Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

A company hosts an internal REST API on Amazon EC2 instances in a "service VPC" that resides in Account A. Several developer teams in other AWS accounts need to consume this API from private subnets in their own VPCs. Security policy states that traffic must stay on the AWS network, the service VPC must not accept any inbound connections over VPC peering, and each consumer VPC must be able to use its own CIDR range without overlap constraints. Which approach satisfies the requirements with the least operational effort?

  • Expose the API through an internet-facing Application Load Balancer and require each consumer subnet to use a NAT gateway for outbound calls.

  • Establish VPC peering connections between the service VPC and every consumer VPC, then update route tables to point traffic to the peering links.

  • Attach all VPCs to an AWS Transit Gateway and advertise the service VPC subnet routes to the consumer VPCs through Transit Gateway route tables.

  • Place the API behind a Network Load Balancer, create a VPC endpoint service, and let each consumer VPC connect through an interface VPC endpoint (AWS PrivateLink).

AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot