Question 1mediummultiple choice
Full question →mediummultiple choiceObjective-mapped
A company has an Amazon VPC with public and private subnets across two Availability Zones. The company hosts a web application on EC2 instances in the private subnets. The application needs to access an Amazon S3 bucket to upload and download files. The SysOps administrator must ensure that traffic to S3 does not traverse the internet and minimizes data transfer costs. Which solution should the administrator implement?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
Create an S3 VPC Gateway Endpoint in the VPC and associate it with the route tables of the private subnets.
Gateway Endpoints provide private connectivity to S3 at no additional cost (only standard data transfer rates apply). By adding a route for the S3 prefix list to the private subnet route tables, traffic destined for S3 is routed through the endpoint.
B
Distractor review
Create an S3 VPC Interface Endpoint in the VPC and associate it with the security groups of the private subnets.
Interface Endpoints use AWS PrivateLink and incur hourly charges and data processing fees, making them more expensive than Gateway Endpoints for S3 access.
C
Distractor review
Set up a NAT Gateway in the public subnets and add a route to the private subnets' route tables pointing to the NAT Gateway for S3 traffic.
NAT Gateways allow outbound internet access but traffic to S3 would still go over the internet. NAT Gateways also incur hourly and data processing charges, increasing costs.
D
Distractor review
Use AWS PrivateLink with an S3 endpoint service hosted in a different VPC.
AWS PrivateLink for S3 is available via Interface Endpoints, but using an endpoint service from another VPC is not the standard way to connect to S3 and adds unnecessary complexity and cost.
Common exam trap
Common exam trap: usable hosts are not the same as total addresses
Subnetting questions often tempt you into counting all addresses. In normal IPv4 subnets, the network and broadcast addresses are not usable host addresses.
Technical deep dive
How to think about this question
Subnetting questions test whether you can identify the network, broadcast address, usable range, mask and correct subnet. Slow down enough to calculate the block size correctly.
KKey Concepts to Remember
- CIDR notation defines the prefix length.
- Block size helps identify subnet boundaries.
- Network and broadcast addresses are not usable hosts in normal IPv4 subnets.
- The required host count determines the smallest suitable subnet.
TExam Day Tips
- Write the block size before choosing the subnet.
- Check whether the question asks for hosts, subnets or a specific address range.
- Do not confuse /24, /25, /26 and /27 host counts.
Related practice questions
Related SOA-C02 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A company uses Amazon CloudFront to deliver content to a global audience. The origin is an Application Load Balancer in us-east-1. The SysOps administrator wants to reduce costs by minimizing the number of requests that reach the origin server. Which action should the administrator take?
Question 2
A company runs a batch processing application on Amazon EC2 that runs for 2 hours every night. The workload can tolerate interruptions. Which EC2 purchasing option provides the lowest cost for this use case?
Question 3
A SysOps administrator needs to monitor the CPU utilization of an Amazon RDS DB instance and receive an alarm when CPU utilization exceeds 80% for 5 consecutive minutes. Which AWS service should be used to create this alarm?
Question 4
A company runs a critical web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application uses session stickiness (sticky sessions) to maintain user sessions. The SysOps administrator notices that when instances are replaced during a scale-in or failure event, users lose their session data. The administrator needs to preserve session data across instance failures without losing stickiness benefits. What should the administrator do?
Question 5
A company runs a production web application on a single Amazon EC2 instance. The application experiences a predictable and steady workload 24/7. The SysOps administrator wants to minimize compute costs for this instance while ensuring it remains available during the expected workload. Which EC2 purchasing option should the administrator use?
Question 6
A company has a VPC with public and private subnets. The private subnets host application servers that need to make outbound HTTPS connections to the internet. The SysOps administrator must implement a solution that provides outbound internet connectivity while preventing inbound connections from the internet. Additionally, the solution must allow the company to control which domains the application servers can access. Which solution should the administrator implement?
FAQ
Questions learners often ask
What does this SOA-C02 question test?
CIDR notation defines the prefix length.
What is the correct answer to this question?
The correct answer is: Create an S3 VPC Gateway Endpoint in the VPC and associate it with the route tables of the private subnets. — An S3 VPC Gateway Endpoint allows instances in a VPC to access S3 without going over the internet. It uses the AWS network and incurs no hourly charges or data processing fees, making it the most cost-effective solution. Gateway Endpoints are accessed via route tables, and by associating the endpoint with the private subnet route tables, traffic to S3 stays within the AWS network.
What should I do if I get this SOA-C02 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.