🔌 AWS Direct Connect - SOA-C03 Practice Questions

Prepare for hybrid connectivity, hosted and dedicated connections, virtual interfaces, LAGs, failover with VPN, and operational troubleshooting.

10Questions Available
1Exam Domains

Practice Direct Connect Questions Now

Start a timed practice session focusing on AWS Direct Connect topics from the SOA-C03 question bank.

Start SOA-C03 Practice Quiz →

SOA-C03 Direct Connect Question Bank (10 Questions)

Browse all 10 practice questions covering AWS Direct Connect for the SOA-C03 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Networking & Content Delivery

    A company needs to access both AWS public services (like S3 and DynamoDB via public endpoints) AND private VPC resources through their existing AWS Direct Connect connection. They currently have a private virtual interface (VIF) for VPC access. What additional Direct Connect virtual interface must be created to access AWS public services?

    ACreate an additional private virtual interface for public AWS services.
    BCreate a public virtual interface, which provides access to all AWS public service endpoints.
    CCreate a transit virtual interface to route public service traffic through a Transit Gateway.
    DNo additional interface is needed — the private VIF can route to public AWS services by adding VPC endpoints.

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  2. Question 2Networking & Content Delivery

    A company has a hybrid DNS architecture. AWS workloads need to resolve on-premises DNS names (e.g., `db.corp.internal`), and on-premises servers need to resolve AWS Route 53 Private Hosted Zone names (e.g., `app.aws.internal`). The environments are connected via Direct Connect. Which Route 53 Resolver configuration is required?

    AAn outbound endpoint only — for forwarding AWS DNS queries to on-premises DNS servers.
    BAn inbound endpoint only — for on-premises DNS servers to forward queries to AWS.
    CBoth an outbound endpoint (for AWS-to-on-premises resolution) AND an inbound endpoint (for on-premises-to-AWS resolution).
    DAssociate the Route 53 Private Hosted Zone with the on-premises network, which eliminates the need for resolver endpoints.

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  3. Question 3Networking & Content Delivery

    A company has an on-premises data center connected to AWS via an AWS Site-to-Site VPN. The team experiences latency inconsistency and wants to improve network performance over the VPN connection without migrating to Direct Connect. Which feature can improve VPN performance?

    AEnable VPN CloudHub to create a hub-and-spoke topology.
    BEnable accelerated Site-to-Site VPN, which routes traffic through the AWS Global Accelerator network instead of the public internet.
    CIncrease the number of VPN tunnels from 2 to 4 by creating a second VPN connection.
    DEnable Equal-Cost Multi-Path (ECMP) routing on the existing VPN tunnels.

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  4. Question 4Networking and Content Delivery

    A SysOps administrator uses AWS Direct Connect with a public VIF. What types of resources can be accessed via a public VIF?

    APrivate EC2 instances and RDS databases in a VPC
    BAWS public services (S3, DynamoDB, CloudFront) using public IP space
    CBoth private and public resources
    DOn-premises resources from AWS

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  5. Question 5Networking and Content Delivery

    A SysOps administrator uses AWS Direct Connect with a LAG (Link Aggregation Group). What is the benefit of a LAG?

    ALAG provides geographic redundancy across Direct Connect locations
    BLAG aggregates multiple Direct Connect connections into a single logical connection for increased bandwidth and redundancy
    CLAG reduces Direct Connect pricing
    DLAG enables BGP over Direct Connect

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  6. Question 6Networking and Content Delivery

    A SysOps administrator uses AWS Direct Connect with a backup Site-to-Site VPN. Both are connected via a Virtual Private Gateway. How is failover achieved?

    AAWS automatically fails over from Direct Connect to VPN when DX fails
    BConfigure BGP with higher preference (lower MED or AS path prepend) for Direct Connect; if DX fails, BGP routes traffic through the VPN automatically
    CManual route table update when Direct Connect fails
    DUse separate VGWs for each connection

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  7. Question 7Networking & Content Delivery

    A company connects to AWS using a Site-to-Site VPN. Their on-premises router supports BGP. The company wants the VPN to dynamically learn AWS VPC routes without manually configuring static routes on the customer gateway. Which VPN configuration enables dynamic routing?

    AConfigure the VPN connection with static routing and manually add each VPC CIDR to the customer gateway device.
    BConfigure the VPN connection with dynamic routing (BGP) and specify the customer gateway's BGP ASN, allowing route advertisements between the Virtual Private Gateway and the customer gateway.
    CEnable route propagation on the VPC route table, which automatically configures BGP on the customer gateway.
    DUse AWS Transit Gateway with a VPN attachment, which eliminates the need for BGP.

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  8. Question 8Networking & Content Delivery

    A company needs to establish a Site-to-Site VPN connection from their on-premises data center to AWS. The on-premises router supports BGP. The company wants dynamic route propagation so that new VPC CIDR blocks are automatically advertised to the on-premises network. Which configuration should the SysOps administrator use?

    ACreate a Site-to-Site VPN connection with static routing and manually configure routes
    BCreate a Site-to-Site VPN connection with dynamic routing using BGP and enable route propagation on the VPC route table
    CUse AWS Direct Connect with a private VIF for dynamic routing
    DCreate a Site-to-Site VPN with BGP but disable route propagation and use static routes on the VPC route table

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  9. Question 9Networking & Content Delivery

    A company connects to AWS using a Site-to-Site VPN with BGP. The on-premises router advertises a default route (0.0.0.0/0) and several specific prefixes. The VPC route table shows more routes than expected. The administrator wants to limit the routes accepted from BGP. What can the administrator configure on the AWS side?

    AConfigure a BGP route filter on the virtual private gateway to reject the default route
    BAWS does not provide BGP route filtering; configure the route filters on the on-premises router
    CUse a route table policy to deny specific propagated routes
    DDisable route propagation on the VPC route table and manually add the desired routes

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  10. Question 10Networking and Content Delivery

    A SysOps administrator runs a VPN connection. BGP is configured for dynamic routing. What is the advantage of BGP over static routing for VPN?

    ABGP is faster than static routing
    BBGP dynamically propagates route changes, enabling automatic failover when network topology changes
    CBGP requires less configuration than static routing
    DStatic routing is always preferred for VPN

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz

Key Direct Connect Concepts for SOA-C03

direct connectdxvirtual interfaceviflaghybridvpnbgp

SOA-C03 Direct Connect Exam Tips

AWS Direct Connect questions in SOA-C03 are typically scenario-based. Focus on operations, observability, incident response, and automated remediation. Priority concepts: direct connect, dx, virtual interface, vif, lag, hybrid.

What SOA-C03 Expects

  • Anchor your answer in prioritize operational visibility and repeatable runbook-ready automation.
  • Direct Connect scenarios for SOA-C03 are frequently mapped to Domain 5 (18%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where Direct Connect interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and vendor best practices.

High-Value Direct Connect Concepts

  • Know the core Direct Connect building blocks cold: direct connect, dx, virtual interface, vif.
  • Review the edge-case features and limits for lag, hybrid; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Direct Connect pairs with VPC, Route 53, Networking in real deployment patterns.
  • For SOA-C03, explain why the chosen Direct Connect design meets reliability, security, and cost expectations better than the alternatives.

Common SOA-C03 Traps

  • Watch for answers that deploy quickly but are hard to monitor or recover.
  • Questions in Networking and Content Delivery often include distractors that look correct for Direct Connect but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Direct Connect implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Networking and Content Delivery (18%) outcomes for SOA-C03?
  • Can you explain security and access boundaries for Direct Connect without relying on default-open assumptions?
  • Can you describe how Direct Connect integrates with VPC and Route 53 during failure, scaling, and monitoring events?

Exam Domains Covering Direct Connect

Domain 5Networking and Content Delivery18%

Related Resources

🎯 Free SOA-C03 Mock Exam VPC Questions Route 53 Questions Networking Questions

More SOA-C03 Study Resources

← SOA-C03 Study Hub30-Day Study PlanFull Practice Exam