Amazon SOA-C02 Exam Questions

Question 6 of 478

A company must ensure that any objects uploaded to an S3 bucket are encrypted.
Which of the following actions will meet this requirement? (Choose two.)

Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.

Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.

Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.

Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Correct Answer: C, E

To ensure that any objects uploaded to an S3 bucket are encrypted, you can implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored. Additionally, you can implement S3 bucket policies to deny unencrypted objects from being uploaded to the bucket. By setting the default encryption on the S3 bucket, you ensure that all new objects are encrypted automatically using server-side encryption. Using S3 bucket policies ensures that any upload requests that do not include encryption headers are denied, preventing unencrypted data from being stored.

Question 7 of 478

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load
Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a SysOps administrator take to resolve this problem? (Choose two.)

Change to the least outstanding requests algorithm on the ALB target group.

Configure cookie forwarding in the CloudFront distribution cache behavior.

Configure header forwarding in the CloudFront distribution cache behavior.

Enable group-level stickiness on the ALB listener rule.

Enable sticky sessions on the ALB target group.

Correct Answer: B, E

To resolve the issue of random logouts in a stateful web application hosted on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) with a CloudFront distribution, two actions should be taken: configure cookie forwarding in the CloudFront distribution cache behavior and enable sticky sessions on the ALB target group. Cookie forwarding ensures that CloudFront passes user session information to the origin, while enabling sticky sessions on the ALB target group maintains user sessions by ensuring that subsequent requests from a user are directed to the same target.

Question 8 of 478

A company is running a serverless application on AWS Lambda. The application stores data in an Amazon RDS for MySQL DB instance. Usage has steadily increased, and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database. The company already has configured the database to use the maximum max_connections value that is possible.
What should a SysOps administrator do to resolve these errors?

Create a read replica of the database. Use Amazon Route 53 to create a weighted DNS record that contains both databases.

Use Amazon RDS Proxy to create a proxy. Update the connection string in the Lambda function.

Increase the value in the max_connect_errors parameter in the parameter group that the database uses.

Update the Lambda function's reserved concurrency to a higher value.

Correct Answer: B

To resolve the issue of 'too many connections' errors when a Lambda function attempts to connect to an Amazon RDS for MySQL DB instance, using Amazon RDS Proxy is the most appropriate solution. Amazon RDS Proxy acts as an intermediary between the application and the database, managing connection pools and reducing the number of direct connections to the database. This helps in handling a large number of simultaneous connections more efficiently by reusing existing connections, thus avoiding the maximum connections limit. Updating the connection string in the Lambda function to use the RDS Proxy will significantly improve connection management in this serverless architecture.

Question 9 of 478

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.
What should the SysOps administrator do to meet these requirements?

Launch the instances into a cluster placement group in a single AWS Region.

Launch the instances into a partition placement group in multiple AWS Regions.

Launch the instances into a spread placement group in multiple AWS Regions.

Launch the instances into a spread placement group in a single AWS Region.

Correct Answer: D

To ensure high availability and place the instances on distinct underlying hardware, the SysOps administrator should launch the instances into a spread placement group in a single AWS Region. Spread placement groups are designed to spread instances across distinct hardware to reduce the risk of simultaneous failures. Placement groups cannot span multiple AWS Regions, so the correct approach is to use a spread placement group within a single region.

Question 10 of 478

A SysOps administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:
AMI [ami-12345678] does not exist
How should the Administrator ensure that the AWS CloudFormation template is working in every region?

Copy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID.

Edit the AWS CloudFormation template to specify the region code as part of the fully qualified AMI ID.

Edit the AWS CloudFormation template to offer a drop-down list of all AMIs to the user by using the AWS::EC2::AMI::ImageID control.

Modify the AWS CloudFormation template by including the AMI IDs in the ג€Mappingsג€ section. Refer to the proper mapping within the template for the proper AMI ID.

Correct Answer: D

The correct way to ensure the AWS CloudFormation template works in every region is to modify the template to use the 'Mappings' section. This section allows defining a map of region-specific values, which can include different AMI IDs for each region. By referring to the proper mapping within the template, the correct AMI for the respective region is used, thus resolving the issue of the template failing when the specified AMI does not exist in the target region.