Login / Register Shopping Cart (0)

Home
All Vendors
Discussions
Guarantee
FAQs
Contact

Amazon AWS Certified CloudOps Engineer - Associate - SOA-C03 FREE EXAM DUMPS QUESTIONS & ANSWERS

Page: 1 / 17
Total 221 questions

Please signup / login to view this exam, then you will be able to view the entire exam for free.

Get Full Access Now

Question 1

A company moves workloads from public subnets to private subnets to improve security. During testing, the company discovers that servers in the private subnets cannot reach an external API. The VPC has a CIDR block of 10.0.0.0/16. The VPC contains two public subnets and two private subnets. The VPC has one internet gateway and has a NAT gateway in each of the private subnets.
The company must ensure that workloads that run in the private subnets can reach the external API.
Which solution will meet this requirement?

A. Create and configure an Amazon API Gateway HTTP API as a proxy for the external API. Edit the route tables to direct outbound traffic to the HTTP API. B. Deploy a new NAT gateway that has an Elastic IP address in each public subnet. Edit the route tables to direct outbound traffic through the NAT gateways. C. Deploy an outbound-only internet gateway to allow traffic from private subnets to the internet. Edit the route tables to direct outbound traffic through the outbound-only internet gateway. D. Create a VPC interface endpoint. Edit the route tables to direct outbound traffic through the endpoint.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 2

A CloudOps engineer has created an AWS Service Catalog portfolio and shared it with a second AWS account in the company, managed by a different CloudOps engineer.
Which action can the CloudOps engineer in the second account perform?

A. Add a product from the imported portfolio to a local portfolio. B. Change the launch role for the products contained in the imported portfolio. C. Add new products to the imported portfolio. D. Customize the products in the imported portfolio.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 3

A CloudOps engineer wants to configure observability of specific metrics for a public website that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The CloudOps engineer wants to observe latency, traffic, errors, and saturation metrics. The CloudOps engineer wants to define service level objectives (SLOs) and monitor service level indicators (SLIs). The CloudOps engineer also wants to correlate metrics, logs, and traces to support faster issue resolution.
Which solution will meet these requirements with the LEAST operational effort?

A. Configure Amazon CloudWatch Application Insights. B. Configure Amazon CloudWatch RUM and CloudWatch Synthetics canaries. C. Use Amazon CloudWatch Application Signals to automatically collect and monitor the specified metrics for the EKS workloads. D. Configure AWS Distro for OpenTelemetry and use Amazon Managed Service for Prometheus and Amazon Managed Grafana.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 4

A company has a multi-account AWS environment that includes the following:
* A central identity account that contains all IAM users and groups
* Several member accounts that contain IAM roles
A SysOps administrator must grant permissions for a particular IAM group to assume a role in one of the member accounts. How should the SysOps administrator accomplish this task?

A. In the member account, add the group Amazon Resource Name (ARN) to the role ' s trust policy. In the identity account, add an inline policy to the group with sts:AssumeRole permissions. B. In the member account, add sts:AssumeRole permissions to the role ' s policy. In the identity account, add a trust policy to the group that specifies the account number of the member account. C. In the member account, add the group Amazon Resource Name (ARN) to the role ' s trust policy. In the identity account, add an inline policy to the group with sts:PassRole permissions. D. In the member account, add the group Amazon Resource Name (ARN) to the role ' s inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 5

A company is using AWS Certificate Manager (ACM) to manage public SSL/TLS certificates. A CloudOps engineer needs to send an email notification when a certificate has less than 14 days until expiration.
Which solution will meet this requirement with the LEAST operational overhead?

A. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure the rule to send an event to a target Amazon SNS topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic. B. Create an Amazon CloudWatch custom metric to monitor certificate expiration for all ACM certificates. Create an Amazon EventBridge rule that has an event source of aws.cloudwatch. Configure the rule to send an event to a target Amazon SNS topic if the DaysToExpiry metric is less than 14.
Subscribe the appropriate email addresses to the SNS topic. C. Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for all ACM certificates. If DaysToExpiry is less than 14, send an email message to the appropriate email addresses.
Send the email message by running a predefined CLI command to publish to an Amazon SNS topic. D. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMS identity that uses a predefined email template. Configure the rule to send an event to the target SMS identity if DaysToExpiry is less than 14.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 6

A company runs a retail website on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The company must secure traffic to the website over an HTTPS connection.
Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO.)

A. Create a private certificate in AWS Certificate Manager (ACM). B. Attach the certificate to the ALB. C. Attach the certificate to each EC2 instance. D. Create a public certificate in AWS Certificate Manager (ACM). E. Export the certificate, and attach it to the website.

Discussion 0

Correct Answer: B,D Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 7

A company with millions of subscribers needs to automatically send notifications every Saturday. The company already uses Amazon SNS to send messages but has historically sent them manually.
Which solution will meet these requirements in the MOST operationally efficient way?

A. Create an SNS subscription to a message fanout that sends notifications to subscribers every Saturday. B. Create a rule in Amazon EventBridge that triggers every Saturday. Configure the rule to publish a notification to an SNS topic. C. Launch a new Amazon EC2 instance. Configure a cron job to use the AWS SDK to send an SNS notification to subscribers every Saturday. D. Use AWS Step Functions scheduling to run a step every Saturday. Configure the step to publish a message to an SNS topic.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 8

An environment consists of 100 Amazon EC2 Windows instances. The Amazon CloudWatch agent is deployed and running on all EC2 instances with a baseline configuration file to capture log files. There is a new requirement to capture DHCP log files that exist on 50 of the instances.
What is the MOST operationally efficient way to meet this new requirement?

A. Log in to each EC2 instance with administrator rights and create a PowerShell script to push logs to CloudWatch. B. Create an additional CloudWatch agent configuration file to capture the DHCP logs. Use AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option. C. Run the CloudWatch agent configuration wizard on each EC2 instance and add DHCP logs manually. D. Run the CloudWatch agent configuration wizard on each EC2 instance and select the advanced detail level.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 9

A company has attached the following policy to an IAM user:
{
" Version " : " 2012-10-17 " ,
" Statement " : [
{
" Effect " : " Allow " ,
" Action " : " rds:Describe* " ,
" Resource " : " * "
},
{
" Effect " : " Allow " ,
" Action " : " ec2:* " ,
" Resource " : " * " ,
" Condition " : {
" StringEquals " : {
" ec2:Region " : " us-east-1 "
}
}
},
{
" Effect " : " Deny " ,
" NotAction " : [
" ec2:* " ,
" s3:GetObject "
],
" Resource " : " * "
}
]
}
Which of the following actions are allowed for the IAM user?

A. Amazon S3 PutObject operation in a bucket named testbucket. B. Amazon EC2 DescribeInstances action in the us-east-1 Region. C. Amazon EC2 AttachNetworkInterface action in the eu-west-1 Region. D. Amazon RDS DescribeDBInstances action in the us-east-1 Region.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 10

A company moves workloads from public subnets to private subnets to improve security. During testing, servers in the private subnets cannot reach an external API. The VPC has a CIDR block of 10.0.0.0/16, two public subnets, two private subnets, one internet gateway, and a NAT gateway in each private subnet.
The company must ensure that workloads in the private subnets can reach the external API.
Which solution will meet this requirement?

A. Create an Amazon API Gateway HTTP API as a proxy. B. Deploy a NAT gateway in each public subnet and update private subnet route tables. C. Create a VPC interface endpoint and update route tables. D. Deploy an outbound-only internet gateway and update route tables.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 11

A CloudOps engineer needs to build an event infrastructure for custom application-specific events. The events must be sent to an AWS Lambda function for processing. The CloudOps engineer must record the events so they can be replayed later by event type or event time.
Which solution will meet these requirements?

A. Create an archive on the default event bus and use pattern matching. B. Create a CloudWatch Logs log group and route events there. C. Create an Amazon EventBridge custom event bus, create an archive, and create a rule to send events to Lambda. D. Create an EventBridge pipe and store events in an archive.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 12

A company uses Amazon ElastiCache (Redis OSS) to cache application data. A CloudOps engineer must implement a solution to increase the resilience of the cache and minimize the recovery time objective (RTO).
Which solution will meet these requirements?

A. Create an Amazon EventBridge rule to initiate a backup every hour. B. Enable automatic backups and restore the backups when necessary. C. Replace ElastiCache (Redis OSS) with ElastiCache (Memcached). D. Create a read replica in a second Availability Zone and enable Multi-AZ for the Redis replication group.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 13

A CloudOps engineer must manage the security of an AWS account. Recently, an IAM user's access key was mistakenly uploaded to a public code repository. The engineer must identify everything that was changed using this compromised key.
How should the CloudOps engineer meet these requirements?

A. Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe. B. Create an Amazon EventBridge rule to send all IAM events to an AWS Lambda function for analysis. C. Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe. D. Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Page: 1 / 17
Total 221 questions

Unlock all SOA-C03 features

No captcha needed
365 Days Free Updates
Set your Desired Pass Percentage
Allocate Time (Hours : Minutes)
Two Modes For SOA-C03 Practice
Customer Support

Get Full Access Now

0 Happy Clients

0 Shares

0 Demo Downloads

10 Years in Business

Get in Touch

At FreeCram, gain access to comprehensive official information, including certification exams and real exam questions, all at no cost. Additionally, we offer premium tools for efficient preparation, enabling you to succeed on your exam on the first try.

RECENT DISCUSSIONS

Exam Service-Con-201 Topic 3 Question 68 Discussion
Exam 303-300 Topic 1 Question 73 Discussion
Exam ACD201 Topic 1 Question 18 Discussion
Exam Experience-Cloud-Consultant Topic 4 Question 40 Discussion
Exam CRT-101 Topic 1 Question 123 Discussion
Exam CRT-101 Topic 2 Question 219 Discussion
Exam CIS-DF Topic 3 Question 112 Discussion

Useful Links

All Products
Download Free
FAQs
Privacy Policy
Guarantee & Refund Policy
Terms & Conditions
How to buy?
About Us

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 FREECRAM.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.