.

F.

Create an Amazon EventBridge rule that invokes an AWS Lambda function when a new AMI is published. Program the Lambda function to assume an IAM role in all linked accounts and to update Parameter Store with the new AMI ID.

Question 54

A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint. into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security.

Which solution meets these requirements?

Options:

A.

Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint.

B.

Connect the Lambda function to the database VPC. Connect to the database using its private endpoint.

C.

Attach an 1AM role to the Lambda function with read permissions to the database.

D.

Move the database to a public subnet. Use security groups for secure access.

Question 55

A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.

What should a SysOps administrator do to resolve this issue?

Options:

A.

In the CPU launch options for the Lambda function, activate hyperthreading.

B.

Turn off the AWS managed encryption.

C.

Increase the amount of memory for the Lambda function.

D.

Load the required code into a custom layer.

Page: 13 / 17
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Dec 22, 2024
Questions: 460
SOA-C02 pdf

SOA-C02 PDF

$25.5  $84.99
SOA-C02 Engine

SOA-C02 Testing Engine

$28.5  $94.99
SOA-C02 PDF + Engine

SOA-C02 PDF + Testing Engine

$40.5  $134.99