| Exam Code | SOA-C03 |
| Exam Name | AWS Certified CloudOps Engineer - Associate |
| Questions | 219 Questions Answers With Explanation |
| Update Date | May 28,2026 |
| Price |
Was : |
Welcome to Certsleader, your ultimate source for top-quality SOA-C03 dumps tailored for Amazon SOA-C03 exam. Our comprehensive resources are designed to help you excel in your exam preparations and achieve your certification goals. Whether you are a beginner looking to start a career in Amazon or an experienced professional seeking to advance your skills, Certsleader has the right tools to support your journey.
At Certsleader, we are committed to your success. Our practice questions answers are designed to improve your knowledge and help you pass your exams on the first attempt with high scores. In the rare event that you do not succeed, we offer a full refund, taking responsibility for your satisfaction.
Join thousands of satisfied learners who have successfully passed their certification exams with Certsleader. Explore our study materials, download your PDF files, and take the first step towards a rewarding IT career today.
A company has a microservice that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). A CloudOps engineer must use Amazon Route 53 to create a record that maps the ALB URL to example.com. Which type of Route 53 record will meet this requirement?
A. An A record
B. An AAAA record
C. An alias record
D. A CNAME record
A company’s ecommerce application is running on Amazon EC2 instances that are behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. Customers report that the website is occasionally down. When the website is down, it returns an HTTP 500 (server error) status code to customer browsers. The Auto Scaling group’s health check is configured for EC2 status checks, and the instances appear healthy. Which solution will resolve the problem?
A. Replace the ALB with a Network Load Balancer.
B. Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.
C. Update the target group configuration on the ALB. Enable session affinity (sticky sessions).
D. Install the Amazon CloudWatch agent on all instances. Configure the agent to reboot the instances.
A company has two AWS accounts connected by a transit gateway. Each account has one VPC in the same AWS Region. The company wants to simplify inbound and outbound rules in security groups by referencing security group IDs instead of IP CIDR blocks. Which solution will meet this requirement?
A. Create VPC peering connections and remove the transit gateway.
B. Enable security group referencing support on the transit gateway.
C. Enable security group referencing support on each transit gateway attachment.
D. Deploy private NAT gateways in each VPC.
A company plans to migrate several of its high-performance computing (HPC) virtual machines to Amazon EC2. The deployment must minimize network latency and maximize network throughput between the instances. Which placement group strategy should the CloudOps engineer choose?
A. Deploy the instances in a cluster placement group in one Availability Zone.
B. Deploy the instances in a partition placement group in two Availability Zones.
C. Deploy the instances in a partition placement group in one Availability Zone.
D. Deploy the instances in a spread placement group in two Availability Zones.
A company uses multiple Amazon RDS databases to support an application. The application receives all its traffic during weekdays and is idle during weekends. The company wants a solution to automatically manage the RDS DB instances during idle periods to optimize costs. Which solution will meet these requirements?
A. Use a cron job to automatically scale down the RDS DB instance type during weekends.
B. Configure Instance Scheduler on AWS to stop the RDS DB instances at the beginning of each weekend and to start the instances at the end of each weekend.
C. Purchase Reserved Instances for the RDS DB instances.
D. Use the auto scaling feature of Amazon RDS to automatically adjust the DB instance type based on CPU utilization.
A CloudOps engineer is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are issued weekly. The CloudOps engineer needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation. What is the MOST operationally efficient solution that meets these requirements?
A. Create a script that uses Packer and schedule a cron job.
B. Install the application and dependencies on an EC2 instance and create an AMI.
C. Use EC2 Image Builder with a custom recipe to install the application and
dependencies.
D. Invoke the EC2 CreateImage API operation by using an EventBridge scheduled rule.
A company needs to monitor its website's availability to end users. The company needs a solution to provide an Amazon Simple Notification Service (Amazon SNS) notification if the website's uptime decreases to less than 99%. The monitoring must provide an accurate view of the user experience on the website. Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm that is based on the website’s logs that are published to a CloudWatch Logs log group. Configure the alarm to publish an SNS notification if the number of HTTP 4xx and 5xx errors exceeds a specified threshold.
B. Create an Amazon CloudWatch alarm that is based on the website's published metrics in CloudWatch. Configure the alarm to publish an SNS notification based on anomaly detection.
C. Create an Amazon CloudWatch Synthetics heartbeat monitoring canary. Associate the canary with the website’s URL. Create a CloudWatch alarm for the canary. Configure the alarm to publish an SNS notification if the value of the SuccessPercent metric is less than 99%.
D. Create an Amazon CloudWatch Synthetics broken link checker monitoring canary. Associate the canary with the website’s URL. Create a CloudWatch alarm for the canary. Configure the alarm to publish an SNS notification if the value of the SuccessPercent metric is less than 99%.
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created. What should a CloudOps engineer do to meet this requirement?
A. Configure an IAM policy that denies the s3:DeleteObject action for all users. Remove the policy after three months.
B. Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
C. Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.
D. Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
A CloudOps engineer created a VPC with a private subnet, a security group allowing all outbound traffic, and an endpoint for EC2 Instance Connect in the private subnet. The EC2 instance was launched without an SSH key pair, using the same subnet and security group. However, the engineer cannot connect via EC2 Instance Connect endpoint. How can the CloudOps engineer connect to the instance?
A. Create an inbound rule in the security group to allow HTTPS traffic on port 443 from the private subnet.
B. Create an inbound rule in the security group to allow SSH traffic on port 22 from the private subnet.
C. Create an IAM instance profile that allows AWS Systems Manager Session Manager to access the EC2 instance. Associate the instance profile with the instance.
D. Recreate the EC2 instance. Associate an SSH key pair with the instance.
A company’s application servers in AWS account 111122223333 use a security group sg-1234abcd. They need to access a database hosted in account 444455556666. The VPCs are connected using a VPC peering connection (pcx-b04deed9). A CloudOps engineer must configure the database’s security group to allow new connections only from the application servers. What should the engineer do?
A. Add an inbound rule to the database's security group. Reference 111122223333/sg1234abcd as the source.
B. Add an inbound rule to the database's security group. Reference pcx-b04deed9/sg1234abcd as the source.
C. Add an inbound rule to the database's security group. Reference sg-1234abcd as
the source.
D. Add an inbound rule to the database's security group. Reference 444455556666/sg1234abcd as the source.
A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes associated with user requests. The company needs to monitor the number of times the web server returns an HTTP 404 response. What is the MOST operationally efficient solution that meets these requirements?
A. Create a CloudWatch Logs metric filter that counts the number of times the web server returns an HTTP 404 response.
B. Create a CloudWatch Logs subscription filter that counts the number of HTTP 404 responses.
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query every hour.
D. Create a script that runs a CloudWatch Logs Insights query every hour.
A media company hosts a public news and video portal on AWS. The portal uses an Amazon DynamoDB table with provisioned capacity to maintain an index of video files that are stored in an Amazon S3 bucket. During a recent event, millions of visitors came to the portal for news. This increase in traffic caused read requests to be throttled in the DynamoDB table. Videos could not be displayed in the portal. The company's operations team manually increased the provisioned capacity on a temporary basis to meet the demand. The company wants the operations team to receive an alert before the table is throttled in the future. The company has created an Amazon Simple Notification Service (Amazon SNS) topic and has subscribed the operations team's email address to the SNS topic. What should the company do next to meet these requirements?
A. Create an Amazon CloudWatch alarm that uses the ConsumedReadCapacityUnits
metric. Set the alarm threshold to a value that is close to the DynamoDB table's
provisioned capacity. Configure the alarm to publish notifications to the SNS topic.
B. Turn on auto scaling on the DynamoDB table. Configure an Amazon EventBridge rule to publish notifications to the SNS topic during scaling events.
C. Turn on Amazon CloudWatch Logs for the DynamoDB table. Create an Amazon CloudWatch metric filter to pattern match the THROTTLING_EXCEPTION status code from DynamoDB. Create a CloudWatch alarm for the metric. Select the SNS topic for notifications.
D. Configure the application to store logs in Amazon CloudWatch Logs. Create an Amazon CloudWatch metric filter to pattern match the THROTTLING_EXCEPTION status code from DynamoDB. Create a CloudWatch alarm for the metric. Select the SNS topic for notifications.
A CloudOps engineer needs to set up alerting and remediation for a web application. The application consists of Amazon EC2 instances that have AWS Systems Manager Agent (SSM Agent) installed. Each EC2 instance runs a custom web server. The EC2 instances run behind a load balancer and write logs locally. The CloudOps engineer must implement a solution that restarts the web server software automatically if specific web errors are detected in the logs. Which combination of steps will meet these requirements? (Select THREE.)
A. Install the Amazon CloudWatch agent on the EC2 instances.
B. Create an AWS CloudTrail metric filter for the web logs. Configure an alarm for the specific errors.
C. Create an Amazon CloudWatch metric filter for the web logs. Configure an alarm for the specific errors.
D. Publish alarm findings to Amazon Simple Email Service (Amazon SES). Invoke an AWS Lambda function to restart the web server software.
E. Create an Amazon EventBridge rule that responds to the alarm. Configure the rule to invoke an AWS Systems Manager Automation runbook to restart the web server software.
F. Create an Amazon Simple Notification Service (Amazon SNS) notification that responds to the alarm. Configure the notification to invoke an AWS Systems Manager Automation runbook to restart the web server software.
A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in the file system. What should a CloudOps engineer do to resolve this issue?
A. Extend the file system with operating system-level tools to use the new storage capacity.
B. Reattach the EBS volume to the EC2 instance.
C. Reboot the EC2 instance that is attached to the EBS volume.
D. Take a snapshot of the EBS volume. Replace the original volume with a volume that is created from the snapshot.
A company runs thousands of Amazon EC2 instances that are based on the Amazon Linux 2 Amazon Machine Image (AMI). A SysOps administrator must implement a solution to record commands and output from any user that needs an interactive session on one of the EC2 instances. The solution must log the data to a durable storage location. The solution also must provide automated notifications and alarms that are based on the log data. Which solution will meet these requirements with the MOST operational efficiency?
A. Configure command session logging on each EC2 instance. Configure the unified Amazon CloudWatch agent to send session logs to Amazon CloudWatch Logs. Set up query filters and alerts by using Amazon Athena.
B. Require all users to use a central bastion host when they need command line access to
an EC2 instance. Configure the unified Amazon CloudWatch agent on the bastion host to
send session logs to Amazon CloudWatch Logs. Set up a metric filter and a metric alarm
for relevant security findings in CloudWatch Logs.
C. Require all users to use AWS Systems Manager Session Manager when they need command line access to an EC2 instance. Configure Session Manager to stream session logs to Amazon CloudWatch Logs. Set up a metric filter and a metric alarm for relevant security findings in CloudWatch Logs.
D. Configure command session logging on each EC2 instance. Require all users to use AWS Systems Manager Run Command documents when they need command line access to an EC2 instance. Configure the unified Amazon CloudWatch agent to send session logs to Amazon CloudWatch Logs. Set up CloudWatch alarms that are based on Amazon Athena query results.
A company has a workload that is sending log data to Amazon CloudWatch Logs. One of the fields includes a measure of application latency. A CloudOps engineer needs to monitor the p90 statistic of this field over time. What should the CloudOps engineer do to meet this requirement?
A. Create an Amazon CloudWatch Contributor Insights rule on the log data.
B. Create a metric filter on the log data.
C. Create a subscription filter on the log data.
D. Create an Amazon CloudWatch Application Insights rule for the workload.
A company is storing backups in an Amazon S3 bucket. These backups must not be deleted for at least 3 months after creation. What should the CloudOps engineer do?
A. Configure an IAM policy that denies the s3:DeleteObject action for all users. Three
months after an object is written, remove the policy.
B. Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
C. Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.
D. Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
A company uses AWS Systems Manager Session Manager to manage EC2 instances in the eu-west-1 Region. The company wants private connectivity using VPC endpoints. Which VPC endpoints are required to meet these requirements? (Select THREE.)
A. com.amazonaws.eu-west-1.ssm
B. com.amazonaws.eu-west-1.ec2messages
C. com.amazonaws.eu-west-1.ec2
D. com.amazonaws.eu-west-1.ssmmessages
E. com.amazonaws.eu-west-1.s3
F. com.amazonaws.eu-west-1.states
A company has deployed Amazon EC2 instances from custom AMIs in two AWS Regions. All instances are registered with AWS Systems Manager. The company discovers a critical zero-day OS exploit but does not know which instances are affected. A CloudOps engineer must deploy operating system patches with the LEAST operational overhead. Which solution will meet this requirement?
A. Define a patch baseline in Systems Manager Patch Manager. Run a scan to identify affected instances and use Patch Now in each Region.
B. Use AWS Config to identify affected instances and then patch them.
C. Use EventBridge to trigger patching automatically.
D. Update the AMIs and manually replace instances.
A CloudOps engineer is examining the following AWS CloudFormation template: AWSTemplateFormatVersion: '2010-09-09' Description: 'Creates an EC2 Instance' Resources: EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: ami-79fd7eee InstanceType: m5n.large SubnetId: subnet-1abc3d3fg PrivateDnsName: ip-10-24-34-0.ec2.internal Tags: - Key: Name Value: !Sub "${AWS::StackName} Instance" Why will the stack creation fail?
A. The Outputs section of the CloudFormation template was omitted.
B. The Parameters section of the CloudFormation template was omitted.
C. The PrivateDnsName cannot be set from a CloudFormation template.
D. The VPC was not specified in the CloudFormation template.
