[May 26, 2026] 100% Latest Most updated SOA-C02 Questions and Answers [Q413-Q435]

[May 26, 2026] 100% Latest Most updated SOA-C02 Questions and Answers

Try with 100% Real Exam Questions and Answers

NEW QUESTION # 413
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

• A. Set up Amazon Inspector.
  Scan and monitor resources for unauthorized logins.
• B. Configure Amazon GuardDuty to monitor theUnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.
• C. Set up AWS Config.
  Add the iam-policy-blacklisted-check managed rule to the account.
• D. Configure Amazon Cognito to detect any compromised IAM credentials.

Answer: B

Explanation:
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types- iam.html#unauthorizedaccess-iam-consoleloginsuccessb

NEW QUESTION # 414
A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors.
The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.
Based on these requirements what should be added to the template?

• A. CreationPolicy with timeout set to 4 hours.
• B. Metadata with a timeout set to 4 hours
• C. DependsOn a timeout set to 4 hours.
• D. Conditions with a timeout set to 4 hours.

Answer: A

Explanation:
To ensure that the CloudFormation stack fails and rolls back if the process stalls, you should add a CreationPolicy with a timeout set to 4 hours to the CloudFormation template.
* CreationPolicy:
* The CreationPolicy attribute enables you to specify how long CloudFormation should wait for a resource to be created or updated.
* You can use this to ensure that the instance completes its software installation process within a specified period.
* Adding CreationPolicy to the Template:
* Add the CreationPolicy attribute to the EC2 resource in the CloudFormation template.
* Set the Timeout to 4 hours (PT4H).
Example:
Resources:
MyInstance:
Type: 'AWS::EC2::Instance'
Properties:
InstanceType: t2.micro
ImageId: ami-0abcdef1234567890
CreationPolicy:
ResourceSignal:
Count: 1
Timeout: PT4H
* Ensuring Rollback:
* If the instance does not signal success within the specified timeout, CloudFormation will mark the stack as failed and roll back the changes.
AWS CloudFormation CreationPolicy
Using Creation Policies with CloudFormation

NEW QUESTION # 415
A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket.
Which action will solve this problem while adhering to least privilege access?

• A. Add a bucket policy to the S3 bucket permitting access from the IAM role.
• B. Create a NAT gateway in a private subnet and configure the route table for the private subnets.
• C. Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.
• D. Configure the route table to allow the instances on the private subnet access through the internet gateway.

Answer: C

Explanation:
Reference:
Technology to use is a VPC endpoint - "A VPC endpoint enables private connections between your VPC and supported AWS services and VPC endpoint services powered by AWS PrivateLink. AWS PrivateLink is a technology that enables you to privately access services by using private IP addresses. Traffic between your VPC and the other service does not leave the Amazon network." S3 is an example of a gateway endpoint. We want to see services in AWS while not leaving the VPC.

NEW QUESTION # 416
An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the SysOps administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Choose two.)

• A. Increase the ElastiCache time to live (TTL).
• B. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.
• C. Increase the individual node size inside the ElastiCache cluster.
• D. Put an Elastic Load Balancer in front of the ElastiCache cluster.
• E. Add an additional node to the ElastiCache cluster.

Answer: C,E

Explanation:
Scale Out and or Scale Up.
https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS-Certified-SysOps- Administrator-Associate_Sample-Questions_C02.pdf

NEW QUESTION # 417
A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources and Amazon RDS resources. The backup strategy must meet the following retention requirements:
* Daily backups: must be kept for 6 days
* Weekly backups: must be kept for 4 weeks:
* Monthly backups: must be kept for 11 months
* Yearly backups: must be kept for 7 years
Which backup strategy will meet these requirements with the LEAST administrative effort?

• A. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period. In Amazon RDS, activate automated backups on the required DB instances.
• B. Create an AWS Lambda function. Program the Lambda function to use native tooling to take backups of file systems in Amazon EC2 and to make copies of databases in Amazon RDS. Create an Amazon EventBridge rule to invoke the Lambda function.
• C. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period.
• D. Use AWS Backup to create a new backup plan for each retention requirement with a backup frequency of daily, weekly, monthly, or yearly. Set the retention period to match the requirement. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags.

Answer: D

Explanation:
AWS Backup provides a centralized way to manage backups across AWS services. Here's how to implement the required backup strategy with minimal administrative effort:
* Create Backup Plans: Set up different backup plans in AWS Backup, each configured for a specific backup frequency-daily, weekly, monthly, and yearly.
* Set Retention Periods: For each backup plan, configure the retention settings to align with the required retention durations: 6 days, 4 weeks, 11 months, and 7 years respectively.
* Tag Resources: Apply tags to each EC2 and RDS resource that needs to be backed up. This allows for the automated inclusion of these resources in the respective backup plans based on their tags.
* Assign Resources to Backup Plans: Use the tags to define which resources are included in each backup plan, ensuring that all necessary resources are backed up according to the defined schedules and retention policies.
AWS Documentation Reference:More details on setting up and managing AWS Backup can be found here:
AWS Backup.

NEW QUESTION # 418
A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com.
A SysOps administrator reviews the VPC configuration and learns the following information:
* The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0
* The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0
* The inbound security group for the EC2 instance allows ports 22 and 443 from the user's IP address.
* The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0 Which action will allow the user to complete the curl request successfully?

• A. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
• B. Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.
• C. Add an additional outbound security group rule for port 80 to the user's IP address.
• D. Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.

Answer: A

Explanation:
Since the EC2 instance is attempting to access the internet using HTTP (port 80) but is configured only to allow HTTPS (port 443) traffic, the security group needs adjustment:
Security Group Configuration: The outbound rules of the security group associated with the EC2 instance must allow traffic over HTTP. Add an outbound rule that enables port 80 to destination 0.0.0.0/0. This rule will allow the instance to send HTTP requests to any IP address on the internet.
Test Connectivity: After updating the security group, test the connectivity using the curl command again to ensure the configuration allows internet access via HTTP.
This change is necessary because the existing security group configuration does not permit outbound HTTP traffic, which is essential for accessing websites using HTTP.

NEW QUESTION # 419
A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoOB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

• A. Enable termination protection on the AWS Cloud Formation stack.
• B. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.
• C. Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.
• D. Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.

Answer: D

Explanation:
Understand the Problem:
The requirement is to delete the CloudFormation stack without deleting the DynamoDB table.
Analyze the Requirements:
Ensure the DynamoDB table is preserved when the CloudFormation stack is deleted.
Evaluate the Options:
Option A: Add a Retain deletion policy to the DynamoDB resource.
The Retain policy ensures that the DynamoDB table is not deleted when the stack is deleted.
Option B: Add a Snapshot deletion policy to the DynamoDB resource.
Snapshot policy is not applicable to DynamoDB tables and would not retain the table itself.
Option C: Enable termination protection on the CloudFormation stack.
Prevents stack deletion entirely but does not specifically protect the DynamoDB table.
Option D: Update the IAM policy with a Deny statement for dynamodb:DeleteTable.
Prevents deletion of the table but is not a CloudFormation stack-specific solution.
Select the Best Solution:
Option A: Adding a Retain deletion policy to the DynamoDB resource in the CloudFormation stack ensures the table is preserved when the stack is deleted.
Reference:
AWS CloudFormation Deletion Policy
Using the Retain deletion policy ensures that the DynamoDB table is not deleted when the CloudFormation stack is deleted, preserving critical data.

NEW QUESTION # 420
An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table:

Which entry must a SysOps administrator add to the route table to meet this requirement?

• A. A route for 0.0.0.0/0 that points to an egress-only internet gateway
• B. A route for 0.0.0.0/0 that points to an elastic network interface
• C. A route for 0.0.0.0/0 that points to a NAT gateway
• D. A route for 0.0.0.0/0 that points to an internet gateway

Answer: A

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html

NEW QUESTION # 421
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled.
Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.
Which solution will meet these requirements?

• A. Purchase RIs in the management account. Disable Rl discount sharing in the member accounts.
• B. Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.
• C. Purchase RIs in individual member accounts. Disable Rl discount sharing in the member accounts.
• D. Purchase RIs in the management account. Disable Rl discount sharing in the management account.

Answer: B

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/ RI discounts apply to accounts in an organization's consolidated billing family depending upon whether RI sharing is turned on or off for the accounts. By default, RI sharing for all accounts in an organization is turned on. The management account of an organization can change this setting by turning off RI sharing for an account. The capacity reservation for an RI applies only to the account the RI was purchased on, no matter whether RI sharing is turned on or off.

NEW QUESTION # 422
An Amazon RDS for PostgreSQL DB cluster has automated backups turned on with a 7-day retention period. A SysOps administrator needs to create a new RDS DB cluster by using data that is no more than 24 hours old from the original DB cluster.
Which solutions will meet these requirements with the LEAST operational overhead? (Choose two.)

• A. Identify the most recent automated snapshot. Restore the snapshot to a new RDS DB cluster.
• B. Back up the database to Amazon S3 by using native database backup tools. Create a new RDS DB cluster and restore the data to the new RDS DB cluster.
• C. Create a read replica instance in the original RDS DB cluster. Promote the read replica to a standalone DB cluster.
• D. Create a new RDS DB cluster. Use AWS Database Migration Service (AWS DMS) to migrate data from the current RDS DB cluster to the newly created RDS DB cluster.
• E. Use the pg_dump utility to export data from the original RDS DB cluster to an Amazon EC2 instance. Create a new RDS DB cluster. Use the pg_restore utility to import the data from the EC2 instance to the new RDS DB cluster.

Answer: A,C

NEW QUESTION # 423
A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag.
Noncompliant resources must be terminated in near-real time.
Which solution will meet these requirements?

• A. Create an AWS Config rule with the required-tags managed rule to identify noncompliant resources.
  Configure automatic remediation to run the AWS- TerminateEC2Instance automation document to terminate noncompliant resources.
• B. Create a new Amazon EventBridge (Amazon CloudWatch Events) rule to monitor when new EC2 instances are created.
  Send the event to a Simple Notification Service (Amazon SNS) topic for automatic remediation.
• C. Ensure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behavior to terminate.
• D. Ensure AWS Systems Manager Compliance is configured to manage the EC2 instances.
  Call the AWS-StopEC2Instances automation document to stop noncompliant resources.

Answer: A

Explanation:
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed- rules.html

NEW QUESTION # 424
A company uses AWS Organizations to manage a set of AWS accounts. The company has set up organizational units (OUs) in the organization. An application OU supports various applications.
A SysOps administrator must prevent users from launching Amazon EC2 instances that do not have a CostCenter-Project tag into any account in the application OU. The restriction must apply only to accounts in the application OU.
Which solution will meet these requirements?

• A. Create a service control policy (SCP) that denies the ec2:RunInstances action when the CostCenter- Project tag is missing. Attach the SCP to the application OU.
• B. Create an IAM group that has a policy that allows the ec2:RunInstances action when the CostCenter- Project tag is present. Place all IAM users who need access to the application accounts in the IAM group.
• C. Create an IAM role that has a policy that allows the ec2:RunInstances action when the CostCenter- Project tag is present. Attach the IAM role to the IAM users that are in the application OU accounts.
• D. Create a service control policy (SCP) that denies the ec2:RunInstances action when the CostCenter- Project tag is missing. Attach the SCP to the root OU.

Answer: A

Explanation:
To enforce tag-based restrictions across multiple accounts in an OU, Service Control Policies (SCPs) are the best tool.
From SCP documentation:
You can deny access to APIs like ec2:RunInstances if a specific tag is not present using a condition such as Null:aws:RequestTag/CostCenter-Project: true.
By attaching the SCP to the application OU, only the accounts within that OU are impacted.

NEW QUESTION # 425
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

• A. The public IP address of the NAT device in front of the customer gateway device
• B. The MAC address of the NAT device in front of the customer gateway device
• C. The private IP address of the customer gateway device
• D. The public IP address of the customer gateway device

Answer: A

NEW QUESTION # 426
A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

• A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.
• B. Restrict the IAM users to use of the console, as MFA is not supported for CLI use.
• C. Require users to use temporary credentials from the get-session token command to sign API calls.
• D. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.

Answer: C

Explanation:
To enforce MFA for API calls using the AWS CLI, the users must use temporary security credentials obtained through the get-session-token command. Here's how to do it:
Enable MFA for IAM Users:
Ensure that MFA is enabled and properly configured for each IAM user.
Configure IAM Policy for MFA Enforcement:
Attach an IAM policy that denies API calls unless MFA is used. This policy should be attached to all users.
Obtain Temporary Security Credentials Using MFA:
Users need to use the aws sts get-session-token command to obtain temporary credentials. This command requires the MFA token.
sh
Copy code
aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/user --token-code 123456 Use Temporary Credentials for API Calls:
After obtaining the temporary credentials, set them as environment variables or configure them in the AWS CLI profile to make API calls.
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=...
Reference:
Enabling MFA for IAM Users
Using Temporary Security Credentials
AWS CLI get-session-token

NEW QUESTION # 427
A company stores its internal data within an Amazon S3 bucket. All existing data within the S3 bucket is protected by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3). S3 Versioning is enabled. A SysOps administrator must replicate the internal data to another S3 bucket in a different AWS account for disaster recovery. All the existing data is copied from the source S3 bucket to the destination S3 bucket.
Which replication solution is MOST operationally efficient?

• A. Configure an Amazon S3 event notification for the source bucket to invoke an AWS Lambda function to copy new objects to the destination bucket. Ensure that the Lambda function has cross- account access permissions.
• B. Schedule an AWS Batch job with Amazon EventBridge to copy new objects from the source bucket to the destination bucket. Create a Batch Operations IAM role in the destination account.
• C. Add a replication rule to the source bucket and specify the destination bucket. Create a bucket policy for the destination bucket to allow the owner of the source bucket to replicate objects.
• D. Run a scheduled script on an Amazon EC2 instance to copy new objects from the source bucket to the destination bucket. Assign cross-account access permissions to the EC2 instance's role.

Answer: C

Explanation:
Setting up replication when source and destination buckets are owned by different AWS accounts is similar to setting replication when both buckets are owned by the same account. The only difference is that the destination bucket owner must grant the source bucket owner permission to replicate objects by adding a bucket policy.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough-2.html

NEW QUESTION # 428
The SysOps administrator needs to prevent launching EC2 instances without a specific tag in the application OU.
Options:

• A. Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the root OU.
• B. Create an IAM role with a policy that allows ec2:RunInstances when the CostCenter-Project tag is present. Attach the IAM role to users in the application OU accounts.
• C. Create an IAM group that has a policy allowing ec2:RunInstances when the CostCenter-Project tag is present. Place all IAM users in this group.
• D. Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the application OU.

Answer: D

Explanation:
An SCP applied to the application OU that denies ec2:RunInstances when the CostCenter-Project tag is missing ensures that all accounts in the OU adhere to the tagging policy. This approach is centralized and applies only to the intended OU.

NEW QUESTION # 429
A company's SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company's accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account's Personal Health Dashboard.
Which solution will meet this requirement with the LEAST amount of effort?

• A. Configure the Personal Health Dashboard in each account to forward events to a central AWS CloudTrail log.
• B. Enable organizational view in AWS Health.
• C. Use the AWS Health API to write events to an Amazon DynamoDB table.
• D. Create an AWS Lambda function to query the AWS Health API and to write all events to an Amazon DynamoDB table.

Answer: B

Explanation:
Enabling the organizational view in AWS Health will allow the SysOps administrator to consolidate the alerts from each account's Personal Health Dashboard. It will also provide the administrator with a single view of all the accounts in the organization, allowing them to easily monitor the health of all the accounts in the organization.

NEW QUESTION # 430
A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.)

• A. VPC Flow Logs
• B. CloudFront access logs
• C. RDS logs
• D. AWS CloudTrail logs
• E. ALB access logs

Answer: B,E

Explanation:
Reference:
"C" because Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
"D" because "you can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives"
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

NEW QUESTION # 431
A company is supporting a business-critical application that runs on Amazon EC2 instances. The application receives data from a service that runs in an on-premises data center. End users are reporting intermittent issues that are related to data refreshes. The issues are occurring because of fluctuations in available network bandwidth between AWS and the on-premises data center.
A SysOps administrator must improve the user experience and the application's performance while minimizing changes to the application stack.
Which solution will offer the MOST performance improvement while meeting these requirements?

• A. Use AWS Storage Gateway to move the data into AWS.
• B. Modify the service to use Amazon S3 Transfer Acceleration.
• C. Migrate the service to AWS Implement auto scaling.
• D. Set up an AWS Direct Connect connection with the on-premises data center.

Answer: C

Explanation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html

NEW QUESTION # 432
A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB).
Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future.
What is the MOST operationally efficient solution that meets thes requirements?

• A. Register a certificate with a third-party certificate authority (CA).
  Configure the ELB to import the certificate directly from the CA.
  Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.
• B. Request a public certificate by using AWS Certificate Manager (ACM).
  Associate the certificate from ACM with the ELB.
  Write a scheduled AWS Lambda function to renew the certificate every 18 months.
• C. Register a certificate with a third-party certificate authority (CA).
  Import this certificate into AWS Certificate Manager (ACM).
  Associate the certificate from ACM with the ELB.
  ACM will automatically manage the renewal of the certificate.
• D. Request a public certificate by using AWS Certificate Manager (ACM).
  Associate the certificate from ACM with the ELB.
  ACM will automatically manage the renewal of the certificate.

Answer: C

NEW QUESTION # 433
A SysOps administrator needs to update an AWS account name.
What should the SysOps administrator do to accomplish this goal?

• A. Sign in as the AWS account root user to make the change.
• B. Add the AdministratorAccess policy to the SysOps administrator's IAM user.
• C. Change the AWS account name through the AWS Trusted Advisor interface.
• D. Add the AWS_ConfigureRole policy to the SysOps administrator's IAM user.

Answer: A

Explanation:
"To edit your AWS account name, root user password, or root user email address"
"Minimum permissions"
"To perform the following steps, you must have at least the following IAM permissions:"
"You must sign in as the AWS account root user, which requires no additional IAM permissions.
You can't perform these steps as an IAM user or role."
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html

NEW QUESTION # 434
A company uses an Amazon CloudFront distribution to share a file through a signed URL. The company stores the source file in an Amazon S3 bucket and updates the file every day.
Users report there is a delay of serval days before they see new versions of the file. Occasionally, users report not being able to see a specific day's file.
A SysOps administrator needs to resolve the issue.
Which solution will meet this requirement?

• A. Use the AWS CLI to recreate the CloudFront signed URL. Update the date-less-than parameter to a date in the future.
• B. Remove any lifecycle rules that are applied to the S3 bucket.
• C. Update the behavior path pattern of the CloudFront distribution to match the file name.
• D. Set all TTL settings to 0 in the CloudFront distribution cache policy.

Answer: D

Explanation:
Setting all TTLs (Minimum/Default/Maximum) to 0 in the CloudFront cache policy forces CloudFront to revalidate with S3 on every request, so users always get the latest daily file instead of a days-old cached object.

NEW QUESTION # 435
......

New Amazon SOA-C02 Dumps & Questions: https://exams4sure.pdftorrent.com/SOA-C02-latest-dumps.html