SOA-C03 Amazon-Web-Services Exam Questions and Free Practice Test

Question 19

A company's CloudOps engineer is troubleshooting communication between the components of an application. The company configured VPC flow logs to be published to Amazon CloudWatch Logs. However, there are no logs in CloudWatch Logs.
What could be blocking the VPC flow logs from being published to CloudWatch Logs?

A. The IAM policy attached to the IAM role for the flow log is missing the logs:CreateLogGroup permission.

B. The IAM policy attached to the IAM role for the flow log is missing the logs:CreateExportTask permission.

C. The VPC is configured for IPv6 addresses.

D. The VPC is peered with another VPC in the AWS account.

Correct Answer:A

Question 20

A company??s ecommerce application is running on Amazon EC2 instances that are behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. Customers report that the website is occasionally down. When the website is down, it returns an HTTP 500 (server error) status code to customer browsers.
The Auto Scaling group??s health check is configured for EC2 status checks, and the instances appear healthy.
Which solution will resolve the problem?

A. Replace the ALB with a Network Load Balancer.

B. Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.

C. Update the target group configuration on the AL

D. Enable session affinity (sticky sessions).

E. Install the Amazon CloudWatch agent on all instance

F. Configure the agent to reboot the instances.

Correct Answer:B

Question 21

An ecommerce company uses Amazon ElastiCache (Redis OSS) for caching product queries. The CloudOps engineer observes a large number of cache evictions in Amazon CloudWatch metrics and needs to reduce evictions while retaining popular data in cache.
Which solution meets these requirements with the least operational overhead?

A. Add another node to the ElastiCache cluster.

B. Increase the ElastiCache TTL value.

C. Decrease the ElastiCache TTL value.

D. Migrate to a new ElastiCache cluster with larger nodes.

Correct Answer:D

Question 22

A CloudOps engineer created a VPC with a private subnet, a security group allowing all outbound traffic, and an endpoint for EC2 Instance Connect in the private subnet. The EC2 instance was launched without an SSH key pair, using the same subnet and security group. However, the engineer cannot connect via EC2 Instance Connect endpoint.
How can the CloudOps engineer connect to the instance?

A. Create an inbound rule in the security group to allow HTTPS traffic on port 443 from the private subnet.

B. Create an inbound rule in the security group to allow SSH traffic on port 22 from the private subnet.

C. Create an IAM instance profile that allows AWS Systems Manager Session Managerto access the EC2 instanc

D. Associate the instance profile with the instance.

E. Recreate the EC2 instanc

F. Associate an SSH key pair with the instance.

Correct Answer:C

Question 23

A CloudOps engineer is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are issued weekly.
The CloudOps engineer needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a script that uses Packer and schedule a cron job.

B. Install the application and dependencies on an EC2 instance and create an AMI.

C. Use EC2 Image Builder with a custom recipe to install the application and dependencies.

D. Invoke the EC2 CreateImage API operation by using an EventBridge scheduled rule.

Correct Answer:C

Question 24

A company's security policy requires incoming SSH traffic to be restricted to a defined set of addresses. The company is using an AWS Config rule to check whether security groups allow unrestricted incoming SSH traffic.
A CloudOps engineer discovers a noncompliant resource and fixes the security group manually. The CloudOps engineer wants to automate the remediation of other noncompliant resources.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a CloudWatch alarm for the AWS Config rule and invoke a Lambda function to remediate.

B. Configure an automatic remediation action on the AWS Config rule using AWS- DisableIncomingSSHOnPort22.

C. Create an EventBridge rule for AWS Config events and invoke a Lambda function.

D. Run a scheduled Lambda function to inspect and remediate security groups.

Correct Answer:B

START SOA-C03 EXAM