Practice Free SOA-C03 Exam Online Questions
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A CloudOps engineer needs to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?
- A . Create an Aurora Replica. Promote the replica to replace the primary DB instance.
- B . Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
- C . Use backtracking to rewind the existing DB cluster to the desired recovery point.
- D . Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.
A company uses Amazon ElastiCache (Redis OSS) to cache application data. A CloudOps engineer must implement a solution to increase the resilience of the cache. The solution also must minimize the recovery time objective (RTO).
Which solution will meet these requirements?
- A . Replace ElastiCache (Redis OSS) with ElastiCache (Memcached).
- B . Create an Amazon EventBridge rule to initiate a backup every hour. Restore the backup when necessary.
- C . Create a read replica in a second Availability Zone. Enable Multi-AZ for the ElastiCache (Redis OSS) replication group.
- D . Enable automatic backups. Restore the backups when necessary.
A company’s CloudOps engineer monitors multiple AWS accounts in an organization and checks each account’s AWS Health Dashboard. After adding 10 new accounts, the engineer wants to consolidate health alerts from all accounts.
Which solution meets this requirement with the least operational effort?
- A . Enable organizational view in AWS Health.
- B . Configure the Health Dashboard in each account to forward events to a central AWS CloudTrail log.
- C . Create an AWS Lambda function to query the AWS Health API and write all events to an Amazon DynamoDB table.
- D . Use the AWS Health API to write events to an Amazon DynamoDB table.
A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a CloudOps engineer take to resolve this problem? (Select TWO.)
- A . Change to the least outstanding requests algorithm on the ALB target group.
- B . Configure cookie forwarding in the CloudFront distribution cache behavior.
- C . Configure header forwarding in the CloudFront distribution cache behavior.
- D . Enable group-level stickiness on the ALB listener rule.
- E . Enable sticky sessions on the ALB target group.
A CloudOps engineer wants to configure observability of specific metrics for a public website that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The CloudOps engineer wants to observe latency, traffic, errors, and saturation metrics. The CloudOps engineer wants to define service level objectives (SLOs) and monitor service level indicators (SLIs). The CloudOps engineer also wants to correlate metrics, logs, and traces to support faster issue resolution.
Which solution will meet these requirements with the LEAST operational effort?
- A . Use Amazon CloudWatch Application Signals to automatically collect and monitor the specified metrics for the EKS workloads.
- B . Configure AWS Distro for OpenTelemetry and use Amazon Managed Service for Prometheus and Amazon Managed Grafana.
- C . Configure Amazon CloudWatch RUM and CloudWatch Synthetics canaries.
- D . Configure Amazon CloudWatch Application Insights.
A CloudOps engineer has an Amazon ECS service that runs a transaction processing application. The CloudOps engineer needs to deploy a new feature on the ECS service. The feature cannot have downtime during deployment. The feature must also have the ability to run an immediate one-step rollback if a performance-degrading bug is detected.
Which solution will meet these requirements?
- A . Configure a canary deployment by using an AWS CodeDeploy linear traffic shift with a 10% increment over 10 minutes.
- B . Implement a blue/green deployment by using AWS CodeDeploy.
- C . Configure the ECS service with a minimum healthy percentage of 100%. Use the default rolling update deployment type.
- D . Set the ECS service’s desired count to double the current size. Manually terminate the old tasks after the new tasks are registered.
A company must retain all Amazon S3 objects for 90 days for compliance reasons. Additionally, the company must retain all changes to objects for 90 days. Therefore, the company enables S3 Versioning on the bucket. The company does not delete S3 objects even after the retention period ends. The company notices that S3 costs are increasing. The company wants to reduce storage costs.
Which solution will meet these requirements with the LEAST operational overhead?
- A . Write an AWS Lambda function that checks S3 object version age. Create a delete marker for any object older than 90 days.
- B . Set an S3 Lifecycle rule to automatically delete S3 object versions older than 90 days.
- C . Use AWS Backup to migrate objects out of the S3 bucket after 90 days.
- D . Use Amazon EventBridge to watch for S3 object creation events. Schedule an AWS Lambda function to run in 90 days to delete the object.
A company has an AWS CloudFormation template that creates an Amazon S3 bucket. A user authenticates to the corporate AWS account with their Active Directory credentials and attempts to deploy the CloudFormation template. However, the stack creation fails.
Which factors could cause this failure? (Select TWO.)
- A . The user’s IAM policy does not allow the cloudformation:CreateStack action.
- B . The user’s IAM policy does not allow the cloudformation:CreateStackSet action.
- C . The user’s IAM policy does not allow the s3:CreateBucket action.
- D . The user’s IAM policy explicitly denies the s3:ListBucket action.
- E . The user’s IAM policy explicitly denies the s3:PutObject action.
A company maintains a list of 75 approved Amazon Machine Images (AMIs) that can be used across an organization in AWS Organizations. The company’s development team has been launching Amazon EC2 instances from unapproved AMIs.
A SysOps administrator must prevent users from launching EC2 instances from unapproved AMIs.
Which solution will meet this requirement?
- A . Add a tag to the approved AMIs. Create an IAM policy that includes a tag condition that allows users to launch EC2 instances from only the tagged AMIs.
- B . Create a service-linked role. Attach a policy that denies the ability to launch EC2 instances from a list of unapproved AMIs. Assign the role to users.
- C . Use AWS Config with an AWS Lambda function to check for EC2 instances that are launched from unapproved AMIs. Program the Lambda function to send an Amazon Simple Notification Service (Amazon SNS) message to the SysOps administrator to terminate those EC2 instances.
- D . Use AWS Trusted Advisor to check for EC2 instances that are launched from unapproved AMIs. Configure Trusted Advisor to invoke an AWS Lambda function to terminate those EC2 instances.
A company needs to log and audit any principal that publishes messages to Amazon Simple Notification Service (Amazon SNS) topics and Amazon Simple Queue Service (Amazon SQS) queues. The company wants to ensure that all communication with these services uses VPC endpoints.
Which combination of solutions will meet these requirements? (Select TWO.)
- A . Use Amazon CloudWatch Logs to collect message content from Amazon SNS and Amazon SQS.
Deliver logs to an Amazon S3 bucket for querying. - B . Set up AWS CloudTrail. Enable tracking of data events for Amazon SNS and Amazon SQS. Deliver logs to an Amazon S3 bucket for querying.
- C . Create Amazon EventBridge rules to gather Amazon SNS and Amazon SQS events. Store the events in an Amazon S3 bucket.
- D . Configure VPC endpoints for Amazon SNS and Amazon SQS. Inspect the vpcEndpointId field in the AWS CloudTrail logs.
- E . Configure VPC endpoints for Amazon SNS and Amazon SQS. Inspect the vpcEndpoint field in the Amazon CloudWatch logs.