Practice Free SOA-C03 Exam Online Questions
A company is storing backups in an Amazon S3 bucket. These backups must not be deleted for at least 3 months after creation.
What should the CloudOps engineer do?
- A . Configure an IAM policy that denies the s3:DeleteObject action for all users. Three months after an object is written, remove the policy.
- B . Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
- C . Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.
- D . Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
A CloudOps engineer needs to control access to groups of Amazon EC2 instances using AWS Systems
Manager Session Manager. Specific tags on the EC2 instances have already been added.
Which additional actions should the CloudOps engineer take to control access? (Select TWO.)
- A . Attach an IAM policy to the users or groups that require access to the EC2 instances.
- B . Attach an IAM role to control access to the EC2 instances.
- C . Create a placement group for the EC2 instances and add a specific tag.
- D . Create a service account and attach it to the EC2 instances that need to be controlled.
- E . Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.
A company’s Amazon EC2 instance with high CPU utilization is a t3.large instance running a test web app. The company determines the app would run better on a compute-optimized large instance.
What should the CloudOps engineer do?
- A . Migrate the EC2 instance to a compute optimized instance by using AWS VM Import/Export.
- B . Enable hibernation on the EC2 instance. Change the instance type to a compute optimized instance. Disable hibernation on the EC2 instance.
- C . Stop the EC2 instance. Change the instance type to a compute optimized instance. Start the EC2 instance.
- D . Change the instance type to a compute optimized instance while the EC2 instance is running.
A company uses Amazon S3 for object storage. A CloudOps engineer notices that the company’s Amazon S3 usage has doubled every month across all the company’s S3 buckets for the previous year. The company stores and consumes data in the same AWS Region where the data is generated. The company never accesses data that is older than 30 days. The CloudOps engineer needs to optimize Amazon S3 costs for the company.
Which solution will meet this requirement with the LEAST operational overhead?
- A . Create an AWS Lambda function to delete data that is older than 30 days. Use an Amazon EventBridge cron expression to invoke the function monthly.
- B . Use S3 Storage Lens to identify objects that are older than 30 days across all S3 buckets.
- C . Modify the object creation lifecycle to check for and delete any objects that were created more than 30 days ago.
- D . Configure an S3 Lifecycle policy to expire any object that was created more than 30 days ago.
Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.
To troubleshoot the issue, a CloudOps engineer analyzes the flow logs.
The flow logs include the following records:
ACCEPT from 192.168.0.13:59003 → 172.31.16.139:8080
REJECT from 172.31.16.139:8080 → 192.168.0.13:59003
What is the reason for the rejected traffic?
- A . The security group of the EC2 instances has no Allow rule for the traffic from the NLB.
- B . The security group of the NLB has no Allow rule for the traffic from the on-premises environment.
- C . The ACL of the on-premises environment does not allow traffic to the AWS environment.
- D . The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.
A company has a new security policy that requires all Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at rest. The company needs to use a custom key policy to manage access to the encryption keys. The company must rotate the keys once each year.
Which solution will meet these requirements with the LEAST operational overhead?
- A . Create AWS KMS symmetric customer managed keys. Enable automatic key rotation.
- B . Use AWS owned AWS KMS keys across the company’s AWS environment.
- C . Create AWS KMS asymmetric customer managed keys. Enable automatic key rotation.
- D . Create AWS KMS symmetric customer managed keys by using imported key material. Rotate the keys on a yearly basis.