Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

A DevOps engineer rotated a customer-managed KMS key alias that encrypts the Amazon EBS root volume of an Auto Scaling group. The alias now points to a new CMK, and the original CMK is disabled. New EC2 instances launch, but existing instances fail to start because their root volumes cannot be decrypted. What is the MOST operationally efficient way to restore the affected instances?

  • Copy every existing snapshot to the new CMK and launch replacement instances from the copied snapshots.

  • Update the launch template to reference the new CMK and perform an instance refresh on the Auto Scaling group.

  • Re-enable the disabled CMK to allow KMS to decrypt the existing volumes, then start the instances.

  • Detach each root volume, create an unencrypted snapshot, then re-encrypt the snapshot with the new CMK and reattach the volume.

AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot