SOA-C03 Exam Details

  • Exam Code
    :SOA-C03
  • Exam Name
    :AWS Certified CloudOps Engineer - Associate (SOA-C03)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :263 Q&As
  • Last Updated
    :Jul 14, 2026

Amazon SOA-C03 Online Questions & Answers

  • Question 211:

    A CloudOps engineer has created an AWS Service Catalog portfolio and shared it with a second AWS account in the company, managed by a different CloudOps engineer.

    Which action can the CloudOps engineer in the second account perform?

    A. Add a product from the imported portfolio to a local portfolio.
    B. Add new products to the imported portfolio.
    C. Change the launch role for the products contained in the imported portfolio.
    D. Customize the products in the imported portfolio.

  • Question 212:

    A CloudOps engineer needs to retain Amazon CloudWatch Logs for exactly 90 days.

    Which configuration should be applied?

    A. Export logs to Amazon S3 daily.
    B. Set the log group retention policy to 90 days.
    C. Archive logs using AWS Backup.
    D. Stream logs to Amazon OpenSearch Service.

  • Question 213:

    A company hosts an FTP server on EC2 instances. AWS Security Hub sends findings to Amazon EventBridge when the FTP port becomes publicly exposed in attached security groups.

    A CloudOps engineer needs an automated, event-driven remediation solution to remove public access from security groups.

    Which solution will meet these requirements?

    A. Configure the existing EventBridge event to stop the EC2 instances that have the exposed port.
    B. Create a cron job for the FTP server to invoke an AWS Lambda function. Configure the Lambda function to modify the security group of the identified EC2 instances and to remove the instances that allow public access.
    C. Create a cron job for the FTP server that invokes an AWS Lambda function. Configure the Lambda function to modify the server to use SFTP instead of FTP.
    D. Configure the existing EventBridge event to invoke an AWS Lambda function. Configure the function to remove the security group rule that allows public access.

  • Question 214:

    A CloudOps engineer needs to ensure that configuration drift on EC2 instances is detected continuously.

    Which AWS service should be used?

    A. AWS Config
    B. Amazon Inspector
    C. AWS CloudTrail
    D. AWS Trusted Advisor

  • Question 215:

    A company has a VPC that contains a public subnet and a private subnet. The company deploys an Amazon EC2 instance that uses an Amazon Linux AMI and has the AWS Systems Manager Agent (SSM Agent) installed in the private subnet. The EC2 instance is in a security group that allows only outbound traffic.

    A CloudOps engineer needs to give a group of privileged administrators the ability to connect to the instance through SSH without exposing the instance to the internet.

    Which solution will meet this requirement?

    A. Create an EC2 Instance Connect endpoint in the private subnet. Update the security group to allow inbound SSH traffic. Assign PowerUserAccess to administrators.
    B. Create a Systems Manager endpoint in the private subnet. Update the security group to allow SSH traffic from the endpoint network. Assign PowerUserAccess.
    C. Create an EC2 Instance Connect endpoint in the public subnet. Update the security group to allow SSH traffic from the private network. Assign PowerUserAccess.
    D. Create a Systems Manager endpoint in the public subnet. Create an IAM role with AmazonSSMManagedInstanceCore for the EC2 instance. Assign AmazonEC2ReadOnlyAccess to administrators.

  • Question 216:

    A company uses an AWS Lambda function to process user uploads to an Amazon S3 bucket. The Lambda function runs in response to Amazon S3 PutObject events.

    A SysOps administrator needs to set up monitoring for the Lambda function. The SysOps administrator wants to receive a notification through an Amazon Simple Notification Service (Amazon SNS) topic if the function takes more than 10 seconds to process an event.

    Which solution will meet this requirement?

    A. Collect Amazon CloudWatch logs for the Lambda function. Create a metric filter to extract the PostRuntimeExtensionsDuration metric from the logs. Create a CloudWatch alarm to publish a notification to the SNS topic when the function runtime exceeds 10 seconds.
    B. Collect Amazon CloudWatch metrics for the Lambda function to extract the function runtime. Create a CloudWatch alarm to publish a notification to the SNS topic when the runtime exceeds 10 seconds.
    C. Configure an Amazon CloudWatch metric filter to capture the runtime of the Lambda function. Set the function's timeout setting to 10 seconds. Create an SNS subscription to alert the SysOps administrator if the function times out.
    D. Use Amazon CloudWatch Logs Insights to query Lambda logs for the function runtime. Set up a CloudWatch alarm based on the query result. Configure Amazon SNS to send notifications when function runtime exceeds 10 seconds.

  • Question 217:

    A CloudOps engineer notices that EC2 instances behind a Network Load Balancer receive traffic, but responses fail intermittently. Security groups are correctly configured.

    What is the MOST LIKELY cause?

    A. Missing inbound rule on the NLB security group
    B. Missing outbound ephemeral port rule in the subnet NACL
    C. Incorrect target group health check port
    D. Disabled cross-zone load balancing

  • Question 218:

    A CloudOps engineer wants to ensure EC2 instances can be accessed securely without SSH keys or inbound ports, while maintaining full auditability.

    Which solution is MOST appropriate?

    A. Bastion hosts
    B. EC2 Instance Connect
    C. Systems Manager Session Manager
    D. Client VPN

  • Question 219:

    A company uses Amazon EventBridge to route operational events. A CloudOps engineer creates a rule to match specific AWS service events, but events are not arriving at the target in the same account.

    The engineer confirms the target has correct permissions and is healthy.

    Which action is MOST likely to identify the root cause quickly?

    A. Use the EventBridge rule "Test event pattern" feature with a sample event and verify matching results.
    B. Enable AWS Config to record EventBridge configuration changes.
    C. Create a NAT gateway to allow EventBridge to reach the target.
    D. Enable Amazon Inspector to scan the EventBridge rule.

  • Question 220:

    A CloudOps engineer created a VPC with a private subnet, a security group allowing all outbound traffic, and an endpoint for EC2 Instance Connect in the private subnet.

    The EC2 instance was launched without an SSH key pair, using the same subnet and security group. However, the engineer cannot connect via EC2 Instance Connect endpoint.

    How can the CloudOps engineer connect to the instance?

    A. Create an inbound rule in the security group to allow HTTPS traffic on port 443 from the private subnet.
    B. Create an inbound rule in the security group to allow SSH traffic on port 22 from the private subnet.
    C. Create an IAM instance profile that allows AWS Systems Manager Session Manager to access the EC2 instance. Associate the instance profile with the instance.
    D. Recreate the EC2 instance. Associate an SSH key pair with the instance.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.