Amazon AWS

AWS Certified CloudOps Engineer – Associate

SOA-C03

The AWS Certified CloudOps Engineer – Associate (SOA-C03) exam tests your skills in operating and managing AWS environments. It is ideal for those looking to enhance their operational expertise on AWS.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 391–400 of 486

Q391

Which service is best for deploying serverless applications?

  • A AWS Lambda
  • B Amazon EC2
  • C Amazon S3
  • D AWS RDS
Explanation AWS Lambda is specifically designed for serverless computing, whereas the others involve more management and are not serverless by nature.
Q392

A company needs to restrict access to S3 buckets based on the user’s IP address. What should be configured?

  • A Bucket Policy
  • B IAM Policy
  • C ACL
  • D Transfer Acceleration
Explanation A Bucket Policy can specify IP address conditions, whereas IAM Policy does not allow fine-grained bucket-level controls.
Q393

You are configuring an Auto Scaling group, and you want to ensure it replaces unhealthy instances automatically. Which option must be enabled?

  • A Health Check Type
  • B Min Size
  • C Desired Capacity
  • D Scaling Policy
Explanation Setting the Health Check Type to EC2 or ELB allows automatic replacement of unhealthy instances, which is crucial for ensuring availability.
Q394

Which AWS service is used for real-time data processing?

  • A Amazon Kinesis
  • B Amazon RDS
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon Kinesis is specifically designed for real-time data processing, unlike the other options.
Q395

A company needs to ensure their EC2 instances automatically recover from certain failures. What should they implement?

  • A Auto Scaling Group
  • B CloudWatch Alarms
  • C Elastic Load Balancer
  • D EC2 Auto Recovery
Explanation EC2 Auto Recovery specifically helps in recovering instances from certain failures.
Q396

You are configuring a VPC with multiple subnets. When using a NAT Gateway, where must it be placed?

  • A In a public subnet
  • B In a private subnet
  • C In all subnets
  • D In each Availability Zone
Explanation A NAT Gateway must be placed in a public subnet to function properly, allowing outgoing internet access.
Q397

Which service can automatically scale your Amazon EC2 instances?

  • A Amazon EC2 Auto Scaling
  • B Amazon CloudFormation
  • C AWS Lambda
  • D Amazon RDS
Explanation Amazon EC2 Auto Scaling adjusts instance counts according to demand; other options don’t provide this automatic scaling feature.
Q398

A company needs to assure that sensitive data in S3 is encrypted and access is limited. Which features should they implement?

  • A S3 Transfer Acceleration and Versioning
  • B S3 Object Lock and Regional Replication
  • C Server-Side Encryption and IAM Policies
  • D S3 Events and Cross-Origin Resource Sharing
Explanation Server-Side Encryption protects data at rest, and IAM Policies restrict access; others do not provide both necessary security aspects.
Q399

You are configuring an AWS IAM policy. What happens when a user is granted permissions that explicitly allow and deny the same action?

  • A Allow permission overrides deny
  • B Deny permission overrides allow
  • C No permission is granted
  • D The action defaults to AWS account permissions
Explanation In IAM, explicit denies always take precedence over allows; other options misstate IAM policy behavior.
Q400

Which service provides a fully managed Docker container service?

  • A Amazon ECS
  • B Amazon RDS
  • C Amazon EC2
  • D AWS Lambda
Explanation Amazon ECS is specifically designed for container orchestration, unlike the others that serve different purposes.