Amazon AWS

AWS Certified CloudOps Engineer – Associate

SOA-C03

The AWS Certified CloudOps Engineer – Associate (SOA-C03) exam tests your skills in operating and managing AWS environments. It is ideal for those looking to enhance their operational expertise on AWS.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 381–390 of 486

Q381

What happens when you configure an S3 bucket to have a bucket policy allowing public access?

  • A Data is encrypted automatically
  • B Bucket becomes private immediately
  • C Data is accessible by anyone
  • D Only certain users can access it
Explanation Allowing public access in an S3 bucket policy means anyone with the URL can access the data, while the other options misinterpret access effects.
Q382

Which service provides centralized logging for AWS resources?

  • A AWS CloudTrail
  • B AWS CodeDeploy
  • C Amazon S3
  • D Amazon EC2
Explanation AWS CloudTrail logs API calls for resources, while others serve different functions.
Q383

A company needs an auto-scaling group to manage its instances. What must be configured to scale up during high demand?

  • A Min/Max instance counts
  • B Spot Instances
  • C Elastic IP addresses
  • D AWS Backup
Explanation Min/Max counts ensure availability during scaling, while others don't control scaling behavior.
Q384

You are configuring AWS IAM roles. What happens if a user is assigned multiple conflicting policies?

  • A All permissions are granted
  • B No permissions are granted
  • C Highest permission wins
  • D Least privilege is enforced
Explanation Conflicting policies grant the highest level of access, while others misinterpret IAM behavior.
Q385

Which service provides a compute platform for running containers?

  • A Amazon ECS
  • B AWS Lambda
  • C Amazon RDS
  • D AWS Batch
Explanation Amazon ECS is specifically designed for container orchestration, while AWS Lambda is for serverless functions and RDS is for databases.
Q386

A company needs a highly available database solution across multiple regions. What should they use?

  • A Amazon RDS with Multi-AZ
  • B DynamoDB global tables
  • C Amazon S3 replication
  • D AWS ElastiCache
Explanation DynamoDB global tables provide multi-region replication, while RDS Multi-AZ focuses on high availability in a single region.
Q387

You are configuring IAM policies and need granular control. What happens if you use a Deny statement?

  • A Overrides Allow statements
  • B Only affects users in the same group
  • C Has no effect on resources
  • D Restricts all access to specified resources
Explanation Deny statements override Allow statements, ensuring strict access control.
Q388

Which service provides private connectivity between VPCs?

  • A AWS Transit Gateway
  • B VPC Peering
  • C AWS Direct Connect
  • D VPN Connection
Explanation AWS Transit Gateway enables scalable inter-VPC communication, while VPC Peering and the others have different specific use cases.
Q389

You are configuring an EC2 instance to automatically scale. What happens when load increases above your set threshold?

  • A New instances automatically stop
  • B No change happens
  • C Existing instances shut down
  • D New instances launch automatically
Explanation Auto Scaling Groups automatically launch new instances when the load exceeds the established threshold.
Q390

A company's compliance audit requires encryption keys to be rotated every 30 days. Which service best supports this need?

  • A AWS IAM
  • B AWS Secrets Manager
  • C AWS KMS
  • D S3 Object Lock
Explanation AWS KMS allows automatic key rotation and meets the compliance requirement for encryption keys.