20:00

PDF|

Guide for SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate

Quiz SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate

Free Test
/ 10

Quiz

1/10
A company’s ecommerce application is running on Amazon EC2 instances that are behind an
Application Load Balancer (ALB). The instances are in an Auto Scaling group. Customers report that
the website is occasionally down. When the website is down, it returns an HTTP 500 (server error)
status code to customer browsers.
The Auto Scaling group’s health check is configured for EC2 status checks, and the instances appear
healthy.
Which solution will resolve the problem?
Select the answer
1 correct answer
A.
Replace the ALB with a Network Load Balancer.
B.
Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.
C.
Update the target group configuration on the ALB. Enable session affinity (sticky sessions).
D.
Install the Amazon CloudWatch agent on all instances. Configure the agent to reboot the instances.

Quiz

2/10
A company hosts a critical legacy application on two Amazon EC2 instances that are in one
Availability Zone. The instances run behind an Application Load Balancer (ALB). The company uses
Amazon CloudWatch alarms to send Amazon Simple Notification Service (Amazon SNS) notifications
when the ALB health checks detect an unhealthy instance. After a notification, the company's
engineers manually restart the unhealthy instance. A CloudOps engineer must configure the
application to be highly available and more resilient to failures. Which solution will meet these
requirements?
Select the answer
1 correct answer
A.
Create an Amazon Machine Image (AMI) from a healthy instance. Launch additional instances from the AMI in the same Availability Zone. Add the new instances to the ALB target group.
B.
Increase the size of each instance. Create an Amazon EventBridge rule. Configure the EventBridge rule to restart the instances if they enter a failed state.
C.
Create an Amazon Machine Image (AMI) from a healthy instance. Launch an additional instance from the AMI in the same Availability Zone. Add the new instance to the ALB target group. Create an AWS Lambda function that runs when an instance is unhealthy. Configure the Lambda function to stop and restart the unhealthy instance.
D.
Create an Amazon Machine Image (AMI) from a healthy instance. Create a launch template that uses the AMI. Create an Amazon EC2 Auto Scaling group that is deployed across multiple Availability Zones. Configure the Auto Scaling group to add instances to the ALB target group.

Quiz

3/10
An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon
SQS) queues. A CloudOps engineer must ensure that the application can read, write, and delete
messages from the SQS queues.
Which solution will meet these requirements in the MOST secure manner?
Select the answer
1 correct answer
A.
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user's credentials in the application's configuration.
B.
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
C.
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
D.
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.

Quiz

4/10
A company runs an application that logs user data to an Amazon CloudWatch Logs log group. The
company discovers that personal information the application has logged is visible in plain text in the
CloudWatch logs.
The company needs a solution to redact personal information in the logs by default. Unredacted
information must be available only to the company's security team. Which solution will meet these
requirements?
Select the answer
1 correct answer
A.
Create an Amazon S3 bucket. Create an export task from appropriate log groups in CloudWatch. Export the logs to the S3 bucket. Configure an Amazon Macie scan to discover personal data in the S3 bucket. Invoke an AWS Lambda function to move identified personal data to a second S3 bucket. Update the S3 bucket policies to grant only the security team access to both buckets.
B.
Create a customer managed AWS KMS key. Configure the KMS key policy to allow only the security team to perform decrypt operations. Associate the KMS key with the application log group.
C.
Create an Amazon CloudWatch data protection policy for the application log group. Configure data identifiers for the types of personal information that the application logs. Ensure that the security team has permission to call the unmask API operation on the application log group.
D.
Create an OpenSearch domain. Create an AWS Glue workflow that runs a Detect PII transform job and streams the output to the OpenSearch domain. Configure the CloudWatch log group to stream the logs to AWS Glue. Modify the OpenSearch domain access policy to allow only the security team to access the domain.

Quiz

5/10
A multinational company uses an organization in AWS Organizations to manage over 200 member
accounts across multiple AWS Regions. The company must ensure that all AWS resources meet
specific security requirements.
The company must not deploy any EC2 instances in the ap-southeast-2 Region. The company must
completely block root user actions in all member accounts. The company must prevent any user from
deleting AWS CloudTrail logs, including administrators. The company requires a centrally managed
solution that the company can automatically apply to all existing and future accounts. Which solution
will meet these requirements?
Select the answer
1 correct answer
A.
Create AWS Config rules with remediation actions in each account to detect policy violations. Implement IAM permissions boundaries for the account root users.
B.
Enable AWS Security Hub across the organization. Create custom security standards to enforce the security requirements. Use AWS CloudFormation StackSets to deploy the standards to all the accounts in the organization. Set up Security Hub automated remediation actions.
C.
Use AWS Control Tower for account governance. Configure Region deny controls. Use Service Control Policies (SCPs) to restrict root user access.
D.
Configure AWS Firewall Manager with security policies to meet the security requirements. Use an AWS Config aggregator with organization-wide conformance packs to detect security policy violations.

Quiz

6/10
A company's AWS accounts are in an organization in AWS Organizations. The organization has all
features enabled. The accounts use Amazon EC2 instances to host applications. The company
manages the EC2 instances manually by using the AWS Management Console. The company applies
updates to the EC2 instances by using an SSH connection to each EC2 instance.
The company needs a solution that uses AWS Systems Manager to manage all the organization's
current and future EC2 instances. The latest version of Systems Manager Agent (SSM Agent) is
running on the EC2 instances.
Which solution will meet these requirements?
Select the answer
1 correct answer
A.
Configure a home AWS Region in Systems Manager Quick Setup in the organization's management account. Deploy the Systems Manager Default Host Management Configuration Quick Setup from the management account.
B.
Configure a home AWS Region in Systems Manager Quick Setup in the organization's management account. Create a Systems Manager Run Command that attaches the AmazonSSMServiceRolePolicy IAM policy to every IAM role that the EC2 instances use. Invoke the command in every account in the organization.
C.
Create an AWS CloudFormation stack set that contains a Systems Manager parameter to define the Default Host Management Configuration role. Use the organization's management account to deploy the stack set to every account in the organization.
D.
Create an AWS CloudFormation stack set that contains an EC2 instance profile with the AmazonSSMManagedEC2InstanceDefaultPolicy IAM policy attached. Use the organization's management account to deploy the stack set to every account in the organization.

Quiz

7/10
A CloudOps engineer creates an AWS CloudFormation template to define an application stack that
can be deployed in multiple AWS Regions. The CloudOps engineer also creates an Amazon
CloudWatch dashboard by using the AWS Management Console. Each deployment of the application
requires its own CloudWatch dashboard.
How can the CloudOps engineer automate the creation of the CloudWatch dashboard each time the
application is deployed?
Select the answer
1 correct answer
A.
Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.
B.
Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource's DashboardBody property.
C.
Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.
D.
Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing dashboard in the DashboardName property.

Quiz

8/10
A CloudOps engineer needs to ensure that AWS resources across multiple AWS accounts are tagged
consistently. The company uses an organization in AWS Organizations to centrally manage the
accounts. The company wants to implement cost allocation tags to accurately track the costs that are
allocated to each business unit.
Which solution will meet these requirements with the LEAST operational overhead?
Select the answer
1 correct answer
A.
Use Organizations tag policies to enforce mandatory tagging on all resources. Enable cost allocation tags in the AWS Billing and Cost Management console.
B.
Configure AWS CloudTrail events to invoke an AWS Lambda function to detect untagged resources and to automatically assign tags based on predefined rules.
C.
Use AWS Config to evaluate tagging compliance. Use AWS Budgets to apply tags for cost allocation.
D.
Use AWS Service Catalog to provision only pre-tagged resources. Use AWS Trusted Advisor to enforce tagging across the organization.

Quiz

9/10
A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store
(Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in
the file system.
What should a CloudOps engineer do to resolve this issue?
Select the answer
1 correct answer
A.
Extend the file system with operating system-level tools to use the new storage capacity.
B.
Reattach the EBS volume to the EC2 instance.
C.
Reboot the EC2 instance that is attached to the EBS volume.
D.
Take a snapshot of the EBS volume. Replace the original volume with a volume that is created from the snapshot.

Quiz

10/10
Optimization]
A company has a workload that is sending log data to Amazon CloudWatch Logs. One of the fields
includes a measure of application latency. A CloudOps engineer needs to monitor the p90 statistic of
this field over time.
What should the CloudOps engineer do to meet this requirement?
Select the answer
1 correct answer
A.
Create an Amazon CloudWatch Contributor Insights rule on the log data.
B.
Create a metric filter on the log data.
C.
Create a subscription filter on the log data.
D.
Create an Amazon CloudWatch Application Insights rule for the workload.
Looking for more questions?Buy now

SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Practice test unlocks all online simulator questions

Thank you for choosing the free version of the SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate practice test! Further deepen your knowledge on Amazon Simulator; by unlocking the full version of our SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator you will be able to take tests with over 65 constantly updated questions and easily pass your exam. 98% of people pass the exam in the first attempt after preparing with our 65 questions.

BUY NOW

What to expect from our SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate practice tests and how to prepare for any exam?

The SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator Practice Tests are part of the Amazon Database and are the best way to prepare for any SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate exam. The SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate practice tests consist of 65 questions and are written by experts to help you and prepare you to pass the exam on the first attempt. The SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate database includes questions from previous and other exams, which means you will be able to practice simulating past and future questions. Preparation with SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator will also give you an idea of the time it will take to complete each section of the SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate practice test . It is important to note that the SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator does not replace the classic SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate study guides; however, the Simulator provides valuable insights into what to expect and how much work needs to be done to prepare for the SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate exam.

BUY NOW

SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Practice test therefore represents an excellent tool to prepare for the actual exam together with our Amazon practice test . Our SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator will help you assess your level of preparation and understand your strengths and weaknesses. Below you can read all the quizzes you will find in our SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator and how our unique SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Database made up of real questions:

Info quiz:

  • Quiz name:SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate
  • Total number of questions:65
  • Number of questions for the test:50
  • Pass score:80%

You can prepare for the SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate exams with our mobile app. It is very easy to use and even works offline in case of network failure, with all the functions you need to study and practice with our SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator.

Use our Mobile App, available for both Android and iOS devices, with our SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Simulator . You can use it anywhere and always remember that our mobile app is free and available on all stores.

Our Mobile App contains all SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate practice tests which consist of 65 questions and also provide study material to pass the final SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate exam with guaranteed success. Our SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate database contain hundreds of questions and Amazon Tests related to SOA-C03: Amazon AWS Certified CloudOps Engineer - Associate Exam. This way you can practice anywhere you want, even offline without the internet.

BUY NOW