AWS Certified CloudOps Engineer - Associate SOA-C03 v1.0

Page:    1 / 5   
Exam contains 75 questions
Expand All

A CloudOps engineer has successfully deployed a VPC with an AWS CloudFormation template The CloudOps engineer wants to deploy the same template across multiple accounts that are managed through AWS Organizations.
Which solution will meet this requirement with the LEAST operational overhead?

  • A. Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
  • B. Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
  • C. Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
  • D. Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.


Answer : D

A company's application is hosted by an internet provider at app.example.com. The company wants to access the application by using www.company.com, which the company owns and manages with Amazon Route 53.
Which Route 53 record should be created to address this?

  • A. A record
  • B. Alias record
  • C. CNAME record
  • D. Pointer (PTR) record


Answer : C

A company uses Amazon ElastiCache (Redis OSS) to cache application data. A CloudOps engineer must implement a solution to increase the resilience of the cache. The solution also must minimize the recovery time objective (RTO).
Which solution will meet these requirements?

  • A. Replace ElastiCache (Redis OSS) with ElastiCache (Memcached).
  • B. Create an Amazon EventBridge rule to initiate a backup every hour. Restore the backup when necessary.
  • C. Create a read replica in a second Availability Zone. Enable Multi-AZ for the ElastiCache (Redis OSS) replication group.
  • D. Enable automatic backups. Restore the backups when necessary.


Answer : C

A company has multiple AWS accounts. A CloudOps engineer uses a sandbox account to create and verify IAM policies for use in a production account. The CloudOps engineer uses AWS CloudFormation to deploy policies to the sandbox account for testing. When tests pass, the CloudOps engineer deploys the policies to production. The CloudOps engineer has configured AWS CloudTrail in both the sandbox account and the production account.
The CloudOps engineer wants to detect any changes to the IAM policies after the policies have been deployed by CloudFormation. The CloudOps engineer must receive notifications for any changes to the policies.
Which solution will meet these requirements with the LEAST administrative effort?

  • A. Configure CloudTrail to send email notifications to the CloudOps engineer when CloudTrail detects changes to the IAM policies.
  • B. Create an Amazon EventBridge rule to invoke an AWS Lambda function to check the CloudFormation stack for drift. Configure the function to use Amazon Simple Notification Service (Amazon SNS) to notify the CloudOps engineer if the function detects any drift.
  • C. Use AWS Identity and Access Management Access Analyzer to generate a policy based on CloudTrail activity for the IAM role that is attached to the IAM policies in the production account. Compare the results to the IAM policies that are in the sandbox account. Send a notification to the CloudOps engineer if the policies are different.
  • D. Store the IAM policies as a JSON document in an Amazon S3 bucket. Use an AWS Lambda function to periodically compare the IAM policies with the JSON document that is stored in the S3 bucket.


Answer : B

A finance company stores confidential data in an Amazon S3 bucket. The company uses Amazon QuickSight to analyze the data and create dashboard reports. The company requires that all data access and connections to QuickSight remain within the company's VPC network boundary.
Which solution will meet these requirements?

  • A. Create an interface VPC endpoint for QuickSight. Configure the endpoint to connect to QuickSight within the VPC by using AWS PrivateLink. Create a manifest file that points to the S3 data. Grant QuickSight permission to access the S3 bucket.
  • B. Set up a VPC endpoint for QuickSight. Use an Amazon EC2 instance as a proxy to establish a direct connection between the VPC and QuickSight. Create a manifest file that points to the S3 data. Store the manifest on the EC2 instance. Grant QuickSight permission to access the EC2 instance.
  • C. Configure an Amazon S3 VPC gateway endpoint. Route all data from QuickSight through the endpoint to transfer data. Grant QuickSight permission to access the S3 bucket.
  • D. Configure a NAT gateway in the company’s VPC. Route all data from QuickSight through the NAT gateway to transfer data. Grant QuickSight permission to access the S3 bucket.


Answer : A

A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol Users also must have the ability to manage file permissions by using Windows ACLs.
Which solution will meet these requirements?

  • A. Create a single AWS Storage Gateway file gateway.
  • B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
  • C. Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.
  • D. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems Configure Microsoft Distributed File System Replication (DFSR).


Answer : B

A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals sudden increases in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A CloudOps engineer must find the process ID (PID) of the service or process that is consuming more CPU.
What should the CloudOps engineer do to collect the process utilization information with the LEAST amount of effort?

  • A. Configure the Amazon CloudWatch agent procstat plugin to capture CPU process metrics.
  • B. Configure an AWS Lambda function to run every minute to capture the PID and send a notification.
  • C. Log in to the EC2 instance by using a .pem key each night. Then run the top command.
  • D. Use the default Amazon CloudWatch CPU utilization metric to capture the PID in CloudWatch.


Answer : A

A company needs to monitor its website's availability to end users. The company needs a solution to provide an Amazon Simple Notification Service (Amazon SNS) notification if the website's uptime decreases to less than 99%. The monitoring must provide an accurate view of the user experience on the website.
Which solution will meet these requirements?

  • A. Create an Amazon CloudWatch alarm that is based on the website’s logs that are published to a CloudWatch Logs log group. Configure the alarm to publish an SNS notification if the number of HTTP 4xx errors and 5xx errors exceeds a specified threshold.
  • B. Create an Amazon CloudWatch alarm that is based on the website's published metrics in CloudWatch. Configure the alarm to publish an SNS notification that is based on anomaly detection.
  • C. Create an Amazon CloudWatch Synthetics heartbeat monitoring canary. Associate the canary with the website's URL for end users. Create a CloudWatch alarm for the canary. Configure the alarm to publish an SNS notification if the value of the SuccessPercent metric is less than 99%.
  • D. Create an Amazon CloudWatch Synthetics broken link checker monitoring canary. Associate the canary with the website's URL for end users. Create a CloudWatch alarm for the canary. Configure the alarm to publish an SNS notification if the value of the SuccessPercent metric is less than 99%.


Answer : C

A company uses Amazon EC2 Auto Scaling across multiple Availability Zones. The company must ensure that EC2 instances are provisioned in private subnets.
The company recently optimized its cloud infrastructure by reducing the number of NAT gateways in the company’s VPC to one. Some EC2 instances lost internet connectivity after the infrastructure update. A CloudOps engineer must resolve the connectivity issue.
Which solution will meet this requirement?

  • A. Replace the existing NAT gateway with a NAT instance in the same subnet.
  • B. Update VPC route tables to target the existing NAT gateway for internet traffic.
  • C. Update VPC route tables to target an internet gateway for internet traffic.
  • D. Add secondary IP addresses to the existing NAT gateway.


Answer : B

A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A CloudOps engineer needs to keep the instances and all of the instances’ data, even if someone deletes the stack.
Which solution will meet these requirements?

  • A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in the CloudFormation template.
  • B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
  • C. Create a backup plan in AWS Backup.
  • D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in the CloudFormation template.


Answer : D

A CloudOps engineer is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are issued weekly.
The CloudOps engineer needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create a script that uses Packer. Schedule a cron job to run the script.
  • B. Install the application and its dependencies on an EC2 instance. Create an AMI of the EC2 instance.
  • C. Use EC2 Image Builder with a custom recipe to install the application and its dependencies.
  • D. Invoke the EC2 CreateImage API operation by using an Amazon EventBridge scheduled rule.


Answer : C

A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second.
A CloudOps engineer must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone.
Which solution will meet these requirements?

  • A. Amazon Simple Queue Service (Amazon SQS) queue
  • B. Application Load Balancer
  • C. AWS Global Accelerator
  • D. Network Load Balancer


Answer : D

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a CloudOps engineer take to resolve this problem? (Choose two.)

  • A. Change to the least outstanding requests algorithm on the ALB target group,
  • B. Configure cookie forwarding in the CloudFront distribution cache behavior.
  • C. Configure header forwarding in the CloudFront distribution cache behavior.
  • D. Enable group-level stickiness on the ALB listener rule.
  • E. Enable sticky sessions on the ALB target group


Answer : BE

A global company uses an organization in AWS Organizations to manage multiple AWS accounts. To comply with regulations, the company deploys workload environments to five AWS Regions. The company has a separate AWS account for each Region.
The company needs to connect every environment's VPC to a central shared VPC that serves as a directory and to a shared monitoring VPC. The shared accounts are each in separate AWS accounts.
Which solution will meet these requirements?

  • A. Create a transit gateway in the central shared AWS account. Share the transit gateway with the company's AWS accounts. Connect all VPCs to the central transit gateway.
  • B. Create a separate transit gateway in every Region where the company has deployed resources. Share the transit gateways with company's AWS accounts. Connect the VPC in each Region to the transit gateway that is in the same Region. Peer the transit gateways. Create appropriate routes in all route tables.
  • C. Create a virtual private gateway for the shared VPCs. Create a customer gateway for the workload VPCs. Configure an AWS Site-to-Site VPN connection between the directory VPC, the monitoring VPC, and every workload VPC.
  • D. Create VPC peering connections between the central shared VPC, the shared monitoring VPC, and every workload VPC.


Answer : B

A company stores critical information in an Amazon RDS for PostgreSQL database. The company notices degraded performance, high CPU utilization, increased query latency, and connection timeouts during peak shopping hours. The company also identifies surges in user connections during peak hours. The connection surges affect the read performance of the database.
The company wants to resolve the database performance issues.
Which combination of steps will meet this requirement? (Choose two.)

  • A. Use Amazon RDS Performance Insights to analyze the SQL queries that most affect database performance. Update the SQL queries based on the analysis findings.
  • B. Use Amazon CloudWatch Logs Insights to analyze the database queries and identify performance bottlenecks. Update the queries based on the analysis findings.
  • C. Use Amazon RDS for PostgreSQL with a single Availability Zone.
  • D. Disable connection pooling entirely to ensure that all user connections are treated equally, even during peak hours.
  • E. Implement RDS Proxy with connection pooling.


Answer : AE

Page:    1 / 5   
Exam contains 75 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy