🎯 Free SOA-C03 Mock Exam

SOA-C03 Mock Exam Questions (Page 1 of 7)

Preview the questions first, then start in timed or study mode.

1. Question #1Domain 1

   A SysOps administrator notices that an Amazon EC2 instance's CPU utilization has been spiking unpredictably over the past week. The administrator needs to be alerted only when the CPU stays above 85% for at least three consecutive 5-minute evaluation periods, to avoid false alarms from brief spikes. Which approach should the administrator take?

   ACreate a CloudWatch alarm with a threshold of 85%, a period of 5 minutes, and set the datapoints to alarm to 3 out of 3.

   BCreate a CloudWatch alarm with a threshold of 85%, a period of 15 minutes, and set the datapoints to alarm to 1 out of 1.

   CCreate a CloudWatch anomaly detection alarm on CPU utilization and set the band width to 2.

   DCreate a CloudWatch composite alarm that combines three separate CPU alarms each with a different evaluation period.
2. Question #2Domain 1

   A company runs a microservices application on Amazon ECS. The operations team needs to identify which downstream service call is causing intermittent latency increases in the order-processing service. The team needs a visual map of service dependencies and per-segment timing data. Which AWS service should the team use?

   AAmazon CloudWatch Logs Insights with a query filtering on latency fields

   BAWS X-Ray with service map and trace analysis

   CAWS CloudTrail event history filtered by API response times

   DAmazon EventBridge with custom latency events published by each service
3. Question #3Domain 1Select 2 answers

   A SysOps administrator must ensure that all API activity across a 12-account AWS Organization is logged centrally, that log files cannot be tampered with, and that logs are retained for 7 years in a cost-effective manner. (Select TWO.)

   ACreate an organization trail in CloudTrail with log file integrity validation enabled and deliver logs to a central S3 bucket in the management account.

   BCreate individual CloudTrail trails in each account and use S3 Cross-Region Replication to copy logs to the management account.

   CConfigure an S3 Lifecycle policy on the central logging bucket to transition objects to S3 Glacier Deep Archive after 90 days.

   DEnable CloudTrail Insights on each individual account trail to detect tampering events.

   EUse an S3 bucket policy that denies `s3:DeleteObject` and `s3:PutObject` for all principals except the CloudTrail service.
4. Question #4Domain 1

   An application writes custom business metrics to Amazon CloudWatch using the `PutMetricData` API. The operations team wants to create a dashboard that shows the p99 latency of these custom metrics at 1-second granularity. The team discovers the data is only available at 1-minute resolution. What should the team do to achieve 1-second granularity?

   APublish the metrics using the `StorageResolution` parameter set to 1 (high-resolution metrics).

   BEnable detailed monitoring on the EC2 instances running the application.

   CChange the CloudWatch agent collection interval to 1 second.

   DUse CloudWatch Metric Streams to send data to a Kinesis Data Firehose at 1-second intervals.
5. Question #5Domain 1

   A SysOps administrator needs to automatically remediate Amazon EC2 instances that have a specific required tag missing. The administrator wants to use AWS Config to detect non-compliant resources and automatically add the missing tag. Which combination of AWS Config features should the administrator use?

   AUse the `required-tags` managed rule and configure automatic remediation with an SSM Automation document that calls the `ec2:CreateTags` API.

   BUse a custom AWS Config rule backed by a Lambda function, and have the Lambda function directly tag the instance within the evaluation logic.

   CUse the `required-tags` managed rule and configure an EventBridge rule that triggers an SNS notification to the operations team.

   DUse AWS Config conformance packs with a custom remediation script embedded in the conformance pack template.
6. Question #6Domain 1

   A company uses Amazon CloudWatch Logs to store application logs from several EC2 instances. The operations team needs to create a metric that counts the number of `ERROR` log entries per minute and triggers an alarm when the count exceeds 50. Which approach should the team use?

   ACreate a CloudWatch Logs metric filter that matches the pattern `ERROR`, publish it as a custom metric, and create a CloudWatch alarm on that metric.

   BUse CloudWatch Logs Insights to run a scheduled query every minute that counts ERROR entries and sends the results to an SNS topic.

   CConfigure the CloudWatch agent to parse ERROR entries and publish them as EMF (Embedded Metric Format) logs, then create an alarm on the extracted metric.

   DEnable CloudWatch Logs anomaly detection on the log group and set the anomaly threshold to 50.
7. Question #7Domain 1

   A SysOps administrator manages a production environment and needs to be alerted when BOTH the application's error rate exceeds 5% AND the backend database CPU exceeds 80%. The administrator does not want to receive alerts if only one condition is true. What is the most operationally efficient solution?

   ACreate two separate CloudWatch alarms and configure both to publish to the same SNS topic, relying on the operations team to correlate them.

   BCreate a CloudWatch composite alarm that requires both the error-rate alarm and the database-CPU alarm to be in ALARM state simultaneously.

   CCreate a single CloudWatch alarm using a metric math expression that combines both metrics into one calculated metric.

   DCreate an EventBridge rule with an event pattern that matches both alarm state-change events within a 5-minute window.
8. Question #8Domain 1Select 2 answers

   A SysOps administrator is troubleshooting an issue where an EC2 instance's custom memory and disk metrics are not appearing in CloudWatch. The CloudWatch agent is installed and running on the instance. (Select TWO.)

   AThe EC2 instance's IAM role is missing the `cloudwatch:PutMetricData` permission.

   BThe CloudWatch agent configuration file does not include the `metrics` section for memory and disk.

   CDetailed monitoring has not been enabled on the EC2 instance.

   DThe CloudWatch agent is configured to send metrics to a different AWS Region than the one being viewed.

   EThe EC2 instance does not have the `AmazonSSMManagedInstanceCore` policy attached.
9. Question #9Domain 1

   A SysOps administrator receives an alert from AWS Config showing that an S3 bucket has public read access enabled. The administrator wants to set up automatic remediation so that any S3 bucket that becomes publicly accessible is immediately made private. Which solution meets this requirement?

   ACreate an AWS Config rule using the `s3-bucket-public-read-prohibited` managed rule with automatic remediation linked to an SSM Automation document that calls `s3:PutPublicAccessBlock`.

   BCreate an EventBridge rule that matches S3 bucket policy changes and triggers a Lambda function to remove public access.

   CEnable Amazon Macie on the account and configure it to automatically remediate public buckets.

   DConfigure S3 Block Public Access at the account level and remove all existing bucket policies.
10. Question #10Domain 1

    A company needs to centrally view AWS Config compliance data from all accounts in their AWS Organization. A SysOps administrator must set up a single dashboard showing compliance status across all accounts and regions. Which AWS Config feature should the administrator use?

    AAWS Config conformance packs deployed via StackSets to all accounts

    BAWS Config aggregator configured in a central account with organization-wide authorization

    CAWS Config rules replicated manually to each account with results sent to a central S3 bucket

    DAWS Systems Manager Explorer with OpsData sources for each AWS Config rule