Back to AWS Certified SysOps Administrator Associate SOA-C02 questions

Scenario-based practice

Refer to the Exhibit Practice Questions

Practise AWS Certified SysOps Administrator Associate SOA-C02 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
SOA-C02
exam code
Amazon Web Services
vendor

Scenario guide

How to approach refer to the exhibit practice questions

Practise exhibit-style questions that ask you to read a topology, table, command output or diagram before choosing the best answer.

Quick answer

Exhibit-style questions test whether you can read a topology, command output, diagram or table before choosing the best answer.

How to extract the relevant detail from an exhibit.

How topology, command output or routing information affects the answer.

How to avoid answering from memory before reading the evidence.

How to map the exhibit back to the exam objective.

Related practice questions

Related SOA-C02 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

Refer to the exhibit. A SysOps administrator applies this bucket policy to an S3 bucket. What is the effect of this policy?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
Question 2easymultiple choice
Full question →

Refer to the exhibit. An IAM role has the trust policy shown. Which entity can assume this role?

Network Topology
$ aws iam get-rolerole-name MyRoleRefer to the exhibit.AWS CLI output:"Role": {"Path": "/","RoleName": "MyRole","Arn": "arn:aws:iam::123456789012:role/MyRole","AssumeRolePolicyDocument": {"Version": "2012-10-17","Statement": ["Effect": "Allow","Principal": {"AWS": "arn:aws:iam::123456789012:root"},"Action": "sts:AssumeRole","Condition": {}"CreateDate": "2023-01-01T00:00:00Z"
Question 3mediummultiple choice
Full question →

Refer to the exhibit. A SysOps administrator runs the commands shown. Which key(s) have automatic key rotation enabled?

Network Topology
key-id 1234abcd-12ab-34cd-56ef-1234567890ab$ aws kms get-key-rotation-statuskey-id 0987fedc-87fe-65dc-43ba-abcdef123456Refer to the exhibit.$ aws kms list-keys"Keys": [{"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"},{"KeyId": "0987fedc-87fe-65dc-43ba-abcdef123456"}"KeyRotationEnabled": true"KeyRotationEnabled": false
Question 4mediummultiple choice
Full question →

Refer to the exhibit. An IAM user has this policy attached. The user tries to start an EC2 instance that has no tags. What will happen?

Exhibit

Refer to the exhibit.

IAM Policy JSON:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances",
        "ec2:TerminateInstances",
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/Environment": "Production"
        }
      }
    }
  ]
}
Question 5mediummultiple choice
Full question →

Refer to the exhibit. A SysOps administrator creates an IAM policy to allow an EC2 instance to upload objects to an S3 bucket. However, the instance is unable to upload objects. What is the MOST likely reason?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}
```
Question 6hardmultiple choice
Full question →

Refer to the exhibit. A SysOps administrator needs to restore the database 'mydb' to the most recent restorable time shown. However, the administrator cannot restore to that time. What is the MOST likely reason?

Network Topology
$ aws rds describe-db-instancesdb-instance-identifier mydbRefer to the exhibit.```"DBInstances": ["DBInstanceIdentifier": "mydb","DBInstanceClass": "db.t3.medium","Engine": "mysql","DBInstanceStatus": "available","MultiAZ": false,"ReadReplicaDBInstanceIdentifiers": [],"BackupRetentionPeriod": 0,"PreferredBackupWindow": "03:00-04:00","LatestRestorableTime": "2024-01-01T04:00:00Z","InstanceCreateTime": "2024-01-01T00:00:00Z"
Question 7easymultiple choice
Full question →

Refer to the exhibit. A SysOps administrator creates a CloudFormation stack with the template shown. After 30 days, what happens to noncurrent versions of objects in the bucket?

Exhibit

Refer to the exhibit.

```
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: DeleteOldVersions
            Status: Enabled
            NoncurrentVersionExpirationInDays: 30
```
Question 8mediummultiple choice
Full question →

Refer to the exhibit. A SysOps administrator ran the commands shown. What is the state of the EC2 instance?

Network Topology
Command: aws ec2 describe-instancesinstance-ids i-1234567890abcdef0query 'Reservations[0].Instances[0].State'query 'InstanceStatuses[0].SystemStatus'Refer to the exhibit.Output:"Code": 16,"Name": "running""Status": "impaired","Details": ["Name": "reachability"
Question 9mediummultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. An IAM policy is attached to a group. A SysOps Administrator in that group tries to terminate an EC2 instance with the tag 'Environment=production'. The action fails. What is the most likely reason?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:TerminateInstances",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/Environment": "production"
        }
      }
    }
  ]
}
Question 10easymultiple choice
Full question →

Refer to the exhibit. An IAM policy is attached to an IAM user. Which action can the user perform?

Exhibit

Refer to the exhibit.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Deny",
            "Action": "ec2:TerminateInstances",
            "Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
        }
    ]
}
Question 11hardmultiple choice
Full question →

Refer to the exhibit. A SysOps administrator deployed the CloudFormation template. Which statement is true about data protection?

Exhibit

Refer to the exhibit.

CloudFormation template snippet:

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-app-data-123
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: ExpireOldVersions
            Status: Enabled
            NoncurrentVersionExpirationInDays: 30

  MyBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyBucket
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Deny
            Action: s3:DeleteBucket
            Resource: !GetAtt MyBucket.Arn
            Principal: "*"
Question 12mediummultiple choice
Full question →

Refer to the exhibit. A SysOps administrator ran the describe-stack-events command for a CloudFormation stack named 'my-stack'. The stack creation failed with 'Resource creation cancelled'. What is the most likely reason?

Network Topology
aws cloudformation describe-stack-eventsstack-name my-stackRefer to the exhibit.Output from AWS CLI:"StackEvents": ["StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/my-stack/abcd1234-ef56-7890-abcd-ef1234567890","EventId": "Event-1","StackName": "my-stack","LogicalResourceId": "my-stack","PhysicalResourceId": "arn:aws:cloudformation:us-east-1:123456789012:stack/my-stack/abcd1234-ef56-7890-abcd-ef1234567890","ResourceType": "AWS::CloudFormation::Stack","Timestamp": "2023-01-01T00:00:00.000Z","ResourceStatus": "CREATE_FAILED","ResourceStatusReason": "Resource creation cancelled"},"EventId": "Event-2","LogicalResourceId": "MyNestedStack","PhysicalResourceId": "arn:aws:cloudformation:us-east-1:123456789012:stack/MyNestedStack/ef123456-7890-abcd-ef12-345678901234","ResourceStatus": "CREATE_IN_PROGRESS"
Question 13mediummultiple choice
Full question →

A SysOps administrator is creating a CloudFormation stack and receives the error shown in the exhibit. The template snippet for the Auto Scaling group is:

"MyAutoScalingGroup": {
  "Type": "AWS::AutoScaling::AutoScalingGroup",
  "Properties": {
    "MinSize": "1",
    "MaxSize": "5",
    "DesiredCapacity": "2",

...

}
}
Network Topology
$ aws cloudformation describe-stack-eventsstack-name my-stackRefer to the exhibit."StackEvents": ["StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/my-stack/...","EventId": "Event-1","ResourceStatus": "CREATE_FAILED","ResourceType": "AWS::AutoScaling::AutoScalingGroup","Timestamp": "2024-01-01T00:00:00.000Z"
Question 14hardmultiple choice
Full question →

A SysOps administrator is troubleshooting a CodeDeploy deployment that uploads artifacts to an S3 bucket. The deployment fails with an 'AccessDenied' error. The IAM policy for the CodeDeploy service role includes the statement shown in the exhibit. What is the most likely cause of the failure?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    }
  ]
}
Question 15easymultiple choice
Full question →

A SysOps administrator sees the deployment failure shown in the exhibit. The deployment group has a minimum of 1 healthy instance. The Auto Scaling group has 2 instances. What is the most likely cause of the failure?

Network Topology
$ aws deploy get-deploymentdeployment-id d-EXAMPLERefer to the exhibit."deploymentInfo": {"status": "Failed","errorInformation": {"code": "HEALTH_CONSTRAINTS",},"deploymentGroupName": "MyDeploymentGroup","deploymentConfigName": "CodeDeployDefault.OneAtATime"

These SOA-C02 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style SOA-C02 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.