The Latest Guide To SOA-C01 Practice Question

NEW QUESTION 1
A user has setup a custom application which generates a number in decimals. The user wants to track that number and setup the alarm whenever the number is above a certain limit. The application is sending the data to CloudWatch at regular intervals for this purpose. Which of the below mentioned statements is not true with respect to the above scenario?

• A. The user can get the aggregate data of the numbers generated over a minute and send it to CloudWatch
• B. The user has to supply the timezone with each data point
• C. CloudWatch will not truncate the number until it has an exponent larger than 126 (i.
• D. (1 x 10^126.
• E. The user can create a file in the JSON format with the metric name and value and supply it to CloudWatch

Answer: B

NEW QUESTION 2
A SysOps Administrator has attempted to copy an Marketplace AMI an associated billing Product code that was shared another account. When the copy process is attempted, it fails.
What action can be taken to successfully copy the AMI to the target destination?

• A. Use an EC2 instance in the account by using the shared AMI and then created an AMI from the instance
• B. Launch an EC2 instance in the account by using the shared AMI and then create an AMI from the instance
• C. Use the AWS CLI with the --nobillingProduct flag to execute the copy and ignore the billingProductcode.
• D. Create a VPC peering connection between the source and target account to facilitate the AMI copy process.

Answer: D

NEW QUESTION 3
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. The ELB security policy supports various ciphers. Which of the below mentioned options helps identify the matching cipher at the client side to the ELB cipher list when client is requesting ELB DNS over SSL?

• A. Cipher Protocol
• B. Client Configuration Preference
• C. Server Order Preference
• D. Load Balancer Preference

Answer: C

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. When client is requesting ELB DNS over SSL and if the load balancer is configured to support the Server Order Preference, then the load balancer gets to select the first cipher in its list that matches any one of the ciphers in the client's list. Server Order Preference ensures that the load balancer determines which cipher is used for the SSL connection.

NEW QUESTION 4
A user is trying to connect to a running EC2 instance using SSH. However, the user gets a Host key not found error. Which of the below mentioned options is a possible reason for rejection?

• A. The user has provided the wrong user name for the OS login
• B. The instance CPU is heavily loaded
• C. The security group is not configured properly
• D. The access key to connect to the instance is wrong

Answer: A

Explanation:
If the user is trying to connect to a Linux EC2 instance and receives the Host Key not found error the probable reasons are:
The private key pair is not right The user name to login is wrong

NEW QUESTION 5
A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

• A. AWS account ID
• B. X.509 certificate and private key
• C. AWS login ID to login to the console
• D. Access key and secret access key

Answer: C

Explanation:
When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials:
AWS account ID;
AWS access and secret access key;
X.509 certificate with private key.

NEW QUESTION 6
An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants that one particular group of IAM users should only access the test instances and not the production ones. How can the organization set that as a part of the policy?

• A. Launch the test and production instances in separate regions and allow region wise access to the group
• B. Define the IAM policy which allows access based on the instance ID
• C. Create an IAM policy with a condition which allows access to only small instances
• D. Define the tags on the test and production servers and add a condition to the IAM policy which allows access to specific tags

Answer: D

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances he should define proper tags and add to the IAM policy condition. The sample policy is shown below.
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*", "Condition": { "StringEquals": {
"ec2:ResourceTag/InstanceType": "Production"
}
}
}
]

NEW QUESTION 7
You are attempting to connect to an instance in Amazon VPC without success. You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place.
Which VPC component should you evaluate next?

• A. The configuration of a NAT instance
• B. The configuration of the Routing Table
• C. The configuration of the internet Gateway (IGW)
• D. The configuration of SRC/DST checking

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/UserScenariosForVPC.ht ml

NEW QUESTION 8
A user has configured Auto Scaling with 3 instances. The user had created a new AMI after updating one of the instances. If the user wants to terminate two specific instances to ensure that Auto Scaling launches an instances with the new launch configuration, which command should he run?

• A. as-delete-instance-in-auto-scaling-group <Instance ID> --no-decrement-desired-capacity
• B. as-terminate-instance-in-auto-scaling-group <Instance ID> --update-desired-capacity
• C. as-terminate-instance-in-auto-scaling-group <Instance ID> --decrement-desired-capacity
• D. as-terminate-instance-in-auto-scaling-group <Instance ID> --no-decrement-desired-capacity

Answer: D

Explanation:
The Auto Scaling command as-terminate-instance-in-auto-scaling-group <Instance ID> will terminate the specific instance ID. The user is required to specify the parameter as ?Vno-decrement-desired- capacity to ensure that it launches a new instance from the launch config after terminating the instance. If the user specifies the parameter --decrement-desired-capacity then Auto Scaling will terminate the instance and decrease the desired capacity by 1.

NEW QUESTION 9
A user had aggregated the CloudWatch metric data on the AMI ID. The user observed some abnormal behaviour of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that data with his manager. How can the user achieve this easily with the AWS console?

• A. The user can use the copy URL functionality of CloudWatch to share the exact details
• B. The user can use the export data option from the CloudWatch console to export the current data point
• C. The user has to find the period and data and provide all the aggregation information to the manager
• D. The user can use the CloudWatch data copy functionality to copy the current data points

Answer: A

Explanation:
Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The console provides the option to save the URL or bookmark it so that it can be used in the future by typing the same URL. The Copy URL functionality is available under the console when the user selects any metric to view.

NEW QUESTION 10
An organization has configured Auto Scaling with ELB. One of the instance health check returns the status as Impaired to Auto Scaling. What will Auto Scaling do in this scenario?

• A. Perform a health check until cool down before declaring that the instance has failed
• B. Terminate the instance and launch a new instance
• C. Notify the user using SNS for the failed state
• D. Notify ELB to stop sending traffic to the impaired instance

Answer: B

Explanation:
The Auto Scaling group determines the health state of each instance periodically by checking the results of the Amazon EC2 instance status checks. If the instance status description shows any other state other than ??running?? or the system status description shows impaired, Auto Scaling considers the instance to be
unhealthy. Thus, it terminates the instance and launches a replacement.

NEW QUESTION 11
A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The user wants to find the separate cost for the production and development instances. How can the user find the cost distribution?

• A. The user should download the activity report of the EC2 services as it has the instance ID wise data
• B. It is not possible to get the AWS cost usage data of single region instances separately
• C. The user should use Cost Distribution Metadata and AWS detailed billing
• D. The user should use Cost Allocation Tags and AWS billing reports

Answer: D

Explanation:
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources (such as Amazon EC2 instances or Amazon S3 buckets., AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. The user can apply tags which represent business categories (such as cost centres, application names, or instance type ?V Production/Dev. to organize usage costs across multiple services.

NEW QUESTION 12
When you put objects in Amazon S3, what is the indication that an object was successfully stored?

• A. Each S3 account has a special bucket named_s3_log
• B. Success codes are written to this bucket with a timestamp and checksum.
• C. A success code is inserted into the S3 object metadata.
• D. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
• E. Amazon S3 is engineered for 99.999999999% durabilit
• F. Therefore, there is no need to confirm that data was inserted.

Answer: C

Explanation:
To ensure that data is not corrupted traversing the network, use the Content-MD5 form field. When you use this form field, Amazon S3 checks the object against the provided MD5 value. If they do not match, Amazon S3 returns an error.
success_action_status
The status code returned to the client upon successful upload if success_action_redirectis not specified.
Accepts the values 200, 201, or 204 (default).
If the value is set to 200 or 204, Amazon S3 returns an empty document with a 200 or 204 status code.
If the value is set to 201, Amazon S3 returns an XML document with a 201 status code.
If the value is not set or if it is set to an invalid value, Amazon S3 returns an empty document with a 204 status code.
Type: String Default: None Note
Some versions of the Adobe Flash player do not properly handle HTTP responses with an empty body. To support uploads through Adobe Flash, we recommend setting success_action_statusto 201.
Source: http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html

NEW QUESTION 13
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user??s data centre. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console. Will the console allow the user to delete the VPC?

• A. Yes, the console will delete all the setups and also delete the virtual private gateway
• B. No, the console will ask the user to manually detach the virtual private gateway first and then allow deleting the VPC
• C. Yes, the console will delete all the setups and detach the virtual private gateway
• D. No, since the NAT instance is running

Answer: C

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the virtual private gateway is attached with VPC and the user deletes the VPC from the console it will first detach the gateway automatically and only then delete the VPC.

NEW QUESTION 14
A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?

• A. The user cannot delete the VPC since the subnet is not deleted
• B. All network interface attached with the instances will be deleted
• C. When the user launches a new instance it cannot use the same subnet
• D. The subnet to which the instances were launched with will be deleted

Answer: B

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. When the user terminates the instance all the network interfaces attached with it are also deleted.

NEW QUESTION 15
You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?

• A. Consolidate your accounts so you have a single bill for all accounts and projects
• B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account
• C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
• D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend

Answer: C

NEW QUESTION 16
A company has two AWS account developers and production. All application send logs to a specific Amazon bucket for each account, and the Developers are requesting access to the production
account S3 buckets to view the logs?
Which is the MOST efficient way to provide the Developers with access?

• A. Create an AWS Lambda function with an IAM role attached to it that has access to be accounts'S3 buckets Put me logs tram the production S3 bucket to the development S3 bucket
• B. Create IAM users for each Developer on the production account and add the Developers to an IAM group that provides read-only access to the S3 log bucket
• C. Create an Amazon EC2 bastion host with an 1AM role attached to it that has access to it that has production S3 log bucket and then provision access for the Developers on the host
• D. Create a resource-based pokey for the S3 bucket on the production account that grant access to the development account and then delegate the development account

Answer: B

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

NEW QUESTION 17
A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group. Which of the below mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?

• A. GroupTotalInstances
• B. GroupSumInstances
• C. It is not possible to get a count of all the three metrics togethe
• D. The user has to find the individual number of running, terminating and pending instances and sum it
• E. GroupInstancesCount

Answer: A

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. For Auto Scaling, CloudWatch provides various metrics to get the group information, such as the Number of Pending, Running or Terminating instances at any moment. If the user wants to get the total number of Running, Pending and Terminating instances at any moment, he can use the GroupTotalInstances metric.

NEW QUESTION 18
A company three-tier web application is not performing as well as expected. A manager has asked a System Administrator to analyser all the system involved and identity where the performance bottleneck exist.
Which AWS service can be help find bottleneck?

• A. Analyse AWS ClouldTrail logs to see which API call are taking the longest to execute
• B. Run a performance trace using Amazon Inspector to measure response tone between various API calls
• C. Create a rule in AWS Config to send an alert when the performance s noncompliant for each of the tiers
• D. Create an Amazon CloudWatch dashboard that contains Amazon EC2 and Amazon RDS metrics

Answer: D

Explanation:
Check the CloudWatch Latency metric
The Latency metric represents the time elapsed, in seconds, after the request leaves the load balancer until a response is received by the load balancer from a registered instance. The preferred statistic for this metric is average, which reports average latency for all requests. A high Latency average value typically indicates a problem with the backend server(s) rather than a problem with the load balancer. Check the maximum statistic to determine the number of latency data points that reach or exceed the load balancer idle timeout value. When latency data points meet or exceed the idle timeout value, it is likely that some requests are timing out, which initiates an HTTP 504 response to clients.

NEW QUESTION 19
An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software?

• A. AWS Elastic Beanstalk
• B. AWS CloudFront
• C. AWS CloudFormation
• D. AWS DevOps

Answer: C

Explanation:
AWS CloudFormation is an application management tool which provides application modelling, deployment, configuration, management and related activities. CloudFormation provides an easy way to create and delete the collection of related AWS resources and provision them in an orderly way. AWS CloudFormation automates and simplifies the task of repeatedly and predictably creating groups of related resources that power the user??s applications. AWS CloudFront is a CDN; Elastic Beanstalk does quite a few of the required tasks. However, it is a PAAS which uses a ready AMI. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud.

NEW QUESTION 20
A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

• A. Destination: 0.0.0.0/0 and Target: i-a12345
• B. Destination: 20.0.0.0/0 and Target: 80
• C. Destination: 20.0.0.0/0 and Target: i-a12345
• D. Destination: 20.0.0.0/24 and Target: i-a12345

Answer: A

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets. The main route table will have
the entry ??Destination: 0.0.0.0/0 and Target: ia12345??, which allows all the instances in the private subnet to connect to the internet using NAT.

NEW QUESTION 21
An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?

• A. Stop the scaling process until research is completed
• B. It is not possible to find the root cause from that instance without triggering scaling
• C. Delete Auto Scaling until research is completed
• D. Suspend the scaling process until research is completed

Answer: D

Explanation:
Auto Scaling allows the user to suspend and then resume one or more of the Auto Scaling processes in the Auto Scaling group. This is very useful when the user wants to investigate a configuration problem or some other issue, such as a memory leak with the web application and then make changes to the application, without triggering the Auto Scaling process.

NEW QUESTION 22
......