Amazon SOA-C01 Exam Dumps

AWS Certified SysOps Administrator - Associate

732 Reviews

Exam Code	SOA-C01
Exam Name	AWS Certified SysOps Administrator - Associate
Questions	263 Questions Answers With Explanation
Update Date	05, 13, 2026
Price	Was : $90 Today : $50 Was : $108 Today : $60 Was : $126 Today : $70

Add To Cart

Demo Questions

Question # 1

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations What should a SysOps administrator do to implement this requirement?

A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console
B. Develop an 1AM policy that limits the business units to provision EC2 instances only Instruct the business units to launch instances by using an AWS CtoudFormation template. 
C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog Allow the business units to perform actions in AWS Service Catalog only 
D. Share an AWS CloudFormation template with the business units Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances. 

Show Answer

Question # 2

A SysOps administrator is creating an AWS CloudFormation template that uses Amazon EC2 auto scaling to launch EC2 instances with windows 2016. The administrator wants to configure the CloudFormation template to ensure that newly launched instances include recent security updates before serving application traffic. This will minimize the time it takes for the instance to start.Which action will meet these requirements?

A. Configure the template to retrieve the latest windows Amazon machine image (AMI) from AWS systems manager parameter store.
B. Configure the template to use AWS system manager patch manager to update instances when they are launched.
C. Create a CloudFormation nested stack that creates a new Amazon Machine Image (AMI), then use that AMI ID in the auto scaling launch configuration.
D. Update the template with a user data script that runs windows update using the command line and then calls cfn-signal.

Show Answer

Question # 3

A SysOps administrator is managing a VPC network consisting of public and private subnets. Instances in the pnvate subnets access the internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creating the most network traffic.How should this be accomplished?

A. Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses.
B. Run an AWS Cost and Usage report and group the findings by instance ID.
C. Use the VPC traffic mirroring feature to send traffic to Amazon QuickSight.
D. Use Amazon CloudWatch metrics generated by the NAT gateway for each individual instance.

Show Answer

Question # 4

An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account.How can a SysOps administrator achieve this while maintaining the security of the application?

A. Create an encrypted Amazon Machine Image (AMI) of the instance and make it public to allow the other account to search and launch an instance from it.
B. Create an AMI of the instance, add permissions for the AMI to the other AWS account, and start a new instance in the new region by using that AMI.
C. Create an AMI of the instance, copy the AMI to the new region, add permissions for the AMI to the other AWS account, and start the new instance.
D. Create an encrypted snapshot of the instance and make it public Provide only permissions to decrypt to the other AWS account.

Show Answer

Question # 5

A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A sysops administrator needs to design a provisioning process that save time and resources.Which action should be taken to meet these requirements?

A. Automate using AWS Elastic Beanstalk to provision the AWS Accounts, set up infrastructure, and integrate with AWS Organizations.
B. Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure.
C. Use AWS config to provision accounts and deploy instances using AWS service catalog.
D. Use AWS Control Tower to create a template in account factory and use the template to provision new accounts.

Show Answer

Question # 6

A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.Which action should be taken to meet these requirements? 

A. Edit the template to remove the RDS resources and update the stack
B. Enable termination protection on the stack.
C. Set the deletionPolicy attributes for RDS resources to retain in the template.
D. Set the deletion-protection parameter on RDS resources

Show Answer

Question # 7

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.Which solution meets these requirements with the LEAST amount of operational overhead''

A. Create a role for each department within AWS 1AM and assign each role the necessary permissions.
B. Create a user for each department within AWS 1AM and assign each user the necessary permissions.
C. Implement service control policies within AWS Organizations to determine which resources each department can access
D. Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

Show Answer

Question # 8

A company's IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.What should a SysOps Administrator do to collect this information? (Select TWO)

A. Activate the createdBy tag in the account
B. Analyze the usage with Amazon CloudWatch dashboards
C. Analyze the usage with Cost Explorer
D. Configure AWS Trusted Advisor to track resource usage
E. Create a billing alarm in AWS Budgets

Show Answer

Question # 9

An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.What should the organization do to reduce costs?

A. Purchase Reserved Instances for the specific m2 instances
B. Change the m2 instances to equivalent m5 types, and purchase Reserved Instances for the specific m5 instances
C. Change the Classic Load Balancer to an Application Load Balancer, and purchase Reserved Instances for the specific m2 instances.
D. Purchase Spot Instances for the specific m2 instances

Show Answer

Question # 10

In configuring an Amazon Route 53 health check, a SysOps Administrator selects ‘Yes’ to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the health check, the Administrator receives an alert stating that the check failed. However, when the Administrator navigates to the page, it loads successfully. What is the MOST likely cause of this false alarm? 

A. The search string is not HTML-encoded.
B. The search string must be put in quotes.
C. The search string must be escaped with a backslash (\) before the forward slash (/).
D. The search string is not in the first 5120 bytes of the tested page.

Show Answer

Question # 11

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.Which action will the administrator of the second account be able to perform?

A. Add a product from the imported portfolio to a local portfolio.
B. Add new product to the imported portfolio
C. Change the launch role for the products contained in the imported portfolio
D. Remove Products from the imported portfolio.

Show Answer

Question # 12

A sysops administrator created an AWS Lambda function within a VPC with no access to the internet. The Lambda function pulls messages from an Amazon SOS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.Which of the following are possible causes for this? (Select TWO.) 

A. A VPC endpoint has not been created for Amazon RDS.
B. A VPC endpoint has not been created for Amazon SQS.
C. The RDS security group is not allowing connections from the Lambda function
D. The subnet associated with the Lambda function does not have an internet gateway attached
E. The subnet associated with the Lambda function has a NAT gateway

Show Answer

Question # 13

A company has an application that is running on an EC2 instance in one Availability Zone. A sysops administrator has been tasked with making the application highly available The administrator created a launch configuration from the running EC2 instance The administrator also properly configured a load balancer.What step should the administrator complete next to make the application highly available? 

A. Create an Auto Scaling group by using the launch configuration across at least 2 Availability Zones with a minimum size of 1 desired capacity of 1, and a maximum size of 1.
B. Create an Auto Scaling group by using the launch configuration across at least 3 Availability Zones with a minimum size of 2 desired capacity of 2, and a maximum of 2
C. Create an Auto Scaling group by using the launch configuration across at least 2 regions with a minimum size of 1 desired capacity of 1, and a maximum size of 1
D. Create an Auto Scaling group by using the launch configuration across at least 3 regions with a minimum size of 2 desired capacity of 2 and a maximum size of 2

Show Answer

Question # 14

A company has a multi-account AWS environment that includes the followingA central identity account that contains all IAM users and groups Several member accounts that contain IAM rolesA SysOp administrator must grant permissions for a particular IAM group to assume o role in one of the member accounts How should the SysOps administrator accomplish this task?

A. In the member account, add sts: AssumeRole permissions to the role’s policy. In the identity account, add a trusted policy to the group that specifies the account number of the member account.
B. In the member account, add the group Amazon Resource Name (ARN) to the role’s trust policy. In the identity account, add an inline policy to the group with sts: AssumeRole permissions.
C. In the member account, add the group Amazon Resource Name (ARN) to the role’s trust policy. In the identity account. Add an inline policy to the group with sts: PassRole permission.
D. In the member account, add the group Amazon Resource Name (ARN) to the role’s inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.

Show Answer

Question # 15

A SysOps Administrator is running Amazon EC2 instances in multiple AWS Regions. The Administrator wants to aggregate the CPU utilization for all instances onto an Amazon CloudWatch dashboard. Each region should be present on the dashboard and represented by a single graph that contains the CPU utilization for all instances in that region.How can the Administrator meet these requirements?

A. Create a cross-region dashboard using AWS Lambda and distribute it to all regions
B. Create a custom CloudWatch dashboard and add a widget for each region in the AWS Management Console
C. Enable cross-region dashboards under the CloudWatch section of the AWS Management Console
D. Switch from basic monitoring to detailed monitoring on all instances

Show Answer

Question # 16

A SysOps Administrator deployed an AWS elastic Beanstalk worker node environment that reads messages from an auto-generated Amazon simple Queue service (Amazon SQS) queue and deletes them from the queue after processing. Amazon EC2 auto scaling scales in and scales out number of worker nodes based on CPU utilization. After some time, the administrator notices that the number of messages in the SQS queue are increasing significantly.Which action will remediate the issue? 

A. change the scaling policy to scale based upon the number messages in the queue.
B. decouple the queue from the elastic Beanstalk worker and create it as a separate resource.
C. increase the number of messages in the queue.
D. Increase the retention period of the queue.

Show Answer

Question # 17

Developers are using 1AM access keys to manage AWS resources using AWS CL1 Company policy requires that access keys are automatically disabled when the access key age is greater than 90 daysWhich solution will accomplish this? 

A. Configure an Amazon CloudWatch alarm to trigger an AWS Lambda function that disables keys older than 90 days
B. Configure AWS Trusted Advisor to identify and disable keys older than 90 days.
C. Set a password policy on the account with a 90-day expiration
D. Use an AWS Config rule to identify noncompliant keys Create a custom AWS Systems Manager Automation document for remediation.

Show Answer

Question # 18

A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.How can these requirements be met?

A. Create read replicas for the RDS database and use them in case of a database failure
B. Create a new RDS instance from the snapshot of the original RDS instance if a failure occurs
C. Keep a separate RDS database running and switch the endpoint in the web application if a failure occurs
D. Modify the RDS instance to be a Multi-AZ deployment

Show Answer

Question # 19

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deployWhat is likely to be the problem?

A. The Amazon Machine Image used is not available in that region
B. The AWS CloudFormation template needs to be updated to the latest version
C. The VPC configuration parameters have changed and must be updated in the template
D. The account has reached the default limit for VPCs allowed

Show Answer

Question # 20

A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.Which remediation steps should be taken to resolve this issue? (Select TWO.)  

A. Add a larger Amazon EBS volume to the ElastiCache cluster nodes
B. Add a load balancer to route traffic to the ElastiCache cluster
C. Add additional worker nodes to the ElastiCache cluster
D. Create an Auto Scaling group to the ElastiCache cluster
E. Vertically scale the ElastiCache cluster by changing the node type

Show Answer

Question # 21

A company has a web application that is used across all company divisions. Each application request contains a header that includes the name of the division making the request. The SysOps Administrator wants to identify and count the requests from each division.Which condition should be added to the web ACL of the AWS WAF to accomplish this?

A. Cross-site scripting
C. Geo match
C. IP match
D. String match

Show Answer

Question # 22

An organization stores sensitive customer information in S3 buckets protected by bucket policies Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The chief information security officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.Which steps should a SysOps administrator take to meet the CISO's requirement? (Select TWO.)

A. Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.
B. Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.
C. Use Amazon Athena to query S3 Analytics reports for HTTP 403 errors, and determine the 1AM user or role making the requests.
D. Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the 1AM user or role making the requests.
E. Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the 1AM user or role making the requests.

Show Answer

Question # 23

A SysOpsAdministrator is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Administrator wants to be notified automatically of AWS Personal Health Dashboard events.In the main payer account, the Administrator configures Amazon CloudWatch Events triggered by AWS Health events triggered by AWS Health triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger.Why did the alerts fail? 

A. Amazon SNS cannot be triggered from the AWS Personal Health Dashboard
B. The AWS Personal Health Dashboard only reports events from one account, not linked accounts
C. The AWS Personal Health Dashboard must be configured from the payer account only; all events will then roll up into the payer account.
D. AWS Organizations must be used to monitor linked accounts.

Show Answer

Question # 24

A company's finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements? 

A. Configure AWS Cost and Usage reports for each department Run the reports monthly.
B. Schedule a monthly report for each department using AWS Budgets
C. Run a monthly AWS CloudTrail report of resource usage by tag using department codes
D. Tag all resources with department codes Generate a monthly cost allocation report

Show Answer

Question # 25

A medical imaging company needs lo process large amounts of imaging data in real time using a specific instance type. The company wants to guarantee sufficient resource capacity for 1 yearWhich action will meet these requirements in the MOST cost-effective manner?

A. Create 1-year On-Demand Capacity Reservations in the specific Availability Zones
B. Launch Amazon EC2 instances with termination protection enabled
C. Purchase 1 -year Reserved Instances in the specific Availability Zones
D. Use a Spot Fleet across multiple Availability Zones

Show Answer