Download AWS Certified CloudOps Engineer-Associate.SOA-C03.CertDumps.2026-04-23.120q.tqb

Vendor: Amazon
Exam Code: SOA-C03
Exam Name: AWS Certified CloudOps Engineer-Associate
Date: Apr 23, 2026
File Size: 765 KB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
An Amazon EC2 instance needs to be reachable from the internet. The EC2 instance is in a subnet with the following route table. Which entry must a CloudOps Engineer add to the route table to meet this requirement?
  1. A route for `0.0.0.0/0` that points to a `NAT` gateway.
  2. A route for `0.0.0.0/0` that points to an egress-only internet gateway.
  3. A route for `0.0.0.0/0` that points to an internet gateway.
  4. A route for `0.0.0.0/0` that points to an elastic network interface.
Correct answer: C
Question 2
A CloudOps Engineer launches an Amazon EC2 instance in a private subnet of a `VPC`. When the CloudOps Engineer attempts a `curl` command from the command line of the EC2 instance, the CloudOps Engineer cannot connect to `https:www.example.com`. What should the CloudOps Engineer do to resolve this issue?
  1. Ensure that there is an outbound security group for port `443` to `0.0.0.0/0`.
  2. Ensure that there is an inbound security group for port `443` from `0.0.0.0/0`.
  3. Ensure that there is an outbound network `ACL` for ephemeral ports `1024-66535` to `0.0.0.0/0`.
  4. Ensure that there is an outbound network `ACL` for port `80` to `0.0.0.0/0`.
Correct answer: A
Question 3
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?
  1. Deny Post, Put, and Delete on the bucket.
  2. Enable server-side encryption on the bucket.
  3. Enable Amazon S3 versioning on the bucket.
  4. Enable snapshots on the bucket.
Correct answer: B
Question 4
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration. What should a CloudOps Engineer do to configure this integration?
  1. Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
  2. Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
  3. Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.
  4. Configure encryption using the KMS managed S3 key. Create a S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.
Correct answer: A
Question 5
A CloudOps Engineer needs to give users the ability to upload objects to an Amazon S3 bucket. The CloudOps Engineer creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket. Which of the following could be the cause of this problem?
  1. The user has not properly configured the AWS CLI with their access key and secret access key.
  2. The CloudOps Engineer does not have the necessary permissions to upload the object to the S3 bucket.
  3. The CloudOps Engineer must apply a bucket policy to the S3 bucket to allow the user to upload the object.
  4. The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid.
Correct answer: B
Question 6
A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application's performance. A CloudOps Engineer must scale the application to meet the increased traffic. Which solution meets these requirements?
  1. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.
  2. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the `ALB` if the desired threshold is reached.
  3. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the `ALB` to the Auto Scaling group.
  4. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the `ALB` to the Auto Scaling group.
Correct answer: C
Question 7
A company migrated an I/O intensive application to an Amazon EC2 general purpose instance. The EC2 instance has a single General Purpose SSD Amazon Elastic Block Store (Amazon EBS) volume attached. Application users report that certain actions that require intensive reading and writing to the disk are taking much longer than normal or are failing completely. After reviewing the performance metrics of the EBS volume, a CloudOps Engineer notices that the `VolumeQueueLength` metric is consistently high during the same times in which the users are reporting issues. The CloudOps Engineer needs to resolve this problem to restore full performance to the application. Which action will meet these requirements?
  1. Modify the instance type to be storage optimized.
  2. Modify the volume properties by deselecting Auto-Enable Volume 10.
  3. Modify the volume properties to increase the IOPS.
  4. Modify the instance to enable enhanced networking.
Correct answer: C
Question 8
A company's CloudOps Engineer deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The CloudOps Engineer notices that the instances do not appear in the Systems Manager console. What must the CloudOps Engineer do to resolve this issue?
  1. Connect to each instance by using `SSH`. Install Systems Manager Agent on each instance. Configure Systems Manager Agent to start automatically when the instances start up.
  2. Use AWS Certificate Manager (ACM) to create a TLS certificate. Import the certificate into each instance. Configure Systems Manager Agent to use the TLS certificate for secure communications.
  3. Connect to each instance by using `SSH`. Create an `ssm-user` account. Add the `ssm-user` account to the `/etcsudoers` directory.
  4. Attach an IAM instance profile to the instances. Ensure that the instance profile contains the `AmazonSSMManagedinstanceCore` policy.
Correct answer: D
Question 9
A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data. Which AWS service will mitigate this issue?
  1. AWS Shield Standard.
  2. AWS WAF.
  3. Elastic Load Balancing.
  4. Amazon Cognito.
Correct answer: B
Question 10
An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A CloudOps Engineer must ensure that the application can read, write, and delete messages from the SQS queues. Which solution will meet these requirements in the MOST secure manner?
  1. Create an IAM user with an IAM policy that allows the `sqs:SendMessage` permission, the `sqs:ReceiveMessage` permission, and the `sqs:DeleteMessage` permission to the appropriate queues Embed the IAM user's credentials in the application's configuration.
  2. Create an IAM user with an IAM policy that allows the `sqs:SendMessage` permission, the `sqs:ReceiveMessage` permission, and the `sqs:DeleteMessage` permission to the appropriate queues Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
  3. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows `sqs:*` permissions to the appropriate queues.
  4. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the `sqs:SendMessage` permission, the `sqs:ReceiveMessage` permission, and the `sqs:DeleteMessage` permission to the appropriate queues.
Correct answer: D
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!