AWS SOA-C03Free AWS Certified CloudOps Engineer — Associate practice test

Correct answer: B. RDS Multi-AZ uses synchronous replication, so a persistent replication lag indicates a potential problem with the standby instance that should be investigated.

RDS Multi-AZ uses synchronous replication: a write is not acknowledged to the application until it is committed on both the primary and the standby. Because of this, a measurable replication lag metric indicating 45 seconds of lag is anomalous and warrants investigation — it could indicate storage, network, or instance performance problems on the standby. Option A is incorrect because Multi-AZ uses synchronous, not asynchronous, replication. Option C is wrong for the same reason and invents an SLA threshold that does not exist. Option D correctly identifies synchronous replication and that lag signals a real issue, but it conflates the mechanism with the conclusion in a way that makes option B the cleaner, more accurate answer — B directly identifies the anomaly and appropriate response.

Correct answer: A. Add a lifecycle hook on the EC2_INSTANCE_LAUNCHING transition with a heartbeat timeout of 300 seconds, and have the instance signal completion using the CompleteLifecycleAction API call after the application finishes initializing.

An Auto Scaling lifecycle hook on EC2_INSTANCE_LAUNCHING pauses the instance in the Pending:Wait state, preventing it from being placed InService (and added to the load balancer target group) until the application sends CompleteLifecycleAction. This precisely prevents premature traffic routing with no manual intervention. Option B (health check grace period) delays health-check failure evaluation but does not prevent the ALB from routing traffic to a newly registered target that passes its first health check immediately. Option C alone would help, but newly registered targets begin in an 'initial' state and require the healthy threshold count of passing checks before receiving traffic; however, this approach is less explicit and more fragile than a lifecycle hook. Option D introduces significant architectural complexity and does not prevent the race condition for non-queue-based traffic.

Correct answer: B. 20 seconds — two consecutive failed health checks are required, and each check runs every 10 seconds.

The ALB unhealthy threshold specifies the number of consecutive failed health checks required before an instance is marked unhealthy. With an unhealthy threshold of 2 and an interval of 10 seconds, two consecutive failures are needed, meaning the instance is removed from rotation approximately 20 seconds after the first consecutive failure. Option A is incorrect — a single failure does not suffice. Option C confuses the unhealthy threshold (2) with the healthy threshold (3); three failures would be required only if the unhealthy threshold were set to 3. Option D invents a 60-second wait period that does not exist in ALB health check logic.

Correct answer: D. Warm standby: run a scaled-down but fully functional replica in us-west-2 with continuous RDS replication and pre-warmed Auto Scaling groups at minimum capacity.

Warm standby maintains a continuously running, reduced-capacity copy of the environment. RDS cross-region read replicas keep RPO near zero (typically seconds to minutes), and because compute infrastructure already exists at minimum capacity, scaling up during failover can reliably meet a 30-minute RTO. Option A (pilot light) stores only the database and requires provisioning and launching compute from scratch, which introduces significant startup time that makes a 30-minute RTO difficult to guarantee. Option B (backup and restore) has RPO tied to snapshot frequency (daily) and RTO of hours — far outside the stated requirements. Option C (active-active) exceeds requirements and cost constraints since the company explicitly cannot run a fully active secondary environment.

Correct answer: B. The TTL on the Route 53 DNS records is set to 300 seconds, and clients are caching the primary record until TTL expiration.

Route 53 will update its DNS response to the secondary record once the health check fails, but DNS responses are cached by resolvers and clients according to the record's TTL. With a TTL of 300 seconds, clients that recently resolved the primary record may continue using it for up to 5 minutes, explaining why some users still hit the ALB during an outage. The fix is to set a low TTL (e.g., 30–60 seconds) on failover records before an incident. Option A is incorrect — Route 53 health checks support DNS name targets for ALBs. Option C is irrelevant to why existing clients are not honoring the failover; even if the S3 endpoint were misconfigured, that would affect new resolutions, not the cached primary record. Option D is false — Route 53 failover routing works with any record value, including ALB DNS aliases.

Correct answer: B. Use S3 Batch Operations with the Replicate operation to replicate existing objects to the destination bucket.

S3 Cross-Region Replication only replicates objects written after the replication rule is enabled. To replicate pre-existing objects, you use S3 Batch Operations with the 'Replicate' job, which submits each existing object through the replication pipeline without requiring re-upload. Note that S3 Replication Time Control (RTC) does not backfill existing objects — it only provides an SLA for replication of new objects after CRR is enabled. Option A (toggling versioning) does not trigger object replication and could be destructive to version history. Option C (re-uploading) would technically cause replication of the new object versions but is operationally impractical at scale and overwrites existing object versions and metadata. Option D is incorrect — AWS Support does not perform manual backfills; S3 Batch Operations is the self-service tool designed for this purpose.

Correct answer: B. Enable AWS Backup Vault Lock in Compliance mode with a minimum retention period of 2,555 days (7 years) on the target backup vault.

AWS Backup Vault Lock in Compliance mode enforces immutability: once activated (after a configurable grace period of up to 72 hours), it cannot be removed or modified by any user, including the AWS root account. Setting a minimum retention period ensures no recovery point can be deleted before the specified duration. Option C (Governance mode) allows privileged IAM users with specific permissions to override the lock, which does not satisfy the 'no one including root can shorten' requirement. Option A (lifecycle rules) controls automatic transitions and deletion scheduling, but does not prevent an administrator from manually deleting recovery points. Option D is a misconception — AWS Backup recovery points are not stored in a customer-accessible S3 bucket; S3 Object Lock cannot be applied to them.

Correct answer: B. Set the deregistration delay on the NLB target group to at least 300 seconds so that in-flight connections complete before the target is removed.

NLB target groups support a deregistration delay (connection draining), which keeps the target in a draining state for the specified period after deregistration. During this time, the NLB stops sending new connections but allows existing TCP connections to complete. Setting this to 300 seconds gives long-running connections time to finish. Option A is incorrect in terminology — the deregistration delay (connection draining) is configured at the target group level, not on the Auto Scaling group itself; there is no 'connection draining' setting on ASGs directly. Option C (lifecycle hook on EC2_INSTANCE_TERMINATING) pauses the instance before termination but does not integrate with the NLB's connection draining mechanism — the NLB may immediately reset connections to the deregistering target without the delay. Option D is incorrect — NLB target groups natively support deregistration delay; switching load balancer types is unnecessary.

Correct answer: B. Create a CloudWatch alarm that monitors ALB 5xx error rates, and configure the Route 53 health check to use CloudWatch alarm state as its health source.

Route 53 supports health checks that are driven by CloudWatch alarm state. By creating a CloudWatch alarm on the ALB's HTTPCode_Target_5XX_Count or HTTPCode_ELB_5XX_Count metric, the health check will reflect actual application error rates rather than just the availability of the lightweight health endpoint. When the alarm enters ALARM state, Route 53 marks the record unhealthy and begins routing to ap-northeast-1. Option A (TCP check) only verifies that the port is accepting connections, which would still pass during a partial application degradation where the process is running but returning errors. Option C (calculated health check + Synthetics) is a valid but more complex and costly approach; option B is more direct using native CloudWatch metrics already available from the ALB. Option D reduces detection latency but does not solve the fundamental problem that the health check endpoint returns 200 while the application fails.

Correct answer: B. Backup and restore: RDS automated backups (with point-in-time recovery) copied cross-region, with infrastructure provisioned from CloudFormation on failover.

With an RTO of 24 hours and RPO of 4 hours, a backup-and-restore strategy is most appropriate and lowest cost. RDS automated backups with point-in-time recovery capture transaction logs every 5 minutes, satisfying the 4-hour RPO with substantial margin. Automated backups can be shared cross-region, and provisioning infrastructure from CloudFormation on failover comfortably fits within a 24-hour RTO. No secondary infrastructure runs continuously, minimizing cost. Option A (warm standby) provides much tighter RTO/RPO than required and incurs ongoing secondary compute costs. Option C (pilot light) runs a continuous read replica, which is unnecessary given the 4-hour RPO; it costs more than pure backup/restore. Option D (active-active) far exceeds the stated requirements and is the most expensive option.