SOA-C01 | Top Tips Of Up To Date SOA-C01 Exam Dumps

It is impossible to pass Amazon-Web-Services SOA-C01 exam without any help in the short term. Come to Actualtests soon and find the most advanced, correct and guaranteed Amazon-Web-Services SOA-C01 practice questions. You will get a surprising result by our Renew AWS Certified SysOps Administrator - Associate practice guides.

Free SOA-C01 Demo Online For Amazon-Web-Services Certifitcation:

A SysOps Administrator supports a legacy application that is hardcoded to service The application has recently been moved to AWS. The external DNS are managed by a third-party provider. The Administrator has set up an internal domain for and configured this record using Amazon Route.
What solution offers the MOST efficient way to have instances in the same account resolve to the Route 53 service instead of the provider?

  • A. Hardcode the name server record to the internal Route 53 IP address tor each instance
  • B. Enable DNS resolution in the subnets as required
  • C. Ensure that DNS resolution is enabled on the VPC
  • D. Create an OS-specific hardcoded entry tor DNS resolution to the private URL

Answer: C

Using DNS with Your VPC
Domain Name System (DNS) is a standard by which names used on the Internet are resolved to their corresponding IP addresses. A DNS hostname is a name that uniquely and absolutely names a computer; it's composed of a host name and a domain name. DNS servers resolve DNS hostnames to their corresponding IP addresses.
Public IPv4 addresses enable communication over the Internet, while private IPv4 addresses enable communication within the network of the instance (either EC2-Classic or a VPC). For more information, see IP Addressing in Your VPC.
We provide an Amazon DNS server. To use your own DNS server, create a new set of DHCP options for your VPC. For more information, see DHCP Options Sets.
DNS Hostnames
DNS Support in Your VPC DNS Limits
Viewing DNS Hostnames for Your EC2 Instance Updating DNS Support for Your VPC
Using Private Hosted Zones

A user has configured an ELB to distribute the traffic among multiple instances. The user instances are facing some issues due to the back-end servers. Which of the below mentioned CloudWatch
metrics helps the user understand the issue with the instances?

  • A. HTTPCode_Backend_3XX
  • B. HTTPCode_Backend_4XX
  • C. HTTPCode_Backend_2XX
  • D. HTTPCode_Backend_5XX

Answer: D

CloudWatch is used to monitor AWS as well as the custom services. For ELB, CloudWatch provides various metrics including error code by ELB as well as by back-end servers (instances.. It gives data for the count of the number of HTTP response codes generated by the back-end instances. This metric does not include any response codes generated by the load balancer. These metrics are:
The 2XX class status codes represents successful actions
The 3XX class status code indicates that the user agent requires action The 4XX class status code represents client errors
The 5XX class status code represents back-end server errors

A company is migrating an application to AWS that requires access to a legacy system, which remain in the company's data centre. The application runs inside a VPC in the company's AWS account. The application must offer a consistent and low-latency response to its users
How can these requirements be met?

  • A. Create a software-based VPN connection between the Amazon VPC and the on-premises network
  • B. Create an AWS Direct Connect connection between AWS and the on-premises network and then use a private virtual interface
  • C. Create a hardware-based IPsec VPN connection between the VPC in AWS and the on-premises network
  • D. Create an overlay network by using third-party software and use that to connect the X/PC back to the on-premises network

Answer: B

Private Connectivity to your Amazon VPC. You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC.

The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because it is moving to HTTP for all incoming web traffic. The team a SysOps Administrator to provide a report on any security groups that are not compliant.
What should the SysOps Administrator do to provide near real-time compliance reporting?

  • A. Enable AWS Trusted Advisor and show the security team that the Security groups unrestricted access check will alarm
  • B. Schedule an AWS Lambda function to run hourly to scan and evaluate all security groups and send a report to the Security team
  • C. Use AWS Config to enable the restricted-common ports rule and add port 80 to the parameters
  • D. Use Amazon Inspector lo evaluate the security groups during scans and send the completed reports to the Security team

Answer: A


A user wants to upload a complete folder to AWS S3 using the S3 Management console. How can the user perform this activity?

  • A. Just drag and drop the folder using the flash tool provided by S3
  • B. Use the Enable Enhanced Folder option from the S3 console while uploading objects
  • C. The user cannot upload the whole folder in one go with the S3 management console
  • D. Use the Enable Enhanced Uploader option from the S3 console while uploading objects

Answer: D

AWS S3 provides a console to upload objects to a bucket. The user can use the file upload screen to upload the whole folder in one go by clicking on the Enable Enhanced Uploader option. When the
user uploads afolder, Amazon S3 uploads all the files and subfolders from the specified folder to the user??s bucket. It then assigns a key value that is a combination of the uploaded file name and the folder name.

A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?

  • A. Change the Disable button for notification to ??Yes?? in the RDS console
  • B. Set the send mail flag to false in the DB event notification console
  • C. The only option is to delete the notification from the console
  • D. Change the Enable button for notification to ??No?? in the RDS console

Answer: D

Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event notifications are sent to the addresses that the user has provided while creating the subscription. The user can easily turn off the notification without deleting a subscription by setting the Enabled radio button to No in the Amazon RDS console or by setting the Enabled parameter to false using the CLI or Amazon RDS API.

You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 In the same region.
How do you remedy this situation?

  • A. Add an additional ENI
  • B. Change to a larger Instance
  • C. Use DirectConnect between EC2 and S3
  • D. Use EBS PIOPS on the local volume

Answer: B


What is a placement group?

  • A. A collection of Auto Scaling groups in the same Region
  • B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections
  • C. A collection of Elastic Load Balancers in the same Region or Availability Zone
  • D. A collection of authorized Cloud Front edge locations for a distribution

Answer: B

A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both

You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS.
Which option will provide the most scalable solution for communicating between the application and SQS?

  • A. Ensure the application instances are properly configured with an Elastic Load Balancer
  • B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
  • C. Ensure the application instances are launched in public subnets with the associate-public-IP- address=true option enabled
  • D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Answer: D

The question is about most ??scalable solution for communicating?? for SQS that is parallel processing of SQS messages.
See also:

An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch access. He has setup the alarm action which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case?

  • A. It is not possible to stop the instance using the CloudWatch alarm
  • B. CloudWatch will stop the instance when the action is executed
  • C. The user cannot set an alarm on EC2 since he does not have the permission
  • D. The user can setup the action but it will not be executed if the user does not have EC2 rights

Answer: D

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which stops the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. If the IAM user has read/write permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm. However, the stop or terminate actions will not be performed on the Amazon EC2 instance.

A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below mentioned AWS services will help in this scenario?

  • A. None because the user infrastructure is in the private cloud
  • B. AWS SNS
  • C. AWS SES
  • D. AWS SMS

Answer: B

Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can be used to make push notifications to mobile devices. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service
(SQS. queues or to any HTTP endpoint. In this case user can use the SNS apis to send SMS.

An organization has configured two single availability zones. The Auto Scaling groups are configured in separate zones. The user wants to merge the groups such that one group spans across multiple zones. How can the user configure this?

  • A. Run the command as-join-auto-scaling-group to join the two groups
  • B. Run the command as-update-auto-scaling-group to configure one group to span across zones and delete the other group
  • C. Run the command as-copy-auto-scaling-group to join the two groups
  • D. Run the command as-merge-auto-scaling-group to merge the groups

Answer: B

If the user has configured two separate single availability zone Auto Scaling groups and wants to merge them then he should update one of the groups and delete the other one. While updating the first group it is recommended that the user should increase the size of the minimum, maximum and desired capacity as a summation of both the groups.

When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated? Choose 3 answers

  • A. Key pairs
  • B. Console passwords
  • C. Access keys
  • D. Signing certificates
  • E. Security Group memberships

Answer: ACD


An organization has applied the below mentioned policy on an IAM group which has selected the IAM users. What entitlements do the IAM users avail with this policy?
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": "*",
"Resource": "*"

  • A. The policy is not created correctl
  • B. It will throw an error for wrong resource name
  • C. The policy is for the grou
  • D. Thus, the IAM user cannot have any entitlement to this
  • E. It allows full access to all AWS services for the IAM users who are a part of this group
  • F. If this policy is applied to the EC2 resource, the users of the group will have full access to the EC2 Resources

Answer: C

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The IAM group allows the organization to specify permissions for a collection of users. With the below mentioned policy, it will allow the group full access (Admin. to all AWS services.
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": "*",
"Resource": "*"

An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?

  • A. Create a new VPC with tenancy=dedicated and migrate to the new VPC
  • B. Use ec2-reboot-instances command line and set the parameter "dedicated=true"
  • C. Right click on the instance, select properties and check the box for dedicated tenancy
  • D. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance

Answer: D

See: instance.html#dedicated-apichanges
You cannot change the tenancy of a default instance after you??ve launched it. You can change the tenancy of an instance from ??dedicated?? to ??host?? after you??ve launched it, and vice versa.

A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?

  • A. TLS 1.3
  • B. TLS 1.2
  • C. SSL 2.0
  • D. SSL 3.0

Answer: A

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. Elastic Load Balancing supports the following versions of the SSL protocol:
TLS 1.2
TLS 1.1
TLS 1.0
SSL 3.0
SSL 2.0

A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL. negotiation configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?

  • A. SSL Protocols
  • B. Client Order Preference
  • C. SSL Ciphers
  • D. Server Order Preference

Answer: B

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. A security policy is a combination of SSL Protocols, SSL Ciphers, and the Server Order Preference option.

A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to theinternet?

  • A. Use the internet gateway with a private IP
  • B. Allow outbound traffic in the security group for port 80 to allow internet updates
  • C. The private subnet can never connect to the internet
  • D. Use NAT with an elastic IP

Answer: D

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. If the user has created two subnets (one private and one public., he would need a Network Address Translation (NAT. instance with the elastic IP address. This enables the instances in the private subnet to send requests to the internet (for example, to perform software updates..

A user has created a VPC with CIDR using the wizard. The user has created a public subnet CIDR ( and VPN only subnets CIDR ( along with the VPN gateway (vgw-12345. to connect to the user??s data centre. The user??s data centre has CIDR The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

  • A. Destination: and Target: i-12345
  • B. Destination: and Target: i-12345
  • C. Destination: and Target: vgw-12345
  • D. Destination: and Target: local

Answer: A

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization??s DC will be routed to the VPN gateway.
Here are the valid entries for the main route table in this scenario:
Destination: & Target: i-12345 (To route all internet traffic to the NAT Instance.
Destination: & Target: vgw-12345 (To route all the organization??s data centre traffic to the VPN gateway.
Destination: & Target: local (To allow local routing in VPC.

An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software?

  • A. AWS Elastic Beanstalk
  • B. AWS CloudFront
  • C. AWS CloudFormation
  • D. AWS DevOps

Answer: C

AWS CloudFormation is an application management tool which provides application modelling, deployment, configuration, management and related activities. CloudFormation provides an easy way to create and delete the collection of related AWS resources and provision them in an orderly way. AWS CloudFormation automates and simplifies the task of repeatedly and predictably creating groups of related resources that power the user??s applications. AWS CloudFront is a CDN; Elastic Beanstalk does quite a few of the required tasks. However, it is a PAAS which uses a ready AMI. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud.

A user is trying to configure the CloudWatch billing alarm. Which of the below mentioned steps should be performed by the user for the first time alarm creation in the AWS Account Management section?

  • A. Enable Receiving Billing Reports
  • B. Enable Receiving Billing Alerts
  • C. Enable AWS billing utility
  • D. Enable CloudWatch Billing Threshold

Answer: B

AWS CloudWatch supports enabling the billing alarm on the total AWS charges. Before the user can create an alarm on the estimated charges, he must enable monitoring of the estimated AWS charges, by selecting the option ??Enable receiving billing alerts??. It takes about 15 minutes before the user can view the billing data. The user can then create the alarms.

An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are added to the same group cloudacademy. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?

  • A.
  • B. https://
  • C. https://
  • D. https:// cloudacademy/

Answer: A

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console. The console login URL for the IAM user will be https:// It uses only the AWS account ID and does not depend on the group or user ID.

A company website hosts patches for software that is sold globally. The website rules in AWS perform will until large software patch is released. The flood of download puts a strain on the web servers and leads to a poor customer experience.
What can the SysOps Administrator propose to enhance customer experience, create a more available platform, and keep costs low?

  • A. Use an Amazon Cloud Front distribution to cache static content, including software patches.
  • B. Increase the size of the NAT instance to improve through.
  • C. Scale out the web servers in advance of patch releases to reduce Auto Scaling delays.
  • D. Move the content to IO1 and provision additional IOPS to the volume that contains the software patches.

Answer: D


Thanks for reading the newest SOA-C01 exam dumps! We recommend you to try the PREMIUM SOA-C01 dumps in VCE and PDF here: (639 Q&As Dumps)