Free Practice Questions for the
AWS Certified CloudOps Engineer
Test your knowledge with these free practice questions
Free Practice Questions
AWS CloudOps Engineer
Are you ready to sit your AWS CloudOps Engineer Associate exam? Test your knowledge with these free practice questions. To give you a taste of our popular AWS Certified CloudOps practice exams, we have compiled these free AWS quiz questions.
No sign-up required. Simply click on the AWS sample questions below to reveal the right answers along with explanations and reference links. If you’re looking for more free AWS practice questions, sign-up for our free AWS practice test for the AWS Certified CloudOps Engineer Associate.
Test your Knowledge
Click on the AWS CloudOps sample questions below to reveal the correct answers and explanations with reference links.
Question 1: Change control procedures at a company mandate that all production changes in the infrastructure must be carefully reviewed before deploying updates to their AWS CloudFormation stacks. Which action will allow an Administrator to understand the impact of these changes before implementation?
A. Implement a blue/green strategy using AWS Elastic Beanstalk.
B. Perform a canary deployment using Application Load Balancers and target groups.
C. Create a change set for the running stack.
D. Submit the update using the UpdateStack API call.
Item #2
Show Answer
The correct answer is C. “Create a change set for the running stack”.
Explanation:
Change sets allow you to preview how proposed changes to a stack might impact your running resources. For example, you can check whether your changes will delete or replace any critical resources.
AWS CloudFormation makes the changes to your stack only when you decide to execute the change set, allowing you to decide whether to proceed with your proposed changes or explore other changes by creating another change set. You can create and manage change sets using the AWS CloudFormation console, AWS CLI, or AWS CloudFormation API.
A. “Implement a blue/green strategy using AWS Elastic Beanstalk” is incorrect. In this case, Elastic Beanstalk is not being used, the Administrator needs to review changes directly to an AWS CloudFormation infrastructure stack. If you use Elastic Beanstalk you would make change in the EB console, not in the CloudFormation stack.
B. “Perform a canary deployment using Application Load Balancers and target groups” is incorrect. You cannot perform canary deployments of CloudFormation updates using ALBs and target groups. This is a strategy you might use with AWS CodeDeploy.
D. “Submit the update using the UpdateStack API call” is incorrect. This API action will immediately start the update. The correct API action would be “create-change-set”.
References:
Question 2: A company runs a fleet of Amazon EC2 instances in a private subnet. The instances must send data to peers over the internet. A recent bill shows that the NAT gateway charges have increased significantly. How can a CloudOps Engineer identify which instances are creating the most network traffic?
A. Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses.
B. Run an AWS Cost and Usage report and group the findings by instance ID.
C. Use an Elastic IP on each instance, monitor the metrics generated in Amazon CloudWatch, and filter by instance ID.
D. View the Amazon CloudTrail logs and look for the API actions to use the NAT gateway.
Item #2
Show Answer
The correct answer is A. “Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses”.
Explanation:
VPC flow logs can be enabled on either the NAT gateway elastic network interface or the VPC. Amazon CloudWatch Insights can then be used to filter the data based on the source IP addresses.
For example, to find which instances are sending the most traffic through your NAT gateway, run the following query:
Note: you don’t need to know the specifics of how to define a filter; the above is purely to illustrate how you might do this if you’re interested (also see article linked below).
B. “Run an AWS Cost and Usage report and group the findings by instance ID” is incorrect. You cannot find this information in the cost and usage report.
C. “Use an Elastic IP on each instance, monitor the metrics generated in Amazon CloudWatch, and filter by instance ID” is incorrect. There is no need to add an EIP to each instance and you will not find this information in CloudWatch (it has performance metrics, not flow logs).
D. “View the Amazon CloudTrail logs and look for the API actions to use the NAT gateway” is incorrect. CloudTrail monitors API actions and there are no API actions issued to send data through a NAT gateway.
References:
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-find-traffic-sources-nat-gateway/
Question 3: A company manage an application that is deployed on Amazon EC2 instances within a private subnet. The EC2 instances must be restricted from the internet for security and compliance reasons. The CloudOps team must be able to manage the instances from the corporate office using the SSH protocol. Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the security and compliance requirements? (Select TWO.)
A. Attach a NAT gateway to the VPC and configure routing.
B. Attach a virtual private gateway to the VPC and configure routing.
C. Attach an internet gateway to the VPC and configure routing.
D. Configure a VPN connection back to the corporate office.
E. Configure a Network Load Balancer in front of the EC2 instances.
Item #2
Show Answer
The correct answers are B. “Attach a virtual private gateway to the VPC and configure routing” and D. “Configure a VPN connection back to the corporate office”.
Explanation:
The best solution for this requirement is to configure an AWS site-to-site virtual private network (VPN). To do this you must add a virtual private gateway to the VPC, update the route table, and configure the customer gateway to connect the VPN to the corporate office.
The following diagram shows the key components of the configuration for this scenario.
A. “Attach a NAT gateway to the VPC and configure routing” is incorrect. NAT gateways are used to enable internet connectivity for instances in private subnets. In this case, internet connectivity should be restricted.
C. “Attach an internet gateway to the VPC and configure routing” is incorrect. An internet gateway is used for internet connectivity which should be restricted in this case. An internet gateway is not required for a VPN connection.
E. “Configure a Network Load Balancer in front of the EC2 instances” is incorrect. This does not enable secure access to the corporate network that avoids the internet.
References:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario4.html
Free AWS CloudOps Practice Test
Access more free AWS CloudOps practice questions with detailed answers, explanations and reference links
20 Questions
Test your knowledge with 20 AWS practice questions that reflect the difficulty of the real AWS exam
Pass Mark 72%
You need to get 15 out of the 20 practice questions right to pass this free AWS practice test. Good luck!
Exam Coverage
The exam includes a mix of questions on core AWS services covering multiple knowledge areas
This free AWS practice exam for the AWS CloudOps Engineer Associate consists of 20 questions with a mix of questions on core AWS services, including Amazon EC2, AWS Systems Manager, and Amazon S3. Please note that unlike our exam simulator, this free AWS practice test is not timed – so you can take as much time as required to answer each question.
At the end of the AWS practice exam, you get to review your answers and find detailed explanations why each answer is correct or incorrect along with reference links for each question. This will help you identify your strength and weaknesses.
How to best prepare for your AWS CloudOps Exam
Practice makes perfect! To maximize your chances of success, enroll in our training courses for the AWS CloudOps Engineer that include a video course, practice exams / exam simulator and training notes (PDF).
The AWS CloudOps Engineer practice exam course consists of 4 full-length practice tests with 65 questions each.
Our practice exams are delivered in 4 different modes:
Exam mode (timed) Full-length practice exams are timed and scored – mirroring the difficulty of the real exam questions.
Training mode (not timed): When taking the practice exam in training mode, the answers and explanations for every question are revealed instantly when clicking “check”.
Knowledge reviews (deep dive): You are presented with a series of questions that focus on one specific topic.
Final exam simulator: Assess your exam readiness with the final exam simulator that mimics the real AWS exam environment. 65 Practice questions are randomly selected from our pool of exam-difficulty questions.
Sign up for our monthly or yearly plans to access our popular AWS CloudOps Engineer training – simply the best way to ensure you pass your exam the first time with a great score.
AWS Certified CloudOps Engineer Associate Exam
Everything you need to know about the official AWS Certified CloudOps Engineer Associate Exam (SOA-C03)
| Exam Name | AWS Certified CloudOps Engineer Associate |
|---|---|
| Exam Code | SOA-C03 |
| Exam Level | Associate |
| Exam Duration | 180 Minutes |
| Passing Score | 72% |
| Eligibility/Pre-requisite | None |
| Validity | 3 Years |
| Exam Format | Multiple Choice or Multiple Response |
| Number of Questions | 55 Questions |
| Exam Fee | $150 |
| Exam Languages | English, Japanese, Korean, Simplified Chinese |
| Exam Delivery Format | Pearson VUE testing center or online proctored exam |
| Official Exam Guide | Download the Official Exam Guide |