SOA-C02 Free Practice Test

- (Exam Topic 1)
A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must integrate with Amazon RDS.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Store the credentials in AWS Systems Manager Parameter Store as a secure strin
2. B. Configure automatic rotation with a rotation interval of 30 days.
3. C. Store the credentials in AWS Secrets Manage
4. D. Configure automatic rotation with a rotation interval of 30 days.
5. E. Store the credentials in a file in an Amazon S3 bucke
6. F. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
7. G. Store the credentials in AWS Secrets Manage
8. H. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Correct Answer: B
Storing the credentials in AWS Secrets Manager and configuring automatic rotation with a rotation interval of 30 days is the most efficient way to meet the requirements with the least operational overhead. AWS Secrets Manager automatically rotates the credentials at the specified interval, so there is no need for an additional AWS Lambda function or manual rotation. Additionally, Secrets Manager is integrated with Amazon RDS, so the credentials can be easily used with the RDS database.

- (Exam Topic 1)
A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.
Which solution will meet these requirements in the MOST secure manner?

1. A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM use
2. B. Share the user credentials with the security administrator.
3. C. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC action
4. D. Assign the policy to an IAMuse
5. E. Share the user credentials with the security administrator.
6. F. Create an IAM policy in each developer account that has administrator access related to VPC resources.Assign the policy to a cross-account IAM rol
7. G. Ask the security administrator to assume the role from their account.
8. H. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account.

Correct Answer: D

- (Exam Topic 1)
A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

Which actions does this policy allow? (Select TWO.)

1. A. Create an AWS Storage Gateway.
2. B. Create an IAM role for an AWS Lambda function.
3. C. Delete an Amazon Simple Queue Service (Amazon SQS) queue.
4. D. Describe AWS load balancers.
5. E. Invoke an AWS Lambda function.

Correct Answer: DE

- (Exam Topic 1)
A company has a new requirement stating that all resources In AWS must be tagged according to a set policy. Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

1. A. AWS CloudTrail
2. B. Amazon Inspector
3. C. AWS Config
4. D. AWS Systems Manager

Correct Answer: C

- (Exam Topic 1)
A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas.
Which solution will meet these requirements?

1. A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metri
2. B. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
3. C. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metri
4. D. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
5. E. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric.Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
6. F. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric.Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.

Correct Answer: A
CloudWatch alarms allow you to monitor AWS resources, and you can configure an SNS topic to send an email notification each time one of the alarms is triggered. This will ensure that the company receives email notifications each time one of the service quotas is exceeded, allowing the company to take action as needed.