Actual Amazon-Web-Services SOA-C01 Questions Pool Online

Proper study guides for Avant-garde Amazon-Web-Services AWS Certified SysOps Administrator - Associate certified begins with Amazon-Web-Services SOA-C01 preparation products which designed to deliver the Approved SOA-C01 questions by making you pass the SOA-C01 test at your first time. Try the free SOA-C01 demo right now.

Check SOA-C01 free dumps before getting the full version:

NEW QUESTION 1
A Developers that an Amazon EC2 instance has failed. The developer reports that all the data was stored on the root volume is now gone.
What is the expiation for this issue?

  • A. The instance was using an Amazon EBS root volume
  • B. The instance was using Amazon S3 as the root volume
  • C. The instance was using an instance store root volume
  • D. The root volume with the data exists but needs to be re-attached

Answer: A

Explanation:
If your instance is ebs-backed, then you will not lose ebs root volume storage if you launched it with the "delete-on-termination" set to false. See the ec2-run-instances command for more information. Other ephemeral volumes will be lost when the instance is stopped/terminated.
If it is not ebs-backed, you will lose the root data when you terminate the instance (you cannot "stop" instance store instances).

NEW QUESTION 2
A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign one of the Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP assignment screen. What is a possible reason that the instance is unavailable in the assigned IP console?

  • A. The IP address may be attached to one of the instances
  • B. The IP address belongs to a different zone than the subnet zone
  • C. The user has not created an internet gateway
  • D. The IP addresses belong to EC2 Classic; so they cannot be assigned to VPC

Answer: D

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When the user is launching an instance he needs toselect an option which attaches a public IP to the instance. If the user has not selected the option to attach the public IP then it will only have a private IP when launched. If the user wants to connect to an instance from the internet he should create an elastic IP with VPC. If the elastic IP is a part of EC2 Classic it cannot be assigned to a VPC instance.

NEW QUESTION 3
Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes.
Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications.
How do you solve the contention issues between these different workloads on the same data?

  • A. Enable Multi-AZ mode on the RDS instance
  • B. Use ElastiCache to offload the analytics job data
  • C. Create RDS Read-Replicas for the analytics work
  • D. Run the RDS instance on the largest size possible

Answer: B

Explanation:
Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system, instead of relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments, enabling your engineering resources to focus on developing applications. Using Amazon ElastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web applications.
Amazon ElastiCache automates common administrative tasks required to operate a distributed cache environment. Using Amazon ElastiCache, you can add a caching layer to your application architecture in a matter of minutes via a few clicks of the AWS Management Console. Once a cache cluster is provisioned, Amazon ElastiCache automatically detects and replaces failed cache nodes, providing a resilient system that mitigates the risk of overloaded databases, which slow website and application load times. Through integration with Amazon CloudWatch monitoring, Amazon ElastiCache provides enhanced visibility into key performance metrics associated with your cache nodes. Amazon ElastiCache is protocol-compliant with Memcached and Redis, so code, applications, and popular tools that you use today with your existing Memcached or Redis environments will work seamlessly with the service. As with all Amazon Web Services,

NEW QUESTION 4
A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the
recurring schedule. Which of the below mentioned parameters is not required in this case?

  • A. Maximum size
  • B. Auto Scaling group name
  • C. End time
  • D. Recurrence value

Answer: A

Explanation:
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. The user can also configure the recurring schedule action which will follow the Linux cron format. If the user is setting a recurring event, it is required that the user specifies the Recurrence value (in a cron format., end time (not compulsory but recurrence will stop after this. and the Auto Scaling group for which the scaling activity is to be scheduled.

NEW QUESTION 5
An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?

  • A. Stop the scaling process until research is completed
  • B. It is not possible to find the root cause from that instance without triggering scaling
  • C. Delete Auto Scaling until research is completed
  • D. Suspend the scaling process until research is completed

Answer: D

Explanation:
Auto Scaling allows the user to suspend and then resume one or more of the Auto Scaling processes in the Auto Scaling group. This is very useful when the user wants to investigate a configuration problem or some other issue, such as a memory leak with the web application and then make changes to the application, without triggering the Auto Scaling process.

NEW QUESTION 6
A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning. Between 9 AM to 10 AM, the user is testing some script. Thus, he stopped the instance twice and restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS charge the user?

  • A. 3 hours
  • B. 4 hours
  • C. 2 hours
  • D. 1 hour

Answer: A

Explanation:
A user can stop/start or reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. When the instance is rebooted AWS will not charge the user for the extra hours. In case the user stops the instance, AWS does not charge the running cost but charges only the EBS storage cost. If the user starts and stops the instance multiple times in a single hour, AWS will charge the user for every start and stop. In this case, since the instance was rebooted twice, it will cost the user for 3 instance hours.

NEW QUESTION 7
A user is using a small MySQL RDS DB. The user is experiencing high latency due to the Multi AZ feature. Which of the below mentioned options may not help the user in this situation?

  • A. Schedule the automated back up in non-working hours
  • B. Use a large or higher size instance
  • C. Use PIOPS
  • D. Take a snapshot from standby Replica

Answer: D

Explanation:
An RDS DB instance which has enabled Multi AZ deployments may experience increased write and commit latency compared to a Single AZ deployment, due to synchronous data replication. The user may also face changes in latency if deployment fails over to the standby replica. For production workloads, AWS recommends the user to use provisioned IOPS and DB instance classes (m1.large and larger. as they are optimized for provisioned IOPS to give a fast, and consistent performance. With Multi AZ feature, the user can not have option to take snapshot from replica.

NEW QUESTION 8
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C., what is recommended to the user for the purpose of security?

  • A. The user should not use his own security key as it is not secure
  • B. Configure S3 to rotate the user??s encryption key at regular intervals
  • C. Configure S3 to store the user??s keys securely with SSL
  • D. Keep rotating the encryption key manually at the client side

Answer: D

Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side
encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. Since S3 does not store the encryption keys in SSE-C, it is recommended that the user should manage keys securely and keep rotating them regularly at the client side version.

NEW QUESTION 9
An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets (each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public subnets. The application??s web tier leverages the ELB. Auto Scaling and a multi-AZ RDS database instance The organization would like to eliminate any potential single points of failure in this design.
What step should you take to achieve this organization's objective?

  • A. Nothing, there are no single points of failure in this architecture.
  • B. Create and attach a second IGW to provide redundant internet connectivity.
  • C. Create and configure a second Elastic Load Balancer to provide a redundant load balancer.
  • D. Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

Answer: A

NEW QUESTION 10
Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?

  • A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches
  • B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.
  • C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign
  • D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

Answer: B

Explanation:
As the EC2 limit per region is max 20. You will need to fill an Amazon EC2 instance request form to increase the EC2 instances to 175. http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2
I don??t think the answer can be D, as the question says ??expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks??. To pre-warm your ELB, you have to put in a request to AWS. You can??t do it.
Q: How do I reserve capacity for an existing, running instance?
To reserve capacity for a running instance, you can purchase a Reserved Instance or modify an existing reservation so it matches your instance's specifications. You can purchase Reserved Instances via the Amazon EC2 Console or by using the PurchaseReservedInstancesOffering API. You can modify existing Reserved Instances via the Amazon EC2 Console or by using the ModifyReservedInstances API call.
In both cases, the reservation must match the following attributes of the running instance you want to cover:
Availability Zone (e.g., us-east-1a) Instance type (e.g., m3.large)
Platform (e.g., Linux/UNIX (Amazon VPC)) Tenancy (e.g., default)
Q: How do I control which instances are billed at the lower rate?
The RunInstances API command does not distinguish between On-Demand instances and the reservations that can be applied to them. When computing your bill, our system will automatically optimize which instances are charged at the lower rate to ensure you always pay the lowest amount. For information about hourly billing, and how it applies to Reserved Instances, see Billing Benefits and Payment Options.
Q: How many Reserved Instances can I purchase?
You can purchase up to 20 Reserved Instances per Availability Zone each month. If you need additional Reserved Instances, complete the form found here. Information about previous generation Reserved Instance types can be found here.
Q: Can I reassign my Reserved Instance from one instance type (e.g., c1.xlarge) to another (e.g., m1.large)?
No. A Reserved Instance is associated with a specific instance type for the duration of its term; however, you can change from one instance size (e.g., c3.large) to another (e.g., c3.xlarge) in the same type, if it is a Linux/UNIX Reserved Instance.
Q: Can I move a Reserved Instance from one region to another?
No. A Reserved Instance is associated with a specific region, which is fixed for the duration of the reservation's term.
Q: Can I modify a Reserved Instance?
Yes. You can request to modify active reservations that you own in one of the following ways: Move between Availability Zones within the same region.
Change the network platform from EC2-Classic to EC2-VPC (for EC2-Classic-enabled customers). Change the instance type of your Linux/UNIX Reserved Instances to a larger or smaller size in the same instance type (e.g., convert 8 m1.smalls into 4 m1.mediums, or vice versa).
Instance type modifications are only supported for Linux/UNIX platform reservations. However, due to licensing differences Linux Reserved Instances cannot be modified to RedHat or SUSE Linux Reserved Instances.
The reservations that you modify must have been purchased on the same day, be the same instance type, and in the same Availability Zone and region. It is not possible to combine reservations. However, if you have multiple instances in the same reservation (i.e., the reservation was purchased to apply to 10 instances), you can modify each of these instances either individually or as a whole.
Q: How do I request changes or modifications?
You can submit a modification request from the Amazon EC2 Console or by using the ModifyReservedInstances API. We process your requests as soon as possible, depending on available capacity. There is no additional cost for modifying your Reserved Instances.
To learn more about modification, see the Amazon EC2 User Guide.

NEW QUESTION 11
An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3.
Which option should you implement to ensure this requirement is met?

  • A. Use the S3 copy API to replicate data between two S3 buckets in different regions
  • B. You do not need to implement anything since S3 data is automatically replicated between regions
  • C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
  • D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region

Answer: D

Explanation:
It seems that this question wants to emphasize below (S3 Faq ?V https://aws.amazon.com/s3/faqs/ ) You specify a region when you create your Amazon S3 bucket. Within that region, your objects are redundantly stored on multiple devices across multiple facilities. Please refer to Regional Products and Services for details of Amazon S3 service availability by region.

NEW QUESTION 12
What is a placement group?

  • A. A collection of Auto Scaling groups in the same Region
  • B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections
  • C. A collection of Elastic Load Balancers in the same Region or Availability Zone
  • D. A collection of authorized Cloud Front edge locations for a distribution

Answer: B

Explanation:
Reference:
http://aws.amazon.com/ec2/faqs/
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both

NEW QUESTION 13
A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the status of the alarms on the EBS volume?

  • A. OK
  • B. Insufficient Data
  • C. Alarm
  • D. The EBS cannot be detached until all the alarms are removed

Answer: B

Explanation:
Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and
inactive the state will be Insufficient.

NEW QUESTION 14
An organization has created 50 IAM users. The organization wants that each user can change their password but cannot change their access keys. How can the organization achieve this?

  • A. The organization has to create a special password policy and attach it to each user
  • B. The root account owner has to use CLI which forces each IAM user to change their password on first login
  • C. By default, each IAM user can modify their passwords
  • D. The root account owner can set the policy from the IAM console under the password policy screen

Answer: D

Explanation:
With AWS IAM, organizations can use the AWS Management Console to display, create, change or delete a password policy. As a part of managing the password policy, the user can enable all users to manage their own passwords. If the user has selected the option which allows the IAM users to modify their password, he does not need to set a separate policy for the users. This option in the AWS console allows changing only the password.

NEW QUESTION 15
A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?

  • A. It is not possible to have the SSL listener both at ELB and back-end instances
  • B. ELB will modify headers to add requestor details
  • C. ELB will intercept the request to add the cookie details if sticky session is enabled
  • D. ELB will not modify the headers

Answer: D

Explanation:
When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer (SSL. for both front-end and back-end connections of the Elastic Load Balancer, the load balancer forwards the request to the back-end instances without modifying the request headers unless the proxy header is enabled. SSL does not support sticky sessions. If the user has enabled a proxy protocol it adds the source and destination IP to the header.

NEW QUESTION 16
A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how can he configure it?

  • A. Set up programmatic billing acces
  • B. Download and parse the bill as per the requirement
  • C. It is not possible for the user to create his own billing management service with AWS
  • D. Enable the AWS CloudWatch alarm which will provide APIs to download the alarm data
  • E. Use AWS billing APIs to download the usage report of each service from the AWS billing console

Answer: A

Explanation:
AWS provides an option to have programmatic access to billing. Programmatic Billing Access leverages the existing Amazon Simple Storage Service (Amazon S3. APIs. Thus, the user can build applications that reference his billing data from a CSV (comma-separated value. file stored in an Amazon S3 bucket. AWS will upload the bill to the bucket every few hours and the user can download the bill CSV from the bucket, parse itand create a billing system as per the requirement.

NEW QUESTION 17
A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?

  • A. RDS will have an internal IP which will redirect all requests to the new DB
  • B. RDS uses DNS to switch over to stand by replica for seamless transition
  • C. The switch over changes Hardware so RDS does not need to worry about access
  • D. RDS will have both the DBs running independently and the user has to manually switch over

Answer: B

Explanation:
In the event of a planned or unplanned outage of a DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if the user has enabled Multi AZ. The automatic failover mechanism simply changes the DNS record of the DB instance to point to the standby DB instance. As a result, the user will need to re-establish any existing connections to the DB instance. However, as the DNS is the same, the application can access DB seamlessly.

NEW QUESTION 18
An Organization has been backing up their database backup to Amazon S3. A lifecycle rule has been created to transition these backups to Amazon Glacier storage class. The application development now to restore a backup.
Which step can an Administrator take to restore the backup to Amazon S3 storage?

  • A. Create a new lifecycle rule to restore the backup from GLACIER storage class to Amazon S3 storage.
  • B. Use the Amazon Glacier console to restore the backup from CLACIER storage class to Amazon S3 storage.
  • C. Modify the existing lifecycle rule to restore the backup GKACIER storage class to Amazon S3 storage.
  • D. Use the Amazon S3 console to restore the backup from CLACIER storage class to Amazon storage.

Answer: D

Explanation:
Restoring an Archived S3 Object
This topic explains how to use the Amazon S3 console to restore an object that has been archived to Glacier.
To restore archived S3 objects
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
In the Bucket name list, choose the name of the bucket that contains the objects that you want to restore.
SOA-C01 dumps exhibit
In the Name list, select the objects that you want to restore, choose Actions, and then choose Restore from Glacier.
SOA-C01 dumps exhibit
In the Initiate restore dialog box, type the number of days that you want your archived data to be
accessible.
Choose one of the following retrieval options from the Retrieval options menu. Choose Bulk retrieval or Standard retrieval, and then choose Restore.
Choose Expedited retrieval.
SOA-C01 dumps exhibit
If you have provisioned capacity, choose Restore to start a provisioned retrieval. If you have provisioned capacity, all of your expedited retrievals are served by your provisioned capacity. For more information about provisioned capacity, see Provisioned Capacity.
If you don't have provisioned capacity and you don't want to buy it, choose Restore.
If you don't have provisioned capacity, but you want to buy it, choose Add capacity unit, and then choose Buy. When you get the Purchase succeeded message, choose Restore to start provisioned retrieval.
SOA-C01 dumps exhibit

NEW QUESTION 19
The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on EC2?

  • A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
  • B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
  • C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
  • D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

Answer: C

NEW QUESTION 20
You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven??t made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows "impaired."
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?

  • A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the "impaired" system status
  • B. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the 'impaired" system status
  • C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the ??impaired?? system status.
  • D. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the "impaired" system status
  • E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working properly, causing the "impaired" system status

Answer: A

NEW QUESTION 21
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user??s data centre. The user??s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

  • A. Destination: 20.0.1.0/24 and Target: i-12345
  • B. Destination: 0.0.0.0/0 and Target: i-12345
  • C. Destination: 172.28.0.0/12 and Target: vgw-12345
  • D. Destination: 20.0.0.0/16 and Target: local

Answer: A

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization??s DC will be routed to the VPN gateway.
Here are the valid entries for the main route table in this scenario:
Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance.
Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization??s data centre traffic to the VPN gateway.
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 22
A user has launched an EC2 Windows instance from an instance store backed AMI. The user wants to convert the AMI to an EBS backed AMI. How can the user convert it?

  • A. Attach an EBS volume to the instance and unbundle all the AMI bundled data inside the EBS
  • B. A Windows based instance store backed AMI cannot be converted to an EBS backed AMI
  • C. It is not possible to convert an instance store backed AMI to an EBS backed AMI
  • D. Attach an EBS volume and use the copy command to copy all the ephermal content to the EBS Volume

Answer: B

Explanation:
Generally when a user has launched an EC2 instance from an instance store backed AMI, it can be converted to an EBS backed AMI provided the user has attached the EBS volume to the instance and
unbundles the AMI data to it. However, if the instance is a Windows instance, AWS does not allow this. In this case, since the instance is a Windows instance, the user cannot convert it to an EBS backed AMI.

NEW QUESTION 23
A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

  • A. The user should attach an IAM role with DynamoDB access to the EC2 instance
  • B. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
  • C. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
  • D. The user should create an IAM user with DynamoDB and EC2 acces
  • E. Attach the user with the application so that it does not use the root account credentials

Answer: A

Explanation:
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.

NEW QUESTION 24
......

P.S. Easily pass SOA-C01 Exam with 639 Q&As Thedumpscentre.com Dumps & pdf Version, Welcome to Download the Newest Thedumpscentre.com SOA-C01 Dumps: https://www.thedumpscentre.com/SOA-C01-dumps/ (639 New Questions)