Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SysOps

Amazon AWS-SysOps Exam Questions
AWS Certified SysOps Administrator (SOA-C01) (Page 16 )

Updated On: 21-Feb-2026
Page 16 of 97
PDF with 932 Questions

A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.
The SysOps administrator must give Systems Manager the ability to access the EC2 instances.
Which additional action must the SysOps administrator perform to meet this requirement?

  1. Add an inbound rule to the instances' security group.
  2. Attach an IAM instance profile with access to Systems Manager to the instances.
  3. Create a Systems Manager activation. Then activate the fleet of instances.
  4. Manually specify the instances to patch instead of using tag-based selection.

Answer(s): B



A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2 instances in eu-central-1 are unable to connect to the database in us-east-1.
What is the MOST operationally efficient solution that will resolve this connectivity issue?

  1. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.
  2. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.
  3. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.
  4. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.

Answer(s): A



A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any security groups that use 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block that corresponds with the company's intranet.
Which set of actions should the SysOps administrator take to create a solution?

  1. Create an AWS Config rule to detect noncompliant security groups. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDR block.
  2. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as the source address. Attach this IAM policy to every user in the company.
  3. Create an AWS Lambda function to inspect new and existing security groups. Check for a noncompliant 0.0.0.0/0 source address and change the source address to the approved CIDR block.
  4. Create a service control policy (SCP) for the organizational unit (OU) to deny the creation of security groups that have the 0.0.0.0/0 source address. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDR block.

Answer(s): A



A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted.
How should the SysOps administrator meet these requirements?

  1. Enable log file integrity validation. Use the AWS CLI to validate the log files.
  2. Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files.
  3. Use CloudTrail Insights to monitor the log files for modifications.
  4. Use Amazon CloudWatch Logs to monitor the log files for modifications.

Answer(s): A



A company is planning to host its stateful web-based applications on AWS. A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances. The web applications will run 24 hours a day, 7 days a week throughout the year. The company must be able to change the instance type within the same instance family later in the year based on the traffic and usage patterns.
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

  1. Convertible Reserved Instances
  2. On-Demand Instances
  3. Spot Instances
  4. Standard Reserved Instances

Answer(s): A






Post your Comments and Discuss Amazon AWS-SysOps exam dumps with other Community members:

Join the AWS-SysOps Discussion