SOA-C02 Free Practice Test

- (Exam Topic 1)
A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

1. A. Create a gateway VPC endpoint for each S3 bucke
2. B. Attach the gateway VPC endpoints to each subnetinside the VPC.
3. C. Create an interface VPC endpoint for each S3 bucke
4. D. Attach the interface VPC endpoints to each subnet inside the VPC.
5. E. Create one gateway VPC endpoint for all the S3 bucket
6. F. Add the gateway VPC endpoint to the VPC route table.
7. G. Create one interface VPC endpoint for all the S3 bucket
8. H. Add the interface VPC endpoint to the VPC route table.

Correct Answer: C

- (Exam Topic 1)
A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises website as a custom origin.
The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution.
What should a SysOps administrator do to resolve this problem?

1. A. Examine the expiration date on the certificate on the origin sit
2. B. Validate that the certificate has not expire
3. C. Replace the certificate if necessary.
4. D. Examine the hostname on the certificate on the origin sit
5. E. Validate that the hostname matches one of the hostnames on the CloudFront distributio
6. F. Replace the certificate if necessary.
7. G. Examine the firewall rules that are associated with the origin serve
8. H. Validate that port 443 is open for inbound traffic from the interne
9. I. Create an inbound rule if necessary.
10. J. Examine the network ACL rules that are associated with the CloudFront distributio
11. K. Validate that port 443 is open for outbound traffic to the origin serve
12. L. Create an outbound rule if necessary.

Correct Answer: A
HTTP 502 errors from CloudFront can occur because of the following reasons:
There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront.
There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid.
There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.
The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution. The custom origin is ending the connection to CloudFront too quickly.
https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-connection-error/

- (Exam Topic 1)
A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched
What should the SysOps administrator do to meet this requirement?

1. A. Add a wait condition to the template Update the EC2 instance user data script to send a signal after the EC2 instance is started
2. B. Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource
3. C. Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource
4. D. Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created

Correct Answer: B
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html Syntax The DependsOn attribute can take a single string or list of strings. "DependsOn" : [ String, ... ]
Example The following template contains an AWS::EC2::Instance resource with a DependsOn attribute that specifies myDB, an AWS::RDS::DBInstance. When CloudFormation creates this stack, it first creates myDB, then creates Ec2Instance.

- (Exam Topic 1)
A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.
Which solution will meet these requirements?

1. A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enable
2. B. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
3. C. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enable
4. D. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
5. E. Use AWS Backup to create a backup plan with a backup rule that runs dail
6. F. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.
7. G. Use AWS Backup to create a backup plan with a backup rule that runs dail
8. H. Assign the resource ID of the EC2 instance with the reboot parameter enabled.

Correct Answer: B
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinAMI.html "NoReboot By default, Amazon EC2 attempts to shut down and reboot the instance before creating the image.
If the No Reboot option is set, Amazon EC2 doesn't shut down the instance before creating the image. When this option is used, file system integrity on the created image can't be guaranteed." Besides, we can use AWS EventBridge to invoke Lambda function https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html

- (Exam Topic 1)
A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.
However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions.
Which action will meet these requirements?

1. A. Specify the capacity-optimized allocation strategy for Spot Instance
2. B. Add more instance types to the Auto Scaling group.
3. C. Specify the capacity-optimized allocation strategy for Spot Instance
4. D. Increase the size of the instances in the Auto Scaling group.
5. E. Specify the lowest-price allocation strategy for Spot Instance
6. F. Add more instance types to the Auto Scaling group.
7. G. Specify the lowest-price allocation strategy for Spot Instance
8. H. Increase the size of the instances in the Auto Scaling group.

Correct Answer: A
Specifying the capacity-optimized allocation strategy for Spot Instances and adding more instance types to the Auto Scaling group is the best action to meet the requirements. Increasing the size of the instances in the Auto Scaling group will not necessarily help with the launch time or reduce interruptions, as the Spot Instances could still be interrupted even with larger instance sizes.