New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

AWS Certified Associate SOA-C02 Exam Dumps

Page: 10 / 17
Question 40

A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at rest.

Which solution will meet these requirements?

Options:

A.

Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key. Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.

B.

Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.

C.

Create an Amazon S3 bucket that Is configured with default server-side encryption that uses AES-256. Configure CloudFront to use the S3 bucket as a log destination.

D.

Create an Amazon S3 bucket that is configured with no default encryption. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination.

Question 41

A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.

What should a SysOps administrator do to meet this requirement?

Options:

A.

Configure an IAM policy that denies the s3:DeleteObject action for all users. Three months after an object is written, remove the policy.

B.

Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

C.

Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.

D.

Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Question 42

The company requires a disaster recovery solution for an Aurora PostgreSQL database with a 20-second RPO.

Options:

Options:

A.

Reconfigure the database to be an Aurora global database. Set the RPO to 20 seconds.

B.

Reconfigure the database to be an Aurora Serverless v2 database with an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.

C.

Modify the database to use a Multi-AZ cluster that has two readable standby instances in separate Availability Zones. Add an Aurora Replica in a separate Availability Zone. Set the replica lag to 20 seconds.

Question 43

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:

2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK

What is a possible cause of these failed connections?

Options:

A.

A security group is denying traffic on port 443.

B.

The EC2 instance is shut down.

C.

The network ACL is blocking HTTPS traffic.

D.

The VPC has no internet gateway attached.

Page: 10 / 17
Exam Code: SOA-C02
Exam Name: AWS Certified SysOps Administrator - Associate (SOA-C02)
Last Update: Dec 22, 2024
Questions: 460
SOA-C02 pdf

SOA-C02 PDF

$25.5  $84.99
SOA-C02 Engine

SOA-C02 Testing Engine

$28.5  $94.99
SOA-C02 PDF + Engine

SOA-C02 PDF + Testing Engine

$40.5  $134.99