Last updated on February 21, 2024
Here are 10 AWS Certified SysOps Administrator Associate SOA-C02 practice exam questions to help you gauge your readiness for the actual exam.
Question 1
A financial start-up has recently adopted a hybrid cloud infrastructure with AWS Cloud. They are planning to migrate their online payments system that supports an IPv6 address and uses an Oracle database in a RAC configuration. As the AWS Consultant, you have to make sure that the application can initiate outgoing traffic to the Internet but blocks any incoming connection from the Internet.
Which of the following options would you do to properly migrate the application to AWS?
- Migrate the Oracle database to an EC2 instance. Launch an EC2 instance to host the application and then set up a NAT Instance.
- Migrate the Oracle database to RDS. Launch an EC2 instance to host the application and then set up a NAT gateway instead of a NAT instance for better availability and higher bandwidth.
- Migrate the Oracle database to RDS. Launch the application on a separate EC2 instance and then set up a NAT Instance.
- Migrate the Oracle database to an EC2 instance. Launch the application on a separate EC2 instance and then set up an egress-only Internet gateway.
Question 2
A leading tech consultancy firm has an AWS Virtual Private Cloud (VPC) with one public subnet. They have recently deployed a new blockchain application to an EC2 instance. After a month, management has decided that the application should be modified to also support IPv6 addresses.
Which of the following should you do to satisfy the requirement?
Option 1
- Associate a NAT Gateway with your VPC and Subnets
- Update the Route Tables and Security Group Rules
- Enable Enhanced Networking in your EC2 instance
- Assign IPv6 Addresses to the EC2 Instance
Option 2
- Attach an Egress-Only Internet Gateway to the VPC and Subnets
- Update the Route Tables
- Update the Security Group Rules
- Assign IPv6 Addresses to the EC2 instance
- Configure the instance to use DHCPv6
Option 3
- Associate an IPv6 CIDR Block with the VPC and Subnets
- Update the Route Tables
- Update the Security Group Rules
- Assign IPv6 Addresses to the EC2 Instance
Option 4
- Enable Enhanced Networking in your EC2 instance
- Update the Route Tables
- Update the Security Group Rules
- Assign IPv6 Addresses to the EC2 Instance
Question 3
A company uses Amazon Route 53 to register the domain name of an online timesheet application named: “www.tutorialsdojo-timesheet.com” and deployed the application on ECS. After a few months, a new version of the timesheet application is ready to be deployed which contains bug fixes and new features. The DevOps team launched a separate ECS instance for the new version and they instructed you to direct the initial set of traffic to the new version so they can do their production verification tests. Once verified that the new version is working, you can now totally route all traffic coming from the www.tutorialsdojo-timesheet.com domain to the new ECS instance.
Which of the following would you do to smoothly deploy the new application version?
- Launch a resource record based on the Geoproximity routing policy
- Launch a resource record based on the Latency routing policy
- Launch 2 resource records based on the Failover Routing policy
- Launch 2 resource records based on the Weighted Routing policy
Question 4
A retail company is using AWS Organizations to manage user accounts. The consolidated billing feature is enabled to consolidate billing and payment for multiple AWS accounts. Member account owners requested to get the benefits of Reserved Instances (RIs) but they don’t want to share RIs with other members of the AWS Organization.
Which steps should the SysOps administrator perform to achieve the requirements?
- Go to Billing Preferences in the management account and disable RI discount sharing. Then, purchase the RIs using individual member accounts.
- Go to Billing Preferences in the management account and disable RI discount sharing. Then, purchase the RIs using the management account.
- Disable RI discount sharing in each of the member accounts. Then, purchase the RIs using the management account.
- Disable RI discount sharing in each of the member accounts. Then, purchase RIs in the member accounts only.
Question 5
A real-estate company is hosting a website on a set of Amazon EC2 instances behind an Application Load Balancer. The SysOps administrator used CloudFront for its content distribution and set the ALB as the origin. He also created a CNAME record in Route 53 that sends all traffic through the CloudFront distribution. Users started to report that they are being served with the desktop version of the website when using mobile phones.
Which action can help the SysOps administrator resolve the issue?
- Set the cache behavior of the CloudFront distribution to forward the User-Agent header.
- Update the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.
- Activate the
Enable IPv6
setting on the Application Load Balancer (ALB). Update origin settings of the CloudFront distribution to use the dualstack endpoint. - Activate the dualstack setting on the Application Load Balancer (ALB).
Question 6
A company has recently adopted a hybrid cloud infrastructure. They plan to establish a dedicated connection between their on-premises network and their Amazon VPC. In the next couple of months, they will migrate their applications and move their data from their on-premises network to AWS, which is why they need a more consistent network experience than Internet-based connections.
Which of the following options should be implemented for this scenario?
- Set up a VPN Connection
- Set up a Direct Connect connection
- Set up a VPC peering
- Set up an AWS VPN CloudHub
Question 7
A financial company is launching an online web portal that will be hosted in an Auto Scaling group of Amazon EC2 instances across multiple Availability Zones behind an Application Load Balancer (ALB). To allow HTTP and HTTPS traffic, the SysOps Administrator configured the Network ACL and the Security Group of both the ALB and EC2 instances to allow inbound traffic on ports 80 and 443. However, the online portal is still unreachable over the public internet after the deployment.
How can the Administrator fix this issue?
- In the Security Group, add a new rule to allow outbound traffic on port 80 and port 443.
- Allow ephemeral ports in the Security Group by adding a new rule to allow outbound traffic on ports 1024 – 65535.
- Allow ephemeral ports in the Network ACL by adding a new rule to allow outbound traffic on ports 1024 – 65535.
- In the Network ACL, add a new rule to allow inbound traffic on ports 1024 – 65535.
Question 8
A leading national bank migrated its on-premises infrastructure to AWS. The SysOps Administrator noticed that the cache hit ratio of the CloudFront web distribution is less than 15%.
Which combination of actions should he do to increase the cache hit ratio for the distribution? (Select TWO.)
- In the Cache Behavior settings of your distribution, configure to forward only the query string parameters for which your origin will return unique objects.
- Set the
Viewer Protocol Policy
of your web distribution to only use HTTPS to serve media content. - Use Signed URLs to your CloudFront web distribution.
- Always add the Accept-Encoding header to compress all the content for each and every request.
- Configure your origin to add a
Cache-Control max-age
directive to your objects, and specify the longest practical value formax-age
to increase your TTL.
Question 9
A company has several applications and workloads running on AWS that are managed by various teams. The SysOps Administrator has been instructed to configure alerts to notify the teams in the event that the resource utilization exceeded the defined threshold.
Which of the following is the MOST suitable AWS service that the Administrator should use?
- AWS Trusted Advisor
- AWS Budgets
- Amazon CloudWatch Billing Alarm
- AWS Cost Explorer
Question 10
A government organization has implemented a file gateway to keep copies of the home drives of their employees in a separate S3 bucket. As the SysOps Administrator, you noticed that most files are rarely accessed after 60 days but it is required that the files should still be available immediately in the event of a surprise audit.
In this scenario, what can you do to reduce the storage costs while continuing to provide access to the files for the employees?
- Enable versioning on the S3 bucket.
- Set up a lifecycle policy that moves the employee files older than 60 days to Infrequent Access storage class.
- Create a lifecycle policy to move files older than 60 days to Glacier Deep Archive storage class.
- Set up an S3 bucket policy to limit user access to only newer files that are created in less than 60 days.
For more practice questions like these and to further prepare you for the actual AWS Certified SysOps Administrator Associate SOA-C02 exam, we recommend that you take our top-notch AWS Certified SysOps Administrator Associate Practice Exams, which have been regarded as the best in the market.
Also check out our AWS Certified SysOps Administrator Associate SOA-C02 Exam Study Guide here.