Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

SOA-C03 Exam Dumps - AWS Certified CloudOps Engineer - Associate

Searching for workable clues to ace the Amazon Web Services SOA-C03 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s SOA-C03 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 9

A company runs an application that logs user data to an Amazon CloudWatch Logs log group. The company discovers that personal information the application has logged is visible in plain text in the CloudWatch logs.

The company needs a solution to redact personal information in the logs by default. Unredacted information must be available only to the company's security team. Which solution will meet these requirements?

A.

Create an Amazon S3 bucket. Create an export task from appropriate log groups in CloudWatch. Export the logs to the S3 bucket. Configure an Amazon Macie scan to discover personal data in the S3 bucket. Invoke an AWS Lambda function to move identified personal data to a second S3 bucket. Update the S3 bucket policies to grant only the security team access to both buckets.

B.

Create a customer managed AWS KMS key. Configure the KMS key policy to allow only the security team to perform decrypt operations. Associate the KMS key with the application log group.

C.

Create an Amazon CloudWatch data protection policy for the application log group. Configure data identifiers for the types of personal information that the application logs. Ensure that the security team has permission to call the unmask API operation on the application log group.

D.

Create an OpenSearch domain. Create an AWS Glue workflow that runs a Detect PII transform job and streams the output to the OpenSearch domain. Configure the CloudWatch log group to stream the logs to AWS Glue. Modify the OpenSearch domain access policy to allow only the security team to access the domain.

Full Access
Question # 10

A CloudOps engineer has created an AWS Service Catalog portfolio and shared it with a second AWS account in the company, managed by a different CloudOps engineer.

Which action can the CloudOps engineer in the second account perform?

A.

Add a product from the imported portfolio to a local portfolio.

B.

Add new products to the imported portfolio.

C.

Change the launch role for the products contained in the imported portfolio.

D.

Customize the products in the imported portfolio.

Full Access
Question # 11

A financial services company stores customer images in an Amazon S3 bucket in the us-east-1 Region. To comply with regulations, the company must ensure that all existing objects are replicated to an S3 bucket in a second AWS Region. If an object replication fails, the company must be able to retry replication for the object.

What solution will meet these requirements?

A.

Configure Amazon S3 Cross-Region Replication (CRR). Use Amazon S3 live replication to replicate existing objects.

B.

Configure Amazon S3 Cross-Region Replication (CRR). Use S3 Batch Replication to replicate existing objects.

C.

Configure Amazon S3 Cross-Region Replication (CRR). Use S3 Replication Time Control (S3 RTC) to replicate existing objects.

D.

Use S3 Lifecycle rules to move objects to the destination bucket in a second Region.

Full Access
Question # 12

A company’s CloudOps engineer monitors multiple AWS accounts in an organization and checks each account’s AWS Health Dashboard. After adding 10 new accounts, the engineer wants to consolidate health alerts from all accounts.

Which solution meets this requirement with the least operational effort?

A.

Enable organizational view in AWS Health.

B.

Configure the Health Dashboard in each account to forward events to a central AWS CloudTrail log.

C.

Create an AWS Lambda function to query the AWS Health API and write all events to an Amazon DynamoDB table.

D.

Use the AWS Health API to write events to an Amazon DynamoDB table.

Full Access
Question # 13

A SysOps administrator needs to encrypt an existing Amazon Elastic File System (Amazon EFS) file system by using an existing AWS KMS customer managed key.

Which solution will meet these requirements?

A.

Use Amazon EFS replication to create a new file system. Copy the data and metadata from the existing file system to the new file system. Specify the KMS customer managed key in the replication configuration. When the replication process finishes, fail over to the new encrypted file system.

B.

Directly modify the file system to use encryption. Specify the KMS customer managed key.

C.

Use Amazon EFS replication to create a new file system. Copy the data and metadata from the existing file system to the new file system. Generate a new TLS certificate. Specify the TLS certificate in the replication configuration. When the replication process finishes, fail over to the new encrypted file system.

D.

Create a new EFS file system that is encrypted with the KMS customer managed key. Create an Amazon EC2 instance to copy the files. Mount the encrypted file system and unencrypted file system on the instance. Copy all data from the unencrypted file system to the encrypted file system. Unmount the unencrypted file system and remove the temporary instance.

Full Access
Question # 14

A company needs to log and audit any principal that publishes messages to Amazon Simple Notification Service (Amazon SNS) topics and Amazon Simple Queue Service (Amazon SQS) queues. The company wants to ensure that all communication with these services uses VPC endpoints.

Which combination of solutions will meet these requirements? (Select TWO.)

A.

Use Amazon CloudWatch Logs to collect message content from Amazon SNS and Amazon SQS. Deliver logs to an Amazon S3 bucket for querying.

B.

Set up AWS CloudTrail. Enable tracking of data events for Amazon SNS and Amazon SQS. Deliver logs to an Amazon S3 bucket for querying.

C.

Create Amazon EventBridge rules to gather Amazon SNS and Amazon SQS events. Store the events in an Amazon S3 bucket.

D.

Configure VPC endpoints for Amazon SNS and Amazon SQS. Inspect the vpcEndpointId field in the AWS CloudTrail logs.

E.

Configure VPC endpoints for Amazon SNS and Amazon SQS. Inspect the vpcEndpoint field in the Amazon CloudWatch logs.

Full Access
Question # 15

A company's developers manually install software modules on Amazon EC2 instances to deploy new versions of a service. A security audit finds that instances contain inconsistent and unapproved modules.

A CloudOps engineer must create a new instance image that contains only approved software.

Which solution will meet these requirements?

A.

Use Amazon Detective to continuously find and uninstall unauthorized modules from the instances.

B.

Use Amazon GuardDuty to create and deploy an Amazon Machine Image (AMI) that includes only the approved modules.

C.

Use AWS Systems Manager Run Command to install the approved modules on all running instances during an in-place update.

D.

Use EC2 Image Builder to create and test an Amazon Machine Image (AMI) that includes only the approved modules. Update the deployment workflow to use the new AMI.

Full Access
Question # 16

A company runs a website on Amazon EC2 instances. Users can upload images to an Amazon S3 bucket and publish the images to the website. The company wants to deploy a serverless image-processing application that uses an AWS Lambda function to resize the uploaded images.

The company's development team has created the Lambda function. A CloudOps engineer must implement a solution to invoke the Lambda function when users upload new images to the S3 bucket.

Which solution will meet this requirement?

A.

Configure an Amazon Simple Notification Service (Amazon SNS) topic to invoke the Lambda function when a user uploads a new image to the S3 bucket.

B.

Configure an Amazon CloudWatch alarm to invoke the Lambda function when a user uploads a new image to the S3 bucket.

C.

Configure S3 Event Notifications to invoke the Lambda function when a user uploads a new image to the S3 bucket.

D.

Configure an Amazon Simple Queue Service (Amazon SQS) queue to invoke the Lambda function when a user uploads a new image to the S3 bucket.

Full Access
Go to page: