AWS Certified CloudOps Engineer - Associate
Last Update Feb 28, 2026
Total Questions : 165
We are offering FREE SOA-C03 Amazon Web Services exam questions. All you do is to just go and sign up. Give your details, prepare SOA-C03 free exam questions and then go for complete pool of AWS Certified CloudOps Engineer - Associate test questions that will help you more.
A CloudOps engineer needs to build an event infrastructure for custom application-specific events. The events must be sent to an AWS Lambda function for processing. The CloudOps engineer must record the events so they can be replayed later by event type or event time.
Which solution will meet these requirements?
A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a CloudOps engineer take to resolve this problem? (Select TWO.)
A multinational company uses an organization in AWS Organizations to manage over 200 member accounts across multiple AWS Regions. The company must ensure that all AWS resources meet specific security requirements.
The company must not deploy any EC2 instances in the ap-southeast-2 Region. The company must completely block root user actions in all member accounts. The company must prevent any user from deleting AWS CloudTrail logs, including administrators. The company requires a centrally managed solution that the company can automatically apply to all existing and future accounts. Which solution will meet these requirements?
A CloudOps engineer is troubleshooting an implementation of Amazon CloudWatch Synthetics. The CloudWatch Synthetics results must be sent to an Amazon S3 bucket.
The CloudOps engineer has copied the configuration of an existing canary that runs on a VPC that has an internet gateway attached. However, the CloudOps engineer cannot get the canary to successfully start on a private VPC that has no internet access.
What should the CloudOps engineer do to successfully run the canary on the private VPC?
A SysOps administrator needs to encrypt an existing Amazon Elastic File System (Amazon EFS) file system by using an existing AWS KMS customer managed key.
Which solution will meet these requirements?
A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application’s performance.
A CloudOps engineer must scale the application to meet the increased traffic.
Which solution meets these requirements?
A CloudOps engineer is maintaining a web application that uses an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The CloudOps engineer needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Select TWO.)
A company runs an application on an Amazon EC2 instance. The application uses a MySQL database. The EC2 instance has a General Purpose SSD (gp3) Amazon EBS volume attached. The company wants to perform load testing using a new MySQL database created from an EBS snapshot of the production instance. The new database must perform as similarly as possible to production.
Which solution will meet these requirements in the LEAST amount of time?
A company uses AWS Systems Manager Session Manager to manage EC2 instances in the eu-west-1 Region. The company wants private connectivity using VPC endpoints.
Which VPC endpoints are required to meet these requirements? (Select THREE.)
A company uses Amazon ElastiCache (Redis OSS) to cache application data. A CloudOps engineer must implement a solution to increase the resilience of the cache. The solution also must minimize the recovery time objective (RTO).
Which solution will meet these requirements?
A company is migrating a legacy application to AWS. The application runs on EC2 instances across multiple Availability Zones behind an Application Load Balancer (ALB). The target group routing algorithm is set to weighted random, and the application requires session affinity (sticky sessions).
After deployment, users report random application errors that were not present before migration, even though target health checks are passing.
Which solution will meet this requirement?
A company is running an application on premises and wants to use AWS for data backup. All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX).
Which backup solution will meet these requirements?
A company hosts a static website in an Amazon S3 bucket, accessed globally via Amazon CloudFront. The Cache-Control max-age header is set to 1 hour, and Maximum TTL is set to 5 minutes. The CloudOps engineer observes that CloudFront is not caching objects for the expected duration.
What is the reason for this issue?
An environment consists of 100 Amazon EC2 Windows instances. The Amazon CloudWatch agent is deployed and running on all EC2 instances with a baseline configuration file to capture log files. There is a new requirement to capture DHCP log files that exist on 50 of the instances.
What is the MOST operationally efficient way to meet this new requirement?
A CloudOps engineer has created an AWS Service Catalog portfolio and shared it with a second AWS account in the company, managed by a different CloudOps engineer.
Which action can the CloudOps engineer in the second account perform?
A CloudOps engineer wants to configure observability of specific metrics for a public website that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The CloudOps engineer wants to observe latency, traffic, errors, and saturation metrics. The CloudOps engineer wants to define service level objectives (SLOs) and monitor service level indicators (SLIs). The CloudOps engineer also wants to correlate metrics, logs, and traces to support faster issue resolution.
Which solution will meet these requirements with the LEAST operational effort?
A company has an application running on EC2 that stores data in an Amazon RDS for MySQL Single-AZ DB instance. The application requires both read and write operations, and the company needs failover capability with minimal downtime.
Which solution will meet these requirements?
A SysOps administrator must load test a new Amazon CloudFront distribution to assess data transfer and latency performance. Which solution will meet this requirement?
A company operates compute resources in a VPC and in the company’s on-premises data center. The company already has an AWS Direct Connect connection between the VPC and the on-premises data center.
A CloudOps engineer needs to ensure that Amazon EC2 instances in the VPC can resolve DNS names for hosts in the on-premises data center.
Which solution will meet this requirement with the LEAST amount of ongoing maintenance?
A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A CloudOps engineer must make the application highly available.
Which action should the CloudOps engineer take to meet this requirement?
A company has deployed Amazon EC2 instances from custom Amazon Machine Images (AMIs) in two AWS Regions. The company registered all the instances with AWS Systems Manager.
The company discovers that the operating system on some instances has a significant zero-day exploit. However, the company does not know how many instances are affected.
A CloudOps engineer must implement a solution to deploy operating system patches for the affected EC2 instances.
Which solution will meet this requirement with the LEAST operational overhead?
A company needs to log and audit any principal that publishes messages to Amazon Simple Notification Service (Amazon SNS) topics and Amazon Simple Queue Service (Amazon SQS) queues. The company wants to ensure that all communication with these services uses VPC endpoints.
Which combination of solutions will meet these requirements? (Select TWO.)
A company hosts a static website on an Amazon S3 bucket behind an Amazon CloudFront distribution. When the company deploys a new version of the website, users sometimes do not see the new content until the next day.
A CloudOps engineer must implement a solution to display updates to the website as quickly as possible.
Which solution will meet this requirement?
A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals sudden increases in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A CloudOps engineer must find the process ID (PID) of the service or process that is consuming more CPU.
What should the CloudOps engineer do to collect the process utilization information with the LEAST amount of effort?
A web application runs on Amazon EC2 instances in the us-east-1 Region and the us-west-2 Region. The instances run behind an Application Load Balancer (ALB) in each Region. An Amazon Route 53 hosted zone controls DNS records.
The instances in us-east-1 are production resources. The instances in us-west-2 are for disaster recovery. EC2 Auto Scaling groups are configured based on the ALBRequestCountPerTarget metric in both Regions.
A SysOps administrator must implement a solution that provides failover from us-east-1 to us-west-2. The instances in us-west-2 must be used only for failover.
Which solution will meet these requirements?
A company's reporting job that used to run in 15 minutes is now taking an hour to run. An application generates the reports. The application runs on Amazon EC2 instances and extracts data from an Amazon RDS for MySQL database.
A CloudOps engineer checks the Amazon CloudWatch dashboard for the RDS instance and notices that the Read IOPS metrics are high, even when the reports are not running. The CloudOps engineer needs to improve the performance and the availability of the RDS instance.
Which solution will meet these requirements?
A company’s CloudOps engineer monitors multiple AWS accounts in an organization and checks each account’s AWS Health Dashboard. After adding 10 new accounts, the engineer wants to consolidate health alerts from all accounts.
Which solution meets this requirement with the least operational effort?
A company needs to monitor its website's availability to end users. The company needs a solution to provide an Amazon Simple Notification Service (Amazon SNS) notification if the website's uptime decreases to less than 99%. The monitoring must provide an accurate view of the user experience on the website.
Which solution will meet these requirements?
A company is migrating its production file server to AWS. All data stored on the file server must remain accessible if an Availability Zone becomes unavailable or during system maintenance. Users must access the file server through the SMB protocol and manage permissions by using Windows ACLs.
Which solution will meet these requirements?
A CloudOps engineer is creating a simple, public-facing website running on Amazon EC2. The CloudOps engineer created the EC2 instance in an existing public subnet and assigned an Elastic IP address. The CloudOps engineer created a new security group that allows incoming HTTP traffic from 0.0.0.0/0. The CloudOps engineer also created a new network ACL and applied it to the subnet to allow incoming HTTP traffic from 0.0.0.0/0. However, the website cannot be reached from the internet.
What is the cause of this issue?
A company uses an Amazon Simple Queue Service (Amazon SQS) queue and Amazon EC2 instances in an Auto Scaling group with target tracking for a web application. The company collects the ASGAverageNetworkIn metric but notices that instances do not scale fast enough during peak traffic. There are a large number of SQS messages accumulating in the queue.
A CloudOps engineer must reduce the number of SQS messages during peak periods.
Which solution will meet this requirement?
A CloudOps engineer must ensure that all of a company's current and future Amazon S3 buckets have logging enabled. If an S3 bucket does not have logging enabled, an automated process must enable logging for the S3 bucket.
Which solution will meet these requirements?
A company hosts a static website in Amazon S3 behind an Amazon CloudFront distribution. When new versions are deployed, users sometimes do not see updated content immediately.
Which solution will meet this requirement?
A company runs applications on Amazon EC2 instances. Many of the instances are not patched. The company has a tagging policy. All the instances are tagged with details about the owners, application, and environment. AWS Systems Manager Agent (SSM Agent) is installed on all the instances.
A SysOps administrator must implement a solution to automatically patch all existing and future instances that have "Prod" in the environment tag. The SysOps administrator plans to create a patch policy in Systems Manager Patch Manager.
Which solution will meet the patching requirements with the LEAST operational overhead?
A company runs a business application on more than 300 Linux-based instances. Each instance has the AWS Systems Manager Agent (SSM Agent) installed. The company expects the number of instances to grow in the future. All business application instances have the same user-defined tag.
A CloudOps engineer wants to run a command on all the business application instances to download and install a package from a private repository. To avoid overwhelming the repository, the CloudOps engineer wants to ensure that no more than 30 downloads occur at one time.
Which solution will meet this requirement in the MOST operationally efficient way?
A CloudOps engineer must manage the security of an AWS account. Recently, an IAM user’s access key was mistakenly uploaded to a public code repository. The engineer must identify everything that was changed using this compromised key.
How should the CloudOps engineer meet these requirements?
A company uses AWS Organizations to manage its AWS environment. The company implements a process that uses prebuilt Amazon Machine Images (AMIs) to launch instances as a security measure. All AMIs are tagged automatically with a key named ApprovedAMI.
The company wants to ensure that employees can use only the approved prebuilt AMIs to launch new instances.
Which solution will meet this requirement?
A CloudOps engineer creates a new VPC that contains a private subnet, a security group that allows all outbound traffic, and an endpoint for Amazon EC2 Instance Connect in a private subnet. The CloudOps engineer associates the security group with EC2 Instance Connect.
The CloudOps engineer launches an EC2 instance from an Amazon Linux Amazon Machine Image (AMI) in the private subnet. The CloudOps engineer launches the EC2 instance without an SSH key pair.
The CloudOps engineer tries to connect to the instance by using the EC2 Instance Connect endpoint. However, the connection fails.
How can the CloudOps engineer connect to the instance?
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances. A CloudOps engineer needs to keep the EC2 instances and their data even if the stack is deleted.
Which solution will meet these requirements?
A company is performing deployments of an application at regular intervals. Users report that the application sometimes does not work properly. The company discovers that some users' browsers are fetching previous versions of the JavaScript files. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution.
A SysOps administrator must implement a solution to ensure that CloudFront serves the latest version of the JavaScript files. The solution must not affect application server performance.
Which solution will meet these requirements?
A company applies user-defined tags to AWS resources. Twenty days after applying the tags, the company notices that the tags cannot be used to filter views in the AWS Cost Explorer console.
What is the reason for this issue?
A company has a workload that is sending log data to Amazon CloudWatch Logs. One of the fields includes a measure of application latency. A CloudOps engineer needs to monitor the p90 statistic of this field over time.
What should the CloudOps engineer do to meet this requirement?
A SysOps administrator is configuring an Auto Scaling group of Amazon EC2 instances for an application. The average CPU utilization of the instances in the Auto Scaling group must remain at approximately 40% when the load on the application changes.
Which solution will meet this requirement in the MOST operationally efficient manner?
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backups enabled. A CloudOps engineer needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?
A company runs an application that logs user data to an Amazon CloudWatch Logs log group. The company discovers that personal information the application has logged is visible in plain text in the CloudWatch logs.
The company needs a solution to redact personal information in the logs by default. Unredacted information must be available only to the company's security team. Which solution will meet these requirements?
A SysOps administrator needs to give an existing AWS Lambda function access to an existing Amazon S3 bucket. Traffic between the Lambda function and the S3 bucket must not use public IP addresses. The Lambda function has been configured to run in a VPC.
Which solution will meet these requirements?
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer. The company’s security team wants to protect the website by using AWS Certificate Manager (ACM) certificates. The load balancer must automatically redirect any HTTP requests to HTTPS.
Which solution will meet these requirements?
A media company hosts a public news and video portal on AWS. The portal uses an Amazon DynamoDB table with provisioned capacity to maintain an index of video files that are stored in an Amazon S3 bucket. During a recent event, millions of visitors came to the portal for news. This increase in traffic caused read requests to be throttled in the DynamoDB table. Videos could not be displayed in the portal.
The company's operations team manually increased the provisioned capacity on a temporary basis to meet the demand. The company wants the operations team to receive an alert before the table is throttled in the future. The company has created an Amazon Simple Notification Service (Amazon SNS) topic and has subscribed the operations team's email address to the SNS topic.
What should the company do next to meet these requirements?
A company moves workloads from public subnets to private subnets to improve security. During testing, servers in the private subnets cannot reach an external API. The VPC has a CIDR block of 10.0.0.0/16, two public subnets, two private subnets, one internet gateway, and a NAT gateway in each private subnet.
The company must ensure that workloads in the private subnets can reach the external API.
Which solution will meet this requirement?