Practice CloudFormation Questions Now

Start a timed practice session focusing on AWS CloudFormation topics from the SOA-C03 question bank.

SOA-C03 CloudFormation Question Bank (84 Questions)

Browse all 84 practice questions covering AWS CloudFormation for the SOA-C03 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

Question 1Deployment, Provisioning & Automation
A company's CloudFormation template uses nested stacks heavily and has grown to exceed the 500-resource limit. The team wants to reuse and share common template snippets (such as a standard VPC module) across multiple templates without duplicating code. Which CloudFormation feature allows processing and transforming template snippets at deploy time?
ACloudFormation StackSets for parallel deployment.
BCloudFormation macros, which use AWS Lambda functions to process and transform template content during the `CreateChangeSet` or `CreateStack` operation.
CCloudFormation drift detection to identify template changes.
DAWS Service Catalog portfolios to share template products.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 2Select All That ApplyDeployment, Provisioning & Automation
A SysOps Administrator is troubleshooting a CloudFormation stack that failed to create. The stack status shows `ROLLBACK_COMPLETE`. The administrator needs to understand what went wrong and deploy a corrected template. Which actions should the administrator take? (Select TWO.)
AReview the stack events in the CloudFormation console or CLI to identify the resource that failed and the error message.
BDelete the failed stack (since `ROLLBACK_COMPLETE` stacks cannot be updated), fix the template, and create a new stack.
CRun `aws cloudformation continue-update-rollback` to recover the stack.
DChange the stack status to `UPDATE_COMPLETE` manually.
EUse CloudFormation drift detection on the failed stack to identify the issue.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 3Deployment, Provisioning & Automation
A SysOps administrator uses CloudFormation change sets to update a stack that contains an Auto Scaling group. The change set shows the Auto Scaling group will be replaced because the administrator changed the `LaunchConfigurationName` property to a `LaunchTemplate` property. The administrator wants to avoid terminating existing instances. What should the administrator do?
ADelete the change set, modify the template to use a `MixedInstancesPolicy` that references the launch template, and create a new change set to verify no replacement occurs
BExecute the change set and rely on the Auto Scaling group's replacement process to gradually replace instances
CAdd an `UpdatePolicy` attribute with `AutoScalingRollingUpdate` to the Auto Scaling group resource and re-create the change set
DImport the existing Auto Scaling group as a new resource in CloudFormation using the resource import feature
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 4Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation StackSets to deploy resources across 20 AWS accounts in an organization. Deployment fails in 3 accounts. What StackSets configuration prevents a full rollback?
ASet MaxConcurrentAccounts to 20
BSet FailureToleranceCount to 3 or higher
CUse SELF_MANAGED permission model
DDisable automatic rollback on the StackSet
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 5Deployment, Provisioning & Automation
A SysOps administrator is using CloudFormation StackSets to deploy a standardized monitoring configuration across 50 accounts in an AWS Organization. A recent deployment to 5 accounts failed due to insufficient permissions. The administrator needs to identify which accounts failed and retry only those. What should the administrator do?
AView the StackSet operation history to identify the failed accounts, then create a new StackSet operation targeting only those specific accounts by specifying account IDs.
BDelete the entire StackSet and redeploy it to all 50 accounts after fixing the permissions.
CUse the CloudFormation drift detection feature to find which accounts have the missing resources.
DManually deploy individual CloudFormation stacks in the 5 failed accounts.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 6Deployment, Provisioning & Automation
A SysOps administrator performed a CloudFormation stack update that caused a resource creation failure, triggering an automatic rollback. However, the administrator needs to investigate the failed resource before it is deleted by the rollback. What should the administrator have configured before the update?
ADisable automatic rollback on the stack update by using the `--disable-rollback` option, which preserves failed resources for investigation.
BEnable stack termination protection before running the update.
CCreate a change set first and manually approve each resource change.
DConfigure a `DeletionPolicy: Retain` on all resources in the template.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 7Deployment, Provisioning & Automation
A SysOps administrator manages a large CloudFormation template that has grown to 400 resources. The team wants to break common patterns (VPC subnets, security groups, NAT gateways) into reusable building blocks that can be shared across templates without nesting stacks. Which CloudFormation feature achieves this?
ACloudFormation StackSets
BCloudFormation modules
CCloudFormation macros
DCloudFormation nested stacks with cross-stack references
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 8Deployment, Provisioning & Automation
A SysOps administrator is writing a CloudFormation template that deploys an EC2 instance with a user data script. The script installs software and then signals CloudFormation that the instance setup is complete. The stack should fail if the signal is not received within 10 minutes. Which CloudFormation feature should the administrator use?
A`AWS::CloudFormation::WaitCondition` with a timeout of 600 seconds and `cfn-signal` in the user data
B`DependsOn` attribute with a sleep command in the user data script
CCloudFormation `CreationPolicy` on the EC2 resource with a timeout of `PT10M` and `cfn-signal` in the user data
DA custom resource Lambda function that polls the instance until the setup is complete
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 9Deployment, Provisioning & Automation
A company has a CloudFormation template that creates an S3 bucket. The bucket name must be globally unique and should automatically incorporate the stack name and AWS region. Which CloudFormation intrinsic function combination should be used in the `BucketName` property?
A`Fn::Join: ["-", [!Ref "AWS::StackName", !Ref "AWS::Region", "data"]]`
B`Fn::ImportValue: "BucketNameExport"`
C`Fn::GetAtt: [S3Bucket, BucketName]`
D`Fn::FindInMap: [RegionMap, !Ref "AWS::Region", BucketName]`
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 10Deployment, Provisioning & Automation
A SysOps Administrator needs to reference an SSM Parameter Store parameter containing a database password in a CloudFormation template, so the password is resolved at stack creation time without hardcoding it. Which CloudFormation feature should be used?
AUse `Fn::ImportValue` to import the parameter from another stack's exports.
BUse a CloudFormation dynamic reference with the `ssm-secure` resolve syntax: `{{resolve:ssm-secure:parameter-name}}`.
CUse a `Fn::GetAtt` intrinsic function to retrieve the parameter value from SSM.
DPass the database password as a `NoEcho` parameter in the CloudFormation template.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 11Deployment, Provisioning & Automation
A CloudFormation stack update fails and rolls back. After rollback, the administrator notices the RDS instance has been deleted. The administrator wants to ensure that in future stack updates, the RDS instance is never deleted even if the resource is replaced. Which CloudFormation attribute should be added to the RDS resource?
A`DeletionPolicy: Retain`
B`UpdateReplacePolicy: Retain`
C`DependsOn` referencing a stack update condition.
D`Metadata` attribute with `retain-on-update: true`.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 12Deployment, Provisioning & Automation
A CloudFormation template contains an Amazon EC2 instance resource that requires software to be installed and configured before the stack creation is considered complete. The administrator has added a `cfn-signal` call at the end of the UserData script. What else must be added to the template to make CloudFormation wait for the signal?
AA `CreationPolicy` attribute on the EC2 instance resource with a `ResourceSignal` timeout
BA `WaitCondition` resource with a custom Lambda-backed signal handler
CA `DependsOn` attribute referencing a wait condition handle
DA `Metadata` attribute with `AWS::CloudFormation::Init` configuration
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 13Deployment, Provisioning & Automation
A SysOps administrator runs CloudFormation drift detection on a stack that manages an EC2 security group. The detection shows that an ingress rule allowing SSH from 0.0.0.0/0 was manually added outside of CloudFormation. What is the recommended action to remediate the drift?
AUpdate the CloudFormation template to include the new ingress rule and run an update stack operation
BDelete the manually added rule, then run drift detection again to confirm the stack is in sync
CImport the modified resource into a new CloudFormation stack
DDelete the stack and recreate it to enforce the intended configuration
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 14Deployment, Provisioning & Automation
A company uses the AWS CDK (TypeScript) to define infrastructure. A developer creates a new CDK stack, runs `cdk synth`, and the resulting CloudFormation template is much larger than expected with resources the developer did not explicitly define. What is the most likely explanation?
AThe CDK L2 constructs automatically create associated resources such as IAM roles, security groups, and log groups with sensible defaults
BThe CDK bootstrap stack is merging its resources into the application stack
CThe `cdk synth` command includes resources from all stacks in the CDK app, not just the target stack
DThe CDK is importing existing resources from the AWS account into the template
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 15Deployment, Provisioning & Automation
An administrator is deploying CloudFormation StackSets across accounts. The StackSet operation fails in some accounts with an `OUTDATED` status showing "Account not authorized." What is the most likely cause when using the self-managed permission model?
AThe `AWSCloudFormationStackSetAdministrationRole` in the management account does not have an trust policy allowing the target accounts
BThe `AWSCloudFormationStackSetExecutionRole` does not exist or has insufficient permissions in the target accounts
CThe target accounts are not members of the same AWS Organization
DThe StackSet was created with service-managed permissions, which conflicts with the self-managed model
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 16Deployment, Provisioning & Automation
A SysOps administrator wants to ensure that CloudFormation drift detection runs automatically every 24 hours for critical stacks and sends a notification if drift is detected. What is the MOST operationally efficient solution?
AUse AWS Config's `cloudformation-stack-drift-detection-check` managed rule with automatic remediation that triggers an SNS notification
BCreate an EventBridge scheduled rule that triggers a Lambda function to run drift detection and publish results to SNS
CUse CloudFormation's built-in drift detection scheduler, which can be configured to run every 24 hours
DCreate a cron job on an EC2 instance that calls the AWS CLI to run drift detection on each stack
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 17Deployment, Provisioning & Automation
A SysOps administrator is creating a CloudFormation template that provisions a Lambda function and an S3 bucket. The bucket needs a notification configuration that triggers the Lambda function when new objects are created. Creating the stack fails with a circular dependency error. How should this be resolved?
AAdd a `DependsOn` attribute on the S3 bucket resource referencing the Lambda function
BSplit the bucket notification configuration into a separate `AWS::S3::BucketNotificationConfiguration` custom resource that depends on both the bucket and the Lambda permission
CUse a CloudFormation macro to inject the notification configuration after both resources are created
DRemove the inline notification configuration from the S3 bucket resource and instead use an `AWS::Lambda::Permission` resource along with a separate `AWS::S3::BucketNotification` resource to break the circular dependency
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 18Deployment, Provisioning & Automation
A developer has a CloudFormation template that provisions an Amazon RDS instance, a Lambda function, and an SNS topic. The developer wants to break this monolithic template into smaller, reusable components. Which CloudFormation feature enables this composition while maintaining a single parent stack for lifecycle management?
ACloudFormation StackSets
BCloudFormation nested stacks
CCloudFormation change sets
DCloudFormation stack imports
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 19Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation. A stack is stuck in UPDATE_ROLLBACK_FAILED state. How can the stack be recovered?
ADelete the stack and redeploy from scratch
BUse ContinueUpdateRollback to retry the rollback, optionally skipping problematic resources
CManually delete the CloudFormation stack record from DynamoDB
DContact AWS Support to reset the stack state
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 20Deployment, Provisioning, and Automation
A SysOps administrator wants to update CloudFormation stack configuration when the template metadata changes, without replacing the instance. Which helper script polls for metadata changes?
Acfn-signal
Bcfn-hup
Ccfn-init
Dcfn-get-metadata
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 21Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation StackSets with SERVICE_MANAGED permissions. A new AWS account is added to an OU. What happens automatically?
ANothing — StackSets must be manually redeployed to new accounts
BStackSets automatically deploys the stack to the new account if automatic deployment is enabled on the StackSet
CThe account must first be bootstrapped with CDK
DThe account must accept the StackSet deployment invitation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 22Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation Nested Stacks. What is the primary benefit?
ANested stacks allow cross-region deployments
BNested stacks modularize templates — common components (VPC, security groups) are defined once and reused across parent stacks
CNested stacks reduce CloudFormation resource limits
DNested stacks enable parallel resource creation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 23Deployment, Provisioning & Automation
A team uses AWS SAM to deploy serverless applications. Their SAM template includes a `Transform: AWS::Serverless-2016-10-31` declaration and defines `AWS::Serverless::Function` resources. During deployment, the administrator sees a `Transform` error in CloudFormation. What is the MOST likely cause?
AThe CloudFormation stack was created in a Region that does not support Lambda
BThe administrator ran `aws cloudformation create-stack` instead of `aws cloudformation deploy` or `sam deploy`, bypassing the SAM transform processing
CThe IAM role used by CloudFormation lacks permission to invoke the SAM transform macro
DThe SAM template was not uploaded to S3 before stack creation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 24Deployment, Provisioning & Automation
A CloudFormation template deploys resources for both production and development environments. In production, the template should create an RDS Multi-AZ deployment; in development, it should create a Single-AZ deployment. The environment type is passed as a parameter. Which CloudFormation feature implements this conditional logic?
AUse a `Mappings` section to look up the Multi-AZ setting based on the environment parameter.
BUse the `Conditions` section with `Fn::If` in the RDS resource's `MultiAZ` property, evaluating whether the environment parameter equals "production".
CCreate two separate CloudFormation templates — one for production and one for development.
DUse a nested stack that conditionally includes the RDS resource based on the environment.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 25Deployment, Provisioning & Automation
A CloudFormation template includes an `AWS::EC2::Instance` resource that must only be created when the `EnableBastion` parameter is set to `true`. If the parameter is `false`, the instance should not be created. Which CloudFormation construct implements this?
AUse `DeletionPolicy: Retain` on the instance resource so it persists regardless of the parameter.
BDefine a condition `CreateBastion` using `Fn::Equals: [!Ref EnableBastion, "true"]`, then add `Condition: CreateBastion` to the EC2 instance resource.
CUse a `Mappings` section keyed by the `EnableBastion` parameter value that returns the instance type or `AWS::NoValue`.
DUse an `Fn::If` in the template's `Resources` section root level that wraps the entire resource definition.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 26Deployment, Provisioning & Automation
A company's CloudFormation template creates a Lambda function and an API Gateway. The Lambda function ARN must be passed to the API Gateway integration. However, a circular dependency occurs because the API Gateway also needs to grant invoke permissions referencing the Lambda function. How should the SysOps Administrator resolve this circular dependency?
AUse `DependsOn` to explicitly order the resource creation and break the cycle.
BSplit the resources into two stacks — one for Lambda and one for API Gateway — and use cross-stack references with `Fn::ImportValue`.
CUse `Fn::GetAtt` with `Fn::Sub` and separate the permission resource, ensuring the Lambda function does not reference the API Gateway directly and the `AWS::Lambda::Permission` resource references both independently.
DRemove the Lambda permission resource and grant API Gateway invoke access through the Lambda execution role instead.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 27Deployment, Provisioning & Automation
A SysOps Administrator is defining a CloudFormation template that uses `AWS::CloudFormation::WaitCondition` and `AWS::CloudFormation::WaitConditionHandle`. The WaitCondition is configured with a `Count` of 3 and a `Timeout` of 600. What does this configuration mean?
ACloudFormation waits for exactly 3 success signals from resources referencing the WaitConditionHandle within 600 seconds; if fewer than 3 signals arrive or any signal is a failure, the resource creation fails.
BCloudFormation waits for any 3 out of 5 signals within 600 seconds.
CCloudFormation creates 3 copies of the resource and waits 600 seconds for them all to complete.
DCloudFormation retries the WaitCondition 3 times, with a 600-second timeout for each attempt.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 28Deployment, Provisioning & Automation
A SysOps Administrator is writing a CloudFormation template that must deploy different instance types based on the AWS Region. The `us-east-1` region should use `m6i.large`, `eu-west-1` should use `m6i.xlarge`, and all other regions should use `m5.large`. Which CloudFormation template feature should the administrator use?
AUse a `Parameters` section with a default value and `AllowedValues` constraint.
BUse a `Mappings` section that maps each region to an instance type, and use `Fn::FindInMap` with `AWS::Region` as the key to retrieve the correct value.
CUse a `Conditions` section to create a condition per region and use `Fn::If` in the resource property.
DUse a `Transform` section with the `AWS::Include` macro to fetch instance types from S3.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 29Deployment, Provisioning & Automation
A SysOps Administrator needs a CloudFormation template that creates an S3 bucket only when the environment parameter is set to `production`. In non-production environments, the bucket should not be created. Which CloudFormation features must be used together?
A`Parameters` to accept the environment value, `Conditions` to define `IsProduction` comparing the parameter to `production`, and the `Condition` property on the S3 bucket resource referencing `IsProduction`.
B`Parameters` with `AllowedValues` and a `DeletionPolicy` of `Retain` on the bucket.
C`Mappings` with environment-to-bucket name mappings and `Fn::FindInMap`.
D`Outputs` with an `Export` that conditionally exports the bucket ARN.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 30Deployment, Provisioning & Automation
A development team currently uses CloudFormation to deploy infrastructure but finds the YAML/JSON templates difficult to maintain and test. They want to use a general-purpose programming language (TypeScript) to define infrastructure, with the ability to use loops, conditionals, and object-oriented patterns. Which AWS tool should the SysOps Administrator recommend?
AAWS CDK (Cloud Development Kit), which allows defining infrastructure using TypeScript (and other languages) and synthesizes CloudFormation templates for deployment.
BAWS SAM (Serverless Application Model), which extends CloudFormation for serverless applications.
CTerraform with HCL configuration files.
DAWS CloudFormation modules registered in the CloudFormation registry.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 31Deployment, Provisioning & Automation
A SysOps Administrator needs to deploy a CloudFormation template that provisions a Lambda function along with its code stored in an S3 bucket. The template uses the `AWS::Serverless::Function` resource type from SAM. Which `Transform` declaration must be included in the template?
A`Transform: AWS::Include`
B`Transform: AWS::Serverless-2016-10-31`
C`Transform: AWS::CodeDeployBlueGreen`
D`Transform: AWS::LanguageExtensions`
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 32Deployment, Provisioning & Automation
A CloudFormation template uses `Metadata: AWS::CloudFormation::Init` on an EC2 instance to install packages and configure files. The instance launches but the application is not configured. The `cfn-init` log shows no errors. What is the MOST LIKELY reason the CloudFormation Init metadata was not processed?
AThe `cfn-init` helper script was not called in the instance's `UserData` script.
BThe IAM instance profile does not have permission to call `cloudformation:DescribeStackResource`.
CThe `Metadata` section has a syntax error that was silently ignored.
DCloudFormation Init only works on Amazon Linux AMIs, not on other operating systems.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 33Deployment, Provisioning & Automation
A company wants to create a standardized catalog of pre-approved CloudFormation templates that development teams can use to provision resources. The company needs to control which templates each team can use. Which AWS service should the administrator use?
AAWS CloudFormation StackSets
BAWS Service Catalog
CAWS Config
DAWS Systems Manager Automation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 34Deployment, Provisioning & Automation
A SysOps administrator uses a CloudFormation template that creates an RDS instance and needs to initialize the database schema after the instance is created. The schema setup requires running a custom SQL script. Which CloudFormation feature should be used?
AUse a `DependsOn` attribute on the RDS resource to delay execution until the schema script completes
BCreate a CloudFormation custom resource backed by a Lambda function that connects to the RDS instance and executes the SQL script
CAdd a `UserData` script to an EC2 instance in the same template that runs the SQL script at boot
DUse CloudFormation `AWS::CloudFormation::Init` metadata on the RDS resource to run the schema initialization
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 35Deployment, Provisioning & Automation
A SysOps administrator needs to update the instance type of a running EC2 instance managed by CloudFormation from `t3.medium` to `t3.large`. Before executing the update, the administrator creates a change set. What will the change set show for this modification?
AReplacement: True — the instance will be terminated and a new instance with the new type will be created
BReplacement: Conditional — the instance may be replaced depending on whether it is in a stopped state
CReplacement: False — the instance will be stopped, the instance type modified, and then restarted (an update with no replacement)
DThe change set will show an error because instance types cannot be modified for running instances
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 36Select All That ApplyDeployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation and wants to validate template syntax before deploying. Which CloudFormation API/command should they use?
Acloudformation deploy --dry-run
Bcloudformation validate-template
Ccloudformation create-change-set
Dcfn-lint (CloudFormation Linter)
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 37Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation. The template includes a custom resource. What happens when the custom resource's Lambda function returns FAILED?
ACloudFormation continues deployment ignoring the failure
BCloudFormation fails the operation and rolls back the stack
CCloudFormation retries the Lambda function 3 times
DCloudFormation marks the resource as DELETE_FAILED
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 38Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation Drift Detection. What does drift detection identify?
ADifferences between the template and actual resource configurations that occurred outside CloudFormation
BSecurity vulnerabilities in CloudFormation templates
CCloudFormation stack creation failures
DConfiguration differences between dev and prod stacks
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 39Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation and creates an IAM role. The role's name is not specified in the template. What type of name does CloudFormation assign?
ACloudFormation requires all IAM role names to be specified explicitly
BCloudFormation generates a physical ID (random suffix appended to the logical ID) as the role name
CThe role name defaults to 'CloudFormationRole'
DThe role is created without a name
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 40Deployment, Provisioning & Automation
A SysOps administrator is deploying a CloudFormation stack that creates an RDS database instance. The administrator wants to ensure that if the stack is ever deleted, the database is not deleted but instead retained. Which CloudFormation feature should the administrator use?
AAdd `DeletionPolicy: Retain` to the RDS resource in the CloudFormation template.
BAdd a stack policy that denies `Update:Delete` actions on the RDS resource.
CCreate a separate nested stack for the RDS instance so it has an independent lifecycle.
DEnable termination protection on the CloudFormation stack.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 41Deployment, Provisioning & Automation
A SysOps administrator has a CloudFormation stack that was deployed 6 months ago. The administrator suspects that resources in the stack have been manually modified outside of CloudFormation. Which feature allows the administrator to identify which resources have been modified?
ACloudFormation drift detection
BCloudFormation change sets
CAWS Config configuration timeline
DCloudTrail event history
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 42Deployment, Provisioning & Automation
A SysOps administrator needs to ensure that no one can update or delete a specific critical resource (an RDS instance) in a CloudFormation stack, even during stack updates. Which feature should the administrator use?
AApply a stack policy that explicitly denies `Update:Replace` and `Update:Delete` actions on the RDS resource.
BSet `DeletionPolicy: Retain` on the RDS resource in the template.
CEnable termination protection on the CloudFormation stack.
DUse an IAM policy to deny `cloudformation:UpdateStack` for the specific stack.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 43Deployment, Provisioning & Automation
A SysOps administrator is deploying a CloudFormation stack that includes an EC2 instance and an RDS database. The EC2 instance depends on the RDS database being available first. However, CloudFormation is launching the EC2 instance before the RDS instance is ready. How should the administrator fix this?
AAdd a `DependsOn` attribute on the EC2 resource pointing to the RDS resource in the CloudFormation template.
BAdd a `CreationPolicy` on the RDS instance with a timeout to ensure it is ready before the EC2 instance starts.
CPut the RDS instance in a nested stack that is deployed before the main stack.
DUse the `Fn::GetAtt` function in the EC2 resource to reference an attribute of the RDS instance, which implicitly creates a dependency.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 44Deployment, Provisioning & Automation
A SysOps administrator manages a CloudFormation stack that was deployed with a custom VPC resource. The administrator now needs to update the stack, but the VPC resource's CIDR block needs to change—a modification that requires replacement of the resource. The administrator wants to preview this change before executing it. Which feature should the administrator use?
ACreate a CloudFormation change set to preview the update, which will show that the VPC will be replaced.
BRun CloudFormation drift detection to see the current state of the VPC resource.
CUse the `--dry-run` flag with the `aws cloudformation update-stack` CLI command.
DDeploy the update to a separate stack first as a test before updating the production stack.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 45Deployment, Provisioning & Automation
A SysOps administrator needs a CloudFormation stack to create an S3 bucket and then populate it with initial configuration files from a source bucket. CloudFormation does not natively support copying S3 objects. Which approach should the administrator use?
AUse a CloudFormation `AWS::S3::Object` resource to define the files
BCreate a CloudFormation custom resource backed by a Lambda function that copies the files from the source bucket
CAdd a `UserData` script on an EC2 instance in the same stack to copy files after launch
DUse CloudFormation `AWS::CloudFormation::Init` to download files into the S3 bucket
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 46Deployment, Provisioning & Automation
A SysOps administrator is debugging a CloudFormation stack creation failure. The stack rolled back, and the administrator needs to keep the failed resources to investigate the root cause without the stack deleting them. Which stack option should have been configured?
ASet `DeletionPolicy: Retain` on all resources in the template
BCreate the stack with `--disable-rollback` (or `--on-failure DO_NOTHING`) option
CEnable CloudFormation drift detection before creation
DSet the stack termination protection to enabled
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 47Deployment, Provisioning & Automation
A SysOps Administrator wants to ensure that users deploying a CloudFormation stack can only select approved EC2 instance types (t3.micro, t3.small, t3.medium) and that the environment name parameter matches the pattern `env-[a-z]{3,10}`. Which CloudFormation parameter properties enforce these constraints?
AUse `AllowedValues` for the instance type parameter to restrict choices, and `AllowedPattern` with a regex on the environment name parameter.
BUse a `Condition` in the template that checks if the instance type is in an approved list and fails the stack if not.
CUse a CloudFormation Stack Policy that denies creation of non-approved instance types.
DUse an SCP that restricts the `ec2:RunInstances` API to the approved instance types.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 48Select All That ApplyDeployment, Provisioning & Automation
A company has two CloudFormation stacks: a "Network" stack that creates a VPC and subnets, and an "Application" stack that needs to reference the VPC ID and subnet IDs from the Network stack. Which CloudFormation feature allows the Application stack to consume values exported by the Network stack? (Select TWO.)
AIn the Network stack, define `Outputs` with `Export` names for the VPC ID and subnet IDs.
BIn the Application stack, use `Fn::ImportValue` to reference the exported values by their export names.
CIn the Application stack, use `Fn::GetAtt` to directly read resources from the Network stack.
DStore the Network stack outputs in SSM Parameter Store and read them with `{{resolve:ssm:...}}` dynamic references.
EUse CloudFormation nested stacks, where the Application stack is a child of the Network stack.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 49Deployment, Provisioning & Automation
A SysOps Administrator is updating a CloudFormation stack that includes an RDS instance. The administrator changes the `DBInstanceClass` from `db.m5.large` to `db.m5.xlarge`. According to CloudFormation documentation, this property change causes "some interruption." What does this mean for the RDS resource during the update?
ACloudFormation creates a new RDS instance with the new class, migrates data, then deletes the old instance (replacement).
BCloudFormation modifies the existing RDS instance in place; the database may experience a brief downtime during the modification but retains the same endpoint and data (some interruption).
CCloudFormation deletes the RDS instance and recreates it with the new class; all data is lost unless a snapshot is taken first (replacement with deletion).
DCloudFormation queues the change until the next maintenance window with no interruption.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 50Deployment, Provisioning & Automation
A SysOps Administrator wants to automatically roll back a CloudFormation stack update if a specific CloudWatch alarm enters the `ALARM` state within 5 minutes of the update completing. The alarm monitors the application's HTTP 5xx error rate. Which CloudFormation feature provides this?
AEnable stack termination protection to prevent accidental rollbacks.
BConfigure rollback triggers on the stack, specifying the CloudWatch alarm ARN and a monitoring period of 5 minutes.
CAdd a `DeletionPolicy: Retain` to all resources so they survive a rollback.
DCreate a CloudWatch Events rule that detects the `UPDATE_COMPLETE` stack event and triggers a Lambda function to initiate rollback if the alarm is active.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 51Deployment, Provisioning & Automation
A SysOps Administrator is deploying a new version of an application using CloudFormation. The stack includes an Auto Scaling group with an `UpdatePolicy` for rolling updates. During the update, the new instances fail to pass health checks. What happens by default?
ACloudFormation continues the update, replacing all instances with the new version regardless of health check status.
BCloudFormation waits for the `MinSuccessfulInstancesPercent` threshold; if it is not met, the stack update fails and automatically rolls back to the previous version.
CCloudFormation marks the stack as `UPDATE_COMPLETE` and leaves the unhealthy instances running.
DCloudFormation pauses the update and sends an SNS notification waiting for manual approval.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 52Deployment, Provisioning & Automation
A SysOps Administrator uses CloudFormation to manage infrastructure. A stack update changes the `AvailabilityZone` property of an EC2 instance. According to CloudFormation, changing this property requires replacement. What happens during this update?
ACloudFormation stops the instance, moves it to the new AZ, and starts it again with the same instance ID.
BCloudFormation creates a new EC2 instance in the new AZ, waits for it to be healthy, then terminates the old instance; the physical resource ID changes.
CCloudFormation fails the update because the AZ property cannot be changed after creation.
DCloudFormation applies the AZ change with some interruption — a brief downtime while the instance migrates.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 53Deployment, Provisioning & Automation
A SysOps Administrator runs a CloudFormation stack update that modifies a security group's ingress rules. Midway through the update, CloudFormation encounters an error on a different resource. The stack begins rolling back. Will the security group changes be reverted?
ANo — security group changes are applied immediately and cannot be rolled back by CloudFormation.
BYes — CloudFormation rolls back all modified resources to their previous state, including the security group rules.
COnly if the security group has a `DeletionPolicy: Retain` attribute.
DOnly if the administrator manually reverts the security group changes.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 54Deployment, Provisioning & Automation
A company has a CloudFormation stack that exports an output value (`VpcId`) used by 15 other stacks via `Fn::ImportValue`. The company needs to update the VPC ID. However, CloudFormation prevents updating or deleting an export that is actively imported by other stacks. What is the recommended approach to update the export value?
ADelete all 15 dependent stacks, update the exporting stack, then recreate the dependent stacks.
BUpdate each of the 15 dependent stacks to remove the `Fn::ImportValue` reference (replacing it with a parameter or hardcoded value), then update the exporting stack's output, and finally update each dependent stack to re-import the new value.
CUse `aws cloudformation update-stack --force` to bypass the import dependency check.
DRename the export to a new name, update dependent stacks to use the new name, and delete the old export.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 55Deployment, Provisioning & Automation
A SysOps Administrator is creating a CloudFormation stack that includes an EC2 instance and an RDS database. The application on the EC2 instance requires the RDS endpoint to be available at boot time. However, the EC2 instance launches before the RDS instance finishes creating. Which CloudFormation resource attribute ensures the EC2 instance waits for the RDS instance to complete?
AAdd a `CreationPolicy` attribute to the EC2 instance resource.
BAdd a `DependsOn` attribute to the EC2 instance resource referencing the RDS resource logical ID.
CAdd a `Metadata` attribute to the EC2 instance with the RDS endpoint value.
DAdd an `UpdateReplacePolicy: Retain` attribute to the RDS resource.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 56Deployment, Provisioning & Automation
A company uses CloudFormation to deploy an Auto Scaling group. When the stack is updated with a new AMI, the administrator wants the ASG to perform a rolling update — replacing instances in batches while maintaining minimum capacity — rather than replacing the entire ASG resource. Which CloudFormation attribute should be configured on the ASG resource?
A`UpdatePolicy` with `AutoScalingRollingUpdate` settings specifying `MinInstancesInService`, `MaxBatchSize`, and `PauseTime`.
B`UpdateReplacePolicy: Retain` to keep the old ASG while the new one is created.
C`DependsOn` referencing the launch template so the ASG waits for the new template version.
D`DeletionPolicy: Retain` on the old ASG resource to prevent deletion during the update.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 57Deployment, Provisioning & Automation
A SysOps Administrator deploys a CloudFormation stack with an Auto Scaling group and a `CreationPolicy` that requires 3 success signals within 15 minutes. During deployment, only 2 instances send `cfn-signal` before the timeout. What happens to the stack?
AThe stack creation succeeds with a warning that not all signals were received.
BThe stack creation fails and CloudFormation rolls back the stack because the `CreationPolicy` condition was not satisfied.
CCloudFormation waits indefinitely until the third signal is received.
DThe ASG scales to launch additional instances to fulfill the signal requirement.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 58Deployment, Provisioning & Automation
A SysOps Administrator needs to deploy the same CloudFormation stack across 15 accounts in an AWS Organization. The stack provisions a Config rule and an S3 bucket. The administrator wants a single deployment action that targets all accounts without logging into each one. Which approach should be used?
ACloudFormation StackSets with service-managed permissions, deploying to the organization root or specific OUs.
BA CodePipeline that runs 15 parallel `aws cloudformation deploy` commands, one per account.
CShare the template via Service Catalog and require each account to launch the product manually.
DCreate an SSM Automation document that assumes a role in each account and creates the stack.
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 59Deployment, Provisioning & Automation
A SysOps administrator is deploying infrastructure using AWS CloudFormation. The stack creation fails and rolls back automatically. The administrator needs to identify which specific resource caused the failure. Where should the administrator look FIRST?
ACloudFormation stack events tab in the AWS Console
BAWS CloudTrail logs for the `CreateStack` API call
CAmazon CloudWatch Logs for the CloudFormation service
DThe CloudFormation template's `Outputs` section
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 60Deployment, Provisioning & Automation
A SysOps administrator needs to deploy a CloudFormation stack that creates IAM roles with custom names. The stack creation fails with an `InsufficientCapabilities` error. What must the administrator do?
AAdd `CAPABILITY_NAMED_IAM` to the stack creation request
BAdd `CAPABILITY_IAM` to the stack creation request
CUse an IAM role with `AdministratorAccess` to create the stack
DRemove the custom IAM role names from the template
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 61Deployment, Provisioning & Automation
A SysOps administrator has a CloudFormation stack that creates an Amazon RDS instance. The administrator needs to update the stack to change the DB instance class from `db.r5.large` to `db.r5.xlarge`. The stack uses the default update behavior. What will happen when the stack is updated?
AThe RDS instance will be replaced with a new instance, causing data loss
BThe RDS instance will be updated in-place with a brief period of downtime during the modification
CThe stack update will fail because the DB instance class cannot be modified
DCloudFormation will create a new RDS instance and delete the old one after the new one is available
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 62Deployment, Provisioning & Automation
A SysOps administrator needs to deploy a CloudFormation stack across 15 AWS accounts in an organization. The stack must be deployed to all accounts in a specific organizational unit (OU). Which approach is the MOST efficient?
AUse CloudFormation StackSets with service-managed permissions targeting the OU
BCreate a script that assumes a role in each account and deploys the stack
CUse AWS CodePipeline to deploy the stack to each account sequentially
DShare the CloudFormation template via S3 and have each account deploy manually
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 63Deployment, Provisioning & Automation
A SysOps administrator wants to use AWS CloudFormation to create an S3 bucket with a specific name. If the stack is deleted, the administrator wants the S3 bucket to be preserved. Which CloudFormation feature should be used?
AAdd a `DeletionPolicy: Retain` attribute to the S3 bucket resource
BAdd a `UpdateReplacePolicy: Retain` attribute to the S3 bucket resource
CEnable termination protection on the CloudFormation stack
DAdd a condition that prevents deletion of the S3 bucket resource
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 64Deployment, Provisioning & Automation
A company has a CodePipeline that deploys a CloudFormation stack. The pipeline is in us-east-1, but the CloudFormation stack must be deployed in eu-west-1. What must the administrator configure for this cross-region deployment?
ACreate an S3 artifact bucket in eu-west-1, configure the pipeline with a cross-region action specifying eu-west-1 as the deployment region, and ensure the pipeline service role has permissions in eu-west-1
BCreate a separate CodePipeline in eu-west-1 and trigger it from the us-east-1 pipeline using an EventBridge event
CConfigure the CloudFormation deploy action with a custom resource that assumes a role in eu-west-1
DUse CloudFormation StackSets instead of CodePipeline for cross-region deployments
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 65Deployment, Provisioning & Automation
A CloudFormation StackSet update is being deployed to 20 accounts. The administrator configured the maximum concurrent accounts to 5 and a failure tolerance of 2. After the update fails in 3 accounts, what happens?
AThe StackSet operation stops entirely, and the remaining accounts are not updated
BThe StackSet continues deploying to the remaining 12 accounts, skipping the failed ones
CThe StackSet rolls back the update in the 3 failed accounts and continues with the remaining accounts
DThe StackSet pauses and waits for administrator intervention before proceeding
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 66Deployment, Provisioning & Automation
A SysOps administrator wants to preview what changes CloudFormation will make to a production stack before executing the update. The team is concerned about unintended resource replacements. Which approach provides this visibility?
AUse `aws cloudformation validate-template` to check for errors and view resource changes
BCreate a CloudFormation change set for the proposed update, review the changes including resource replacements, and then decide whether to execute or delete the change set
CDeploy the update to a staging stack first and compare the outputs with production
DEnable CloudFormation drift detection to compare the template changes against the current stack state
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 67Deployment, Provisioning & Automation
A SysOps administrator has a CloudFormation custom resource backed by a Lambda function. During stack creation, the stack is stuck in `CREATE_IN_PROGRESS` for over an hour. The Lambda function's CloudWatch Logs show successful execution. What is the MOST likely cause?
AThe Lambda function does not have permission to call CloudFormation APIs
BThe Lambda function completed execution but did not send a SUCCESS or FAILED response to the CloudFormation pre-signed S3 URL
CThe CloudFormation custom resource has a `DependsOn` attribute pointing to a resource that has not finished creating
DThe Lambda function's timeout is set too high, and CloudFormation is waiting for the function to complete
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 68Deployment, Provisioning & Automation
A SysOps administrator has a CloudFormation StackSet that deploys IAM roles across all accounts in an organization. After adding a new AWS account to the production OU, the administrator notices the StackSet was not automatically deployed to the new account. What is the most likely reason?
AThe StackSet uses self-managed permissions instead of service-managed permissions
BThe new account has not been registered with CloudFormation
CThe StackSet deployment targets specify account IDs rather than OUs
DCloudFormation StackSets does not support automatic deployment to new accounts
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 69Deployment, Provisioning, and Automation
A SysOps administrator uses AWS CloudFormation to deploy infrastructure. A stack update fails midway. What happens by default?
AThe stack remains in a partially updated state
BCloudFormation automatically rolls back to the last known stable state
CThe user must manually roll back using the AWS CLI
DCloudFormation deletes the entire stack on failure
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 70Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation. They want to ensure a specific resource is always deleted before another during stack deletion. How is this controlled?
AList resources in reverse order in the template
BUse DependsOn attribute — CloudFormation deletes dependents before dependencies
CUse DeletionPolicy: Delete on the resource
DCloudFormation determines deletion order automatically and cannot be controlled
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 71Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation and wants to prevent accidental deletion of a production stack. Which CloudFormation feature provides this protection?
AStack policy with Deny on all resources
BTermination protection on the CloudFormation stack
CDeletionPolicy: Retain on all resources
DIAM policy denying cloudformation:DeleteStack
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 72Deployment, Provisioning, and Automation
A SysOps administrator needs to deploy the same CloudFormation stack configuration to all new accounts in an AWS Organization automatically. Which feature enables this?
ACloudFormation StackSets with SERVICE_MANAGED permissions and automatic deployment to new accounts in the OU
BManual deployment to each new account
CAWS Control Tower account vending machine only
DCloudFormation nested stacks
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 73Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation and needs to pass a database password securely to a stack without it appearing in plaintext. Which approach is MOST secure?
APass the password as a CloudFormation parameter with NoEcho:true
BStore the password in AWS Secrets Manager or SSM Parameter Store SecureString and reference it with dynamic references ({{resolve:secretsmanager:...}})
CEncode the password in Base64 in the template
DUse a CloudFormation Mapping to store the password
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 74Reliability and Business Continuity
A SysOps administrator wants to prevent a CloudFormation stack from being deleted while data migration is in progress. Which CloudFormation feature protects against accidental deletion?
ADeletionPolicy: Retain on all resources
BCloudFormation stack termination protection
CIAM Deny policy for cloudformation:DeleteStack
DCloudFormation stack policy
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 75Deployment, Provisioning, and Automation
A SysOps administrator wants to deploy CloudFormation stacks in parallel across multiple regions. Which approach achieves this?
ACloudFormation nested stacks
BCloudFormation StackSets — deploy a StackSet to the account with multiple regions specified
CRun separate cloudformation deploy commands in parallel
DBoth B and C
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 76Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation and wants to import an existing RDS instance into a stack without deleting it. Which CloudFormation feature enables this?
ACloudFormation resource import
BCloudFormation drift detection
CCreate a new stack referencing the existing RDS ARN
DUse Fn::ImportValue to reference the existing resource
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 77Reliability and Business Continuity
A SysOps administrator uses CloudFormation and wants to update a stack without any downtime for an RDS instance. Which update behavior should they be aware of?
AAll RDS property changes require replacement, causing downtime
BSome RDS properties (instance class, storage) cause no interruption; others (engine version major upgrade) may cause multi-AZ failover
CRDS instances cannot be updated via CloudFormation
DCloudFormation always replaces RDS instances on any update
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 78Deployment, Provisioning, and Automation
A SysOps administrator needs to deploy a CloudFormation stack that requires IAM role creation. Which IAM capability must be specified in the deployment command?
ACAPABILITY_AUTO_EXPAND
BCAPABILITY_NAMED_IAM (or CAPABILITY_IAM for unnamed IAM resources)
CCAPABILITY_RESOURCE_POLICY
DNo special capability is needed for IAM resources
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 79Deployment, Provisioning, and Automation
A SysOps administrator uses AWS CloudFormation. They want to export a database endpoint from one stack and import it into another. What is the syntax for importing an exported value?
A!Ref ExportedValue
B!ImportValue StackName-ExportName
C!GetAtt StackName.ExportName
D{{resolve:cloudformation:StackName:ExportName}}
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 80Monitoring, Logging, and Remediation
A SysOps administrator wants to receive an alert when the number of active CloudFormation stacks fails to match the expected count. How is this implemented?
ACloudWatch metric filter on CloudTrail for CloudFormation events
BAWS Config rule evaluating CloudFormation stack count
CEventBridge rule for CloudFormation stack state changes → SNS
DLambda function polling stack count + CloudWatch PutMetricData → alarm
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 81Reliability and Business Continuity
A SysOps administrator wants to ensure that a CloudFormation stack update can be aborted mid-way if something goes wrong, without leaving resources in an inconsistent state. Which CloudFormation feature ensures this?
ACloudFormation rollback on failure — automatically reverts to the previous known good state
BCloudFormation change sets — preview changes before applying
CBoth A and B together
DCloudFormation StackPolicy
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 82Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation and needs to deploy a stack to multiple regions from a CI/CD pipeline. Which deployment pattern is correct?
AUse the same template for all regions but override parameters for region-specific values (AZ names, AMI IDs)
BCreate separate templates per region
CUse CloudFormation StackSets with SELF_MANAGED permissions from the pipeline IAM role
DBoth A and C
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 83Deployment, Provisioning, and Automation
A SysOps administrator uses CloudFormation and wants to ensure that existing EC2 instances are not accidentally terminated during a stack update. Which feature protects specific resources?
ACloudFormation stack termination protection
BCloudFormation StackPolicy — deny Update:Replace or Update:Delete on the EC2 resource
CEC2 instance termination protection
DDeletionPolicy: Retain on the EC2 resource
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz
Question 84Deployment, Provisioning, and Automation
A SysOps administrator uses AWS CloudFormation and needs to ensure that a resource like an S3 bucket created by a stack is NOT deleted when the stack is deleted. Which setting preserves the resource?
ADeletionPolicy: Snapshot
BDeletionPolicy: Retain
CStack termination protection
DRemovalPolicy: DESTROY
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start SOA-C03 Quiz

Key CloudFormation Concepts for SOA-C03

cloudformationstacktemplatechange setdrift detectionstacksetsrollbacknested stack

SOA-C03 CloudFormation Exam Tips

AWS CloudFormation questions in SOA-C03 are typically scenario-based. Focus on operations, observability, incident response, and automated remediation. Priority concepts: cloudformation, stack, template, change set, drift detection, stacksets.

What SOA-C03 Expects

Anchor your answer in prioritize operational visibility and repeatable runbook-ready automation.
CloudFormation scenarios for SOA-C03 are frequently mapped to Domain 3 (22%), so read the objective carefully before picking controls or architecture.
Expect multi-topic scenarios where CloudFormation interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and vendor best practices.

High-Value CloudFormation Concepts

Know the core CloudFormation building blocks cold: cloudformation, stack, template, change set.
Review the edge-case features and limits for drift detection, stacksets; these details are commonly used to differentiate answer choices.
Practice service-integration reasoning: how CloudFormation pairs with Deployment Automation, Elastic Beanstalk, Systems Manager in real deployment patterns.
For SOA-C03, explain why the chosen CloudFormation design meets reliability, security, and cost expectations better than the alternatives.

Common SOA-C03 Traps

Watch for answers that deploy quickly but are hard to monitor or recover.
Questions in Deployment, Provisioning, and Automation often include distractors that look correct for CloudFormation but violate least-privilege, durability, or availability requirements.
Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

Can you compare at least two CloudFormation implementation paths and justify which one best fits the scenario?
Can you map the chosen answer back to Deployment, Provisioning, and Automation (22%) outcomes for SOA-C03?
Can you explain security and access boundaries for CloudFormation without relying on default-open assumptions?
Can you describe how CloudFormation integrates with Deployment Automation and Elastic Beanstalk during failure, scaling, and monitoring events?

Exam Domains Covering CloudFormation

Domain 3Deployment, Provisioning, and Automation22%

Related Resources

🎯 Free SOA-C03 Mock Exam Deployment Automation Questions Elastic Beanstalk Questions Systems Manager Questions

More SOA-C03 Study Resources

← SOA-C03 Study Hub 30-Day Study Plan Full Practice Exam

🏗️ AWS CloudFormation - SOA-C03 Practice Questions