SOA-C01 AWS Certified SysOps Administrator - Associate Question and Answers

Attach an IAM policy to the users or groups that require access to the EC2 instances

Attach an IAM role to control access to the EC2 instances

Create a placement group for the EC2 instances and add a specific tag

Create a service account and attach it to the EC2 instances that need to be controlled

Create an IAM policy that grants access to any EC2 instances with a tag specified in the condition element

Contact AWS Support to pre-warm the database to ensure that it can handle any unexpected spikes in traffic

Create a new Multi-AZ RDS DB instance. Migrate the data to the new DB instance and delete the old one

Create a read replica from the existing database outside of business hours

Modify the DB instance to outside of business hours be a Multi-AZ deployment

The search string is not HTML-encoded.

The search string must be put in quotes.

The search string must be escaped with a backslash (\) before the forward slash (/).

The search string is not in the first 5120 bytes of the tested page.

Place the EC2 instances into an AWS Auto Scaling group.

Configure the ALB's Target Group to use more frequent health checks.

Enable sticky sessions on the Application Load Balancer.

Increase the idle timeout setting of the Application Load Balancer.

AWS Budgets

AWS Cost Explorer

AWS Trusted Advisor

AWS Cost and Usage report

Create a scale down trigger when the CPUUtilization instance metric is at 70%.

Delete the Auto Scaling group and recreate it when troubleshooting is complete

Remove impacted instances from the Application Load Balancer.

Suspend the scaling process before troubleshooting.

Enable a lifecycle policy on the S3 bucket

Enable cross-origin resource sharing on the S3 bucket

Enable object tagging on the S3 bucket

Enable versioning on the S3 bucket

Attach the snapshot to a new Amazon EC2 instance in the same Availability Zone, and copy the deleted file.

Browse to the snapshot and copy the file to the EBS volume within an Amazon EC2 instance.

Create a volume from the snapshot, attach the volume to an Amazon EC2 instance, and copy the deleted file.

Restore the file from the snapshot onto an EC2 instance using the Amazon EC2 console.

Install Amazon Inspector on the EC2 instances and configure a rules package Use the findings reports to identify and block SQL injection attacks.

Modify the security group of the ALB Use the IP addresses from the logs to block the IP addresses where SQL injection originated.

Create an AWS WAF web ACL in front of the ALB. Add an SQL injection rule to the web ACL Associate the web ACL to the ALB

Enable Amazon GuardDuty in the AWS Region Use Amazon CloudWatch Events to trigger an AWS Lambda function response every time an SQL injection finding is discovered

Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.

Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.

Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.

Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.

The AWS Security team

The Amazon EC2 team

The AWS Premium Support team

The company’s System Administrator

AWS/ApplicationELB HealthyHostCount <= 0

AWS/ApplicationELB UnhealthyHostCount >= 1

AWS/EC2 StatusCheckFailed <= 0

AWS/EC2 StatusCheckFailed >= 1

The template referenced an IAM user that is not available in eu-west-1

The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1

The template did not have the proper level of permissions to deploy the resources

The template requested services that do not exist in eu-west-1

CloudFormation templates can be used only to update existing services

Launch a single t2.nano Amazon EC2 instance and create a Linux cron job to invoke the Lambda function at the same time every night.

Set up an Amazon CloudWatch metrics alarm to invoke the Lambda function at the same time every night.

Schedule a CloudWatch event to invoke the Lambda function at the same time every night.

Implement a Chef recipe in AWS OpsWorks stack to invoke the Lambda function at the same time every night.

In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers.

In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers.

In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

Add a NAT gateway to a public subnet

Attach a private address to the elastic network interface on the EC2 instance

Attach an Elastic IP address to the internet gateway

Add an entry to the route table for the subnet that points to an internet gateway

Create an internet gateway and attach it to a VPC

Share the monthly AWS bill with management.

Use AWS CloudTrail Logs to access daily costs in JSON format.

Set up daily Cost and Usage Report and download the output from Amazon S3.

Monitor AWS costs with Amazon Cloud Watch and create billing alerts and notifications.

Create a cross-region dashboard using AWS Lambda and distribute it to all regions

Create a custom CloudWatch dashboard and add a widget for each region in the AWS Management

Console

Enable cross-region dashboards under the CloudWatch section of the AWS Management Console

Switch from basic monitoring to detailed monitoring on all instances

Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters

Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters

Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters

Create an IAM user for the application and grant the user permission to read the Systems Manager parameters

Reboot the instance as soon as possible to perform the system maintenance before the scheduled retirement.

Reboot the instance outside business hours to perform the system maintenance before the scheduled retirement.

Reboot the instance outside business hours to a new host before the scheduled retirement.

Write an AWS Lambda function to restore the system when the Scheduled retirement occurs

Copy the AMI to each region using aws ec2 copy-image Update the CloudFormation mapping include mappings for the copy AMIs.

Creating a snapshot of the running instance and copy the snapshot to the other regions. Create an AMI from the snapshots. Update the CloudFormation template for each region to use the new AMI.

Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.

Update the CloudFormation template to include the additional regions in the auto scaling group. Update the existing stack in us-east-1.

AWS Cost Explorer

AWS Config

AWS Organizations

AWS Budgets

Deploy a second CloudFormation stack and use Amazon Route 53 to redirect traffic to the new stack.

Run the awa cloudformation update-attack command with the —rollback-configuration option.

Set an AutoScal ingRollingUpdate policy in the CloudFormation template to update the stack.

Update the CloudFormation template with the new AMI ID. then reboot the EC2 instances.

Create an Amazon EC2 proxy in Account A that forwards requests to Account B.

Create a load balancer in Account A that points to the load balancer in Account B.

Create a CNAME record in Account A pointing to an alias record to the load balancer in Account B.

Create an alias record in Account A pointing to the load balancer in Account B.

Use the set-alarm-state command in AWS CloudTrail to invoke the Amazon SNS notification

Use CloudWatch custom metrics to set the alarm state in AWS CloudTrail and enable Amazon SNS notifications

Use EC2 instance metadata to manually set the CPU utilization to 75% and invoke the alarm state

Use the set-alarm-state command in the AWS CLI for CloudWatch

Create a new CloudFormation stack based on the changes that were made Delete the old stack and deploy the new stack

Update the CloudFormation stack using a change set Review the changes and update the stack

Update the CloudFormation stack by modifying the selected parameters in the template to match what was changed

Use drift detection on the CloudFormation stack Use the output to update the CloudFormation template and redeploy the stack

sts:AssumeRote

sts:AssumeRoleWithSAML

stsAssumeRoleWithWebldentity

sts:GetFederationToken

Enable MFA on 1AM roles, and require 1AM users to use role credentials to sign API calls.

Ask the 1AM users to log into the AWS Management Console with MFA before making API calls using the CLI.

Restrict the 1AM users to use of the console, as MFA is not supported for CLI use.

Require users to use temporary credentials from the get-session token command to sign API calls.

Implement AWS Organizations and create a service control policy that defines the billing relationship with the new master account.

Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

Send Cost and Usage Reports files to a central Amazon S3 bucket and load the data into Amazon Redshift. Use Amazon QuickSight to provide visualizations to the finance team.

Link the Reserved Instances to the master payer account and use Amazon Redshift Spectrum to query Detailed Billing Report data across all accounts.

VPC Flow Logs

Elastic Load Balancing logs

Amazon CloudFront logs

Amazon RDS MySQL error logs

Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings

Change the Viewer Protocol Policy to use HTTPS only

Configure the distribution to use presigned cookies and URLs to restrict access to the distribution

Enable automatic compression of objects in the Cache Behavior Settings

Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Use parameters to provision the resources.

Use nested stacks to provision the resources.

Use Amazon EC2 user data to provision the resources.

Use stack policies to provision the resources.

Add the EC2 instances to the ALB target group, configure the health check, and ensure that the instances report healthy.

Add the EC2 instances to an Auto Scaling group, configure the health check to ensure that the instances report healthy, and remove the public IPs from the instances.

Create a new subnet in which EC2 instances and ALB will reside to ensure that they can communicate, and remove the public IPs from the instances.

Change the security group for the EC2 instances to allow access from only the ALB security group, and remove the public IPs from the instances.

Change the security group to allow access from 0.0.0.0/0, which permits access from the ALB.

Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.

Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.

Use Amazon Athena to query S3 Analytics reports for HTTP 403 errors, and determine the 1AM user or role making the requests.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the 1AM user or role making the requests.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the 1AM user or role making the requests.

The IAM user did not have privileges to launch the CloudFormation template.

The t2 medium EC2 instance service limit was reached.

An AWS Budgets threshold was breached.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

Restore the EBS volume from the snapshot with fast snapshot restore enabled

Restore the EBS volume from the snapshot using the cold HDD volume type.

Restore the EBS volume from the snapshot and pre-warm the volume by reading all of the blocks.

Restore the EBS volume from the snapshot and configure encryption.

Restore the EBS volume from the snapshot and configure I/O block sizes at random