SOA-C02 Free Practice Test

- (Exam Topic 1)
A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts.
Which AWS feature should the SysOps administrator use to meet these requirements?

1. A. AWS Config aggregator
2. B. IAM user permissions boundaries
3. C. AWS Organizations service control policies (SCPs)
4. D. AWS Security Hub conformance packs

Correct Answer: C

- (Exam Topic 1)
A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Create a script that runs against the S3 bucket and outputs the status of each object.
2. B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.
3. C. Provide the security team with an IAM user that has read access to the S3 bucket.
4. D. Use the AWS CLI to output a list of all objects in the S3 bucket.

Correct Answer: D

- (Exam Topic 1)
An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?

1. A. Migrate to a new Aurora multi-master DB cluste
2. B. Modify the application database connection string.
3. C. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.
4. D. Create an auto scaling policy with a target metric of 195 DatabaseConnections
5. E. Modify the DB cluster by increasing the Aurora Replica instance size.

Correct Answer: C

- (Exam Topic 1)
A SysOps administrator applies the following policy to an AWS CloudFormation stack:

What is the result of this policy?

1. A. Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command.
2. B. Users can update all resources in the stack except for resources that have a logical ID that begins with "Production".
3. C. Users can update all resources in the stack except for resources that have an attribute that begins with "Production".
4. D. Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command.

Correct Answer: B

- (Exam Topic 1)
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

1. A. Configure Amazon Cognito to detect any compromised 1AM credentials.
2. B. Set up Amazon Inspecto
3. C. Scan and monitor resources for unauthorized logins.
4. D. Set up AWS Confi
5. E. Add the iam-policy-blacklisted-check managed rule to the account.
6. F. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Correct Answer: D