SOA-C02 Free Practice Test

- (Exam Topic 1)
A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.
However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions.
Which action will meet these requirements?

1. A. Specify the capacity-optimized allocation strategy for Spot Instance
2. B. Add more instance types to the Auto Scaling group.
3. C. Specify the capacity-optimized allocation strategy for Spot Instance
4. D. Increase the size of the instances in the Auto Scaling group.
5. E. Specify the lowest-price allocation strategy for Spot Instance
6. F. Add more instance types to the Auto Scaling group.
7. G. Specify the lowest-price allocation strategy for Spot Instance
8. H. Increase the size of the instances in the Auto Scaling group.

Correct Answer: A
Specifying the capacity-optimized allocation strategy for Spot Instances and adding more instance types to the Auto Scaling group is the best action to meet the requirements. Increasing the size of the instances in the Auto Scaling group will not necessarily help with the launch time or reduce interruptions, as the Spot Instances could still be interrupted even with larger instance sizes.

- (Exam Topic 1)
A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3 Which action should a SysOps administrator take to meet this requirement?

1. A. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.
2. B. Create an Amazon ElastiCache duster and enable caching for the S3 bucket
3. C. Set up AWS Global Accelerator and configure it with the S3 bucket
4. D. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files

Correct Answer: D
Enable Amazon S3 Transfer Acceleration Amazon S3 Transfer Acceleration can provide fast and secure transfers over long distances between your client and Amazon S3. Transfer Acceleration uses Amazon CloudFront's globally distributed edge locations.
https://aws.amazon.com/premiumsupport/knowledge-center/s3-upload-large-files/

- (Exam Topic 1)
A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.
The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.
Which solution will securely share the AMI with the other AWS accounts?

1. A. In the account where the AMI was created, create a customer master key (CMK). Modify the key policyto provide kms:DescribeKey, kms ReEncrypf, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
2. B. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
3. C. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*. kms:CreateGrant, and kms;Decrypt permissions to the AWS accounts that the AMI will be shared wit
4. D. Create a copy of the AM
5. E. and specify the CM
6. F. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
7. G. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescrlbeKey, kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
8. H. Create a copy of the AM
9. I. and specify the CM
10. J. Modify the permissions on the copied AMI to make it public.
11. K. In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescnbeKe
12. L. kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
13. M. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Correct Answer: B
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html

- (Exam Topic 1)
A company uses an Amazon CloudFront distribution to deliver its website Traffic togs for the website must be centrally stored and all data must be encrypted at rest
Which solution will meet these requirements?

1. A. Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
2. B. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
3. C. Create an Amazon S3 bucket that is configured with default server side encryption that uses AES-256 Configure CloudFront to use the S3 bucket as a log destination
4. D. Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log destination

Correct Answer: C

- (Exam Topic 1)
A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysops administrator needs to manage the cluster by using the kubect1 command line tool.
Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?

1. A. The kubeconfig file
2. B. The kube-proxy Amazon EKS add-on
3. C. The Fargate profile
4. D. The eks-connector.yaml file

Correct Answer: A
The kubeconfig file is a configuration file used to store cluster authentication information, which is required to make requests to the Amazon EKS cluster API server. The kubeconfig file will need to be configured on the SysOps administrator's machine in order for kubectl to be able to communicate with the cluster API server.
https://aws.amazon.com/blogs/developer/running-a-kubernetes-job-in-amazon-eks-on-aws-fargate-using-aws-ste