Download AWS Certified CloudOps Engineer-Associate.SOA-C03.CertDumps.2026-04-02.54q.tqb

Vendor: Amazon
Exam Code: SOA-C03
Exam Name: AWS Certified CloudOps Engineer-Associate
Date: Apr 02, 2026
File Size: 329 KB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?
  1. Deny Post, Put, and Delete on the bucket.
  2. Enable server-side encryption on the bucket.
  3. Enable Amazon S3 versioning on the bucket.
  4. Enable snapshots on the bucket.
Correct answer: B
Question 2
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration. What should a CloudOps Engineer do to configure this integration?
  1. Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
  2. Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
  3. Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.
  4. Configure encryption using the KMS managed S3 key. Create a S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.
Correct answer: A
Question 3
A CloudOps Engineer launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the CloudOps Engineer obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the CloudOps Engineer always receives a timeout error. Which action will allow the CloudOps Engineer to remotely connect to the instance?
  1. Add a route table entry in the public subnet for the CloudOps Engineer's IP address.
  2. Add an outbound network `ACL` rule to allow `TCP` port `22` for the CloudOps Engineer's IP address.
  3. Modify the instance security group to allow inbound `SSH` traffic from the CloudOps Engineer's IP address.
  4. Modify the instance security group to allow outbound `SSH` traffic to the CloudOps Engineer's IP address.
Correct answer: C
Question 4
A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack `VPC` and IPv6-only subnets. How should a CloudOps Engineer configure the `VPC` to meet these requirements?
  1. Create and attach a `NAT` gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the `NAT` gateway. Attach the custom route table to the IPv6-only subnets.
  2. Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.
  3. Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.
  4. Create and attach an internet gateway and a `NAT` gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the `NAT` gateway. Attach the custom route table to the IPv6-only subnets.
Correct answer: C
Question 5
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A CloudOps Engineer is implementing a solution to stop these EC2 instances when they are not in use. Which solution will meet this requirement?
  1. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.
  2. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than `5%` for a 30-minute period.
  3. Create an Amazon CloudWatch metric to stop the EC2 instances when the `VolumeReadBytes` metric is lower than `500` for a 30-minute period.
  4. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.
Correct answer: B
Question 6
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect the website by using AWS Certificate Manager (ACM) certificates. The ELB must automatically redirect any `HTTP` requests to `HTTPS`. Which solution will meet these requirements?
  1. Create an Application Load Balancer that has one `HTTPS` listener on port `80`. Attach an SSL/TLS certificate to listener port `80`. Create a rule to redirect requests from `HTTP` to `HTTPS`.
  2. Create an Application Load Balancer that has one `HTTP` listener on port `80` and one `HTTPS` protocol listener on port `443`. Attach an SSL/TLS certificate to listener port `443`. Create a rule to redirect requests from port `80` to port `443`.
  3. Create an Application Load Balancer that has two `TCP` listeners on port `80` and port `443`. Attach an SSL/TLS certificate to listener port `443`. Create a rule to redirect requests from port `80` to port `443`.
  4. Create a Network Load Balancer that has two `TCP` listeners on port `80` and port `443`. Attach an SSL/TLS certificate to listener port `443`. Create a rule to redirect requests from port `80` to port `443`.
Correct answer: B
Question 7
A CloudOps Engineer is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the `VPC`, and a `NAT` gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet. What should be added to the private subnet's route table in order to address this issue, given the information provided?
  1. `0.0.0.0/0` `IGW`.
  2. `0.0.0.0/0` `NAT`.
  3. `10.0.1.0/24` `IGW`.
  4. `10.0.1.0/24` `NAT`.
Correct answer: B
Question 8
A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a CloudOps Engineer do to meet this requirement?
  1. Turn on S3 Block Public Access from the account level.
  2. Create an Amazon Event Bridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
  3. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 `ACL`s if any public S3 buckets are found.
  4. Use S3 Object Lambda to examine S3 `ACL`s and to change any public S3 `ACL`s to private.
Correct answer: A
Question 9
An application accesses data through a file system interface. The application runs on Amazon EC2 instances in multiple Availability Zones, all of which must share the same data. While the amount of data is currently small, the company anticipates that it will grow to tens of terabytes over the lifetime of the application. What is the MOST scalable storage solution to fulfill this requirement?
  1. Connect a large Amazon EBS volume to multiple instances and schedule snapshots.
  2. Deploy Amazon EFS in the `VPC` and create mount targets in multiple subnets.
  3. Launch an EC2 instance and share data using SMB/CIFS or NFS.
  4. Deploy an AWS Storage Gateway cached volume on Amazon EC2.
Correct answer: B
Question 10
A company is using Amazon Elastic Container Service (Amazon ECS) to run a containerized application on Amazon EC2 instances. A CloudOps Engineer needs to monitor only traffic flows between the ECS tasks. Which combination of steps should the CloudOps Engineer take to meet this requirement? (Select TWO.)
  1. Configure Amazon CloudWatch Logs on the elastic network interface of each task.
  2. Configure `VPC` Flow Logs on the elastic network interface of each task.
  3. Specify the `awsvpc` network mode in the task definition.
  4. Specify the `bridge` network mode in the task definition.
  5. Specify the `host` network mode in the task definition.
Correct answer: B, C
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!