Practice Free SOA-C03 Exam Online Questions
A company’s CloudOps engineer deploys four new Amazon EC2 instances by using the standard Amazon Linux Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances. The CloudOps engineer notices that the instances do not appear in the Systems Manager console.
What must the CloudOps engineer do to resolve this issue?
- A . Connect to each instance by using SSH. Install Systems Manager Agent on each instance. Configure Systems Manager Agent to start automatically when the instances start up.
- B . Use AWS Certificate Manager (ACM) to create a TLS certificate. Import the certificate into each instance. Configure Systems Manager Agent to use the TLS certificate for secure communications.
- C . Connect to each instance by using SSH. Create an ssm-user account. Add the ssm-user account to the /etc/sudoers.d directory.
- D . Attach an IAM instance profile to the instances. Ensure that the instance profile contains the AmazonSSMManagedInstanceCore policy.
A company’s developers manually install software modules on Amazon EC2 instances to deploy new versions of a service. A security audit finds that instances contain inconsistent and unapproved modules.
A CloudOps engineer must create a new instance image that contains only approved software.
Which solution will meet these requirements?
- A . Use Amazon Detective to continuously find and uninstall unauthorized modules from the instances.
- B . Use Amazon GuardDuty to create and deploy an Amazon Machine Image (AMI) that includes only the approved modules.
- C . Use AWS Systems Manager Run Command to install the approved modules on all running instances during an in-place update.
- D . Use EC2 Image Builder to create and test an Amazon Machine Image (AMI) that includes only the approved modules. Update the deployment workflow to use the new AMI.
A company hosts an FTP server on EC2 instances. AWS Security Hub sends findings to Amazon
EventBridge when the FTP port becomes publicly exposed in attached security groups.
A CloudOps engineer needs an automated, event-driven remediation solution to remove public access from security groups.
Which solution will meet these requirements?
- A . Configure the existing EventBridge event to stop the EC2 instances that have the exposed port.
- B . Create a cron job for the FTP server to invoke an AWS Lambda function. Configure the Lambda function to modify the security group of the identified EC2 instances and to remove the instances that allow public access.
- C . Create a cron job for the FTP server that invokes an AWS Lambda function. Configure the Lambda function to modify the server to use SFTP instead of FTP.
- D . Configure the existing EventBridge event to invoke an AWS Lambda function. Configure the function to remove the security group rule that allows public access.
A company hosts an encrypted Amazon S3 bucket in the ap-southeast-2 Region. Users from the eu-west-2 Region access the S3 bucket through the internet. The users from eu-west-2 need faster transfers to and from the S3 bucket for large files.
Which solution will meet these requirements?
- A . Create an S3 access point in eu-west-2 to use as the destination for S3 replication from ap-southeast-2. Ensure all users switch to the new S3 access point.
- B . Create an Amazon Route 53 hosted zone with a geolocation routing policy. Choose the Alias to S3 website endpoint option. Specify the S3 bucket that is in ap-southeast-2 as the source bucket.
- C . Create a new S3 bucket in eu-west-2. Copy all contents from ap-southeast-2 to the new bucket in eu-west-2. Create an S3 access point, and associate it with both buckets. Ensure users use the new S3 access point.
- D . Configure and activate S3 Transfer Acceleration on the S3 bucket. Use the new S3 acceleration endpoint’s domain name for access.
A company runs an application on Amazon EC2 instances in an Auto Scaling group. Scale-out actions take a long time because of long-running boot scripts. The CloudOps engineer must reduce scale-out time without overprovisioning.
Which solution will meet these requirements?
- A . Change the launch configuration to use a larger instance size.
- B . Increase the minimum number of instances in the Auto Scaling group.
- C . Add a predictive scaling policy to the Auto Scaling group.
- D . Add a warm pool to the Auto Scaling group.
A company needs to copy an Amazon Aurora database from one AWS account to a second account that uses a second AWS Region. A CloudOps engineer must automate this process to occur every day.
Which solution will meet these requirements with the LEAST operational overhead?
- A . Create a backup plan in AWS Backup. Specify the second account and the second Region as the destination.
- B . Create an Amazon EventBridge rule that runs on a schedule. Create an AWS Lambda function that
runs an automation script to copy the database to the second account and the second Region. Use the EventBridge rule to invoke the Lambda function. - C . Configure Amazon EventBridge Scheduler with a recurring rule. Add the RDS StartExportTask API operation as a target. Specify the relevant details about the database and an Amazon S3 bucket to store the exported data. Create a replication rule for the S3 bucket to replicate data to the second account and the second Region.
- D . Configure AWS Application Migration Service to replicate the Aurora database. Specify the second account and the second Region as the destination.
A SysOps administrator needs to give an existing AWS Lambda function access to an existing Amazon S3 bucket. Traffic between the Lambda function and the S3 bucket must not use public IP addresses. The Lambda function has been configured to run in a VPC.
Which solution will meet these requirements?
- A . Configure VPC sharing between the Lambda VPC and the S3 bucket.
- B . Attach a transit gateway to the Lambda VPC to allow the Lambda function to connect to the S3 bucket.
- C . Create a NAT gateway. Associate the NAT gateway with the subnet where the Lambda function is configured to run.
- D . Create an S3 interface endpoint. Change the Lambda function to use the new S3 DNS name.
A company uses an IAM policy to ensure that all AWS resources are deployed and managed by AWS CloudFormation. A CloudOps engineer must periodically audit all AWS resources and provide a list of resources that do not match the expected configuration.
Which solution will meet this requirement with the LEAST effort?
- A . Configure an Amazon EventBridge rule that sends a notification to the company when any resource is created by CloudFormation. Audit the event notifications for any incorrect configurations.
- B . Audit code repositories where CloudFormation code is stored to look for any deviations from the expected configuration.
- C . Use the AWS CLI to check all resources to ensure consistency with the intended configuration.
- D . Use Amazon EventBridge to schedule periodic invocations of CloudFormation drift detection.
Capture findings for review.
A company has a microservice that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). A CloudOps engineer must use Amazon Route 53 to create a record that maps the ALB URL to example.com.
Which type of Route 53 record will meet this requirement?
- A . An A record
- B . An AAAA record
- C . An alias record
- D . A CNAME record
A company has an application that processes events sequentially by using an Amazon SQS FIFO queue. The company needs a solution that automatically sends notifications to the SQS queue when new objects are uploaded to an Amazon S3 bucket. The solution must maintain message ordering.
Which solution will meet these requirements with the LEAST operational overhead?
- A . Create an AWS Lambda function that polls the objects by using the ListObjectsV2 command and detects new objects when the objects are added. Configure the Lambda function to add a message to the SQS queue when new objects are detected.
- B . Create an event notification on the S3 bucket. Use the FIFO delivery option. Route the notifications to the existing SQS queue.
- C . Create an Amazon SNS FIFO topic. Create an event notification on the S3 bucket. Configure the event to send messages to the SNS topic. Subscribe the existing SQS queue to the SNS topic.
- D . Create an access point in Amazon S3 Access Points. Configure the access point to send new items to the existing SQS queue.