Amazon AWS

AWS Certified CloudOps Engineer – Associate

SOA-C03

The AWS Certified CloudOps Engineer – Associate (SOA-C03) exam tests your skills in operating and managing AWS environments. It is ideal for those looking to enhance their operational expertise on AWS.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 411–420 of 486

Q411

You are configuring an IAM policy to restrict EC2 instance actions. Which of the following is true about resource ARNs in IAM policies?

  • A only public ARNs are valid
  • B fully qualified ARNs should be used
  • C wildcard ARNs cannot be used
  • D generic ARNs cover all resources
Explanation Fully qualified ARNs are necessary for precise permissions, while wildcards and generic ARNs can lead to access issues.
Q412

Which AWS service is primarily used for container orchestration?

  • A ECS
  • B EC2
  • C S3
  • D Lambda
Explanation ECS (Elastic Container Service) is built for orchestrating containers, while EC2 is for virtual servers, S3 is for storage, and Lambda is for serverless functions.
Q413

A company needs to reduce latency for a globally distributed application. Which AWS feature should they use?

  • A AWS Regions
  • B Amazon CloudFront
  • C S3 Transfer Acceleration
  • D AWS Lambda
Explanation Amazon CloudFront, a CDN, reduces latency by caching content closer to users, while the other options do not primarily address latency.
Q414

What happens when you set an S3 object's ACL to 'public-read'?

  • A Object is not accessible
  • B Object is cached
  • C Object can be viewed by anyone
  • D Object cannot be modified
Explanation Setting 'public-read' allows anyone to read the object, while the other options misstate access or behavior.
Q415

Which service provides a managed NoSQL database solution?

  • A Amazon DynamoDB
  • B Amazon RDS
  • C Amazon Aurora
  • D Amazon Redshift
Explanation Amazon DynamoDB is the managed NoSQL database service; RDS and Aurora are relational databases while Redshift is for data warehousing.
Q416

A company needs to implement encryption for S3 bucket data at rest. What should they use?

  • A S3 bucket policies
  • B Amazon Macie
  • C S3 server-side encryption
  • D CloudTrail logging
Explanation S3 server-side encryption is designed for data at rest; bucket policies, Macie, and CloudTrail do not provide encryption functionality.
Q417

What happens when an Auto Scaling group scales in?

  • A New instances are launched
  • B Instances are terminated
  • C Load balancer reconfigures
  • D CloudWatch alarms delete
Explanation When scaling in, instances are terminated to reduce capacity; scaling out involves launching new instances, while the other options are incorrect responses.
Q418

Which AWS service provides a way to run code in response to events?

  • A AWS Lambda
  • B Amazon EC2
  • C Amazon RDS
  • D Amazon S3
Explanation AWS Lambda executes code in response to events, while the others provide different computing capabilities.
Q419

A company needs to grant the least privilege access to its architectures for specific IAM roles. What should it do?

  • A Use Admin permissions
  • B Attach the existing policy
  • C Create custom policies
  • D Modify bucket ACLs
Explanation Creating custom policies allows defining precise permissions, unlike the other options which risk over-privileging access.
Q420

You are configuring a security group for an EC2 instance. What happens when you deny all outbound traffic?

  • A Instance cannot access the internet
  • B Instance cannot accept inbound traffic
  • C Instance is terminated
  • D Instance becomes publicly accessible
Explanation Denying outbound traffic restricts internet access, while the other options are not applicable to just modifying outbound rules.