SOA-C02 Free Practice Test

- (Exam Topic 1)
A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of hostl .onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of hostl.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS.
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?

1. A. Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zon
2. B. Associate the resolver with the VPC of the EC2 instanc
3. C. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
4. D. Set up an Amazon Route 53 inbound resolver endpoin
5. E. Associate the resolver with the VPC of the EC2 instanc
6. F. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
7. G. Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zon
8. H. Associate the resolver with the AWS Region of the EC2 instanc
9. I. Configure theon-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
10. J. Set up an Amazon Route 53 outbound resolver endpoin
11. K. Associate the resolver with the AWS Region of the EC2 instanc
12. L. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.

Correct Answer: C

- (Exam Topic 1)
A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chefrecipes.
2. B. Use AWS CloudFormation to create a stack and add layers for Chef recipes.
3. C. Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.
4. D. Use AWS OpsWorks to create a stack and add layers with Chef recipes.

Correct Answer: D

- (Exam Topic 1)
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.
What should a SysOps administrator do to meet this requirement?

1. A. Configure an IAM policy that denies the s3:DeleteObject action for all user
2. B. Three months after an object is written, remove the policy.
3. C. Enable S3 Object Lock on a new S3 bucket in compliance mod
4. D. Place all backups in the new S3 bucket with a retention period of 3 months.
5. E. Enable S3 Versioning on the existing S3 bucke
6. F. Configure S3 Lifecycle rules to protect the backups.
7. G. Enable S3 Object Lock on a new S3 bucket in governance mod
8. H. Place all backups in the new S3 bucket with a retention period of 3 months.

Correct Answer: D
To meet the requirements of the workload, a SysOps administrator should enable S3 Object Lock on a new S3 bucket in governance mode and place all backups in the new S3 bucket with a retention period of 3 months.
This will ensure that the backups are not deleted for at least 3 months after they are created. The other solutions (configuring an IAM policy that denies the s3:DeleteObject action for all users, enabling S3 Object Lock on a new S3 bucket in compliance mode, or enabling S3 Versioning on the existing S3 bucket and configuring S3 Lifecycle rules to protect the backups) will not meet the requirements, as they do not provide a way to ensure that the backups are not deleted for at least 3 months after they are created.

- (Exam Topic 1)
A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the SysOps administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?

1. A. Add a route table entry in the public subnet for the SysOps administrator's IP address.
2. B. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.
3. C. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.
4. D. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.

Correct Answer: C

- (Exam Topic 1)
A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console
What must the SysOps administrator do to resolve this issue?

1. A. Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up
2. B. Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications
3. C. Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the/etcsudoers d directory
4. D. Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy

Correct Answer: D