Instant Access Amazon.SOA-C01.v2022-04-07.q145 Actual Practice Test Engine for Free (Page 9)

Question 36

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles.
Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

A.Create an IAM policy and apply it in API Gateway to restrict the development account.
B.Create a customer managed policy in IAM and apply it to all users within the development account.
C.Create a service control policy in AWS Organizations and apply it to the development account.
D.Create a job function policy in IAM and apply it to all users within the development account.

Question 37

An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials. What will the below mentioned statement allow the user to perform?

A.The IAM policy will throw an error due to an invalid resource name
B.The IAM policy will allow the user to subscribe to any IAM group
C.Allow the IAM user to update the membership of the group called TestingGroup
D.Allow the IAM user to delete the TestingGroup

Question 38

A company has an application that is running on an EC2 instance in one Availability Zone. A SysOps Administrator has been tasked with making the application highly available. The Administrator created a launch configuration from the running EC2 instance. The Administrator also properly configured a load balancer.
What step should the Administrator complete next to make the application highly available?

A.Create an Auto Scaling group by using the launch configuration across at least 2 Availability Zones with a minimum size of 1, desired capacity of 1, and a maximum size of 1.
B.Create an Auto Scaling group by using the launch configuration across at least 3 regions with a minimum size of 2, desired capacity of 2, and a maximum size of 2.
C.Create an Auto Scaling group by using the launch configuration across at least 3 Availability Zones with a minimum size of 2, desired capacity of 2, and a maximum of 2.
D.Create an Auto Scaling group by using the launch configuration across at least 2 regions with a minimum size of 1, desired capacity of 1, and a maximum size of 1.

Question 39

AWS Cloud Hardware Security Modules (HSMs) are designed to _____.

A.store your AWS keys safely
B.provide another level of login security specifically for LDAP
C.allow AWS to audit your infrastructure
D.securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance

Question 40

An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data A new company policy requires the secondary volume to be encrypted at rest.
Which solution will meet this requirement?

A.Create a snapshot of the volume Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.
B.Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.
C.Stop the EC2 instance Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.
D.Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.

Question 36

Question 37

Question 38

Question 39

Question 40

Download PDF File