Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SOA-C02

Amazon SOA-C02 Exam Questions
AWS Certified SysOps Administrator (SOA-C01) (Page 12 )

Updated On: 24-Feb-2026
Page 12 of 97
PDF with 932 Questions

A SysOps administrator is examining the following AWS CloudFormation template:
Why will the stack creation fail?

  1. The Outputs section of the CloudFormation template was omitted.
  2. The Parameters section of the CloudFormation template was omitted.
  3. The PrivateDnsName cannot be set from a CloudFormation template.
  4. The VPC was not specified in the CloudFormation template.

Answer(s): C



A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection
Which of the following may be causes of the connectivity problems? (Choose two.)

  1. The security group for the database does not have the appropriate egress rule from the database to the web server.
  2. The certificate used by the web server is not trusted by the RDS instance.
  3. The security group for the database does not have the appropriate ingress rule from the web server to the database.
  4. The port used by the application developer does not match the port specified in the RDS configuration.
  5. The database is still being created and is not available for connectivity.

Answer(s): C,D



A compliance team requires all administrator passwords for Amazon RDS DB instances to be changed at least annually.
Which solution meets this requirement in the MOST operationally efficient manner?

  1. Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.
  2. Store the database credentials as a parameter in the RDS parameter group. Create a database trigger to rotate the password every 365 days.
  3. Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.
  4. Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Answer(s): A



A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?

  1. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
  2. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
  3. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
  4. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Answer(s): A



A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at rest.
Which solution will meet these requirements?

  1. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS managed customer master key (CMK). Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  2. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256. Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  3. Create an Amazon S3 bucket that is configured with default server-side encryption that uses AES-256. Configure CloudFront to use the S3 bucket as a log destination.
  4. Create an Amazon S3 bucket that is configured with no default encryption. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination.

Answer(s): C






Post your Comments and Discuss Amazon SOA-C02 exam dumps with other Community members:

Join the SOA-C02 Discussion