SOA-C01 | A Review Of Download SOA-C01 Practice

We provide real SOA-C01 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Amazon-Web-Services SOA-C01 Exam quickly & easily. The SOA-C01 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Amazon-Web-Services SOA-C01 dumps pdf and vce product and material, you can easily pass the SOA-C01 exam.

Check SOA-C01 free dumps before getting the full version:

NEW QUESTION 1
A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?

  • A. AWS S3 with 1 GB of storage
  • B. AWS micro instance running 24 hours daily
  • C. AWS ELB running 24 hours a day
  • D. AWS PIOPS volume of 10 GB size

Answer: D

Explanation:
AWS is introducing a free usage tier for one year to help the new AWS customers get started in Cloud. The free tier can be used for anything that the user wants to run in the Cloud. AWS offers a handful of AWS services as a part of this which includes 750 hours of free micro instances and 750 hours of ELB. It includes the AWS S3 of 5 GB and AWS EBS general purpose volume upto 30 GB. PIOPS is not part of free usage tier.

NEW QUESTION 2
An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3.
Which option should you implement to ensure this requirement is met?

  • A. Use the S3 copy API to replicate data between two S3 buckets in different regions
  • B. You do not need to implement anything since S3 data is automatically replicated between regions
  • C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
  • D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region

Answer: D

Explanation:
It seems that this question wants to emphasize below (S3 Faq ?V https://aws.amazon.com/s3/faqs/ ) You specify a region when you create your Amazon S3 bucket. Within that region, your objects are redundantly stored on multiple devices across multiple facilities. Please refer to Regional Products and Services for details of Amazon S3 service availability by region.

NEW QUESTION 3
A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log?

  • A. Response processing time
  • B. Front end processing time
  • C. Backend processing time
  • D. Request processing time

Answer: B

Explanation:
Elastic Load Balancing access logs capture detailed information for all the requests made to the load balancer. Each request will have details, such as client IP, request path, ELB IP, time, and latencies. The time will have information, such as Request Processing time, Backend Processing time and Response Processing time.

NEW QUESTION 4
A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using the custom namespace. Which of the below mentioned options is recommended for this activity?

  • A. Aggregate the data with statistics, such as Min, max, Average, Sum and Sample data and send the data to CloudWatch
  • B. Send all the data values to CloudWatch in a single command by separating them with a comm
  • C. CloudWatch will parse automatically
  • D. Create one csv file of all the data and send a single file to CloudWatch
  • E. It is not possible to send all the data in one cal
  • F. Thus, it should be sent one by on
  • G. CloudWatch willaggregate the data automatically

Answer: A

Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put- metric-data. It is recommended that when the user is having multiple data points per minute, he should aggregate the data so that it will minimize the number of calls to put-metric-data. In this case
it will be single call to CloudWatch instead of 1000 calls if the data is aggregated.

NEW QUESTION 5
A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

  • A. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
  • B. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
  • C. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
  • D. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests

Answer: A

Explanation:
With AWS CloudWatch, the user can publish data points for a metric that share not only the same time stamp, but also the same namespace and dimensions. CloudWatch can accept multiple data points in the same PutMetricData call with the same time stamp. The only thing that the user needs to take care of is that the size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests.

NEW QUESTION 6
You use S3 to store critical data for your company Several users within your group currently have lull permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects.
Which two options will address this issue? Choose 2 answers

  • A. Enable versioning on your S3 Buckets
  • B. Configure your S3 Buckets with MFA delete
  • C. Create a Bucket policy and only allow read only permissions to all users at the bucket level
  • D. Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier

Answer: AD

NEW QUESTION 7
A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?

  • A. There is no need to update the subnet as VPC automatically adjusts the CIDR of the first subnet based on the second subnet??s CIDR
  • B. The user can modify the first subnet CIDR from the console
  • C. It is not possible to create a second subnet as one subnet with the same CIDR as the VPC has been created
  • D. The user can modify the first subnet CIDR with AWS CLI

Answer: D

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside the subnet. The user can create a subnet with the same size of VPC. However, he cannot create any other subnet since the CIDR of the second subnet will conflict with the first subnet. The user cannot modify the CIDR of a subnet once it is created. Thus, in this case if required, the user has to delete the subnet and create new subnets.

NEW QUESTION 8
A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. The bucket has both AWS.jpg and index.html objects. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow", "Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"], "Resource": [ "arn:aws:s3:::cloudacademy/*.jpg]
}]

  • A. It will make all the objects as well as the bucket public
  • B. It will throw an error for the wrong action and does not allow to save the policy
  • C. It will make the AWS.jpg object as public
  • D. It will make the AWS.jpg as well as the cloudacademy bucket as public

Answer: B

NEW QUESTION 9
A company has two AWS account developers and production. All application send logs to a specific Amazon bucket for each account, and the Developers are requesting access to the production
account S3 buckets to view the logs?
Which is the MOST efficient way to provide the Developers with access?

  • A. Create an AWS Lambda function with an IAM role attached to it that has access to be accounts'S3 buckets Put me logs tram the production S3 bucket to the development S3 bucket
  • B. Create IAM users for each Developer on the production account and add the Developers to an IAM group that provides read-only access to the S3 log bucket
  • C. Create an Amazon EC2 bastion host with an 1AM role attached to it that has access to it that has production S3 log bucket and then provision access for the Developers on the host
  • D. Create a resource-based pokey for the S3 bucket on the production account that grant access to the development account and then delegate the development account

Answer: B

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

NEW QUESTION 10
An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the limitations of IAM?

  • A. One IAM user can be a part of a maximum of 5 groups
  • B. The organization can create 100 groups per AWS account
  • C. One AWS account can have a maximum of 5000 IAM users
  • D. One AWS account can have 250 roles

Answer: A

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The default maximums for each of the IAM entities is given below:
Groups per AWS account: 100 Users per AWS account: 5000 Roles per AWS account: 250
Number of groups per user: 10 (that is, one user can be part of these many groups.

NEW QUESTION 11
An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his credentials. What will the below mentioned statement allow the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/TestingGroup"
}]

  • A. The IAM policy will throw an error due to an invalid resource name
  • B. The IAM policy will allow the user to subscribe to any IAM group
  • C. Allow the IAM user to update the membership of the group called TestingGroup
  • D. Allow the IAM user to delete the TestingGroup

Answer: C

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234. wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/ TestingGroup "
}]

NEW QUESTION 12
A user has launched an RDS postgreSQL DB with AWS. The user did not specify the maintenance window during creation. The user has configured RDS to update the DB instance type from micro to large. If the user wants to have it during the maintenance window, what will AWS do?

  • A. AWS will not allow to update the DB until the maintenance window is configured
  • B. AWS will select the default maintenance window if the user has not provided it
  • C. AWS will ask the user to specify the maintenance window during the update
  • D. It is not possible to change the DB size from micro to large with RDS

Answer: B

Explanation:
AWS RDS has a compulsory maintenance window which by default is 30 minutes. If the user does not specify the maintenance window during the creation of RDS then AWS will select a 30-minute maintenance window randomly from an 8-hour block of time per region. In this case, Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.

NEW QUESTION 13
The Security tram is connect because the number of AWS identity and access Management (IAM) policies being in the environment is increasing. The tasked a SysOps Administrator to report on the number of IAM policies in use and use the total IAM policies.
Which AWS service should the Administrator use to check how current IAM policy compares to current limits?

  • A. MWS Trusted Advisor
  • B. Amazon Inspector
  • C. AWS Config
  • D. Organizations

Answer: C

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.

NEW QUESTION 14
In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

  • A. AWS Direct Connect
  • B. Placement Groups
  • C. VPC private subnets
  • D. EC2 Dedicated Instances
  • E. Multiple Availability Zones

Answer: B

Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

NEW QUESTION 15
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

  • A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
  • B. Create an IAM user with the Put MetricData permission and modify the Auto Scaling launch configuration to inject the users credentials into the instance User Data
  • C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
  • D. Create an IAM user with the Put MetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Answer: A

NEW QUESTION 16
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85baf1fc, and it is actively used by 10 Amazon EC2 hosts.
The organization has become concerned that the file system is not encrypted. How can this be resolved?

  • A. Enable encryption on each hosts connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
  • B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
  • C. Enable encryption on each host's local drive Restart each host to encrypt the drive
  • D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume

Answer: A

Explanation:
https://docs.aws.amazon.com/efs/latest/ug/encryption.html https://aws.amazon.com/premiumsupport/knowledge-center/encrypt-data-efs/

NEW QUESTION 17
A company's customers are reporting increased latency while accessing static web contact from Amazon S3. A SysOps Administrator a very high rate of read operations on a particular S3 bucket. What will minimize latency by reducing lead on the S3 bucket?

  • A. Migrate the S3 bucket to a region that is end users; geographic locations.
  • B. Use cross-region replication to replicate all the data to another region
  • C. Create an Amazon Cloud Front distribution with the bucket as the origin.
  • D. Use Amazon ElastiCache to cache data being server from Amazon S3

Answer: C

Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within
a developer-friendly environment. CloudFront is integrated with AWS ?V both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers?? users and to customize the user experience. You can get started with the Content Delivery Network in minutes, using the same AWS tools that you're already familiar with: APIs, AWS Management Console, AWS CloudFormation, CLIs, and SDKs. Amazon's CDN offers a simple, pay-as-you-go pricing model with no upfront fees or required long-term contracts, and support for the CDN is included in your existing AWS Support subscription.

NEW QUESTION 18
A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

  • A. Destination : 20.0.0.0/24 and Target : VPC
  • B. Destination : 20.0.0.0/16 and Target : ALL
  • C. Destination : 20.0.0.0/0 and Target : ALL
  • D. Destination : 20.0.0.0/24 and Target : Local

Answer: D

NEW QUESTION 19
A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the
user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?

  • A. AWS/StorageGateway
  • B. AWS/CloudTrail
  • C. AWS/ElastiCache
  • D. AWS/SWF

Answer: B

Explanation:
Amazon CloudWatch is basically a metrics repository. The AWS product puts metrics into this repository, and the user can retrieve the data or statistics based on those metrics. To distinguish the data for each service, the CloudWatch metric has a namespace. Namespaces are containers for metrics. All AWS services that provide the Amazon CloudWatch data use a namespace string, beginning with "AWS/". All the services which are supported by CloudWatch will have some namespace. CloudWatch does not monitor CloudTrail. Thus, the namespace ??AWS/CloudTrail?? is incorrect.

NEW QUESTION 20
An organization is planning to use AWS for 5 different departments. The finance department is responsible to pay for all the accounts. However, they want the cost separation for each account to map with the right cost centre. How can the finance department achieve this?

  • A. Create 5 separate accounts and make them a part of one consolidate billing
  • B. Create 5 separate accounts and use the IAM cross account access with the roles for better management
  • C. Create 5 separate IAM users and set a different policy for their access
  • D. Create 5 separate IAM groups and add users as per the department??s employees

Answer: A

Explanation:
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. Consolidated billing enables the organization to see a combined view of the AWS charges incurred by each account as well as obtain a detailed cost report for each of the individual AWS accounts associated with the paying account.

NEW QUESTION 21
A user is configuring a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is higher than 50%. The user has setup an alarm when there is some inactivity on RDS, such as RDS unavailability. How can the user configure this?

  • A. Setup the notification when the CPU is more than 75% on RDS
  • B. Setup the notification when the state is Insufficient Data
  • C. Setup the notification when the CPU utilization is less than 10%
  • D. It is not possible to setup the alarm on RDS

Answer: B

Explanation:
Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a
number of time periods. The alarm has three states: Alarm, OK and Insufficient data. The Alarm will change to Insufficient Data when any of the three situations arise: when the alarm has just started, when the metric is not available or when enough data is not available for the metric to determine the alarm state. If the user wants to find that RDS is not available, he can setup to receive the notification when the state is in Insufficient data.

NEW QUESTION 22
A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?

  • A. Authenticated user group
  • B. All users group
  • C. Log Delivery Group
  • D. Canonical user group

Answer: D

Explanation:
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. AWS S3 has the following predefined groups:
Authenticated Users group: It represents all AWS accounts. All Users group: Access permission to this group allows anyone to access the resource. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.

NEW QUESTION 23
A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp.. Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp.?

  • A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp.
  • B. Allow Inbound on port 3306 from source 20.0.0.0/16
  • C. Allow Outbound on port 3306 for Destination Web Server Security Group (WebSecGrp.
  • D. Allow Outbound on port 80 for Destination NAT Instance IP

Answer: A

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can receive inbound traffic from the public subnet on the DB port. Thus, configure port 3306 in Inbound with the source as the Web Server Security Group (WebSecGrp.. The user should configure ports 80 and 443 for Destination 0.0.0.0/0 as the route table directs traffic to the NAT instance from the private subnet.

NEW QUESTION 24
......

P.S. Easily pass SOA-C01 Exam with 639 Q&As Certleader Dumps & pdf Version, Welcome to Download the Newest Certleader SOA-C01 Dumps: https://www.certleader.com/SOA-C01-dumps.html (639 New Questions)