Free · No account needed · No credit card

AWS Certified SysOps Administrator Associate SOA-C02 Practice Test

1,546 questions with instant explanations, domain breakdown, and wrong-answer analysis. Built for the real exam.

Instant feedback after each answer
Full explanations included
Domain score breakdown
Real exam: 180 min
Pass mark: 720%

Sample questions with explanations

This is exactly what you see during practice — question, options, and a full explanation after you answer.

Q1Monitoring, Logging, and Remediationmedium
Full explanation →

A company uses AWS CloudTrail to log API calls across all regions. The SysOps administrator notices that logs for a specific region are missing from the centralized S3 bucket. What is the most likely cause?

The CloudTrail trail is not enabled for that region.Correct
BThe S3 bucket policy denies write access from CloudTrail for that region.
CCloudTrail log file validation is disabled.
DThe IAM role for CloudTrail does not have permissions to write logs from that region.

CloudTrail trails can be configured to log API calls from specific regions or all regions. If logs for a particular region are missing from the centralized S3 bucket, the most likely cause is that the trail was not enabled for that region during trail creation or update. By defau…Read full explanation

Q2Deployment, Provisioning, and Automationhard
Full explanation →

A team uses AWS CodeDeploy with a deployment configuration of CodeDeployDefault.OneAtATime to deploy a web application to an Auto Scaling group. Instances are behind an Application Load Balancer. The deployment fails with 'The overall deployment failed because too many individual instances failed deployment.' What is the most likely cause?

The health check grace period on the Auto Scaling group is too short.Correct
BThe target group deregistration delay is too long.
CThe CodeDeploy agent is not installed on the instances.
DThe deployment group is configured to skip the ELB health check.

The deployment fails because the health check grace period on the Auto Scaling group is too short. When CodeDeploy deploys one instance at a time (CodeDeployDefault.OneAtATime), the instance is taken out of service, updated, and then returned to the load balancer. If the grace pe…Read full explanation

Q3Security and Compliancemedium
Full explanation →

An organization requires that all Amazon S3 buckets be encrypted at rest by default. A SysOps administrator needs to enforce this using AWS Config. Which AWS Config managed rule should be used?

s3-bucket-encryption-enabledCorrect
Bs3-bucket-ssl-requests-only
Cs3-bucket-public-read-prohibited
Ds3-bucket-logging-enabled

The AWS Config managed rule `s3-bucket-encryption-enabled` checks whether S3 buckets have default encryption enabled (SSE-S3, SSE-KMS, or SSE-C). This directly enforces the requirement that all buckets are encrypted at rest by default, as it evaluates each bucket's encryption con…Read full explanation

Untimed Practice

Answer at your own pace. Explanation and domain tag shown immediately after each answer.

Timed Practice

Countdown timer starts immediately. Results and domain scores shown at the end — just like the real exam.

Why practice here?

Full explanations on every question

Not just the right answer — you get exactly why each wrong option is wrong, so you learn the concept, not the answer.

Domain score breakdown

After each session see your score by exam domain so you know exactly where to focus study time.

100% free, forever

No subscription, no trial, no email wall. Start a session in under 10 seconds.

Exam-style questions

Scenario-based, precise wording, realistic distractors — written to match what you actually see on exam day.

← All SOA-C02 questionsSOA-C02 exam guideStudy guidePractice by domain