Courseiva
SOA-C02
Full test
mediummultiple choiceObjective-mapped

A company uses AWS CodeDeploy to deploy an application to Amazon EC2 instances. The SysOps administrator wants to implement a deployment strategy that minimizes risk by deploying the new version to a small number of instances first, verifying that the deployment is successful, and then deploying to the remaining instances. If the initial deployment fails, the process should stop and roll back. Which CodeDeploy deployment configuration should be used?

Question 1mediummultiple choice
Full question →

A company uses AWS CodeDeploy to deploy an application to Amazon EC2 instances. The SysOps administrator wants to implement a deployment strategy that minimizes risk by deploying the new version to a small number of instances first, verifying that the deployment is successful, and then deploying to the remaining instances. If the initial deployment fails, the process should stop and roll back. Which CodeDeploy deployment configuration should be used?

Full question →

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

A

Distractor review

CodeDeployDefault.AllAtOnce

AllAtOnce deploys the new revision to all instances simultaneously. If the deployment fails, there is no gradual verification, and the impact could be widespread.

B

Distractor review

CodeDeployDefault.HalfAtATime

HalfAtATime deploys to half of the instances first, then to the remaining half. While it verifies the first half before proceeding, the first batch could be large depending on group size, which may be riskier than a very small batch.

C

Best answer

CodeDeployDefault.OneAtATime

OneAtATime deploys to a single instance at a time, verifies that it is healthy, and then proceeds to the next. This is the most cautious approach and matches the requirement of deploying to a small number (one) first, then continuing to the rest.

D

Distractor review

CodeDeployDefault.Canary10Percent10Minutes

This is a traffic shifting configuration for AWS Lambda or Amazon ECS deployments, not for Amazon EC2 in-place deployments. It cannot be used for EC2 instances directly.

Common exam trap

Common exam trap: NAT rules depend on direction and matching traffic

NAT is not only about the public address. The inside/outside interface roles and the ACL or rule that matches traffic are just as important.

Technical deep dive

How to think about this question

NAT questions usually test address translation, overload/PAT behaviour, static mappings and whether the right traffic is being translated. Read the interface direction and address terms carefully.

KKey Concepts to Remember

  • Static NAT maps one inside address to one outside address.
  • PAT allows many inside hosts to share one public address using ports.
  • Inside local and inside global describe the private and translated addresses.
  • NAT ACLs identify traffic for translation, not always security filtering.

TExam Day Tips

  • Identify inside and outside interfaces first.
  • Check whether the scenario needs static NAT, dynamic NAT or PAT.
  • Do not confuse NAT matching ACLs with normal packet-filtering intent.

Related practice questions

Related SOA-C02 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

SOA-C02 fundamentals practice questions

Practise SOA-C02 questions linked to SOA-C02 fundamentals.

SOA-C02 scenario practice questions

Practise SOA-C02 questions linked to SOA-C02 scenario.

SOA-C02 troubleshooting practice questions

Practise SOA-C02 questions linked to SOA-C02 troubleshooting.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

Question 1

A company uses Amazon CloudFront to deliver content to a global audience. The origin is an Application Load Balancer in us-east-1. The SysOps administrator wants to reduce costs by minimizing the number of requests that reach the origin server. Which action should the administrator take?

Question 2

A company runs a batch processing application on Amazon EC2 that runs for 2 hours every night. The workload can tolerate interruptions. Which EC2 purchasing option provides the lowest cost for this use case?

Question 3

A SysOps administrator needs to monitor the CPU utilization of an Amazon RDS DB instance and receive an alarm when CPU utilization exceeds 80% for 5 consecutive minutes. Which AWS service should be used to create this alarm?

Question 4

A company runs a critical web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application uses session stickiness (sticky sessions) to maintain user sessions. The SysOps administrator notices that when instances are replaced during a scale-in or failure event, users lose their session data. The administrator needs to preserve session data across instance failures without losing stickiness benefits. What should the administrator do?

Question 5

A company runs a production web application on a single Amazon EC2 instance. The application experiences a predictable and steady workload 24/7. The SysOps administrator wants to minimize compute costs for this instance while ensuring it remains available during the expected workload. Which EC2 purchasing option should the administrator use?

Question 6

A company has a VPC with public and private subnets. The private subnets host application servers that need to make outbound HTTPS connections to the internet. The SysOps administrator must implement a solution that provides outbound internet connectivity while preventing inbound connections from the internet. Additionally, the solution must allow the company to control which domains the application servers can access. Which solution should the administrator implement?

FAQ

Questions learners often ask

What does this SOA-C02 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: CodeDeployDefault.OneAtATime — CodeDeploy deployment configs define the rate of deployment. A canary deployment is not supported natively in CodeDeploy (it's available in CodeDeploy for Lambda but not for EC2). Linear deployments deploy in equal increments. OneAtATime deploys to one instance at a time. AllAtOnce deploys to all at once. The requirement is 'deploy to a small number first, verify, then deploy to the rest' which is essentially a canary or blue/green with a small initial batch. CodeDeploy supports blue/green deployments with a canary configuration where you specify a percentage of traffic to shift to the new environment. For in-place deployments, you can use a custom deployment config that defines a minimum healthy hosts and a deployment group with a small number of instances as a 'bake' time. However, CodeDeploy does not have a built-in canary for EC2 in-place. The best option is to use a blue/green deployment with a canary traffic shifting configuration. Alternatively, you could use an in-place deployment with the 'CodeDeployDefault.OneAtATime' config, which deploys to one instance at a time, and you can monitor health before proceeding. That doesn't exactly match 'small number first then rest' but OneAtATime does give you a small number (just one) first. The question says 'deploy to a small number of instances first' which could be batch of 1. But maybe they want a custom deployment config that deploys to, say, 10% first. Let's look at options: A: CodeDeployDefault.AllAtOnce - deploys to all, no verification. B: CodeDeployDefault.HalfAtATime - deploys to half then half, but if first half fails, it continues? half at a time deploys to 50% of instances, waits for health check, then deploys to remaining. If health fails, it stops. That could be considered small number if the group is large? Not necessarily small. C: CodeDeployDefault.OneAtATime - one instance at a time, verifies, then moves on. That matches 'small number first' but it deploys to one every time, not 'first one then the rest in bulk'. D: CodeDeployDefault.Canary10Percent10Minutes - that is a traffic shifting pattern for Lambda/ECS, not for EC2. So for EC2 in-place, CodeDeployDefault.OneAtATime is designed to minimize impact. But the requirement says 'deploy to a small number first, verify, then deploy to the remaining' implies a two-phase deployment: first batch (e.g., 1 or a few), then the rest all at once or in bulk. This is essentially a canary. But CodeDeploy for EC2 does not support custom canary percentages out of the box; you would need to use blue/green. However, the question likely expects 'CodeDeployDefault.OneAtATime' as it is the most cautious linear deployment. Or perhaps the correct answer is 'blue/green with canary traffic shifting' but that's for in-place? Let's see the options. I'll create options that include both. Since CodeDeploy for EC2 does not have a built-in canary, the best answer is to use a blue/green deployment with a canary traffic shift. But the question does not mention blue/green. It says 'deploy to EC2 instances'. The most direct answer: use a custom deployment configuration that defines a canary-like behavior. But among the given options, one might be 'CodeDeployDefault.Canary10Percent10Minutes' which is valid for Lambda/ECS only. So for EC2, the only option that limits risk per instance is OneAtATime. So I'll choose that as correct. But let's craft options to make OneAtATime correct: Option C: CodeDeployDefault.OneAtATime - deploys to one instance at a time, waits for health checks, and if any instance fails, the deployment stops. Option B: CodeDeployDefault.HalfAtATime also waits for health checks but halves are larger. So OneAtATime is the smallest batch. So that seems correct.

What should I do if I get this SOA-C02 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.

Discussion

Loading comments…

Sign in to join the discussion.