Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

An operations team runs an HTTPS web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB terminates TLS but currently forwards traffic to the instances over HTTP. A new compliance control requires encryption on every network hop and public certificates that renew automatically, while minimizing ongoing maintenance for the instances. Which solution meets the requirements with the LEAST operational effort?

  • Create a private CA in AWS Certificate Manager, issue private certificates to each instance, keep the ALB forwarding traffic over HTTP, and rely on ACM to rotate the private certificates.

  • Install a Let's Encrypt certificate on each EC2 instance, change the ALB listener to TCP 443 for pass-through, and schedule certificate renewal scripts on every server.

  • Replace the ALB with a Network Load Balancer in TLS mode, import a public certificate on every EC2 instance, and configure cron jobs to renew and deploy the certificates.

  • Attach an ACM public certificate to the ALB HTTPS listener, change the target group protocol to HTTPS, keep the self-signed certificates on the instances, and allow the ALB to reach port 443 on the targets.

AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot