SOA-C01 (Page 6)

An Amazon S3 bucket in a SysOps Administrator’s account can be accesses by users in other SWS accounts.How can the Administrator ensure that the bucket is only accessible to members of the Administrator’s AWS account?Read More →

A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.What steps should the Administrator take to complete this task?Read More →

In configuring an Amazon Route 53 health check, a SysOps Administrator selects `˜Yes’ to the String Matching option in the Advanced Configuration section.In theSearch String box, the Administrator types the following text: /html.This is to ensure that the entire page is loading during the health check.Within 5 minutes of enabling the health check, the Administrator receives an alert stating that the check failed.However, when the Administrator navigates to the page, it loads successfully.What is the MOST likely cause of this false alarm?Read More →

A SysOps Administrator is implementing SSL for a domain of an internet-facing application running behind an Application Load Balancer (ALB).The Administrator decides to use an SSL certificate from Amazon Certificate Manager (ACM) to secure it.Upon creating a request for the ALB fully qualified domain name (FQDN), it fails, and the error message `Domain Not Allowed` is displayed.How can the Administrator fix this issue?Read More →

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.How should the Administrator ensure that this is done?Read More →

A SysOps Administrator must devise a strategy for enforcing tagging of all EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes.What action can the Administrator take to implement this for real-time enforcement?Read More →

A company must share monthly report files that are uploaded to Amazon S3 with a third party.The third-party user list is dynamic, is distributed, and changes frequently.The least amount of access must be granted to the third party.Administrative overhead must be low for the internal teams who manage the process.How can this be accomplished while providing the LEAST amount of access to the third party?Read More →

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified.A sysops administrator needs to automate remediation.What should the sysops administrator do to meet these requirements?Read More →

A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.Which action should a SysOps Administrator recommend?Read More →

A custom application must be installed on all Amazon EC2 instances.The application is small, updated frequently and can be installed automatically.How can the application be deployed on new EC2 instances?Read More →