SOA-C03 Exam Details

  • Exam Code
    :SOA-C03
  • Exam Name
    :AWS Certified CloudOps Engineer - Associate (SOA-C03)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :263 Q&As
  • Last Updated
    :Jul 14, 2026

Amazon SOA-C03 Online Questions & Answers

  • Question 231:

    A CloudOps engineer is troubleshooting an AWS CloudFormation stack creation that failed. Before the CloudOps engineer can identify the problem, the stack and its resources are deleted. For future deployments, the CloudOps engineer must preserve any resources that CloudFormation successfully created.

    What should the CloudOps engineer do to meet this requirement?

    A. Set the value of the DisableRollback parameter to False during stack creation.
    B. Set the value of the OnFailure parameter to DO_NOTHING during stack creation.
    C. Specify a rollback configuration that has a rollback trigger of DO_NOTHING during stack creation.
    D. Set the value of the OnFailure parameter to ROLLBACK during stack creation.

  • Question 232:

    A company is migrating its production file server to AWS. All data stored on the file server must remain accessible if an Availability Zone becomes unavailable or during system maintenance. Users must access the file server through the SMB protocol and manage permissions by using Windows ACLs.

    Which solution will meet these requirements?

    A. Create a single AWS Storage Gateway file gateway.
    B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
    C. Deploy two AWS Storage Gateway file gateways in two Availability Zones behind an Application Load Balancer.
    D. Deploy two Amazon FSx for Windows File Server Single-AZ file systems and configure DFS Replication.

  • Question 233:

    A CloudOps engineer wants to share a copy of a production database with a migration account. The production database is hosted on an Amazon RDS DB instance and is encrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias of production-rds-key.

    What must the CloudOps engineer do to meet these requirements with the LEAST administrative overhead?

    A. Take a snapshot of the RDS DB instance. Update the KMS key policy to allow access for the migration account root user. Share the snapshot with the migration account.
    B. Create an RDS read replica in the migration account. Replicate the KMS key.
    C. Take a snapshot and create a new KMS key in the migration account with the same alias.
    D. Export the database to Amazon S3 and import it into a new RDS instance.

  • Question 234:

    A company runs a retail website on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The company must secure traffic to the website over an HTTPS connection.

    Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO.)

    A. Attach the certificate to each EC2 instance.
    B. Attach the certificate to the ALB.
    C. Create a private certificate in AWS Certificate Manager (ACM).
    D. Create a public certificate in AWS Certificate Manager (ACM).
    E. Export the certificate, and attach it to the website.

  • Question 235:

    A company wants to reduce CloudWatch Logs storage costs while keeping logs searchable for 14 days.

    Which action is MOST cost-effective?

    A. Export logs to S3 and delete immediately
    B. Set log group retention to 14 days
    C. Stream logs to OpenSearch
    D. Archive logs with AWS Backup

  • Question 236:

    A CloudOps engineer is creating a simple, public-facing website running on Amazon EC2. The CloudOps engineer created the EC2 instance in an existing public subnet and assigned an Elastic IP address.

    The CloudOps engineer created a new security group that allows incoming HTTP traffic from 0.0.0.0/0. The CloudOps engineer also created a new network ACL and applied it to the subnet to allow incoming HTTP traffic from 0.0.0.0/0. However, the website cannot be reached from the internet.

    What is the cause of this issue?

    A. The CloudOps engineer did not create an outbound rule that allows ephemeral port return traffic in the new network ACL.
    B. The CloudOps engineer did not create an outbound rule in the security group that allows HTTP traffic from port 80.
    C. The Elastic IP address assigned to the EC2 instance has changed.
    D. There is an additional network ACL associated with the subnet that denies inbound HTTP traffic.

  • Question 237:

    A company runs custom statistical analysis software on a cluster of Amazon EC2 instances. The software is highly sensitive to network latency between nodes, although network throughput is not a limitation.

    Which solution will minimize network latency?

    A. Place all the EC2 instances into a cluster placement group.
    B. Configure and assign two Elastic IP addresses for each EC2 instance.
    C. Configure jumbo frames on all the EC2 instances in the cluster.
    D. Place all the EC2 instances into a spread placement group in the same AWS Region.

  • Question 238:

    A CloudOps engineer is maintaining a web application that uses an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The CloudOps engineer needs to investigate HTTP Layer 7 status codes from the web application.

    Which log sources contain the status codes? (Select TWO.)

    A. VPC Flow Logs
    B. AWS CloudTrail logs
    C. ALB access logs
    D. CloudFront access logs
    E. RDS logs

  • Question 239:

    A company's ecommerce application is running on Amazon EC2 instances that are behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. Customers report that the website is occasionally down. When the website is down, it returns an HTTP 500 (server error) status code to customer browsers.

    The Auto Scaling group's health check is configured for EC2 status checks, and the instances appear healthy.

    Which solution will resolve the problem?

    A. Replace the ALB with a Network Load Balancer.
    B. Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.
    C. Update the target group configuration on the ALB. Enable session affinity (sticky sessions).
    D. Install the Amazon CloudWatch agent on all instances. Configure the agent to reboot the instances.

  • Question 240:

    A CloudOps engineer must enforce that workloads can be deployed only in approved AWS Regions across an AWS Organization. The solution must prevent noncompliant deployments, not just detect them.

    Which solution will meet these requirements?

    A. Use AWS Config to detect resources created in unapproved Regions.
    B. Use an SCP to deny actions in unapproved Regions across all accounts.
    C. Use CloudWatch dashboards to report on Regions used.
    D. Use Amazon Inspector to block resources in unapproved Regions.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.