A company's architecture team must receive immediate email notifications whenever new Amazon EC2 instances are launched in the company's main AWS production account.
What should a CloudOps engineer do to meet this requirement?
A. Create a user data script that sends an email message through a smart host connector. Include the architecture team's email address in the user data script as the recipient. Ensure that all new EC2 instances include the user data script as part of a standardized build process.A company has a VPC that contains a public subnet and a private subnet. The company deploys an Amazon EC2 instance that uses an Amazon Linux Amazon Machine Image (AMI) and has the AWS Systems Manager Agent (SSM Agent) installed in the private subnet. The EC2 instance is in a security group that allows only outbound traffic.
A CloudOps engineer needs to give a group of privileged administrators the ability to connect to the instance through SSH without exposing the instance to the internet.
Which solution will meet this requirement?
A. Create an EC2 Instance Connect endpoint in the private subnet. Update the security group to allow inbound SSH traffic. Create an IAM group for privileged administrators. Assign the PowerUserAccess managed policy to the IAM group.A CloudOps engineer needs historical visibility into configuration changes for AWS resources.
Which service provides this capability?
A. AWS CloudTrailA company must implement an audit trail for operational changes to AWS resources, including who made the change and the exact API parameters used.
A CloudOps engineer needs a solution that can be queried efficiently for investigations without exporting logs to another service first.
Which solution will meet these requirements?
A. Use Amazon CloudWatch Logs and build dashboards for all API requests.A company's application servers in AWS account 111122223333 use a security group sg-1234abcd. They need to access a database hosted in account 444455556666. The VPCs are connected using a VPC peering connection (pcx-b04deed9).
A CloudOps engineer must configure the database's security group to allow new connections only from the application servers.
What should the engineer do?
A. Add an inbound rule to the database's security group. Reference 111122223333/sg-1234abcd as the source.A CloudOps engineer needs to ensure that only approved AMIs are used to launch EC2 instances.
Which solution will enforce this?
A. AWS Config rulesA CloudOps engineer needs to automatically restart a failed application process when specific error patterns appear in application logs stored in CloudWatch Logs.
Which architecture aligns with AWS recommended operational best practices?
A. CloudWatch Logs subscription filter --- Lambda --- restart processA company deploys AWS infrastructure in a VPC that has an internet gateway. The VPC has public subnets and private subnets. An Amazon RDS for MySQL DB instance is deployed in a private subnet. An AWS Lambda function uses the same private subnet and connects to the DB instance to query data.
A developer modifies the Lambda function to require the function to publish messages to an Amazon Simple Queue Service (Amazon SQS) queue. After these changes, the Lambda function times out when it tries to publish messages to the SQS queue.
Which solutions will resolve this issue? (Select TWO.)
A. Reconfigure the Lambda function so that the function is not connected to the VPC.A company deploys an application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The company wants to protect the application from SQL injection attacks.
Which solution will meet this requirement?
A. Deploy AWS Shield Advanced in front of the ALB. Enable SQL injection filtering.A company uses AWS Organizations to manage a set of AWS accounts. The company has set up organizational units (OUs) in the organization. An application OU supports various applications.
A CloudOps engineer must prevent users from launching Amazon EC2 instances that do not have a CostCenter-Project tag into any account in the application OU. The restriction must apply only to accounts in the application OU.
Which solution will meet these requirements?
A. Create an IAM group that has a policy that allows the ec2:RunInstances action when the CostCenter- Project tag is present. Place all IAM users who need access to the application accounts in the IAM group.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.