Common Traps on Which Command Should the Administrator Use Practice Questions
- ·Separate verification commands from configuration commands.
- ·Read whether the question asks to identify, verify, fix, permit or deny.
- ·Small command keywords often change the correct answer.
Sample Questions
Practice all 15 →A company runs a production web application on a single Amazon EC2 instance. The application experiences a predictable and steady workload 24/7. The SysOps administrator wants to minimize compute costs for this instance while ensuring it remains available during the expected workload. Which EC2 purchasing option should the administrator use?
Explanation: Reserved Instances offer a significant discount over On-Demand pricing in exchange for a one- or three-year commitment. For a steady-state workload that runs continuously, this provides the lowest cost. On-Demand is flexible but more expensive. Spot Instances can be interrupted and are not suitable for a production workload that must be always available. Dedicated Hosts are used for specific licensing requirements and are more expensive.
A company has a VPC with a public subnet and a private subnet. An Amazon EC2 instance in the private subnet needs to download security patches from the internet, but the instance must not be directly accessible from the internet. The SysOps administrator configured a NAT gateway in the public subnet and added a route in the private subnet's route table pointing 0.0.0.0/0 to the NAT gateway. The instance's security group allows all outbound traffic. However, the instance still cannot reach the internet. What is the most likely missing configuration?
Explanation: For a NAT gateway to work, it must be placed in a public subnet that has a route to an internet gateway. The NAT gateway uses the internet gateway to send traffic to the internet. The most common oversight is that the public subnet's route table does not have a default route pointing to an internet gateway. Without this, the NAT gateway cannot forward traffic to the internet. While a NAT gateway requires an Elastic IP, it must be assigned during creation; the question states the NAT gateway was configured, so an EIP was likely attached. Network ACLs are default-allowed, so they are not typically the issue.
A company has an Amazon DynamoDB table with on-demand capacity mode. The SysOps administrator needs to ensure that the table can survive a regional outage. The table is currently in us-east-1. Which feature should be configured to achieve regional resilience with minimal data loss?
Explanation: DynamoDB global tables provide automatic replication across multiple AWS Regions, ensuring that data is available even if one Region becomes unavailable. It offers multi-Region, multi-master replication with eventual consistency, which meets the requirement for regional resilience. DynamoDB Accelerator (DAX) (Option A) is a caching layer that does not replicate data across Regions. Point-in-time recovery (Option C) enables restores within the same Region, not cross-Region. Auto scaling (Option D) adjusts capacity but does not provide regional redundancy.
A company has an Amazon VPC with a CIDR block of 10.0.0.0/16 and an AWS Site-to-Site VPN connection to an on-premises data center. The on-premises DNS servers host a private domain 'corp.example.com'. The SysOps administrator needs to enable EC2 instances in the VPC to resolve DNS names for 'corp.example.com' using the on-premises DNS servers. Which Route 53 feature should be configured?
Explanation: Route 53 Resolver outbound endpoints allow DNS queries from the VPC to be forwarded to on-premises DNS servers for private hosted zones. You create an outbound endpoint and associate forwarding rules to match specific domains (like corp.example.com) and forward queries to the on-premises DNS server IPs. Inbound endpoints are used for the reverse direction (on-premises to AWS). VPC peering does not forward DNS. Route53 private hosted zones are used for internal AWS domain resolution, not for forwarding to on-premises.
A company operates a web application behind an Application Load Balancer (ALB). The SysOps administrator needs to block incoming requests from specific geographic locations (countries X and Y) and also enforce a rate limit of 100 requests per IP address per 5-minute window to mitigate DDoS attacks. The solution must be centrally configured and apply to all requests handled by the ALB. Which AWS service should be used to implement these requirements?
Explanation: AWS WAF is a web application firewall that can be associated with an ALB. It allows you to create rules that filter requests based on conditions such as geographic origin (geo match) and rate of requests (rate-based rules). Geo match rules allow you to block or allow traffic from specific countries. Rate-based rules count requests from a source IP and block them if the rate exceeds a threshold over a specified period. CloudFront geo restriction is limited to CloudFront distributions. AWS Shield Advanced provides enhanced DDoS protection but does not offer granular geo-blocking or application-layer rate limiting. Security Groups cannot inspect application layer data.
+10 more scenario questions available
Practice all Which Command Should the Administrator Use Practice QuestionsRelated Topics
Frequently asked questions
How do "Which Command Should the Administrator Use Practice Questions" appear on the real SOA-C02?
Practise command-choice questions where the task is to identify the correct verification, configuration or troubleshooting command. These appear throughout the SOA-C02 and require you to apply your knowledge, not just recall facts.
How many scenario questions are on the SOA-C02 exam?
Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the SOA-C02. Practicing each scenario type ensures you're ready for any format.
Are these SOA-C02 scenario practice questions free?
Yes — all scenario practice on Courseiva is completely free. Sign up for a free account to track your progress and see which scenario types you've mastered.
Ready to practice this scenario type?
Launch a full Which Command Should the Administrator Use Practice Questions session with instant scoring and detailed explanations.
Start Scenario Practice →