SOA-C02 Free Practice Test

- (Exam Topic 1)
A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must integrate with Amazon RDS.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Store the credentials in AWS Systems Manager Parameter Store as a secure strin
2. B. Configure automatic rotation with a rotation interval of 30 days.
3. C. Store the credentials in AWS Secrets Manage
4. D. Configure automatic rotation with a rotation interval of 30 days.
5. E. Store the credentials in a file in an Amazon S3 bucke
6. F. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
7. G. Store the credentials in AWS Secrets Manage
8. H. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Correct Answer: B
Storing the credentials in AWS Secrets Manager and configuring automatic rotation with a rotation interval of 30 days is the most efficient way to meet the requirements with the least operational overhead. AWS Secrets Manager automatically rotates the credentials at the specified interval, so there is no need for an additional AWS Lambda function or manual rotation. Additionally, Secrets Manager is integrated with Amazon RDS, so the credentials can be easily used with the RDS database.

- (Exam Topic 1)
A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket. The company's risk team must receive immediate notification about any delete events.
Which solution will meet these requirements?

1. A. Enable S3 server access logging for audit log
2. B. Set up an Amazon Simple Notification Service (Amazon SNSJ notification for the S3 bucke
3. C. Select DeleteObject tor the event type for the alert system.
4. D. Enable S3 server access logging for audit log
5. E. Launch an Amazon EC2 instance for the alert system.Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.
6. F. Use Amazon CloudWatch Logs for audit log
7. G. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.
8. H. Use Amazon CloudWatch Logs for audit log
9. I. Launch an Amazon EC2 instance for The alert system.Run a cron job on the EC2 Instance each day to compare the list of the items with the list from the previous da
10. J. Configure the cron job to send a notification if an item is missing.

Correct Answer: A
To meet the requirements of logging all access attempts to the S3 bucket and receiving immediate notification about any delete events, the company can enable S3 server access logging and set up an Amazon Simple Notification Service (Amazon SNS) notification for the S3 bucket. The S3 server access logs will record all access attempts to the bucket, including delete events, and the SNS notification can be configured to send an alert when a DeleteObject event occurs.

- (Exam Topic 1)
A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The company does not want to pay for additional unneeded capacity to achieve this performance.
Which solution will meet these requirements with the LEAST cost?

1. A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS
2. B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS.
3. C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode.
4. D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS

Correct Answer: A

- (Exam Topic 1)
A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company already has configured the database to use the maximum max_connections value that is possible
What should a SysOps administrator do to resolve these errors'?

1. A. Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases
2. B. Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function
3. C. Increase the value in the max_connect_errors parameter in the parameter group that the database uses
4. D. Update the Lambda function's reserved concurrency to a higher value

Correct Answer: B
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/
RDS Proxy acts as an intermediary between your application and an RDS database. RDS Proxy establishes and manages the necessary connection pools to your database so that your application creates fewer database connections. Your Lambda functions interact with RDS Proxy instead of your database instance. It handles the connection pooling necessary for scaling many simultaneous connections created by concurrent Lambda functions. This allows your Lambda applications to reuse existing connections, rather than creating new connections for every function invocation.
Check "Database proxy for Amazon RDS" section in the link to see how RDS proxy help Lambda handle huge connections to RDS MySQL
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/

- (Exam Topic 1)
A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized
users through Amazon CloudFront. Unauthorized users must be restricted from access. Which solution will meet these requirements?

1. A. Store the digital content in an Amazon S3 bucket that does not have public access blocke
2. B. Use signed URLs to access the S3 bucket through CloudFront.
3. C. Store the digital content in an Amazon S3 bucket that has public access blocke
4. D. Use an origin access identity (OAI) to deliver the content through CloudFron
5. E. Restrict S3 bucket access with signed URLs in CloudFront.
6. F. Store the digital content in an Amazon S3 bucket that has public access blocke
7. G. Use an origin access identity (OAI) to deliver the content through CloudFron
8. H. Enable field-level encryption.
9. I. Store the digital content in an Amazon S3 bucket that does not have public access blocke
10. J. Use signed cookies for restricted delivery of the content through CloudFront.

Correct Answer: B