AWS CloudOps Engineer Associate Practice Test

Answer choices

1. A. Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources.
2. B. Patch management is unrelated to cloud operations.
3. C. Operational security requires giving every user administrator access.
4. D. Audit logs should be deleted before investigations.

Wrong-answer review

• B. Patch management is unrelated to cloud operations.: This distractor describes the idea that Patch management is unrelated to cloud operations. In "Which answer is the best source-backed summary of Security Operations for this AWS Certified CloudOps Engineer - Associate topic?", that misses the required action because the correct response is "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources.". On the job, mixing up that distractor with "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources." can lead to the wrong security operations action or troubleshooting path.
• C. Operational security requires giving every user administrator access.: This distractor describes the idea that Operational security requires giving every user administrator access. In "Which answer is the best source-backed summary of Security Operations for this AWS Certified CloudOps Engineer - Associate topic?", that misses the required action because the correct response is "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources.". On the job, mixing up that distractor with "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources." can lead to the wrong security operations action or troubleshooting path.

Answer choices

1. A. VPC route tables store application passwords.
2. B. Network ACLs replace all DNS records.
3. C. Security groups are only visual labels and never affect traffic.
4. D. VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting.

Wrong-answer review

• A. VPC route tables store application passwords.: This distractor describes the idea that VPC route tables store application passwords. In "A learner is reviewing SOA-C03-networking. What should they remember?", that misses the required action because the correct response is "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting.". On the job, mixing up that distractor with "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting." can lead to the wrong networking operations action or troubleshooting path.
• B. Network ACLs replace all DNS records.: This distractor describes the idea that Network ACLs replace all DNS records. In "A learner is reviewing SOA-C03-networking. What should they remember?", that misses the required action because the correct response is "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting.". On the job, mixing up that distractor with "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting." can lead to the wrong networking operations action or troubleshooting path.
• C. Security groups are only visual labels and never affect traffic.: This distractor describes the idea that Security groups are only visual labels and never affect traffic. In "A learner is reviewing SOA-C03-networking. What should they remember?", that misses the required action because the correct response is "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting.". On the job, mixing up that distractor with "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting." can lead to the wrong networking operations action or troubleshooting path.

Answer choices

1. A. Configure a cross-region backup plan in AWS Backup. Specify the target backup vault in the destination region within the backup plan's copy configuration.
2. B. Create a cron-based AWS Lambda function in the primary region that triggers a snapshot, copies the snapshot to the DR region using `CopyDBSnapshot`, and deletes older snapshots.
3. C. Deploy an AWS Systems Manager Automation runbook that runs monthly to execute Aurora Global Database failovers.
4. D. Configure Amazon S3 Cross-Region Replication (CRR) on the underlying database blocks stored in the cluster storage volume.

Wrong-answer review

• B. Create a cron-based AWS Lambda function in the primary region that triggers a snapshot, copies the snapshot to the DR region using `CopyDBSnapshot`, and deletes older snapshots.: This distractor describes the idea that Create a cron-based AWS Lambda function in the primary region that triggers a snapshot, copies the snapshot to the DR region using `CopyDBSnapshot`, and deletes older snapshots. In "Your organization's disaster recovery (DR) policy requires that all backups of critical Amazon Aurora databases and Amazon EBS volumes be copied to a separate AWS Region. In the event of a primary region disaster, you must be able to restore resources quickly. How can you automate this replication with the lowest administrative overhead?", that misses the required action because the correct response is "Configure a cross-region backup plan in AWS Backup. Specify the target backup vault in the destination region within the backup plan's copy configuration.". On the job, mixing up that distractor with "Configure a cross-region backup plan in AWS Backup. Specify the target backup vault in the destination region within the backup plan's copy configuration." can lead to the wrong reliability action or troubleshooting path.
• C. Deploy an AWS Systems Manager Automation runbook that runs monthly to execute Aurora Global Database failovers.: This distractor describes the idea that Deploy an AWS Systems Manager Automation runbook that runs monthly to execute Aurora Global Database failovers. In "Your organization's disaster recovery (DR) policy requires that all backups of critical Amazon Aurora databases and Amazon EBS volumes be copied to a separate AWS Region. In the event of a primary region disaster, you must be able to restore resources quickly. How can you automate this replication with the lowest administrative overhead?", that misses the required action because the correct response is "Configure a cross-region backup plan in AWS Backup. Specify the target backup vault in the destination region within the backup plan's copy configuration.". On the job, mixing up that distractor with "Configure a cross-region backup plan in AWS Backup. Specify the target backup vault in the destination region within the backup plan's copy configuration." can lead to the wrong reliability action or troubleshooting path.
• D. Configure Amazon S3 Cross-Region Replication (CRR) on the underlying database blocks stored in the cluster storage volume.: This distractor describes the idea that Configure Amazon S3 Cross-Region Replication (CRR) on the underlying database blocks stored in the cluster storage volume. In "Your organization's disaster recovery (DR) policy requires that all backups of critical Amazon Aurora databases and Amazon EBS volumes be copied to a separate AWS Region. In the event of a primary region disaster, you must be able to restore resources quickly. How can you automate this replication with the lowest administrative overhead?", that misses the required action because the correct response is "Configure a cross-region backup plan in AWS Backup. Specify the target backup vault in the destination region within the backup plan's copy configuration.". On the job, mixing up that distractor with "Configure a cross-region backup plan in AWS Backup. Specify the target backup vault in the destination region within the backup plan's copy configuration." can lead to the wrong reliability action or troubleshooting path.

Answer choices

1. A. Amazon CloudWatch is used only to purchase Reserved Instances.
2. B. Amazon CloudWatch is a source control repository for application code.
3. C. Amazon CloudWatch collects metrics and logs so operators can observe AWS resources and applications.
4. D. Amazon CloudWatch replaces IAM permissions for every service.

Wrong-answer review

• A. Amazon CloudWatch is used only to purchase Reserved Instances.: This distractor describes the idea that Amazon CloudWatch is used only to purchase Reserved Instances. In "Which statement best matches Monitoring and Logging for AWS CloudOps Engineer Associate practice?", that misses the required action because the correct response is "Amazon CloudWatch collects metrics and logs so operators can observe AWS resources and applications.". On the job, mixing up that distractor with "Amazon CloudWatch collects metrics and logs so operators can observe AWS resources and applications." can lead to the wrong monitoring and logging action or troubleshooting path.
• B. Amazon CloudWatch is a source control repository for application code.: This distractor describes the idea that Amazon CloudWatch is a source control repository for application code. In "Which statement best matches Monitoring and Logging for AWS CloudOps Engineer Associate practice?", that misses the required action because the correct response is "Amazon CloudWatch collects metrics and logs so operators can observe AWS resources and applications.". On the job, mixing up that distractor with "Amazon CloudWatch collects metrics and logs so operators can observe AWS resources and applications." can lead to the wrong monitoring and logging action or troubleshooting path.

Answer choices

1. A. AWS Systems Manager Automation can run repeatable operational tasks and remediation workflows.
2. B. AWS Systems Manager Automation disables runbooks after one execution.
3. C. AWS Systems Manager Automation requires manually logging into every server first.
4. D. AWS Systems Manager Automation is only a billing dashboard.

Wrong-answer review

• B. AWS Systems Manager Automation disables runbooks after one execution.: This distractor describes the idea that AWS Systems Manager Automation disables runbooks after one execution. In "A learner is reviewing SOA-C03-automation. What should they remember?", that misses the required action because the correct response is "AWS Systems Manager Automation can run repeatable operational tasks and remediation workflows.". On the job, mixing up that distractor with "AWS Systems Manager Automation can run repeatable operational tasks and remediation workflows." can lead to the wrong automation and remediation action or troubleshooting path.
• C. AWS Systems Manager Automation requires manually logging into every server first.: This distractor describes the idea that AWS Systems Manager Automation requires manually logging into every server first. In "A learner is reviewing SOA-C03-automation. What should they remember?", that misses the required action because the correct response is "AWS Systems Manager Automation can run repeatable operational tasks and remediation workflows.". On the job, mixing up that distractor with "AWS Systems Manager Automation can run repeatable operational tasks and remediation workflows." can lead to the wrong automation and remediation action or troubleshooting path.

Answer choices

1. A. Cost controls require disabling every monitoring alarm.
2. B. Right-sizing means choosing the largest instance for every workload.
3. C. Budgets are unrelated to operations planning.
4. D. Operational teams use usage visibility, scaling, budgets, and right-sizing to control cost while meeting demand.

Wrong-answer review

• A. Cost controls require disabling every monitoring alarm.: This distractor describes the idea that Cost controls require disabling every monitoring alarm. In "When practicing AWS CloudOps Engineer Associate, which option belongs under Cost and Capacity?", that misses the required action because the correct response is "Operational teams use usage visibility, scaling, budgets, and right-sizing to control cost while meeting demand.". On the job, mixing up that distractor with "Operational teams use usage visibility, scaling, budgets, and right-sizing to control cost while meeting demand." can lead to the wrong cost and capacity action or troubleshooting path.

Answer choices

1. A. Audit logs should be deleted before investigations.
2. B. Operational security requires giving every user administrator access.
3. C. Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources.
4. D. Patch management is unrelated to cloud operations.

Wrong-answer review

• A. Audit logs should be deleted before investigations.: This distractor describes the idea that Audit logs should be deleted before investigations. In "Which statement best matches Security Operations for AWS CloudOps Engineer Associate practice?", that misses the required action because the correct response is "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources.". On the job, mixing up that distractor with "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources." can lead to the wrong security operations action or troubleshooting path.
• B. Operational security requires giving every user administrator access.: This distractor describes the idea that Operational security requires giving every user administrator access. In "Which statement best matches Security Operations for AWS CloudOps Engineer Associate practice?", that misses the required action because the correct response is "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources.". On the job, mixing up that distractor with "Operational security depends on least privilege, audit logging, patching, and controlled access to AWS resources." can lead to the wrong security operations action or troubleshooting path.

Answer choices

1. A. VPC route tables store application passwords.
2. B. VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting.
3. C. Security groups are only visual labels and never affect traffic.
4. D. Network ACLs replace all DNS records.

Wrong-answer review

• A. VPC route tables store application passwords.: This distractor describes the idea that VPC route tables store application passwords. In "When practicing AWS CloudOps Engineer Associate, which option belongs under Networking Operations?", that misses the required action because the correct response is "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting.". On the job, mixing up that distractor with "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting." can lead to the wrong networking operations action or troubleshooting path.
• C. Security groups are only visual labels and never affect traffic.: This distractor describes the idea that Security groups are only visual labels and never affect traffic. In "When practicing AWS CloudOps Engineer Associate, which option belongs under Networking Operations?", that misses the required action because the correct response is "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting.". On the job, mixing up that distractor with "VPC route tables, security groups, network ACLs, and endpoints affect connectivity and troubleshooting." can lead to the wrong networking operations action or troubleshooting path.

Answer choices

1. A. High availability means removing alarms after deployment.
2. B. Highly available AWS operations depend on one unmonitored instance forever.
3. C. Multi-AZ design is only a tag naming convention.
4. D. Highly available AWS operations use health checks, alarms, scaling, and multi-AZ design where the workload requires it.

Wrong-answer review

• A. High availability means removing alarms after deployment.: This distractor describes the idea that High availability means removing alarms after deployment. In "Which statement best matches Reliability for AWS CloudOps Engineer Associate practice?", that misses the required action because the correct response is "Highly available AWS operations use health checks, alarms, scaling, and multi-AZ design where the workload requires it.". On the job, mixing up that distractor with "Highly available AWS operations use health checks, alarms, scaling, and multi-AZ design where the workload requires it." can lead to the wrong reliability action or troubleshooting path.
• B. Highly available AWS operations depend on one unmonitored instance forever.: This distractor describes the idea that Highly available AWS operations depend on one unmonitored instance forever. In "Which statement best matches Reliability for AWS CloudOps Engineer Associate practice?", that misses the required action because the correct response is "Highly available AWS operations use health checks, alarms, scaling, and multi-AZ design where the workload requires it.". On the job, mixing up that distractor with "Highly available AWS operations use health checks, alarms, scaling, and multi-AZ design where the workload requires it." can lead to the wrong reliability action or troubleshooting path.
• C. Multi-AZ design is only a tag naming convention.: This distractor describes the idea that Multi-AZ design is only a tag naming convention. In "Which statement best matches Reliability for AWS CloudOps Engineer Associate practice?", that misses the required action because the correct response is "Highly available AWS operations use health checks, alarms, scaling, and multi-AZ design where the workload requires it.". On the job, mixing up that distractor with "Highly available AWS operations use health checks, alarms, scaling, and multi-AZ design where the workload requires it." can lead to the wrong reliability action or troubleshooting path.

Answer choices

1. A. CloudWatch Synthetics canaries using a Node.js or Python script that runs at regular intervals.
2. B. CloudWatch Application Insights with automatic resource discovery and telemetry collection.
3. C. CloudWatch RUM (Real User Monitoring) configured by inserting a JavaScript snippet into the API gateway.
4. D. CloudWatch ServiceLens integrated with AWS X-Ray active tracing on the API Gateway.

Wrong-answer review

• B. CloudWatch Application Insights with automatic resource discovery and telemetry collection.: This distractor describes the idea that CloudWatch Application Insights with automatic resource discovery and telemetry collection. In "Your organization wants to verify that the customer-facing REST API is responding within 500 milliseconds and returning an HTTP 200 status code from globally distributed locations. What is the most appropriate CloudWatch feature to implement?", that misses the required action because the correct response is "CloudWatch Synthetics canaries using a Node.js or Python script that runs at regular intervals.". On the job, mixing up that distractor with "CloudWatch Synthetics canaries using a Node.js or Python script that runs at regular intervals." can lead to the wrong monitoring and logging action or troubleshooting path.
• C. CloudWatch RUM (Real User Monitoring) configured by inserting a JavaScript snippet into the API gateway.: This distractor describes the idea that CloudWatch RUM (Real User Monitoring) configured by inserting a JavaScript snippet into the API gateway. In "Your organization wants to verify that the customer-facing REST API is responding within 500 milliseconds and returning an HTTP 200 status code from globally distributed locations. What is the most appropriate CloudWatch feature to implement?", that misses the required action because the correct response is "CloudWatch Synthetics canaries using a Node.js or Python script that runs at regular intervals.". On the job, mixing up that distractor with "CloudWatch Synthetics canaries using a Node.js or Python script that runs at regular intervals." can lead to the wrong monitoring and logging action or troubleshooting path.
• D. CloudWatch ServiceLens integrated with AWS X-Ray active tracing on the API Gateway.: This distractor describes the idea that CloudWatch ServiceLens integrated with AWS X-Ray active tracing on the API Gateway. In "Your organization wants to verify that the customer-facing REST API is responding within 500 milliseconds and returning an HTTP 200 status code from globally distributed locations. What is the most appropriate CloudWatch feature to implement?", that misses the required action because the correct response is "CloudWatch Synthetics canaries using a Node.js or Python script that runs at regular intervals.". On the job, mixing up that distractor with "CloudWatch Synthetics canaries using a Node.js or Python script that runs at regular intervals." can lead to the wrong monitoring and logging action or troubleshooting path.