Amazon SOA-C01 Exam Dumps

AWS Certified SysOps Administrator - Associate

684 Reviews

Exam Code	SOA-C01
Exam Name	AWS Certified SysOps Administrator - Associate
Questions	263 Questions Answers With Explanation
Update Date	December 15,2025
Price	Was : $90 Today : $50 Was : $108 Today : $60 Was : $126 Today : $70

Add To Cart

Demo Questions

Question # 1

A security officer has requested Ifial internet access be removed from subnets in a VPC. The subnets currently route internet-bound traffic to a NAT gateway. A SysOps administrator needs to remove this access while allowing access to Amazon S3. Which solution will meet these requirements?

A. Set up an internet gateway. Update the route table on the subnets to use the internet gateway to route traffic to Amazon S3 
B. Set up an S3 VPC gateway endpoint. Update the route table on the subnets to use the gateway endpoint to route traffic to Amazon S3. 
C. Set up additional NAT gateways in each Availability Zone. Update the route table on the subnets to use the NAT gateways to route traffic to Amazon S3.  
D. Set up an egress-only internet gateway. Update the route table on the subnets to use the egress-only internet gateway to route traffic to Amazon S3. 

Show Answer

Question # 2

A SysOps administrator set up an Amazon ElastiCache for Memcached cluster for an application During testing, the application expenences increased latency. Amazon CloudWatch metrics (or the Memcached cluster show CPUUtilization is consistently above 95% and FreeableMemory is consistently under 1 MB. Which aclion will solve the problem?

A. Configure ElastiCache automatic scaling for the Memcached cluster. Set the CPUUtilization metric as a scaling trigger above 75% and FreeableMemory below 10 MB.
B. Configure ElastiCache read replicas for each Memcached node in different AvailabilityZones to distribute the workload.
C. Deploy an Application Load Balancer to distribute the workload to Memcached clusternodes.
D. Replace the Memcached cluster and select a node type that has a higher CPU andmemory.

Show Answer

Question # 3

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load. What are possible causes tor this problem? (Select TWO.)

A. CloudFront does not have the ALB configured as the origin access identity.
B. The DNS is still pointing to the ALB instead of the CloudFront distribution.
C. The ALB security group is not permitting inbound traffic from CloudFront.
D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on theCloudFront distribution.
E. The target groups associated with the ALB are configured for sticky sessions.

Show Answer

Question # 4

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all. introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation. What should the administrator do to meet these requirements?

A. Create an 1AM managed policy lo deny access to ports 22 and 3389 on any securitygroups in a VPC.
B. Define an AWS Config rule and remediation action with AWS Systems Managerautomation documents.
C. Enable AWS Trusted Advisor to remediate public port access.
D. Use AWS Systems Manager configuration compliance to remediate public port access.

Show Answer

Question # 5

A company is planning to deploy multiple ecommerce websites across the eu-west-1, apeast-1, and us-west-1 Regions. The websites consist of Amazon S3 buckets Amazon EC2 instances, Amazon RDS databases and Elastic Load Balancers. Which method will accomplish the deployment with the LEAST amount of effort? 

A. Configure deployment automation using AWS OpsWorks
B. Configure S3 cross-Region replication
C. Use AWS CloudFormation stack sets to deploy the application
D. Use AWS Elastic Beanstalk to deploy the application

Show Answer

Question # 6

An application is running on Amazon EC2 Instances behind an Application Load Balancer (ALB). An operations team wants to be notified in near-teal time when the ALB has issues connecting to backend EC2 instances. Which solution will meet these requirements with the LEAST amount of effort? 

A. Configure the ALB to send logs to Amazon S3. Write an AWS Lambda function toprocess the log files and send an email message to the operations team when the numberof requests exceeds the threshold.
B. Create an Amazon CloudWatch rule to monitor the HealthyHostCount metric and sendAmazon Simple Notification Service (Amazon SNS) messages to the operations teamwhen HealthyHostCount is equal to zero.
C. Create an Amazon CloudWatch rule lo monitor the TargetConnectionErrorCount metricand send Amazon Simple Notification Service (Amazon SNS) messages to the operationsteam when TargetConnectionErrorCount is greater than 1.
D. Create an Amazon CloudWatch rule to monitor the HTTPCode_Target_5XX_Countmetric and send Amazon Simple Notification Service (Amazon SNS) messages to theoperations team when HTTPCode_Target_5XX_Count is greater than zero.

Show Answer

Question # 7

A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) tor the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account. What is the MOST operationally efficient solution to control the production account? 

A. Create a customer managed policy in AWS Identity and Access Management (1AM)Apply the policy to all users within the production account.
B. Create a job function policy in AWS Identity and Access Management (1AM). Apply thepolicy to all users within the production OU.
C. Create a service control policy (SCP). Apply the SCP to the production OU.
D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the productionaccount.

Show Answer

Question # 8

A company wants to create a new Network Load Balancer (NLB) (or an existing interface VPC endpoint. A SysOps administrator tries to remove the existing NLB but sees the error "existing VPC Endpoint connections and cannot be removed." Which solution will resolve this issue? 

A. Create a new interface endpoint. Move the existing NLB to the new interface endpoint. Replace the NLB from the old endpoint with a new NLB. 
B. Create a new NLB. Disassociate the NLB used by the interface endpoint service. Associate the new NLB with the interface endpoint service
C. Disassociate the NLB used by the interface endpoint service. Create a new NLB and associate it with the Interface endpoint. 
D. Reject the interface endpoint connection. Disassociate the NLB. Create a new NLB and associate it with the interface endpoint. 

Show Answer

Question # 9

A SysOps administrator notices a scale-out event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric tor the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests Where can the administrator find this information?

A. Auto Scaling logs
B. AWS CloudTrail logs
C. EC2 instance logs
D. Elastic Load Balancer access logs

Show Answer

Question # 10

A SysOps administrator needs to register targets for a Network Load Balancer (NL8) using IP addresses Which prerequisite should the SysOps administrator validate to perform this task?

A. Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04
B. Ensure the heath check setting on the NLB for the Matcher configuration is between 200and 399
C. Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).
D. Ensure the NLB is exposed as an endpoint service before registering the targets usingIP addresses

Show Answer

Question # 11

A company's application running on Amazon EC2 Linux recently crashed because it ran out ot available memory. Management wants to be alerted if this ever happens again. Which combination of steps will accomplish this? (Select TWO.)

A. Create an Amazon CloudWatch dashboard to monitor the memory usage metrics on theInstance over time.
B. Create an alarm on the dashboard that publishes an Amazon SNS notification to alertthe CIO when a threshold is passed.
C. Create an alarm on the metric that publishes an Amazon SNS notification to alert theCIO when a threshold is passed.
D. Create an alarm on the AWS Personal Health Dashboard that publishes an AmazonSNS notification to alert the CIO when the system is out of memory.
E. Configure the Amazon CloudWatch agent to collect and push memory usage metrics onthe instance.

Show Answer

Question # 12

A sysops administrator has an AWS Lambda function that performs maintenance on various AWS resources. This function must be run nightly. Which is the MOST costeffective solution?

A. Launch a single t2.nano Amazon EC2 instance and create a Linux cron job to invoke theLambda function at the same time every night.
B. Set up an Amazon CloudWatch metrics alarm to invoke the Lambda function at thesame time every night.
C. Schedule a CloudWatch event to invoke the Lambda function at the same time everynight.
D. Implement a Chef recipe in AWS OpsWorks stack to invoke the Lambda function at thesame time every night.

Show Answer

Question # 13

A SysOps administrator is implementing automated I/O load performance testing as part of lite continuous integraliorVcontinuous delivery (CI'CD) process for an application The application uses an Amazon Elastic Block Store (Amazon E8S) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results. Which actions could the SysOps administrator take to accomplish this goal? (Select TWO.)

A. Restore the EBS volume from the snapshot with fast snapshot restore enabled
B. Restore the EBS volume from the snapshot using the cold HDD volume type.
C. Restore the EBS volume from the snapshot and pre-warm the volume by reading all ofthe blocks.
D. Restore the EBS volume from the snapshot and configure encryption.
E. Restore the EBS volume from the snapshot and configure I/O block sizes at random

Show Answer

Question # 14

Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration. Which log type will confirm whether users are trying to connect to the correct port?

A. AWS CloudTrail logs
B. Elastic Load Balancer access logs
C. Amazon S3 access logs
D. VPC Flow Logs

Show Answer

Question # 15

A company will migrate its on-premises enterprise system to AWS. The enterprise system will be hosted on memory optimized Amazon EC2 instances across multiple Availability Zones. The enterprise system needs shared file storage that is scalable and block-based. A SysOps team must configure the encryption of data in transit tor the shared He system and develop a backup strategy to cost-effectively store the file system data centrally. Which solution will meet these requirements?

A. Use Amazon Elastic Block Store (Amazon EBS) for the shared file storage. Mount the EBS volume to the EC2 instances. Use a custom script to create a backup of the entire file system and protect data in transit by using SSL 
B. Use Amazon Elastic File System (Amazon EFS) for the shared file storage. Use AWS Backup to configure backups. Use lifecycle policies to automatically transition backups to cold storage. Use the amazon-efs-utils package to mount the EFS file system by using the TLS options
C. Use Amazon Elastic File System (Amazon EFS) for the shared file storage. Use AWS Backup to configure backups. Use lifecycle policies to automatically transition backups to cold storage Perform data-in-transit encryption by using client-side encryption. 
D. Use Amazon S3 for the shared file storage. Mount the S3 bucket directory to the EC2 instances. Use an S3 Lifecycle policy to archive the data in Amazon S3 Glacier. 

Show Answer

Question # 16

A SysOps administrator is running an automatically scaled application behind an Application Load Balancer. Scaling out Is triggered when the CPU Utilization instance metric is more than 75% across the Auto Scaling group. The administrator noticed aggressive scaling out. Developers suspect an application memory leak that is causing aggressive garbage collection cycles. How can the administrator troubleshoot the application without triggering the scaling process?

A. Create a scale down trigger when the CPUUtilization instance metric is at 70%.
B. Delete the Auto Scaling group and recreate it when troubleshooting is complete
C. Remove impacted instances from the Application Load Balancer.
D. Suspend the scaling process before troubleshooting.

Show Answer

Question # 17

A company uses LDAP-based credentials and Has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-Based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion. Which API call should be used to retrieve credentials for federated programmatic access?

A. sts:AssumeRote
B. sts:AssumeRoleWithSAML
C. stsAssumeRoleWithWebldentity
D. sts:GetFederationToken

Show Answer

Question # 18

A company with dozens of AWS accounts wants to ensure that governance rules are being applied across all accounts. The CIO has recommended that AWS Config rules be deployed using an AWS Cloud Formation template. How should this be accomplished?

A. Create a Cloud Form at ion stack in the master account of AWS Organizations andexecute the Cloud Formation template to create AWS Config rules in all accounts.
B. Create a CloudFormation stack set. then select the Cloud Formation template and use Itto configure the AWS accounts.
C. Use AWS Organizations to execute the CloudFormation template in all accounts.
D. Write a script that iterates over the company's AWS accounts and executes the CloudFormation template in each account.

Show Answer

Question # 19

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future. Which action should the SysOps administrator take to meet this requirement?

A. Create an AWS Lambda function K> look up user data settings of the EC2 instance andpublish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.
B. Create AWS Config rules to monitor the fleet of EC2 instances and publish a notificationto an Amazon Simple Notification Service {Amazon SNS) topic.
C. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWSPersonal Health Dashboard events to an Amazon Simple Notification Service (AmazonSNS) topic.
D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWSService Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS)topic.

Show Answer

Question # 20

A company is using AWS Storage Gateway to create block storage volumes and mount them as Internet Small Computer Systems Interlace (iSCSI) devices from on-premise! servers As the Storage Gateway has taken on several new projects some of the Development teams report that the performance of the iSCSI drives has degraded. When checking the Amazon CloudWatch metrics a SysOps Administrator notices that the cachePercentUsed metric is below 60% and the cachePercentUsed metric is above 90%. What steps should the Administrator take to increase Storage Gateway performance?

A. Change the default block size for the Storage Gateway from 64 KB to 128 KB 256 KB or512 KB to improve I/O performance
B. Create a larger disk for the cached volume. In the AWS Management Console. edit thelocal disks then select the new disk as the cached volume
C. Ensure that the physical disks for the Storage Gateway are in a RAID 1 configuration toallow higher throughput
D. Take point in time snapshots of all the volumes in Storage Gateway flush the cachecompletely then restore the volumes from the clean snapshots

Show Answer

Question # 21

An organization stores sensitive customer information in S3 buckets protected by bucket policies. Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The chief information security officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information. Which steps should a SysOps administrator take to meet the CISO's requirement? (Select TWO.)

A. Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of whichbuckets are being accessed without authorization.
B. Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logsstored in a bucket dedicated for logs.
C. Use Amazon Athena to query S3 Analytics reports for HTTP 403 errors, and determinethe 1AM user or role making the requests.
D. Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, anddetermine the 1AM user or role making the requests.
E. Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, anddetermine the 1AM user or role making the requests.

Show Answer

Question # 22

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability tor an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. AH other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers. Which next step should be taken to configure Route 53?

A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.
B. Create an A record for each server. Associate the records with the Route 53 TCP health check.
C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.  
D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check. 

Show Answer

Question # 23

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance Which of the following are possible causes of this issue? (Select TWO.)

A. A network ACL associated with the bastion's subnet is blocking the network traffic
B. The instance does not have a private IP address.
C. The route table associated with the bastion's subnet does not have a route to theinternet gateway
D. The security group for the instance does not have an inbound rule on port 22
E. The security group for the instance does not have an outbound rule on port 3389.

Show Answer

Question # 24

A SysOps administrator is configuring an application on AWS to be used over the internet by departments in other countries For remote locations, the company requires a static public IP address to be explicitly allowed as a target for outgoing internet traffic How should the SysOps administrator deploy the application to meet this requirement? 

A. Deploy the application on an Amazon Elastic Container Service (Amazon ECS) clusterConfigure an AWS App Mesh service mesh.
B. Deploy the application as AWS Lambda functions behind an Application Load Balancer
C. Deploy the application on Amazon EC2 instances behind an internet-facing NetworkLoad Balancer
D. Deploy the application on an Amazon Elastic Kubernetes Service (Amazon EKS) clusterbehind an Amazon API Gateway

Show Answer

Question # 25

A company is running an application on Amazon EC2 instances. The company needs to stop all development instances during non-business hours to reduce costs. The instances must be started again at trie beginning of each business day. Which solution meets these requirements with the LEAST administrative overhead?

A. Add the instances to an EC2 Auto Scaling group. Configure the scaling policy to scale in when the instances are at low CPU utilization levels.
B. Create a cron script on each EC2 instance that shuts down the instance at the end of each day.
C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that triggers an Amazon Simple Notification Service (Amazon SNS) topic to let a SysOps administrator know to start or stop the EC2 instances.
D. Create Amazon EventBridge (Amazon CloudWatch Events) scheduled rules that trigger an AWS Lambda function to start or stop the EC2 instances. 

Show Answer