Free SOA-C02 Exam Braindumps (page: 21)

Page 20 of 121

A company runs an application that hosts critical data for several clients. The company uses AWS CloudTrail to track user activities on various AWS resources. To meet new security requirements, the company needs to protect the CloudTrail log files from being modified, deleted, or forged.
Which solution will meet these requirement?

  1. Enable CloudTrail log file integrity validation.
  2. Use Amazon S3 MFA Delete on the S3 bucket where the CloudTrail log files are stored.
  3. Use Amazon S3 Versioning to keep all versions of the CloudTrail log files.
  4. Use AWS Key Management Service (AWS KMS) security keys to secure the CloudTrail log files.

Answer(s): A



A global company operates out of five AWS Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instances.
The company requires the output to display the instance ID and tags.
What is the MOST operationally efficient way for the SysOps administrator to meet these requirements?

  1. Create a tag-based resource group in AWS Resource Groups.
  2. Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.
  3. Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.
  4. Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resource type of AWS::EC2::Instance.

Answer(s): D



A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3.
Which action should a SysOps administrator take to meet this requirement?

  1. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.
  2. Create an Amazon ElastiCache cluster and enable caching for the S3 bucket.
  3. Set up AWS Global Accelerator and configure it with the S3 bucket.
  4. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files.

Answer(s): D



A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near-real time.
Which solution will meet these requirements?

  1. Create an AWS Config rule with the required-tags managed rule to identify noncompliant resources. Configure automatic remediation to run the AWS- TerminateEC2Instance automation document to terminate noncompliant resources.
  2. Create a new Amazon EventBridge (Amazon CloudWatch Events) rule to monitor when new EC2 instances are created. Send the event to a Simple Notification Service (Amazon SNS) topic for automatic remediation.
  3. Ensure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behavior to terminate.
  4. Ensure AWS Systems Manager Compliance is configured to manage the EC2 instances. Call the AWS-StopEC2Instances automation document to stop noncompliant resources.

Answer(s): A






Post your Comments and Discuss Amazon SOA-C02 exam with other Community members:

SOA-C02 Discussions & Posts