Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

A CloudOps engineer has deployed EC2 instances in two private subnets of a dual-stack VPC. Each instance has both IPv4 and IPv6 addresses. Compliance mandates that the workloads download package updates only over IPv6 while remaining unreachable from the public internet. The solution must be highly available and incur the lowest possible cost. Which action should the engineer take?

  • Provision a NAT Gateway in each Availability Zone and add a ::/0 IPv6 route from the private subnets to the NAT Gateways.

  • Create interface VPC endpoints for the required package repositories and restrict all other outbound traffic with network ACLs.

  • Create an egress-only internet gateway, attach it to the VPC, and add a ::/0 route in each private subnet's route table.

  • Attach an internet gateway to the VPC and rely on security group rules to allow only outbound IPv6 traffic from the instances.

AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot