Top 20 AWS Certified Associate SysOps Administrator Practice Quiz – Questions and Answers Dumps

The AWS Certified SysOps Administrator – Associate (SOA-C01) examination is intended for individuals who have technical expertise in deployment, management, and operations on AWS.

The AWS Certified SysOps Administrator – Associate exam covers the following domains:

Domain 1: Monitoring and Reporting 22%

Domain 2: High Availability 8%

Domain 3: Deployment and Provisioning 14%

Domain 4: Storage and Data Management 12%

Domain 5: Security and Compliance 18%

Domain 6: Networking 14%

Domain 7: Automation and Optimization 12%

AWS Certified SysOps Administrator
AWS Certified SysOps Administrator

Below are the top 20 Top 20 AWS Certified Associate SysOps Administrator  Practice Quiz Questions and Answers and References – SOA-C01:

Question 1: Under which security model does AWS provide secure infrastructure and services, while the customer is responsible for secure operating systems, platforms, and data?

ANSWER1:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT1: The Shared Responsibility Model is the security model under which AWS provides secure infrastructure and services, while the customer is responsible for secure operating systems, platforms, and data.

Question 2: Which type of testing method is used to compare a control system to a test system, with the goal of assessing whether changes applied to the test system improve a particular metric compared to the control system?

ANSWER2:

A

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT2: The side-by-side testing method is used to compare a control system to a test system, with the goal of assessing whether changes applied to the test system improve a particular metric compared to the control system.

Reference2: AWS Side by side testing 

Question 3: When BGP is used with a hardware VPN, the IPSec and the BGP connections must both be which of the following on the same user gateway device?

ANSWER3:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT3: The IPSec and the BGP connections must both be terminated on the same user gateway device.

Reference3: IpSec and BGP in AWS

Question 4: Which pillar of the AWS Well-Architected Framework includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies?

ANSWER4:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT4: Security is the pillar of the AWS Well-Architected Framework that includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Reference4: AWS Well-Architected Framework: Security

Question 5: Within the realm of Amazon S3 backups, snapshots are which of the following?

ANSWER5:

A

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT: Within the realm of Amazon S3 backups, snapshots are block-based.

Reference5: Snapshots are block based

Question 6: Amazon VPC provides the option of creating a hardware VPN connection between remote customer networks and their Amazon VPC over the Internet using which encryption technology?

ANSWER6:

E

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT6: Amazon VPC provides the option of creating a hardware VPN connection between remote customer networks and their Amazon VPC over the Internet using IPsec encryption technology.

Reference6: Amazon VPC IPSec Encryption

Question 7: To make a clean backup of a database, that database should be put into what mode before making a snapshot of it?

ANSWER7:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT7: To make a clean backup of a database, that database should be put into hot backup mode before making a snapshot of it.

Reference: AWS Prescriptive Backup Recovery Guide

Question 8: Which pillar of the AWS Well-Architected Framework includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve?

ANSWER8:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT8: Performance efficiency is the pillar of the AWS Well-Architected Framework that includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Reference8: Performance Efficiency Pillar – AWS Well-Architected Framework

Question 9: AWS Storage Gateway supports which three configurations?

ANSWER9:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT9: AWS Storage Gateway supports Gateway-stored volumes, Gateway-cached volumes, and Gateway-virtual tape library.

Reference9: AWS Storage Gateway configurations

Question 10: With which of the following can you establish private connectivity between AWS and a data center, office, or co-location environment?

ANSWER10:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT10: With AWS Direct Connect you can establish private connectivity between AWS and a data center, office, or co-location environment.

Reference: AWS Direct Connect

Question 11: A company is migrating a legacy web application from a single server to multiple Amazon EC2 instances behind an Application Load Balancer (ALB). After the migration, users report that they are frequently losing their sessions and are being prompted to log in again. Which action should be taken to resolve the issue reported by users?

A) Purchase Reserved Instances.
B) Submit a request for a Spot block.
C) Submit a request for all Spot Instances.
D) Use a mixture of On-Demand and Spot Instances

ANSWER11:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT11: Legacy applications designed to run on a single server frequently store session data locally. When these applications are deployed on multiple instances behind a load balancer, user requests are routed to instances using the round robin routing algorithm. Session data stored on one instance would not be present on the others. By enabling sticky sessions, cookies are used to track user requests and keep subsequent requests going to the same instance.

Reference 11: Sticky Sessions

Question 12: An ecommerce company wants to lower costs on its nightly jobs that aggregate the current day’s sales and store the results in Amazon S3. The jobs run on multiple On-Demand Instances, and the jobs take just under 2 hours to complete. The jobs can run at any time during the night. If the job fails for any reason, it needs to be started from the beginning. Which solution is the MOST cost-effective based on these requirements?

A) Purchase Reserved Instances.

B) Submit a request for a Spot block.

C) Submit a request for all Spot Instances.

D) Use a mixture of On-Demand and Spot Instances.

ANSWER12:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT12: The solution will take advantage of Spot pricing, but by using a Spot block instead of Spot Instances, the company can be assured the job will not be interrupted.

Reference12: Spot Block

Question 13: A sysops team checks their AWS Personal Health Dashboard every week for upcoming AWS hardware maintenance events. Recently, a team member was on vacation and the team missed an event, which resulted in an outage. The team wants a simple method to ensure that everyone is aware of upcoming events without depending on an individual team member checking the dashboard. What should be done to address this?

A) Build a web scraper to monitor the Personal Health Dashboard. When new health events are detected, send a notification to an Amazon SNS topic monitored by the entire team.

B) Create an Amazon CloudWatch Events event based off the AWS Health service and send a notification to an Amazon SNS topic monitored by the entire team.

C) Create an Amazon CloudWatch Events event that sends a notification to an Amazon SNS topic monitored by the entire team to remind the team to view the maintenance events on the Personal Health Dashboard.

D) Create an AWS Lambda function that continuously pings all EC2 instances to confirm their health. Alert the team if this check fails.

ANSWER13:

B

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT13: The AWS Health service publishes Amazon CloudWatch Events. CloudWatch Events can trigger Amazon SNS notifications. This method requires neither additional coding nor infrastructure. It automatically notifies the team of upcoming events, and does not depend upon brittle solutions like web scraping.

Reference 13: Amazon CloudWatch Events

Question14: An application running in a VPC needs to access instances owned by a different account and running in a VPC in a different AWS Region. For compliance purposes, the traffic must not traverse the public internet.
How should a sysops administrator configure network routing to meet these requirements?

A) Within each account, create a custom routing table containing routes that point to the other account’s virtual private gateway.

B) Within each account, set up a NAT gateway in a public subnet in its respective VPC. Then, using the public IP address from the NAT gateway, enable routing between the two VPCs.

C) From one account, configure a Site-to-Site VPN connection between the VPCs. Within each account, add routes in the VPC route tables that point to the CIDR block of the remote VPC.

D) From one account, create a VPC peering request. After an administrator from the other account accepts the request, add routes in the route tables for each VPC that point to the CIDR block of the peered VPC.

ANSWER14:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT14: A VPC peering connection enables routing using each VPC’s private IP addresses as if they were in the same network. Traffic using inter-Region VPC peering always stays on the global AWS backbone and never traverses the public internet.

Reference14: VPC Peering

Question15: An application running on Amazon EC2 instances needs to access data stored in an Amazon DynamoDB table. Which solution will grant the application access to the table in the MOST secure manner?

A) Create an IAM group for the application and attach a permissions policy with the necessary privileges. Add the EC2 instances to the IAM group.

B) Create an IAM resource policy for the DynamoDB table that grants the necessary permissions to Amazon EC2.

C) Create an IAM role with the necessary privileges to access the DynamoDB table. Associate the role with the EC2 instances.

D) Create an IAM user for the application and attach a permissions policy with the necessary privileges. Generate an access key and embed the key in the application code.

ANSWER15:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT15: An IAM role can be used to provide permissions for applications that are running on Amazon EC2 instances
to make AWS API requests using temporary credentials.

Reference15: IAM Role

Question16: A third-party service uploads objects to Amazon S3 every night. Occasionally, the service uploads an incorrectly formatted version of an object. In these cases, the sysops administrator needs to recover an older version of the object.
What is the MOST efficient way to recover the object without having to retrieve it from the remote service?

A) Configure an Amazon CloudWatch Events scheduled event that triggers an AWS Lambda function that backs up the S3 bucket prior to the nightly job. When bad objects are discovered, restore the backed up version.

B) Create an S3 event on object creation that copies the object to an Amazon Elasticsearch Service (Amazon ES) cluster. When bad objects are discovered, retrieve the previous version from Amazon ES.

C) Create an AWS Lambda function that copies the object to an S3 bucket owned by a different account. Trigger the function when new objects are created in Amazon S3. When bad objects are discovered, retrieve the previous version from the other account.

D) Enable versioning on the S3 bucket. When bad objects are discovered, access previous versions with the AWS CLI or AWS Management Console.

ANSWER16:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT16: Enabling versioning is a simple solution; (A) involves writing custom code, (C) has no versioning, so the replication will overwrite the old version with the bad version if the error is not discovered quickly, and (B) will involve expensive storage that is not well suited for objects.

Reference16: Versioning

Question17: According to the AWS shared responsibility model, for which of the following Amazon EC2 activities is AWS responsible? (Select TWO.)
A) Configuring network ACLs
B) Maintaining network infrastructure
C) Monitoring memory utilization
D) Patching the guest operating system
E) Patching the hypervisor

ANSWER17:

D and E

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT17: AWS provides security of the cloud, including maintenance of the hardware and hypervisor software supporting Amazon EC2. Customers are responsible for any maintenance or monitoring within an EC2 instance, and for configuring their VPC infrastructure.

Reference17: Security of the cloud

Question18: A security and compliance team requires that all Amazon EC2 workloads use approved Amazon Machine Images (AMIs). A sysops administrator must implement a process to find EC2 instances launched from unapproved AMIs.
Which solution will meet these requirements?
A) Create a custom report using AWS Systems Manager inventory to identify unapproved AMIs.
B) Run Amazon Inspector on each EC2 instance and flag the instance if it is using unapproved AMIs.
C) Use an AWS Config rule to identify unapproved AMIs.
D) Use AWS Trusted Advisor to identify the EC2 workloads using unapproved AMIs.

ANSWER18:

C

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT18: AWS Config has a managed rule that handles this scenario.

Reference18: Managed Rule

Question19: A sysops administrator observes a large number of rogue HTTP requests on an Application Load Balancer. The requests originate from various IP addresses. These requests cause increased server load and costs.
What should the administrator do to block this traffic?
A) Install Amazon Inspector on Amazon EC2 instances to block the traffic.
B) Use Amazon GuardDuty to protect the web servers from bots and scrapers.
C) Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP addresses in the security groups.
D) Use an AWS WAF rate-based rule to block the traffic when it exceeds a threshold.

ANSWER19:

D

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT19: AWS WAF has rules that can protect web applications from HTTP flood attacks.

Reference19: HTTP Flood

Question20: A sysops administrator is implementing security group policies for a web application running on AWS.
An Elastic Load Balancer connects to a fleet of Amazon EC2 instances that connect to an Amazon RDS database over port 1521. The security groups are named elbSG, ec2SG, and rdsSG, respectively.
How should these security groups be implemented?
A) elbSG: allow port 80 and 443 from 0.0.0.0/0;
ec2SG: allow port 443 from elbSG;
rdsSG: allow port 1521 from ec2SG.

B) elbSG: allow port 80 and 443 from 0.0.0.0/0;
ec2SG: allow port 80 and 443 from elbSG and rdsSG;
rdsSG: allow port 1521 from ec2SG.

C) elbSG: allow port 80 and 443 from ec2SG;
ec2SG: allow port 80 and 443 from elbSG and rdsSG;
rdsSG: allow port 1521 from ec2SG.

D) elbSG: allow port 80 and 443 from ec2SG;
ec2SG: allow port 443 from elbSG;
rdsSG: allow port 1521 from elbSG.

ANSWER20: 

A

Get mobile friendly version of the quiz @ the App Store

NOTES/HINT20: elbSG must allow all web traffic (HTTP and HTTPS) from the internet. ec2SG must allow traffic from the load balancer only, in this case identified as traffic from elbSG. The database must allow traffic from the EC2 instances only, in this case identified as traffic from ec2SG.

Reference20: Allow all traffic

I- SOURCES:

1-Djamga DevOps  Youtube Channel:

2-  Prepare for Your AWS Certification Exam

2- GoCertify

II- SYSOPS AND SYSADMIN NEWS

III- SYSADMIN – SYSOPS RESOURCES

I WANT TO BECOME A SYSADMIN

This is a common topic that has been asked multiple times.

Professional/Non-technical

Sysadmin Utilities

Security

Linux

Microsoft / Windows Server

Virtualization

MacOS (formerly OSX) and Apple iOS

Google ChromeOS

Backup and Storage

Networking

Monitoring

  • Because your network and infrastructure can’t be a black box

Business and Standards Compliance

Major Vulnerabilities

Podcasts

Documentation