What Highest Quality SOA-C01 Exam Dumps Is

NEW QUESTION 1
A root account owner has given full access of his S3 bucket to one of the IAM users using the bucket ACL. When the IAM user logs in to the S3 console, which actions can he perform?

• A. He can just view the content of the bucket
• B. He can do all the operations on the bucket
• C. It is not possible to give access to an IAM user using ACL
• D. The IAM user can perform all operations on the bucket using only API/SDK

Answer: C

Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3?Vspecific XML schema. The user cannot grant permissions to other users (IAM users. in his account.

NEW QUESTION 2
Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to ??watch the watcher?? --the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the following is a simple way to achieve that goal?

• A. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
• B. Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.
• C. Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and nave the alarm notify your operations team if the CPU usage exceeds 50% few more than one minute; then have your monitoring application go into a CPU-bound loop should it Detect any application problems.
• D. Have the monitoring instances post messages to an SQS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQS queue.

Answer: B

NEW QUESTION 3
An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will:
Choose 2 answers

• A. Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance.
• B. Terminate the instance with the least active network connection
• C. If multiple instances meet this criterion, one will be randomly selected.
• D. Send an SNS notification, if configured to do so.
• E. Terminate an instance in the AZ which currently has 2 running EC2 instances.
• F. Randomly select one of the 3 AZs, and then terminate an instance in that AZ.

Answer: CD

Explanation:
http://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-termination.html

NEW QUESTION 4
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to an instance in the public or private subnet?

• A. 20.0.0.255
• B. 20.0.0.132
• C. 20.0.0.122
• D. 20.0.0.55

Answer: A

Explanation:
When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. In this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255.. The public subnet will have IP addresses between 20.0.0.0 - 20.0.0.127 and the private subnet will have IP addresses between 20.0.0.128 - 20.0.0.255. AWS reserves the first four IP addresses and the last IP address in each subnet??s CIDR block. These are not available for the user to use. Thus, the instance cannot have an IP address of 20.0.0.255

NEW QUESTION 5
A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?

• A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false
• B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring
• C. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true
• D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group

Answer: D

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates the AutoScaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. When the user has created a launch configuration with InstanceMonitoring.Enabled = false it will involve multiple steps to enable detail monitoring. The steps are:
Create a new Launch config with detailed monitoring enabled Update the Auto Scaling group with a new launch config Enable detail monitoring on each EC2 instance

NEW QUESTION 6
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25. The user is trying to create the private subnet with CIDR 20.0.0.128/25. Which of the below mentioned statements is true in this scenario?

• A. It will not allow the user to create the private subnet due to a CIDR overlap
• B. It will allow the user to create a private subnet with CIDR as 20.0.0.128/25
• C. This statement is wrong as AWS does not allow CIDR 20.0.0.0/25
• D. It will not allow the user to create a private subnet due to a wrong CIDR range

Answer: B

Explanation:
When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC., or a subset (to enable multiple subnets. If the user creates more than one subnet in a VPC, the CIDR blocks of the subnets must not overlap. Thus, in this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255. The user can break this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses the CIDR block 20.0.0.0/25 (for addresses 20.0.0.0 - 20.0.0.127. and the other uses the CIDR block 20.0.0.128/25 (for addresses 20.0.0.128 - 20.0.0.255.

NEW QUESTION 7
A user wants to upload a complete folder to AWS S3 using the S3 Management console. How can the user perform this activity?

• A. Just drag and drop the folder using the flash tool provided by S3
• B. Use the Enable Enhanced Folder option from the S3 console while uploading objects
• C. The user cannot upload the whole folder in one go with the S3 management console
• D. Use the Enable Enhanced Uploader option from the S3 console while uploading objects

Answer: D

Explanation:
AWS S3 provides a console to upload objects to a bucket. The user can use the file upload screen to upload the whole folder in one go by clicking on the Enable Enhanced Uploader option. When the
user uploads afolder, Amazon S3 uploads all the files and subfolders from the specified folder to the user??s bucket. It then assigns a key value that is a combination of the uploaded file name and the folder name.

NEW QUESTION 8
You have decided to change the Instance type for instances running In your application tier that are using Auto Scaling.
In which area below would you change the instance type definition?

• A. Auto Scaling launch configuration
• B. Auto Scaling group
• C. Auto Scaling policy
• D. Auto Scaling tags

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/WhatIsAutoScaling.html

NEW QUESTION 9
Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?

• A. Performing underlying OS updates
• B. Provisioning of storage for database
• C. Scheduling maintenance, patches and other updates
• D. Executing maintenance, patches and other updates

Answer: B

NEW QUESTION 10
A sysadmin is trying to understand the Auto Scaling activities. Which of the below mentioned processes is not performed by Auto Scaling?

• A. Reboot Instance
• B. Schedule Actions
• C. Replace Unhealthy
• D. Availability Zone Balancing

Answer: A

Explanation:
There are two primary types of Auto Scaling processes: Launch and Terminate, which launch or terminat instances, respectively. Some other actions performed by Auto Scaling are: AddToLoadbalancer, AlarmNotification, HealthCheck, AZRebalance, ReplaceUnHealthy, and ScheduledActions.

NEW QUESTION 11
You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly.
What three CloudWatch RDS metrics will allow you to identify if the database is the bottleneck? Choose 3 answers

• A. The number of outstanding IOs waiting to access the disk.
• B. The amount of write latency.
• C. The amount of disk space occupied by binary logs on the master.
• D. The amount of time a Read Replica DB Instance lags behind the source DB Instance
• E. The average number of disk I/O operations per second.

Answer: ABE

NEW QUESTION 12
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational Database Service (RDS) MySQL.
Which security measures fall into AWS's responsibility?

• A. Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access
• B. Protect against IP spoofing or packet sniffing
• C. Assure all communication between EC2 instances and ELB is encrypted
• D. Install latest security patches on EL
• E. RDS and EC2 instances

Answer: B

NEW QUESTION 13
A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB?

• A. elb-enable-zones-for-lb
• B. elb-add-zones-for-lb
• C. It is not possible to add more zones to the existing ELB
• D. elb-configure-zones-for-lb

Answer: A

Explanation:
The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;

NEW QUESTION 14
Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to accomplish this. First you created a stack and added an App Server layer with an instance running in it. Next you added an application to the instance, and now you need to deploy a MySQL RDS database instance.
Which of the following answers accurately describe how to add a backend database server to an OpsWorks stack? Choose 3 answers

• A. Add a new database layer and then add recipes to the deploy actions of the database and App Server layers.
• B. Use OpsWorks' "Clone Stack" feature to create a second RDS stack in another Availability Zone for redundancy in the event of a failure in the Primary A
• C. To switch to the secondary RDS instance, set the [:database] attributes to values that are appropriate for your server which you can do by using custom JSON.
• D. The variables that characterize the RDS database connection?Xhost, user, and so on?Xare set using the corresponding values from the deploy JSON's [:deploy][:app_name][:database] attributes.
• E. Cookbook attributes are stored in a repository, so OpsWorks requires that the "password": "your_password" attribute for the RDS instance must be encrypted using at least a 256-bit key.
• F. Set up the connection between the app server and the RDS layer by using a custom recip
• G. The recipe configures the app server as required, typically by creating a configuration fil
• H. The recipe gets the connection data such as the host and database name from a set of attributes in the stack configuration and deployment JSON that AWS OpsWorks installs on every instance.

Answer: BCE

NEW QUESTION 15
A user has granted read/write permission of his S3 bucket using ACL. Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?

• A. IAM User ID
• B. S3 Secure ID
• C. Access ID
• D. Canonical user ID

Answer: D

Explanation:
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. The user can grant permission to an AWS account by the email address of that account or by the canonical user ID. If the user provides an email in the grant request, Amazon S3 finds the canonical user ID for that account and adds it to the ACL. The resulting ACL will always contain the canonical user ID for the AWS account, and not the AWS account's email address.

NEW QUESTION 16
You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group. Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events?
Choose 3 answers

• A. Leverage CloudFront for the delivery of the articles.
• B. Add RDS read-replicas for the read traffic going to your relational database
• C. Leverage ElastiCache for caching the most frequently used data.
• D. Use SQS to queue up the requests for the technical posts and deliver them out of the queue.
• E. Use Route53 health checks to fail over to an S3 bucket for an error page.

Answer: ABC

Explanation:
The questions mention RDS so an answer that includes that as part of the solution makes sense. Also, Route53 does nothing to alleviate pressure on the infrastructure, it??s for failover. E is counterproductive. It talks about failing over to an error page on S3.

NEW QUESTION 17
Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers

• A. Create individual IAM users for everyone in your organization
• B. Configure MFA on the root account and for privileged IAM users
• C. Assign IAM users and groups configured with policies granting least privilege access
• D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

Answer: BC

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

NEW QUESTION 18
A SysOps Administrator supports a legacy application that is hardcoded to service example.com. The application has recently been moved to AWS. The external DNS are managed by a third-party provider. The Administrator has set up an internal domain for example.com and configured this record using Amazon Route.
What solution offers the MOST efficient way to have instances in the same account resolve to the Route 53 service instead of the provider?

• A. Hardcode the name server record to the internal Route 53 IP address tor each instance
• B. Enable DNS resolution in the subnets as required
• C. Ensure that DNS resolution is enabled on the VPC
• D. Create an OS-specific hardcoded entry tor DNS resolution to the private URL

Answer: C

Explanation:
Using DNS with Your VPC
Domain Name System (DNS) is a standard by which names used on the Internet are resolved to their corresponding IP addresses. A DNS hostname is a name that uniquely and absolutely names a computer; it's composed of a host name and a domain name. DNS servers resolve DNS hostnames to their corresponding IP addresses.
Public IPv4 addresses enable communication over the Internet, while private IPv4 addresses enable communication within the network of the instance (either EC2-Classic or a VPC). For more information, see IP Addressing in Your VPC.
We provide an Amazon DNS server. To use your own DNS server, create a new set of DHCP options for your VPC. For more information, see DHCP Options Sets.
Contents
DNS Hostnames
DNS Support in Your VPC DNS Limits
Viewing DNS Hostnames for Your EC2 Instance Updating DNS Support for Your VPC
Using Private Hosted Zones

NEW QUESTION 19
A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?

• A. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday
• B. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
• C. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM
• D. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM

Answer: B

Explanation:
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. In this case the load increases by Thursday and decreases by Friday. Thus, the user can setup the scaling activity based on the predictable traffic patterns of the web application using Auto Scaling scale by Schedule.
http://docs.aws.amazon.com/cli/latest/reference/opsworks/set-time-based-auto-scaling.html

NEW QUESTION 20
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85baf1fc, and it is actively used by 10 Amazon EC2 hosts.
The organization has become concerned that the file system is not encrypted. How can this be resolved?

• A. Enable encryption on each hosts connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
• B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
• C. Enable encryption on each host's local drive Restart each host to encrypt the drive
• D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume

Answer: A

Explanation:
https://docs.aws.amazon.com/efs/latest/ug/encryption.html https://aws.amazon.com/premiumsupport/knowledge-center/encrypt-data-efs/

NEW QUESTION 21
You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region.
Which configuration would achieve that goal?

• A. Route53 record sets with weighted routing policy
• B. Route53 record sets with latency based routing policy
• C. Auto Scaling with scheduled scaling actions set
• D. Elastic Load Balancing with health checks enabled

Answer: A

Explanation:
The question is asking ??a controlled portion of your traffic??, that would be established with weighted routing policy.
See: http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

NEW QUESTION 22
......