AWS Certified CloudOps Engineer – Associate (SOA-C03)
Exam Notes & Practice Tests

Your stack bootstrap can take up to 2 hours. CloudFormation should roll back if the app doesn’t signal success within that window. Where do you set the timeout?

A containerized web service hosted on ECS behind an ALB is being targeted by malicious IP addresses. The security team wants a quick way to block these IPs at the edge. What’s the best solution?

Compliance demands WORM retention on archives and the ability to lock policies against future edits. Which capability should you implement?

Your VPC currently has one public subnet and a running instance. You need to add IPv6 support properly. What’s the correct high-level sequence?

A real-time analytics company ingests thousands of event records per second from IoT devices. The data must be processed in near real time with sub-second latency. Which AWS service fits best for this workload?

Your CloudFront distribution shows a cache hit ratio under 15%. You need to improve cache effectiveness. Which actions help? (Select TWO.)

Your company uses multiple CloudFormation stacks for various departments. A master template must be reused by other stacks within the same Region, and all consumers should automatically inherit updates when the shared template changes. What should you use?

Your data science team wants to run ad hoc SQL directly against CSV/Parquet data in S3 without building ETL pipelines or loading into a database. Which service should they use?

A fintech company’s payments platform runs several microservices on ECS. Each service uses WebSockets for live transaction updates and requires host- and path-based routing for APIs. The operations team must choose a load balancer that integrates directly with ECS tasks and supports these routing rules. Which load balancer best fits?

You’ve implemented SSE-C for an S3 bucket. Which request header does not apply to SSE-C operations?

A worker Auto Scaling group processes jobs from an SQS queue. During spikes, the backlog grows and jobs lag. You need auto-scaling that reacts to queue depth. What should you do?

A manufacturing company runs on-prem applications that require block storage using iSCSI. They want to extend capacity to AWS while caching frequently accessed data locally for low latency. Which AWS service should they use?

You launched a Linux EC2 instance for a WordPress deployment and need SSH access from your office network to complete setup. Which rule must exist?

A PostgreSQL server on EC2 must be fault tolerant at the disk layer with minimal cost. What’s the best option?

A company enforces strict security policies that prohibit SSH access to private EC2 instances from the internet. The operations team must implement continuous compliance monitoring. What’s the best ongoing compliance approach?

Your organization wants every CloudFormation stack to launch the latest Windows AMI automatically with little maintenance. What’s the best solution?

A developer needs console access to view VPCs and networking, but should not have programmatic keys. What should you create?

A compliance administrator attempts to delete an S3 bucket using the AWS CLI but fails. The bucket has versioning and MFA Delete enabled. What steps are required to completely remove the bucket? (Select TWO.)

Your website is deployed in us-east-2 and ap-northeast-1. Users should automatically be routed to the lowest-latency Region. Which Route 53 policy do you choose?

Your networking team just established VPC peering pcx-9abcf123 between VPC-Prod (172.16.0.0/16) and VPC-Logs (10.20.0.0/16) in the same account. To allow resources in each VPC to reach the other, which route entries must you add? (Select TWO)

A user reports being able to access a web application hosted on an EC2 instance but cannot SSH into the same instance. The SysOps administrator reviews VPC Flow Logs and finds the following entry: `2 111122223333 eni-0aa0bbcc 203.0.113.77 10.0.2.45 53722 22 6 18 1510 1692042010 1692042070 REJECT OK` What’s the most likely fix?

Several Linux analytics servers need a shared POSIX file system with per-file and per-directory permissions, mountable concurrently by many instances. Which service is the right fit?

A developer must be able to launch EC2 instances with only approved IAM roles. What two configurations are required? (Select TWO.)

Analytics workers in private subnets must call public APIs every 5 minutes, but the instances must not accept inbound traffic from the internet. What’s the most scalable design?

A company hosts its static single-page application (SPA) using S3 static website hosting. Global users report slow load times due to latency. What’s the best AWS solution to improve global performance?

A developer is releasing a new version of a Lambda function through AWS CodeDeploy. They want to shift 10% of traffic to the new version, monitor for errors for 15 minutes, and then shift the remaining 90%. Which deployment configuration matches this requirement?

Security wants an automated, recurring vulnerability assessment of your EC2 fleet with findings integrated into workflows. Which AWS service should you use?

One instance in your Auto Scaling group is faulty and must be terminated without reducing desired capacity. Which CLI command is correct?

While troubleshooting production issues, you temporarily suspend the Terminate process on an Auto Scaling group to prevent scale-in while you debug. You’re asked how this suspension affects AZRebalance during the investigation window. How does AZRebalance behave?

A media production company needs to transfer 200 TB of archived video files from its data center to Amazon S3 as quickly as possible. Which AWS service should they use?

A DynamoDB table must be accessed with low latency from two AWS Regions with built-in replication. What should you select?

You’re deploying PostgreSQL on EC2 and want disk-level fault tolerance at minimal cost. What storage approach should you choose?

Six EC2 instances in a compute cluster exhibit high network latency communicating with each other. You want to optimize east-west traffic performance. What’s the most effective fix?

Your compliance team wants to audit COPY/UNLOAD traffic from Amazon Redshift using VPC Flow Logs. What must you enable on the cluster to make this visible in flow logs?

A DevOps team suspects intermittent packet drops between an ALB and EC2 instances. They need a way to confirm whether HTTP and HTTPS traffic is reaching the instance-level elastic network interface (ENI) and being accepted or rejected. Which tool gives packet-level acceptance/denial at the ENI?

Your ElastiCache for Memcached cluster shows sustained key evictions, while the EC2 web tier is healthy. What’s the most appropriate corrective action?

A SysOps admin must provision a 10-GiB io2 volume for a database and maximize its performance potential. What is the maximum number of IOPS allowed for this size?

You’re deploying a multi-tier app: NGINX web tier (public) and a MariaDB cluster on EC2 (private). The DB must not be internet-reachable but still needs outbound access for patches. What should you build? (Select TWO.)

A DevOps team manages both on-prem and EC2-based servers. They need unified visibility into CPU, memory, and disk metrics for all systems from one dashboard in AWS. Which steps enable this integration? (Select THREE.)

Your Oracle DB on EC2 stores infrequently accessed data but runs big scans that need steady throughput. What’s the most cost-effective EBS type?

A corporation is implementing a hybrid cloud architecture to extend its on-premises data center to AWS. The networking team must configure components that enable connectivity between the on-prem environment and the new VPC for both inbound and outbound traffic. Which components provide connectivity to external networks for your VPC? (Select TWO.)

During an incident response redesign, a company plans to monitor application health using Route 53 and automatically raise CloudWatch alarms when failures occur. The SysOps engineer must identify which Route 53 health check types are compatible with CloudWatch integration. (Select THREE.)

A Node.js-based analytics platform processes customer events across multiple microservices. The engineering team needs a messaging solution that ensures messages are processed exactly once and in order. Which service should you use?

A corporation is implementing a hybrid cloud architecture. The operations team needs proactive notifications whenever resource metrics exceed operational thresholds (e.g., CPU > 80%). Which AWS service should you configure?

Auditors request a per-object report listing replication status and server-side encryption type for objects in S3. What should you use to produce this report efficiently?

You host www.example-timesheet.com in Route 53. A new app version runs on a separate ECS service. You want to send 20% of traffic to the new stack for verification, then ramp to 100%. Which routing policy enables this?

You’re planning large-scale migrations and need a dedicated, consistent network link from on-prem to your VPC to avoid internet variability. Which option fits?

An EB CLI deployment of a Flask app fails with: “instance profile aws-elasticbeanstalk-ec2-role not found.” What root causes are most likely? (Select TWO.)

A public EC2 instance’s IP changes after every stop/start. You also need to fail over quickly by remapping the address to another instance if needed. What should you use?

A media site (S3 + CloudFront) needs to measure access frequency and detect insider content tampering. Which combination works well? (Select TWO.)

Employees’ home directories are stored in S3 via File Gateway. Access frequency drops sharply after 60 days, but files must remain immediately retrievable. What reduces storage cost appropriately?

During CloudFormation stack updates, you want to minimize downtime for your Auto Scaling group and allow health checks to control instance replacement. Which configuration should you include in your template?

A new site-to-site VPN between on-prem and your VPC shows UP in the console, but on-prem servers still can’t reach private EC2s. Which VPC routing update is typically missing?

Your EC2-based app needs to read/write to DynamoDB without embedding static credentials. What should you implement?

You’re tired of hard-coding AMI IDs in CloudFormation and want stacks to automatically use the latest AMI. What’s the best approach?

A developer uses the EB CLI to deploy a Django app and gets: “instance profile aws-elasticbeanstalk-ec2-role does not exist.” What could explain this failure? (Select TWO.)

The security team requests visibility into accepted/rejected traffic, source IPs, and ports for subnets hosting your application. Which feature provides this?

Your organization wants proactive notifications whenever resource metrics exceed operational thresholds (e.g., CPU > 80%). Which AWS service should you configure?

A public EC2 instance’s SSH access fails even after adding an IGW. The route table shows: “` 10.0.0.0/16 local 10.0.0.0/16 igw-12345abc “` What change will fix the issue?

Your web application hosted on EC2 behind an ALB isn’t reachable externally, even though the SG and NACL allow inbound HTTP/HTTPS. Outbound calls to third-party APIs must also succeed. Which additional rule adjustments are typically required? (Select TWO.)

After an acquisition, your company needs central governance across multiple AWS accounts, including the ability to restrict services/actions per account. What should you implement?

A critical OS vulnerability affects your large EC2 fleet. You need to patch quickly at scale, with maintenance windows and compliance reporting. What should you use?

Your mobile app currently uses root access keys to write to DynamoDB. You need a secure, best-practice design for federated mobile users. What should you implement?

Multiple business units share one AWS account. You must allocate costs per team automatically each month. What enables this?

During CloudFormation stack updates, you want to minimize downtime for your Auto Scaling group and allow health checks to control instance replacement. Which configuration should you include in your template?