New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Amazon Web Services
  3. AWS Certified Associate
  4. SOA-C01 - AWS Certified SysOps Administrator - Associate

SOA-C01 Exam Dumps - AWS Certified SysOps Administrator - Associate

Go to page:
Question # 4

A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments development test, and production Each environment requires unique credentials for external services

What option securely provides the application with the needed credential while requiring MINIMAL administrative overhead?

A.

Pass the credentials for the target environment to the CloudFormation template as parameters Use the user data script to insert the parameterized credentials into the EC2 instances

B.

Store the credentials as secure strings in AWS Systems Manager Parameter Store. Pass an environment tag as a parameter to the CloudFormation template Use the user data script to insert the environment tag in the EC2 instances Access the credentials from the application

C.

Create a separate CloudFormation template for each environment in the Resources section include a user data script for each EC2 instance Use the user data script to insert the proper credentials for the environment into the EC2 instances

D.

Create separate Amazon Machine Images (AMIs) with the required credentials for each environment Pass the environment tag as a parameter to the CloudFormation template In the Mappings section of the CloudFormation template, map the environment tag to the proper AMI then use that AMI when launching the EC2 instances

Full Access
Question # 5

A SysOps Administrator is deploying a legacy web application on AWS. The application has four Amazon EC2 instances behind Classic Load Balancer and stores data in an Amazon RDS instance. The legacy application has known vulnerabilities to SQL injection attacks, but the application code is no longer available to update.

What cost-effective configuration change should the Administrator make to migrate the risk of SQL injection attacks?

A.

Configure Amazon GuardDuty to monitor the application for SQL injection threats.

B.

Configure AWS WAF with a Classic Load Balancer for protection against SQL injection attacks.

C.

Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.

D.

Configure an Amazon CloudFront distribution with the Classic Load Balancer as the origin and subscribe to AWS Shield Standard.

Full Access
Question # 6

A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months

What is the process to rotate the key?

A.

Enable automatic key rotation tor the CMK and specify a period of 6 months

B.

Create a new CMK with new imported material and update the key alias to point to the new CMK

C.

Delete the current key material and import new material into the existing CMK

D.

Import a copy of the existing key material into a new CMK as a backup and set the rotation schedule for 6 months

Full Access
Question # 7

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?

A.

Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits al S3 actions on the bucket to the VPC endpoint as the source

B.

Create a VPC endpoint for the S3 bucket and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source

C.

Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket

D.

Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway

Full Access
Question # 8

A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A sysops administrator needs to design a provisioning process that save time and resources.

Which action should be taken to meet these requirements?

A.

Automate using AWS Elastic Beanstalk to provision the AWS Accounts, set up infrastructure, and integrate with AWS Organizations.

B.

Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure.

C.

Use AWS config to provision accounts and deploy instances using AWS service catalog.

D.

Use AWS Control Tower to create a template in account factory and use the template to provision new accounts.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps