Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

An Ops team created an interface VPC endpoint for AWS Secrets Manager. Afterward, EC2 instances in private subnets time-out when retrieving secrets. Flow logs show TCP 443 traffic to 52.94.x.x being dropped because the subnets have no NAT or internet gateway. DNS on the instances still resolves secretsmanager.us-east-1.amazonaws.com to public IPs. Which change restores access without sending traffic to the internet?

  • Create a public Route 53 hosted zone for secretsmanager..amazonaws.com and associate it with the VPC.

  • Enable Private DNS for the Secrets Manager interface VPC endpoint so that the VPC resolver returns the endpoint's private IP addresses.

  • Add an outbound rule to the instance security group that allows HTTPS traffic to the VPC endpoint security group.

  • Update the subnet route table to direct 0.0.0.0/0 traffic to a NAT gateway in a public subnet.

AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot