Download AWS Certified CloudOps Engineer-Associate.SOA-C03.CertDumps.2026-06-06.250q.vcex

Vendor: Amazon
Exam Code: SOA-C03
Exam Name: AWS Certified CloudOps Engineer-Associate
Date: Jun 06, 2026
File Size: 3 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
ProfExam Discount

Demo Questions

Question 1
An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table. Which entry must a CloudOps Engineer add to the route table to meet this requirement?
  1. A route for `0.0.0.0/0` that points to a `NAT` gateway.
  2. A route for `0.0.0.0/0` that points to an egress-only internet gateway.
  3. A route for `0.0.0.0/0` that points to an internet gateway.
  4. A route for `0.0.0.0/0` that points to an elastic network interface.
Correct answer: C
Question 2
A CloudOps Engineer launches an Amazon EC2 instance in a private subnet of a `VPC`. When the CloudOps Engineer attempts a `curl` command from the command line of the EC2 instance, the CloudOps Engineer cannot connect to `https:www.example.com`. What should the CloudOps Engineer do to resolve this issue?
  1. Ensure that there is an outbound security group for port `443` to `0.0.0.0/0`.
  2. Ensure that there is an inbound security group for port `443` from `0.0.0.0/0`.
  3. Ensure that there is an outbound network `ACL` for ephemeral ports `1024-66535` to `0.0.0.0/0`.
  4. Ensure that there is an outbound network `ACL` for port `80` to `0.0.0.0/0`.
Correct answer: A
Question 3
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?
  1. Deny Post, Put, and Delete on the bucket.
  2. Enable server-side encryption on the bucket.
  3. Enable Amazon S3 versioning on the bucket.
  4. Enable snapshots on the bucket.
Correct answer: B
Question 4
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration. What should a CloudOps Engineer do to configure this integration?
  1. Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
  2. Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
  3. Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.
  4. Configure encryption using the KMS managed S3 key. Create a S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.
Correct answer: A
Question 5
A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A CloudOps Engineer notices that some of these EC2 instances show up as healthy in the Auto Scaling group but show up as unhealthy in the `ALB` target group. What is a possible reason for this issue?
  1. Security groups are not allowing traffic between the `ALB` and the failing EC2 instances.
  2. The Auto Scaling group health check is configured for EC2 status checks.
  3. The EC2 instances are failing to launch and failing EC2 status checks.
  4. The target group health check is configured with an incorrect port or path.
Correct answer: D
Question 6
A CloudOps Engineer has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately. What should the CloudOps Engineer do to meet these requirements WITHOUT writing custom code?
  1. Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.
  2. Create an AWS Config rule that is invoked when CloudTrail configuration changes.Apply the `AWS-ConfigureCloudTrailLogging` automatic remediation action.
  3. Create an AWS Config rule that is invoked when CloudTrail configuration changes.Configure the rule to invoke an AWS Lambda function to enable CloudTrail.
  4. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.
Correct answer: B
Question 7
A CloudOps Engineer needs to give users the ability to upload objects to an Amazon S3 bucket. The CloudOps Engineer creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket. Which of the following could be the cause of this problem?
  1. The user has not properly configured the AWS CLI with their access key and secret access key.
  2. The CloudOps Engineer does not have the necessary permissions to upload the object to the S3 bucket.
  3. The CloudOps Engineer must apply a bucket policy to the S3 bucket to allow the user to upload the object.
  4. The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid.
Correct answer: B
Question 8
A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application's performance. A CloudOps Engineer must scale the application to meet the increased traffic. Which solution meets these requirements?
  1. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.
  2. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the `ALB` if the desired threshold is reached.
  3. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the `ALB` to the Auto Scaling group.
  4. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the `ALB` to the Auto Scaling group.
Correct answer: C
Question 9
A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A CloudOps Engineer notices that the file system's `PercentIOLimit` metric is consistently at `100%` for 15 minutes or longer. The CloudOps Engineer also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system. What should the CloudOps Engineer do to remediate the consistently high `PercentIOLimit` metric?
  1. Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.
  2. Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.
  3. Modify the existing EFS file system and activate Max I/O performance mode.
  4. Modify the existing EFS file system and activate `Provisioned Throughput` mode.
Correct answer: D
Question 10
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a `VPC` only. All traffic must be over the AWS private network. What actions should the CloudOps Engineer take to meet these requirements?
  1. Create a `VPC` endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the `VPC` endpoint as the source.
  2. Create a `VPC` endpoint for the S3 bucket, and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the `VPC` endpoint as the source.
  3. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
  4. Create a `NAT` gateway in the `VPC`, and modify the `VPC` route table to route all traffic destined for Amazon S3 through the `NAT` gateway.
Correct answer: B
Question 11
A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company's security engineer has their own AWS account and wants to review the `VPC` configuration of developer AWS accounts. Which solution will meet these requirements in the MOST secure manner?
  1. Create an IAM policy in each developer account that has read-only access related to `VPC` resources Assign the policy to an IAM user. Share the user credentials with the security engineer.
  2. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including `VPC` actions. Assign the policy to an IAM user. Share the user credentials with the security engineer.
  3. Create an IAM policy in each developer account that has administrator access related to`VPC` resources. Assign the policy to a cross-account IAM role. Ask the security engineer to assume the role from their account.
  4. Create an IAM policy in each developer account that has read-only access related to `VPC` resources. Assign the policy to a cross-account IAM role. Ask the security engineer to assume the role from their account.
Correct answer: D
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!