Spring Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

SOA-C03 Sample Questions Answers

Questions 4

A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A CloudOps engineer must make the application highly available.

Which action should the CloudOps engineer take to meet this requirement?

Options:

A.

Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

B.

Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

C.

Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.

D.

Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

Buy Now
Questions 5

A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances. A CloudOps engineer needs to keep the EC2 instances and their data even if the stack is deleted.

Which solution will meet these requirements?

Options:

A.

Set the DeletionPolicy attribute to Snapshot.

B.

Use Amazon Data Lifecycle Manager (DLM).

C.

Create an AWS Backup plan.

D.

Set the DeletionPolicy attribute to Retain.

Buy Now
Questions 6

A CloudOps engineer is responsible for a company's disaster recovery procedures. The company has a source Amazon S3 bucket in a production account, and it wants to replicate objects from the source to a destination S3 bucket in a nonproduction account. The CloudOps engineer configures S3 cross-Region, cross-account replication to copy the source S3 bucket to the destination S3 bucket. When the CloudOps engineer attempts to access objects in the destination S3 bucket, they receive an Access Denied error.

Which solution will resolve this problem?

Options:

A.

Modify the replication configuration to change object ownership to the destination S3 bucket owner.

B.

Ensure that the replication rule applies to all objects in the source S3 bucket and is not scoped to a single prefix.

C.

Retry the request when the S3 Replication Time Control (S3 RTC) has elapsed.

D.

Verify that the storage class for the replicated objects did not change between the source S3 bucket and the destination S3 bucket.

Buy Now
Questions 7

A CloudOps engineer needs to build an event infrastructure for custom application-specific events. The events must be sent to an AWS Lambda function for processing. The CloudOps engineer must record the events so they can be replayed later by event type or event time.

Which solution will meet these requirements?

Options:

A.

Create an Amazon EventBridge custom event bus, create an archive, and create a rule to send events to Lambda.

B.

Create an archive on the default event bus and use pattern matching.

C.

Create an EventBridge pipe and store events in an archive.

D.

Create a CloudWatch Logs log group and route events there.

Buy Now
Questions 8

A company hosts a static website on Amazon S3. An Amazon CloudFront distribution presents this site to global users. The company uses the Managed-CachingDisabled CloudFront cache policy. The company's developers confirm that they frequently update a file in Amazon S3 with new information.

Users report that the website presents correct information when the website first loads the file. However, the users' browsers do not retrieve the updated file after a refresh.

What should a SysOps administrator recommend to fix this issue?

Options:

A.

Add a Cache-Control header field with max-age=0 to the S3 object.

B.

Change the CloudFront cache policy to Managed-CachingOptimized.

C.

Disable bucket versioning in the S3 bucket configuration.

D.

Enable content compression in the CloudFront configuration.

Buy Now
Questions 9

A CloudOps engineer is configuring an Amazon CloudFront distribution to use an SSL/TLS certificate. The CloudOps engineer must ensure automatic certificate renewal.

Which combination of steps will meet this requirement? (Select TWO.)

Options:

A.

Use a certificate issued by AWS Certificate Manager (ACM).

B.

Use a certificate issued by a third-party certificate authority (CA).

C.

Configure CloudFront to automatically renew the certificate when the certificate expires.

D.

Configure email validation for the certificate.

E.

Configure DNS validation for the certificate.

Buy Now
Questions 10

A company’s application servers in AWS account 111122223333 use a security group sg-1234abcd. They need to access a database hosted in account 444455556666. The VPCs are connected using a VPC peering connection (pcx-b04deed9).

A CloudOps engineer must configure the database’s security group to allow new connections only from the application servers.

What should the engineer do?

Options:

A.

Add an inbound rule to the database's security group. Reference 111122223333/sg-1234abcd as the source.

B.

Add an inbound rule to the database's security group. Reference pcx-b04deed9/sg-1234abcd as the source.

C.

Add an inbound rule to the database's security group. Reference sg-1234abcd as the source.

D.

Add an inbound rule to the database's security group. Reference 444455556666/sg-1234abcd as the source.

Buy Now
Questions 11

A CloudOps engineer is examining the following AWS CloudFormation template:

AWSTemplateFormatVersion: '2010-09-09'

Description: 'Creates an EC2 Instance'

Resources:

EC2Instance:

Type: AWS::EC2::Instance

Properties:

ImageId: ami-79fd7eee

InstanceType: m5n.large

SubnetId: subnet-1abc3d3fg

PrivateDnsName: ip-10-24-34-0.ec2.internal

Tags:

- Key: Name

Value: !Sub "${AWS::StackName} Instance"

Why will the stack creation fail?

Options:

A.

The Outputs section of the CloudFormation template was omitted.

B.

The Parameters section of the CloudFormation template was omitted.

C.

The PrivateDnsName cannot be set from a CloudFormation template.

D.

The VPC was not specified in the CloudFormation template.

Buy Now
Questions 12

A company uses Amazon EC2 Auto Scaling across multiple Availability Zones. The company must ensure that EC2 instances are provisioned in private subnets.

The company recently optimized its cloud infrastructure by reducing the number of NAT gateways in the company's VPC to one. Some EC2 instances lost internet connectivity after the infrastructure update. A CloudOps engineer must resolve the connectivity issue.

Which solution will meet this requirement?

Options:

A.

Replace the existing NAT gateway with a NAT instance in the same subnet.

B.

Update VPC route tables to target the existing NAT gateway for internet traffic.

C.

Update VPC route tables to target an internet gateway for internet traffic.

D.

Add secondary IP addresses to the existing NAT gateway.

Buy Now
Questions 13

A company’s Amazon EC2 instance with high CPU utilization is a t3.large instance running a test web app. The company determines the app would run better on a compute-optimized large instance.

What should the CloudOps engineer do?

Options:

A.

Migrate the EC2 instance to a compute optimized instance by using AWS VM Import/Export.

B.

Enable hibernation on the EC2 instance. Change the instance type to a compute optimized instance. Disable hibernation on the EC2 instance.

C.

Stop the EC2 instance. Change the instance type to a compute optimized instance. Start the EC2 instance.

D.

Change the instance type to a compute optimized instance while the EC2 instance is running.

Buy Now
Questions 14

A company has users that deploy Amazon EC2 instances with more Amazon EBS performance capacity than required. A CloudOps engineer must review all EBS volumes and create cost optimization recommendations based on IOPS and throughput.

What should the CloudOps engineer do in the MOST operationally efficient way?

Options:

A.

Review EC2 console monitoring graphs manually.

B.

Change instance types to EBS-optimized.

C.

Opt in to AWS Compute Optimizer and review EBS volume recommendations.

D.

Run fio benchmarks on each instance.

Buy Now
Questions 15

A CloudOps engineer creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions. The CloudOps engineer also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard.

How can the CloudOps engineer automate the creation of the CloudWatch dashboard each time the application is deployed?

Options:

A.

Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.

B.

Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource's DashboardBody property.

C.

Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.

D.

Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing dashboard in the DashboardName property.

Buy Now
Questions 16

A company has a multi-account AWS environment that includes the following:

• A central identity account that contains all IAM users and groups

• Several member accounts that contain IAM roles

A SysOps administrator must grant permissions for a particular IAM group to assume a role in one of the member accounts. How should the SysOps administrator accomplish this task?

Options:

A.

In the member account, add sts:AssumeRole permissions to the role's policy. In the identity account, add a trust policy to the group that specifies the account number of the member account.

B.

In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:AssumeRole permissions.

C.

In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:PassRole permissions.

D.

In the member account, add the group Amazon Resource Name (ARN) to the role's inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.

Buy Now
Questions 17

A company is storing backups in an Amazon S3 bucket. These backups must not be deleted for at least 3 months after creation.

What should the CloudOps engineer do?

Options:

A.

Configure an IAM policy that denies the s3:DeleteObject action for all users. Three months after an object is written, remove the policy.

B.

Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

C.

Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.

D.

Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Buy Now
Questions 18

A company's developers manually install software modules on Amazon EC2 instances to deploy new versions of a service. A security audit finds that instances contain inconsistent and unapproved modules.

A CloudOps engineer must create a new instance image that contains only approved software.

Which solution will meet these requirements?

Options:

A.

Use Amazon Detective to continuously find and uninstall unauthorized modules from the instances.

B.

Use Amazon GuardDuty to create and deploy an Amazon Machine Image (AMI) that includes only the approved modules.

C.

Use AWS Systems Manager Run Command to install the approved modules on all running instances during an in-place update.

D.

Use EC2 Image Builder to create and test an Amazon Machine Image (AMI) that includes only the approved modules. Update the deployment workflow to use the new AMI.

Buy Now
Questions 19

A company uses a large number of Linux-based Amazon EC2 instances to run business operations. The company uses AWS Systems Manager to manage the EC2 instances. The company wants to ensure that the Systems Manager Agent (SSM Agent) is always up to date with the latest version.

Which solution will meet this requirement in the MOST operationally efficient way?

Options:

A.

Enable the Auto update SSM Agent setting in Systems Manager Fleet Manager.

B.

Subscribe to SSM Agent GitHub notifications and use Lambda to update agents.

C.

Enable the Auto update SSM Agent setting in Systems Manager Patch Manager.

D.

Use GitHub notifications and a Systems Manager Automation document.

Buy Now
Questions 20

A company uses memory-optimized Amazon EC2 instances behind a Network Load Balancer (NLB) to run an application. The company launched the EC2 instances from an AWS-provided Red Hat Enterprise Linux (RHEL) AMI.

A CloudOps engineer must monitor RAM utilization in 5-minute intervals. The CloudOps engineer must ensure that the EC2 instances scale in and out appropriately based on incoming load.

Which solution will meet these requirements?

Options:

A.

Configure detailed monitoring for the EC2 instances. Configure the Amazon CloudWatch agent on the EC2 instances. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_active metric.

B.

Configure detailed monitoring for the EC2 instances. Use the mem_used_percent metric that the detailed monitoring feature provides. Create an IAM role that allows the CloudWatch agent to upload data. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_used_percent metric.

C.

Configure basic monitoring for the EC2 instances. Configure the Amazon CloudWatch agent on the EC2 instances. Create an IAM role that allows the CloudWatch agent to upload data. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_used_percent metric.

D.

Configure basic monitoring for the EC2 instances. Use the standard mem_used_percent metric for monitoring. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_used_percent metric.

Buy Now
Questions 21

A company has a workload that is sending log data to Amazon CloudWatch Logs. One of the fields includes a measure of application latency. A CloudOps engineer needs to monitor the p90 statistic of this field over time.

What should the CloudOps engineer do to meet this requirement?

Options:

A.

Create an Amazon CloudWatch Contributor Insights rule on the log data.

B.

Create a metric filter on the log data.

C.

Create a subscription filter on the log data.

D.

Create an Amazon CloudWatch Application Insights rule for the workload.

Buy Now
Questions 22

A company is implementing security and compliance by using AWS Trusted Advisor. The company’s CloudOps team is validating the list of Trusted Advisor checks that it can access.

Which factor will affect the quantity of available Trusted Advisor checks?

Options:

A.

Whether at least one Amazon EC2 instance is in the running state

B.

The AWS Support plan

C.

An AWS Organizations service control policy (SCP)

D.

Whether the AWS account root user has multi-factor authentication (MFA) enabled

Buy Now
Questions 23

To comply with regulations, a SysOps administrator needs to back up an Amazon EC2 Amazon Machine Image (AMI) to an Amazon S3 bucket. If the SysOps administrator restores the AMI from the bucket in the future, the AMI must use the same AMI image ID as the original AMI.

Which solution will meet this requirement?

Options:

A.

Create a copy of the AMI. Specify the destination S3 bucket. Set the launch permissions to implicit.

B.

Archive the snapshot that is associated with the AMI. Specify the S3 bucket as the archive destination.

C.

Create a store image task. Specify the image ID and the destination S3 bucket.

D.

Use the AWS CLI copy-image command. Specify the image ID and the destination S3 bucket.

Buy Now
Questions 24

A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes associated with user requests. The company needs to monitor the number of times the web server returns an HTTP 404 response.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create a CloudWatch Logs metric filter that counts the number of times the web server returns an HTTP 404 response.

B.

Create a CloudWatch Logs subscription filter that counts the number of HTTP 404 responses.

C.

Create an AWS Lambda function that runs a CloudWatch Logs Insights query every hour.

D.

Create a script that runs a CloudWatch Logs Insights query every hour.

Buy Now
Questions 25

A company runs a website on Amazon EC2 instances. Users can upload images to an Amazon S3 bucket and publish the images to the website. The company wants to deploy a serverless image-processing application that uses an AWS Lambda function to resize the uploaded images.

The company's development team has created the Lambda function. A CloudOps engineer must implement a solution to invoke the Lambda function when users upload new images to the S3 bucket.

Which solution will meet this requirement?

Options:

A.

Configure an Amazon Simple Notification Service (Amazon SNS) topic to invoke the Lambda function when a user uploads a new image to the S3 bucket.

B.

Configure an Amazon CloudWatch alarm to invoke the Lambda function when a user uploads a new image to the S3 bucket.

C.

Configure S3 Event Notifications to invoke the Lambda function when a user uploads a new image to the S3 bucket.

D.

Configure an Amazon Simple Queue Service (Amazon SQS) queue to invoke the Lambda function when a user uploads a new image to the S3 bucket.

Buy Now
Questions 26

A SysOps administrator must load test a new Amazon CloudFront distribution to assess data transfer and latency performance. Which solution will meet this requirement?

Options:

A.

Send client requests from a single geographic region. Configure the load test so that each client makes an identical DNS request. Focus the client requests on the IP address that the DNS returns.

B.

Send client requests from a single geographic region. Configure the load test so that each client makes an independent DNS request. Spread the client requests across the set of IP addresses that the DNS returns.

C.

Send client requests from multiple geographic regions. Configure the load test so that each client makes an identical DNS request. Focus the client requests on the IP address that the DNS returns.

D.

Send client requests from multiple geographic regions. Configure the load test so that each client makes an independent DNS request. Spread the client requests across the set of IP addresses that the DNS returns.

Buy Now
Questions 27

A company runs an application on Amazon EC2 instances in an Auto Scaling group. Scale-out actions take a long time because of long-running boot scripts. The CloudOps engineer must reduce scale-out time without overprovisioning.

Which solution will meet these requirements?

Options:

A.

Change the launch configuration to use a larger instance size.

B.

Increase the minimum number of instances in the Auto Scaling group.

C.

Add a predictive scaling policy to the Auto Scaling group.

D.

Add a warm pool to the Auto Scaling group.

Buy Now
Questions 28

A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer. The company’s security team wants to protect the website by using AWS Certificate Manager (ACM) certificates. The load balancer must automatically redirect any HTTP requests to HTTPS.

Which solution will meet these requirements?

Options:

A.

Create an Application Load Balancer that has one HTTPS listener on port 80. Attach an SSL/TLS certificate to port 80.

B.

Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS listener on port 443. Attach an SSL/TLS certificate to port 443. Create a rule to redirect requests from port 80 to port 443.

C.

Create an Application Load Balancer that has two TCP listeners on ports 80 and 443. Attach an SSL/TLS certificate to port 443.

D.

Create a Network Load Balancer with TCP listeners on ports 80 and 443. Attach an SSL/TLS certificate to port 443.

Buy Now
Questions 29

A CloudOps engineer needs to set up alerting and remediation for a web application. The application consists of Amazon EC2 instances that have AWS Systems Manager Agent (SSM Agent) installed. Each EC2 instance runs a custom web server. The EC2 instances run behind a load balancer and write logs locally.

The CloudOps engineer must implement a solution that restarts the web server software automatically if specific web errors are detected in the logs.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

A.

Install the Amazon CloudWatch agent on the EC2 instances.

B.

Create an AWS CloudTrail metric filter for the web logs. Configure an alarm for the specific errors.

C.

Create an Amazon CloudWatch metric filter for the web logs. Configure an alarm for the specific errors.

D.

Publish alarm findings to Amazon Simple Email Service (Amazon SES). Invoke an AWS Lambda function to restart the web server software.

E.

Create an Amazon EventBridge rule that responds to the alarm. Configure the rule to invoke an AWS Systems Manager Automation runbook to restart the web server software.

F.

Create an Amazon Simple Notification Service (Amazon SNS) notification that responds to the alarm. Configure the notification to invoke an AWS Systems Manager Automation runbook to restart the web server software.

Buy Now
Questions 30

A company's application is hosted by an internet provider at app.example.com. The company wants to access the application by using www.company.com, which the company owns and manages with Amazon Route 53.

Which Route 53 record should be created to address this requirement?

Options:

A.

A record

B.

Alias record

C.

CNAME record

D.

Pointer (PTR) record

Buy Now
Questions 31

A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals sudden increases in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A CloudOps engineer must find the process ID (PID) of the service or process that is consuming more CPU.

What should the CloudOps engineer do to collect the process utilization information with the LEAST amount of effort?

Options:

A.

Configure the Amazon CloudWatch agent procstat plugin to capture CPU process metrics.

B.

Configure an AWS Lambda function to run every minute to capture the PID and send a notification.

C.

Log in to the EC2 instance each night and run the top command.

D.

Use the default Amazon CloudWatch CPUUtilization metric.

Buy Now
Questions 32

A CloudOps engineer has created an AWS Service Catalog portfolio and shared it with a second AWS account in the company, managed by a different CloudOps engineer.

Which action can the CloudOps engineer in the second account perform?

Options:

A.

Add a product from the imported portfolio to a local portfolio.

B.

Add new products to the imported portfolio.

C.

Change the launch role for the products contained in the imported portfolio.

D.

Customize the products in the imported portfolio.

Buy Now
Questions 33

A company moves workloads from public subnets to private subnets to improve security. During testing, the company discovers that servers in the private subnets cannot reach an external API. The VPC has a CIDR block of 10.0.0.0/16. The VPC contains two public subnets and two private subnets. The VPC has one internet gateway and has a NAT gateway in each of the private subnets.

The company must ensure that workloads that run in the private subnets can reach the external API.

Which solution will meet this requirement?

Options:

A.

Deploy an outbound-only internet gateway to allow traffic from private subnets to the internet. Edit the route tables to direct outbound traffic through the outbound-only internet gateway.

B.

Create and configure an Amazon API Gateway HTTP API as a proxy for the external API. Edit the route tables to direct outbound traffic to the HTTP API.

C.

Deploy a new NAT gateway that has an Elastic IP address in each public subnet. Edit the route tables to direct outbound traffic through the NAT gateways.

D.

Create a VPC interface endpoint. Edit the route tables to direct outbound traffic through the endpoint.

Buy Now
Questions 34

A company uses default settings to create an AWS Lambda function. The function needs to access an Amazon RDS database that is in a private subnet of a VPC. The function has the correct IAM permissions to access the database. The private subnet has appropriate routing configurations and is accessible from within the VPC. However, the Lambda function is unable to connect to the RDS instance.

What is the likely reason the Lambda function cannot connect to the RDS instance?

Options:

A.

The company did not set the RDS instance as the destination for the Lambda function in the function configuration.

B.

The Lambda function configuration did not deploy the function in the same VPC that contains the RDS instance.

C.

The VPC where the Lambda function is deployed is not peered with the VPC where the RDS instance is deployed.

D.

The security group for the Lambda function does not allow outbound access to the RDS instance.

Buy Now
Questions 35

An errant process is known to use an entire processor and run at 100% CPU. A CloudOps engineer wants to automate restarting an Amazon EC2 instance when the problem occurs for more than 2 minutes.

How can this be accomplished?

Options:

A.

Create an Amazon CloudWatch alarm for the EC2 instance with basic monitoring. Add an action to restart the instance.

B.

Create an Amazon CloudWatch alarm for the EC2 instance with detailed monitoring. Add an action to restart the instance.

C.

Create an AWS Lambda function to restart the EC2 instance, invoked on a scheduled basis every 2 minutes.

D.

Create an AWS Lambda function to restart the EC2 instance, invoked by EC2 health checks.

Buy Now
Questions 36

A company hosts an encrypted Amazon S3 bucket in the ap-southeast-2 Region. Users from the eu-west-2 Region access the S3 bucket through the internet. The users from eu-west-2 need faster transfers to and from the S3 bucket for large files.

Which solution will meet these requirements?

Options:

A.

Create an S3 access point in eu-west-2 to use as the destination for S3 replication from ap-southeast-2. Ensure all users switch to the new S3 access point.

B.

Create an Amazon Route 53 hosted zone with a geolocation routing policy. Choose the Alias to S3 website endpoint option. Specify the S3 bucket that is in ap-southeast-2 as the source bucket.

C.

Create a new S3 bucket in eu-west-2. Copy all contents from ap-southeast-2 to the new bucket in eu-west-2. Create an S3 access point, and associate it with both buckets. Ensure users use the new S3 access point.

D.

Configure and activate S3 Transfer Acceleration on the S3 bucket. Use the new S3 acceleration endpoint's domain name for access.

Buy Now
Questions 37

A company deploys an application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The company wants to protect the application from SQL injection attacks.

Which solution will meet this requirement?

Options:

A.

Deploy AWS Shield Advanced in front of the ALB. Enable SQL injection filtering.

B.

Deploy AWS Shield Standard in front of the ALB. Enable SQL injection filtering.

C.

Deploy a vulnerability scanner on each EC2 instance. Continuously scan the application code.

D.

Deploy AWS WAF in front of the ALB. Subscribe to an AWS Managed Rule for SQL injection filtering.

Buy Now
Questions 38

A company hosts a production MySQL database on an Amazon Aurora single-node DB cluster. The database is queried heavily for reporting purposes. The DB cluster is experiencing periods of performance degradation because of high CPU utilization and maximum connections errors. A CloudOps engineer needs to improve the stability of the database.

Which solution will meet these requirements?

Options:

A.

Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas based on CPU utilization. Ensure that all reporting requests use the read-only connection string.

B.

Create a second Aurora MySQL single-node DB cluster in a second Availability Zone. Ensure that all reporting requests use the connection string for this additional node.

C.

Create an AWS Lambda function that caches reporting requests. Ensure that all reporting requests call the Lambda function.

D.

Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests use the ElastiCache cluster. Use the database if the data is not in the cache.

Buy Now
Questions 39

A CloudOps engineer is troubleshooting an implementation of Amazon CloudWatch Synthetics. The CloudWatch Synthetics results must be sent to an Amazon S3 bucket.

The CloudOps engineer has copied the configuration of an existing canary that runs on a VPC that has an internet gateway attached. However, the CloudOps engineer cannot get the canary to successfully start on a private VPC that has no internet access.

What should the CloudOps engineer do to successfully run the canary on the private VPC?

Options:

A.

Ensure that the DNS resolution option and the DNS hostnames option are turned on in the VPC. Add the synthetics:GetCanaryRuns permission to the VPC. On the S3 bucket, add the IgnorePublicAcls permission to the CloudWatch Synthetics role.

B.

Ensure that the DNS resolution option and the DNS hostnames option are turned off in the VPC. Create a gateway VPC endpoint for Amazon S3. Add the permissions to allow CloudWatch Synthetics to use the S3 endpoint.

C.

Ensure that the DNS resolution option and the DNS hostnames option are turned off in the VPC. Add a security group to the canary to allow outbound traffic on the DNS port. Add the permissions to allow CloudWatch Synthetics to write to the S3 bucket.

D.

Ensure that the DNS resolution option and the DNS hostnames option are turned on in the VPC. Create an interface VPC endpoint for CloudWatch. Create a gateway VPC endpoint for Amazon S3. Add the permissions to allow CloudWatch Synthetics to use both endpoints.

Buy Now
Questions 40

An AWS Lambda function is intermittently failing several times a day. A CloudOps engineer must find out how often this error occurred in the last 7 days.

Which action will meet this requirement in the MOST operationally efficient manner?

Options:

A.

Use Amazon Athena to query the Amazon CloudWatch logs that are associated with the Lambda function.

B.

Use Amazon Athena to query the AWS CloudTrail logs that are associated with the Lambda function.

C.

Use Amazon CloudWatch Logs Insights to query the associated Lambda function logs.

D.

Use Amazon OpenSearch Service to stream the Amazon CloudWatch logs for the Lambda function.

Buy Now
Questions 41

A SysOps administrator needs to encrypt an existing Amazon Elastic File System (Amazon EFS) file system by using an existing AWS KMS customer managed key.

Which solution will meet these requirements?

Options:

A.

Use Amazon EFS replication to create a new file system. Copy the data and metadata from the existing file system to the new file system. Specify the KMS customer managed key in the replication configuration. When the replication process finishes, fail over to the new encrypted file system.

B.

Directly modify the file system to use encryption. Specify the KMS customer managed key.

C.

Use Amazon EFS replication to create a new file system. Copy the data and metadata from the existing file system to the new file system. Generate a new TLS certificate. Specify the TLS certificate in the replication configuration. When the replication process finishes, fail over to the new encrypted file system.

D.

Create a new EFS file system that is encrypted with the KMS customer managed key. Create an Amazon EC2 instance to copy the files. Mount the encrypted file system and unencrypted file system on the instance. Copy all data from the unencrypted file system to the encrypted file system. Unmount the unencrypted file system and remove the temporary instance.

Buy Now
Questions 42

A CloudOps engineer wants to provide access to AWS services by attaching an IAM policy to multiple IAM users. The CloudOps engineer also wants to be able to change the policy and create new versions.

Which combination of actions will meet these requirements? (Select TWO.)

Options:

A.

Add the users to an IAM service-linked role. Attach the policy to the role.

B.

Add the users to an IAM user group. Attach the policy to the group.

C.

Create an AWS managed policy.

D.

Create a customer managed policy.

E.

Create an inline policy.

Buy Now
Questions 43

A company’s architecture team must receive immediate email notifications whenever new Amazon EC2 instances are launched in the company’s main AWS production account.

What should a CloudOps engineer do to meet this requirement?

Options:

A.

Create a user data script that sends an email message through a smart host connector. Include the architecture team's email address in the user data script as the recipient. Ensure that all new EC2 instances include the user data script as part of a standardized build process.

B.

Create an Amazon Simple Notification Service (Amazon SNS) topic and a subscription that uses the email protocol. Enter the architecture team's email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SNS topic as the rule's target.

C.

Create an Amazon Simple Queue Service (Amazon SQS) queue and a subscription that uses the email protocol. Enter the architecture team's email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SQS queue as the rule's target.

D.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure AWS Systems Manager to publish EC2 events to the SNS topic. Create an AWS Lambda function to poll the SNS topic. Configure the Lambda function to send any messages to the architecture team's email address.

Buy Now
Questions 44

An ecommerce company uses Amazon ElastiCache (Redis OSS) for caching product queries. The CloudOps engineer observes a large number of cache evictions in Amazon CloudWatch metrics and needs to reduce evictions while retaining popular data in cache.

Which solution meets these requirements with the least operational overhead?

Options:

A.

Add another node to the ElastiCache cluster.

B.

Increase the ElastiCache TTL value.

C.

Decrease the ElastiCache TTL value.

D.

Migrate to a new ElastiCache cluster with larger nodes.

Buy Now
Questions 45

A medical research company uses an Amazon Bedrock powered AI assistant with agents and knowledge bases to provide physicians quick access to medical study protocols. The company needs to generate audit reports that contain user identities, usage data for Bedrock agents, access data for knowledge bases, and interaction parameters.

Which solution will meet these requirements?

Options:

A.

Use AWS CloudTrail to log API events from generative AI workloads. Store the events in CloudTrail Lake. Use SQL-like queries to generate reports.

B.

Use Amazon CloudWatch to capture generative AI application logs. Stream the logs to Amazon OpenSearch Service. Use an OpenSearch dashboard visualization to generate reports.

C.

Use Amazon CloudWatch to log API events from generative AI workloads. Send the events to an Amazon S3 bucket. Use Amazon Athena queries to generate reports.

D.

Use AWS CloudTrail to capture generative AI application logs. Stream the logs to Amazon Managed Service for Apache Flink. Use SQL queries to generate reports.

Buy Now
Questions 46

A company runs an application on an Amazon EC2 instance. The application uses a MySQL database. The EC2 instance has a General Purpose SSD (gp3) Amazon EBS volume attached. The company wants to perform load testing using a new MySQL database created from an EBS snapshot of the production instance. The new database must perform as similarly as possible to production.

Which solution will meet these requirements in the LEAST amount of time?

Options:

A.

Use Amazon EBS fast snapshot restore (FSR) to create a new General Purpose SSD volume from the production snapshot.

B.

Use Amazon EBS fast snapshot restore (FSR) to create a new Provisioned IOPS SSD volume from the production snapshot.

C.

Use Amazon EBS standard snapshot restore to create a new General Purpose SSD volume from the production snapshot.

D.

Use Amazon EBS standard snapshot restore to create a new Provisioned IOPS SSD volume from the production snapshot.

Buy Now
Questions 47

A SysOps administrator creates a custom Amazon Machine Image (AMI) in the eu-west-2 Region and uses the AMI to launch Amazon EC2 instances. The SysOps administrator needs to use the same AMI to launch EC2 instances in two other Regions: us-east-1 and us-east-2.

What must the SysOps administrator do to use the custom AMI in the additional Regions?

Options:

A.

Copy the AMI to the additional Regions

B.

Make the AMI public in the Community AMIs section of the AWS Management Console

C.

Share the AMI to the additional Regions. Assign the required access permissions.

D.

Copy the AMI to a new Amazon S3 bucket. Assign access permissions to the AMI for the additional Regions

Buy Now
Questions 48

A CloudOps engineer is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The application generates write-intensive traffic with variable and sudden increases in client connections.

Which solution should the CloudOps engineer choose to meet these requirements?

Options:

A.

Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys. Use RDS Proxy.

B.

Configure AWS KMS to rotate keys. Use RDS read replicas.

C.

Configure AWS Secrets Manager to rotate credentials. Use RDS Proxy.

D.

Configure AWS Secrets Manager to rotate credentials. Use RDS read replicas.

Buy Now
Questions 49

An AWS CloudFormation template creates an Amazon RDS instance. This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use, even after the CloudFormation stack is deleted.

How can this be achieved in a reliable and efficient way?

Options:

A.

Write a script to continue backing up the RDS instance every five minutes.

B.

Create an AWS Lambda function to take a snapshot of the RDS instance, and manually invoke the function before deleting the stack.

C.

Use the Snapshot Deletion Policy in the CloudFormation template definition of the RDS instance.

D.

Create a new CloudFormation template to perform backups of the RDS instance, and run this template before deleting the stack.

Buy Now
Exam Code: SOA-C03
Exam Name: AWS Certified CloudOps Engineer - Associate
Last Update: Feb 24, 2026
Questions: 165
$57.75  $164.99
$43.75  $124.99
$36.75  $104.99
buy now SOA-C03