Browse SOA Questions

Study all 99 questions at your own pace with detailed explanations

Total: 99 questionsPage: 3 of 10

Back to Practice

Question 21 of 99

An organization has applied the below mentioned policy on an IAM group which has selected the IAM users. What entitlements do the IAM users avail with this policy?

AThe policy is not created correctly. It will throw an error for wrong resource name

BThe policy is for the group. Thus, the IAM user cannot have any entitlement to this

CIt allows full access to all AWS services for the IAM users who are a part of this group

DIf this policy is applied to the EC2 resource, the users of the group will have full access to the EC2 resources

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 22 of 99

A user has created a VPC with public and private subnets using the VPC wizard. Which of the below mentioned statements is true in this scenario?

AVPC bounds the main route table with a public subnet and a custom route table with a private subnet

BThe user has to manually create a NAT instance

CThe AWS VPC will automatically create a NAT instance with the micro size

DVPC bounds the main route table with a private subnet and a custom route table with a public subnet

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 23 of 99

A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?

ASSL 3.0

BTLS 1.2

CSSL 2.0

DTLS 1.3

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 24 of 99

A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. The ELB security policy supports various ciphers. Which of the below mentioned options helps identify the matching cipher at the client side to the ELB cipher list when client is requesting ELB DNS over SSL?

ACipher Protocol

BLoad Balancer Preference

CClient Configuration Preference

DServer Order Preference

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 25 of 99

A storage admin wants to encrypt all the objects stored in S3 using server side encryption. The user does not want to use the AES 256 encryption key provided by S3. How can the user achieve this?

AThe admin should send the keys and encryption algorithm with each API call

BS3 does not support client supplied encryption keys for server side encryption

CThe admin should use CLI or API to upload the encryption key to the S3 bucket. When making a call to the S3 API mention the encryption key URL in each request

DThe admin should upload his secret key to the AWS console and let S3 decrypt the objects

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 26 of 99

A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?

AELB auto registration Off

BELB deregistration check

CELB sticky session

DELB connection draining

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 27 of 99

A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

AAWS EMR

BAWS RDS

CAWS Route53

DAWS ELB

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 28 of 99

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24. What will happen in this scenario?

AIt is not possible to create a subnet with the same CIDR as VPC

BThe VPC will modify the first subnet CIDR automatically to allow the second subnet IP range

CIt will throw a CIDR overlaps error

DThe second subnet will be created

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 29 of 99

An organization wants to move to Cloud. They are looking for a secure encrypted database storage option. Which of the below mentioned AWS functionalities helps them to achieve this?

AAWS MFA with EBS

BMulti-tier encryption with Redshift

CAWS S3 server side storage

DAWS EBS encryption

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

Question 30 of 99

A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

AAWS login ID to login to the console

BAWS account ID

CAccess key and secret access key

DX.509 certificate and private key

💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation

1 2 3 4 5

Showing 21-30 of 99 questions

Ready to Practice?

Quick Quiz (10 Questions)Full Practice Exam (65 Questions)