• Home
  • Blogs
  • Updated Oct-2021 Premium SOA-C01 Exam Engine pdf - Download Free Updated 261 Questions [Q99-Q114]

Updated Oct-2021 Premium SOA-C01 Exam Engine pdf - Download Free Updated 261 Questions [Q99-Q114]

Share

Updated Oct-2021 Premium SOA-C01 Exam Engine pdf - Download Free Updated 261 Questions

Authentic SOA-C01 Dumps With 100% Passing Rate Practice Tests Dumps


For more info read reference:

For more info visit: Amazon - Amazon SOA-C01: AWS Certified SysOps Administrator-Associate Exam

 

NEW QUESTION 99
A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

  • A. Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.
  • B. Enable S3 server access logging to track requests made to the log bucket for security audits.
  • C. Enable log file integrity validation and use digest files to verify the hash value of the log file.
  • D. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

Answer: C

 

NEW QUESTION 100
Can you use CloudWatch to monitor memory and disk utilization usage for your Amazon EC2 Linux instances?

  • A. It is possible only on Linux EC2 instances using the CloudWatch Monitoring scripts for Linux.
  • B. CloudWatch can only measure disk usage.
  • C. CloudWatch can only measure memory usage.
  • D. CloudWatch can only collect memory and disk usage metrics when an instance is running.

Answer: A

Explanation:
Explanation
Using the Cloudwatch Monitoring scripts for Linux, you can measure memory and disk usage of your Linux EC2 instances.

 

NEW QUESTION 101
When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on me root volume?

  • A. Data is automatically deleted.
  • B. Data is automatically saved as an E8S volume.
  • C. Data is automatically saved as an ESS snapshot.
  • D. Data is unavailable until the instance is restarted.

Answer: A

Explanation:
Explanation
We recommend that you use AMIs backed by Amazon EBS, because they launch faster and use persistent storage.
References:

 

NEW QUESTION 102
On a weekly basis, the Administrator for a photo sharing website receives an archive of all files users have uploaded the previous week. these file archives can be as large as 10TB in size. For legal reasons, these archives must be saved with no possibility of someone deleting or modifying these archives. Occasionally, there may be a need to view the contents, but it is expected that retrieving them can take three or more hours.
What should the Administrator do with the weekly archive?

  • A. Upload the file to Amazon S3 through the AWS Management Console and apply a lifecycle policy to change the storage class to Amazon Glacier.
  • B. Create a file gateway attached to a file share on an S3 bucket with the storage class S3 Infrequent Access. Upload the archives via the gateway.
  • C. Create a Linux EC2 instance with an encrypted Amazon EBS volume and copy each weekly archive file for this instance.
  • D. Upload the archive to the Amazon Glacier with the AWS CLI and enable Vault Lock.

Answer: A

 

NEW QUESTION 103
Each SysOps Administrator al a company has a unique 1AM user account Each user is a member of the SysOps 1AM group that has an 1AM policy applied A recent change to the IT security policy states that employees must now use their on-premises Active Directory user accounts to access the AWS Management Console Which solution should be used to satisfy these requirements?

  • A. Connect Enable an Active Directory federation in an Amazon Route 53 private zone
  • B. Implement multi-factor authentication for 1AM and Active Directory
  • C. Configure the on-premises Active Directory to use AWS Direct
  • D. Implement a VPN tunnel and configure an Active Directory connector

Answer: D

 

NEW QUESTION 104
Do Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?

  • A. No, you cannot attach EBS volumes to an instance.
  • B. Yes, they do but only if they are detached from the instance.
  • C. Yes, they do, if the Delete on termination flag is unset.
  • D. No, they are dependent.

Answer: C

Explanation:
Explanation
An Amazon EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance. The volume persists independently from the running life of an Amazon EC2instance.
References:

 

NEW QUESTION 105
A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization's proxy policy. How can the user make this happen?

  • A. It is not possible to setup the proxy policy for a public subnet
  • B. Setting up a proxy policy in the internet gateway connected with the public subnet
  • C. Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
  • D. Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

Answer: D

Explanation:
Explanation
The user can create subnets within a VPC. If the user wants to connect to VPC from his own data center, he can setup public and VPN only subnets which uses hardware VPN access to connect with his data center.
When the user has configured this setup, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. By default, the internet traffic of the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet is routed through the internet gateway. The user can set up the route and security group rules. These rules enable the traffic to come from the organization's network over the virtual private gateway to the public subnet to allow proxy settings on that public subnet.

 

NEW QUESTION 106
A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI have the additional instance store volume data?

  • A. Yes, the block device mapping will have information about the additional instance store volume
  • B. It is not possible to attach an additional instance store volume to the existing instance store backed AMI instance
  • C. No, since this is ephemeral storage it will not be a part of the AMI
  • D. No, since the instance store backed AMI can have only the root volume bundled

Answer: A

Explanation:
Explanation
When the user has launched an EC2 instance from an instance store backed AMI and added an instance store volume to the instance in addition to the root device volume, the block device mapping for the new AMI contains the information for these volumes as well. In addition, the block device mappings for the instances those are launched from the new AMI will automatically contain information for these volumes.

 

NEW QUESTION 107
A user has launched an RDS postgreSQL DB with AWS. The user did not specify the maintenance window during creation. The user has configured RDS to update the DB instance type from micro to large. If the user wants to have it during the maintenance window, what will AWS do?

  • A. AWS will ask the user to specify the maintenance window during the update
  • B. It is not possible to change the DB size from micro to large with RDS
  • C. AWS will select the default maintenance window if the user has not provided it
  • D. AWS will not allow to update the DB until the maintenance window is configured

Answer: C

Explanation:
Explanation
AWS RDS has a compulsory maintenance window which by default is 30 minutes. If the user does not specify the maintenance window during the creation of RDS then AWS will select a 30-minute maintenance window randomly from an 8-hour block of time per region. In this case, Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.

 

NEW QUESTION 108
Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user "arn:aws:iam::111111111111:user/application". The following S3 bucket policy is in use:

How should a SysOps Administrator modify the S3 bucket policy to fix the issue?

  • A. Change the "Principal" from "arn:aws:iam::111111111111:user/application" to "arn:aws:iam::111111111111: role/application"
  • B. Change the "Action" from "s3:List*" to "s3:ListBucket"
  • C. Change the "Effect" from "Allow" to "Deny"
  • D. Change the "Resource" from "arn:aws:s3:::bucketname/*" to "arn:aws:s3:::bucketname"

Answer: D

 

NEW QUESTION 109
A SysOps Administrator receives a connection timeout error when attempting to connect to an Amazon EC2 instance from a home network using SSH. The Administrator was able to connect to this EC2 instance SSH from their office network in the past.
What cause the connection to time out?

  • A. The route table contains a route that sends 0.0.0.0/0 to the internet gateway for the VPC.
  • B. The public key used by SSH located on the Administrator's server not have the required permissions.
  • C. The IAM role associated with the EC2 instance does not allow SSH connections from the home network.
  • D. The security group is not allowing inbound traffic from the home network on the SSH port.

Answer: D

 

NEW QUESTION 110
A SysOps Administrator manages a website running on Amazon EC2 instances behind an ELB Application Load Balancer. Users visiting the load balancer's DNS address in a browser are reporting errors. The administrator has confirmed:
* The security groups and network ACLs are correctly configured.
* The load balancer target group shows no healthy instances.
What should the Administrator do to resolve this issue?

  • A. Review the load balancer listener configuration.
  • B. Review the load balancer target group health check configuration.
  • C. Review the load balancer access logs, looking for any issues or errors.
  • D. Review the application's logs for requests originating from the VPC DNS address.

Answer: C

 

NEW QUESTION 111
An organization (Account ID 123412341234) has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?

  • A. The policy allows the IAM user to modify all credentials using only the console
  • B. The policy allows the user to modify all IAM user's password, sign in certificates and access keys using only CLI, SDK or APIs
  • C. The policy will give an invalid resource error
  • D. The policy allows the IAM user to modify all IAM user's credentials using the console, SDK, CLI or APIs

Answer: B

Explanation:
Explanation
WS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234) wants some of their users to manage credentials (access keys, password, and sing in certificates. of all IAM users, they should set an applicable policy to that user or group of users. The below mentioned policy allows the IAM user to modify the credentials of all IAM user's using only CLI, SDK or APIs. The user cannot use the AWS console for this activity since he does not have list permission for the IAM users.

 

NEW QUESTION 112
How can the domain's zone apex for example "myzoneapexdomain com" be pointed towards an Elastic Load Balancer?

  • A. By using an Amazon Route 53 Alias record
  • B. By using an AAAA record
  • C. By using an Amazon Route 53 CNAME record
  • D. By using an A record

Answer: A

Explanation:
Explanation
Alias resource record sets are virtual records that work like CNAME records. But they differ from CNAME records in that they are not visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record. As such, unlike CNAME records, alias resource record sets are available to configure a zone apex (also known as a root domain or naked domain) in a dynamic environment.
References:

 

NEW QUESTION 113
A route table in VPC can be associated with multiple subnets. However, a subnet can be associated with only
______ route table(s) at a time.

  • A. one
  • B. two
  • C. four
  • D. three

Answer: A

Explanation:
Explanation
Every subnet in your VPC must be associated with exactly one route table at a time. However, the same route table can be associated with multiple subnets.

 

NEW QUESTION 114
......

Verified Pass SOA-C01 Exam in First Attempt Guaranteed: https://www.exam4labs.com/SOA-C01-practice-torrent.html

Related Blogs

more
Amazon SOA-C01 Certification Practice Exam

Copyright © 2026 EXAM4LABS.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.