Up To The Immediate Present SOA-C01 Guidance 2021

NEW QUESTION 1
A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

• A. Always select the US-East-1-a zone for HA
• B. Do not select the AZ; instead let AWS select the AZ
• C. The user can never select the availability zone while launching an instance
• D. Always select the AZ while launching an instance

Answer: B

Explanation:
When launching an instance with EC2, AWS recommends not to select the availability zone (AZ. AWS specifies that the default Availability Zone should be accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances.

NEW QUESTION 2
A user has setup an EBS backed instance and a CloudWatch alarm when the CPU utilization is more than 65%. The user has setup the alarm to watch it for 5 periods of 5 minutes each. The CPU utilization is 60% between 9 AM to 6 PM. The user has stopped the EC2 instance for 15 minutes between 11 AM to 11:15 AM. What will be the status of the alarm at 11:30 AM?

• A. Alarm
• B. OK
• C. Insufficient Data
• D. Error

Answer: B

Explanation:
Amazon CloudWatch alarm watches a single metric over a time period the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The state of the alarm will be OK for the whole day. When the user stops the instance for three periods the alarm may not receive the data

NEW QUESTION 3
A user has created numerous EBS volumes. What is the general limit for each AWS account for the maximum number of EBS volumes that can be created?

• A. 10000
• B. 5000
• C. 100
• D. 1000

Answer: B

Explanation:
A user can attach multiple EBS volumes to the same instance within the limits specified by his AWS account. Each AWS account has a limit on the number of Amazon EBS volumes that the user can create, and the total storage available. The default limit for the maximum number of volumes that can be created is 5000.

NEW QUESTION 4
A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephermal storage data?

• A. All the data will be erased but the ephermal storage will stay connected
• B. All data will be erased and the ephermal storage is released
• C. It is not possible to restart an instance launched from an instance store backed AMI
• D. The data is preserved

Answer: D

Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. When an instance launched from an instance store backed AMI is rebooted all the ephermal storage data is still preserved.

NEW QUESTION 5
A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

• A. Elastic IP
• B. Private IP
• C. Public IP
• D. Internet gateway

Answer: B

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to a user??s AWS account? A subnet is a range of IP addresses in the VPC. The user can launch the AWS resources into a subnet. There are two supported platforms into which a user can launch instances: EC2-Classic and EC2-VPC. When the user launches an instance which is not a part of the non-default subnet, it will only have a private IP assigned to it. The instances part of a subnet can communicate with each other but cannot communicate over the internet or to the AWS services, such as RDS / S3.

NEW QUESTION 6
An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing?

• A. The consolidated billing does not bring any cost advantage for the organization
• B. All AWS accounts will be charged for S3 storage by combining the total storage of each account
• C. The EC2 instances of each account will receive a total of 750*3 micro instance hours free
• D. The free usage tier for all the 3 accounts will be 3 years and not a single year

Answer: B

Explanation:
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when he uses the service more.

NEW QUESTION 7
A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

• A. Allow Inbound traffic on port 22 from the user??s network
• B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
• C. The user can connect to a instance in a private subnet using the NAT instance
• D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet

Answer: A

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data center, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data center. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data center. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22. from the data center??s network range.

NEW QUESTION 8
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

• A. AWS EMR
• B. AWS RDS
• C. AWS ELB
• D. AWS Route53

Answer: A

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, EC2, Auto Scaling, ELB, and Route 53 can provide the monitoring data every minute.

NEW QUESTION 9
Which services allow the customer to retain run administrative privileges or the undertying EC2 instances? Choose 2 answers

• A. AWS Elastic Beanstalk
• B. Amazon Elastic Map Reduce
• C. Elastic Load Balancing
• D. Amazon Relational Database Service
• E. Amazon Elasti Cache

Answer: AB

NEW QUESTION 10
A sysadmin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?

• A. Enable ELB cross zone load balancing
• B. Enable ELB cookie setup
• C. Enable ELB sticky session
• D. Enable ELB connection draining

Answer: C

Explanation:
Generally, AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user??s session with a specific EC2 instance. If the sticky session is enabled the first request from the user will be redirected to any of the EC2 instances. But, henceforth, all requests from the same user will be redirected to the same EC2 instance. This ensures that all requests coming from the user during the session will be sent to the same application instance.

NEW QUESTION 11
An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions. In order to monitor the performance of the application globally, you would like to see two graphs: 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all DynamoDB tables.
How can you accomplish this?

• A. Tag your resources with the application name, and select the tag name as the dimension in the CloudWatch Management console to view the respective graphs
• B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in CloudWatch.
• C. Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphing.
• D. Add a CloudWatch agent to each instance and attach one to each DynamoDB tabl
• E. When configuring the agent set the appropriate application name & view the graphs in CloudWatch.

Answer: A

Explanation:
Correct answer should be A. When you turn on detailed monitoring in CloudWatch, you can get 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all DynamoDB tables
Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/GetSingleMetricAllDimen sions.html

NEW QUESTION 12
A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling terminate process only for a while. What will happen to the availability zone rebalancing process (AZRebalance. during this period?

• A. Auto Scaling will not launch or terminate any instances
• B. Auto Scaling will allow the instances to grow more than the maximum size
• C. Auto Scaling will keep launching instances till the maximum instance size
• D. It is not possible to suspend the terminate process while keeping the launch active

Answer: B

Explanation:
Auto Scaling performs various processes, such as Launch, Terminate, Availability Zone Rebalance (AZRebalance. etc. The AZRebalance process type seeks to maintain a balanced number of instances across Availability Zones within a region. If the user suspends the Terminate process, the AZRebalance process can cause the Auto Scaling group to grow up to ten percent larger than the maximum size. This is because Auto Scaling allows groups to temporarily grow larger than the maximum size during rebalancing activities. If Auto Scaling cannot terminate instances, the Auto Scaling group could remain up to ten percent larger than the maximum size until the user resumes the Terminate process type.

NEW QUESTION 13
A company has mandated the use factor authentication (MFA) for all user, and requires users to make all API calls using CLI. However, uses are not prompted to enter MFA token, and able to return CLI commands without MF

• A. In an enforce MFA, the company attached an IAM policy to all users that derives API calls that not been authenticated with MF
• B. What additional step must be ensure that calls are authenticated using MFA?
• C. Enable MFA on IAM roles, requires IAM to use role credentials to sign API calls.
• D. Ask the IAM to log into the AWS Management Console with MFA before marking PI calls using the Cli.
• E. Restricted the IAM users to use the console, as MFA not supported for CLI use.
• F. Reporting users to use temporary credential from the get-session token command to sign API calls.

Answer: B

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/

NEW QUESTION 14
A user is planning to set up the Multi AZ feature of RDS. Which of the below mentioned conditions won't take advantage of the Multi AZ feature?

• A. Availability zone outage
• B. A manual failover of the DB instance using Reboot with failover option
• C. Region outage
• D. When the user changes the DB instance??s server type

Answer: C

Explanation:
Amazon RDS when enabled with Multi AZ will handle failovers automatically. Thus, the user can resume database operations as quickly as possible without administrative intervention. The primary DB instance switches over automatically to the standby replica if any of the following conditions occur:
An Availability Zone outage The primary DB instance fails
The DB instance's server type is changed
The DB instance is undergoing software patching
A manual failover of the DB instance was initiated using Reboot with failover

NEW QUESTION 15
A user is having data generated randomly based on a certain event. The user wants to upload that data to CloudWatch. It may happen that event may not have data generated for some period due to andomness. Which of the below mentioned options is a recommended option for this case?

• A. For the period when there is no data, the user should not send the data at all
• B. For the period when there is no data the user should send a blank value
• C. For the period when there is no data the user should send the value as 0
• D. The user must upload the data to CloudWatch as having no data for some period will cause an errorat CloudWatch monitoring

Answer: C

Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. When the user data is more random and not generated at regular intervals, there can be a period which has no associated data. The user can either publish the zero (0. Value for that period or not publish the data at all. It is recommended that the user should publish zero instead of no value to monitor the health of the application. This is helpful in an alarm as well as in the generation of the sample data count.

NEW QUESTION 16
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational Database Service (RDS) MySQL.
Which security measures fall into AWS's responsibility?

• A. Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access
• B. Protect against IP spoofing or packet sniffing
• C. Assure all communication between EC2 instances and ELB is encrypted
• D. Install latest security patches on EL
• E. RDS and EC2 instances

Answer: B

NEW QUESTION 17
You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database.
Which configuration will allow you to securely serve private content to your users?

• A. Generate pre-signed URLs for each user as they request access to protected S3 content
• B. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user
• C. Create an S3 bucket policy that limits access to your private content to only your subscribed users' credentials
• D. Create a CloudFront Origin Identity user for your subscribed users and assign the GetObject permission to this user

Answer: D

Explanation:
Reference:
https://java.awsblog.com/post/Tx1VE22EWFR4H86/Accessing-Private-Content-in-Amazon- CloudFront

NEW QUESTION 18
An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are added to the same group cloudacademy. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?

• A. https://999988887777.signin.aws.amazon.com/console/
• B. https:// signin.aws.amazon.com/cloudacademy/
• C. https:// cloudacademy.signin.aws.amazon.com/999988887777/console/
• D. https:// 999988887777.aws.amazon.com/ cloudacademy/

Answer: A

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console. The console login URL for the IAM user will be https:// AWS_Account_ID.signin.aws.amazon.com/console/. It uses only the AWS account ID and does not depend on the group or user ID.

NEW QUESTION 19
A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user wants to find out the reason for termination, where can he find the details?

• A. It is not possible to find the details after the instance is terminated
• B. The user can get information from the AWS console, by checking the Instance description under the State transition reason label
• C. The user can get information from the AWS console, by checking the Instance description under the Instance Status Change reason label
• D. The user can get information from the AWS console, by checking the Instance description under the Instance Termination reason label

Answer: D

Explanation:
An EC2 instance, once terminated, may be available in the AWS console for a while after termination. The user can find the details about the termination from the description tab under the label State transition reason. If the instance is still running, there will be no reason listed. If the user has explicitly stopped or terminated the instance, the reason will be ??User initiated shutdown??.

NEW QUESTION 20
A user has scheduled the maintenance window of an RDS DB on Monday at 3 AM. Which of the below
mentioned events may force to take the DB instance offline during the maintenance window?

• A. Enabling Read Replica
• B. Making the DB Multi AZ
• C. DB password change
• D. Security patching

Answer: D

Explanation:
Amazon RDS performs maintenance on the DB instance during a user-definable maintenance window. The system may be offline or experience lower performance during that window. The only maintenance events that may require RDS to make the DB instance offline are:
Scaling compute operations
Software patching. Required software patching is automatically scheduled only for patches that are security
and durability related. Such patching occurs infrequently (typically once every few months. and seldom
requires more than a fraction of the maintenance window.

NEW QUESTION 21
A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated shutdown behaviour to terminate. When the user shuts down the instance from the OS, what will happen?

• A. The OS will shutdown but the instance will not be terminated due to protection
• B. It will terminate the instance
• C. It will not allow the user to shutdown the instance from the OS
• D. It is not possible to set the termination protection when an Instance initiated shutdown is set to Terminate

Answer: B

Explanation:
It is always possible that someone can terminate an EC2 instance using the Amazon EC2 console, command line interface or API by mistake. If the admin wants to prevent the instance from being accidentally terminated, he can enable termination protection for that instance. The user can also setup shutdown behaviour for an EBS backed instance to guide the instance on what should be done when he initiates shutdown from the OS using Instance initiated shutdown behaviour. If the instance initiated behaviour is set to terminate and the user shuts off the OS even though termination protection is enabled, it will still terminate the instance.

NEW QUESTION 22
A SysOps Administrator management a fleet of instance store-backed Amazon Linux EC2 instances. The SSH key used to access these instances has been lost. How can SSH access be restored?

• A. Contact AWS Support lo retrieve a backup of the SSH key after authentication
• B. Create a new SSH key slop the EC2 instances apply the new key, and restart the EC2 instances
• C. Create a new SSH key and apply the new key to the running EC2 instances
• D. Launch a new fleet of EC2 instances wilt a newly created SSH key

Answer: A

Explanation:
Resolution
Warning: Do not perform this procedure if your EC2 instance is an instance store-backed instance. This recovery procedure requires a stop and start of your instance, which means that data on instance store volumes will be lost. For more information, see Determining the Root Device Type of Your Instance.
To recover access to your Linux instance using AWS Systems Manager (SSM) automation, run the AWSSupport-ResetAccess Automation automation document. For more information, see Reset Passwords and SSH Keys on Amazon EC2 Instances.
Or, to manually recover access to your Linux instance, create a new key pair to replace the lost key pair. For more information, see Connecting to Your Linux Instance If You Lose Your Private Key.

NEW QUESTION 23
Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?

• A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches
• B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.
• C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign
• D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

Answer: B

Explanation:
As the EC2 limit per region is max 20. You will need to fill an Amazon EC2 instance request form to increase the EC2 instances to 175. http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2
I don??t think the answer can be D, as the question says ??expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks??. To pre-warm your ELB, you have to put in a request to AWS. You can??t do it.
Q: How do I reserve capacity for an existing, running instance?
To reserve capacity for a running instance, you can purchase a Reserved Instance or modify an existing reservation so it matches your instance's specifications. You can purchase Reserved Instances via the Amazon EC2 Console or by using the PurchaseReservedInstancesOffering API. You can modify existing Reserved Instances via the Amazon EC2 Console or by using the ModifyReservedInstances API call.
In both cases, the reservation must match the following attributes of the running instance you want to cover:
Availability Zone (e.g., us-east-1a) Instance type (e.g., m3.large)
Platform (e.g., Linux/UNIX (Amazon VPC)) Tenancy (e.g., default)
Q: How do I control which instances are billed at the lower rate?
The RunInstances API command does not distinguish between On-Demand instances and the reservations that can be applied to them. When computing your bill, our system will automatically optimize which instances are charged at the lower rate to ensure you always pay the lowest amount. For information about hourly billing, and how it applies to Reserved Instances, see Billing Benefits and Payment Options.
Q: How many Reserved Instances can I purchase?
You can purchase up to 20 Reserved Instances per Availability Zone each month. If you need additional Reserved Instances, complete the form found here. Information about previous generation Reserved Instance types can be found here.
Q: Can I reassign my Reserved Instance from one instance type (e.g., c1.xlarge) to another (e.g., m1.large)?
No. A Reserved Instance is associated with a specific instance type for the duration of its term; however, you can change from one instance size (e.g., c3.large) to another (e.g., c3.xlarge) in the same type, if it is a Linux/UNIX Reserved Instance.
Q: Can I move a Reserved Instance from one region to another?
No. A Reserved Instance is associated with a specific region, which is fixed for the duration of the reservation's term.
Q: Can I modify a Reserved Instance?
Yes. You can request to modify active reservations that you own in one of the following ways: Move between Availability Zones within the same region.
Change the network platform from EC2-Classic to EC2-VPC (for EC2-Classic-enabled customers). Change the instance type of your Linux/UNIX Reserved Instances to a larger or smaller size in the same instance type (e.g., convert 8 m1.smalls into 4 m1.mediums, or vice versa).
Instance type modifications are only supported for Linux/UNIX platform reservations. However, due to licensing differences Linux Reserved Instances cannot be modified to RedHat or SUSE Linux Reserved Instances.
The reservations that you modify must have been purchased on the same day, be the same instance type, and in the same Availability Zone and region. It is not possible to combine reservations. However, if you have multiple instances in the same reservation (i.e., the reservation was purchased to apply to 10 instances), you can modify each of these instances either individually or as a whole.
Q: How do I request changes or modifications?
You can submit a modification request from the Amazon EC2 Console or by using the ModifyReservedInstances API. We process your requests as soon as possible, depending on available capacity. There is no additional cost for modifying your Reserved Instances.
To learn more about modification, see the Amazon EC2 User Guide.

NEW QUESTION 24
A user has launched an EC2 Windows instance from an instance store backed AMI. The user has also set the Instance initiated shutdown behavior to stop. What will happen when the user shuts down the OS?

• A. It will not allow the user to shutdown the OS when the shutdown behaviour is set to Stop
• B. It is not possible to set the termination behaviour to Stop for an Instance store backed AMI instance
• C. The instance will stay running but the OS will be shutdown
• D. The instance will be terminated

Answer: B

Explanation:
When the EC2 instance is launched from an instance store backed AMI, it will not allow the user to configure the shutdown behaviour to ??Stop??. It gives a warning that the instance does not have the EBS root volume.

NEW QUESTION 25
A user has created a Cloudformation stack. The stack creates AWS services, such as EC2 instances, ELB, AutoScaling, and RDS. While creating the stack it created EC2, ELB and AutoScaling but failed to
create RDS. What will Cloudformation do in this scenario?

• A. Cloudformation can never throw an error after launching a few services since it verifies all the steps before launching
• B. It will warn the user about the error and ask the user to manually create RDS
• C. Rollback all the changes and terminate all the created services
• D. It will wait for the user??s input about the error and correct the mistake after the input

Answer: C

Explanation:
AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. The AWS Cloudformation stack is a collection of AWS resources which are created and managed as a single unit when AWS CloudFormation instantiates a template. If any of the services fails to launch, Cloudformation will rollback all the changes and terminate or delete all the created services.

NEW QUESTION 26
A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

• A. The private and public address remains the same
• B. The Elastic IP remains associated with the instance
• C. The volume is preserved
• D. The instance runs on a new host computer

Answer: D

Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use the Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. The instance remains on the same host computer and maintains its public DNS name, private IP address, and any data on its instance store volumes. It typically takes a few minutes for the reboot to complete, but the time it takes to reboot depends on the instance configuration.

NEW QUESTION 27
A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

• A. The user should create a separate IAM user for each mobile application and provide DynamoDB access with it
• B. The user should create an IAM role with DynamoDB and EC2 acces
• C. Attach the role with EC2 and route all calls from the mobile through EC2
• D. The application should use an IAM role with web identity federation which validates calls to DynamoDB with identity providers, such as Google, Amazon, and Facebook
• E. Create an IAM Role with DynamoDB access and attach it with the mobile application

Answer: C

Explanation:
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. If the user is creating an app that runs on a mobile phone and makes requests to AWS, the user should not create an IAMuser and distribute the user's access key with the app. Instead, he should use an identity provider, such as Login with Amazon, Facebook, or Google to authenticate the users, and then use that identity to get temporary security credentials.

NEW QUESTION 28
......