SOA-C03 Exam Dumps : AWS Certified CloudOps Engineer - Associate

The combination of geoproximity routing and DNS failover health checks provides global low-latency routing with high availability.

Geoproximity routing in Route 53 routes users to the AWS Region closest to their geographic location, optimizing latency. For automatic failover, Route 53 health checks can monitor CloudWatch alarms tied to the health of the ALB in each Region. When a Region becomes unhealthy, Route 53 reroutes traffic to the next available Region automatically.

AWS documentation states:

“Use geoproximity routing to direct users to resources based on geographic location, and configure health checks to provide DNS failover for high availability.”

Option B incorrectly monitors EC2 instances directly, which is not efficient at scale. Option C uses private IPs, which cannot be globally health-checked. Option E (simple routing) does not support geographic or failover routing. Hence, A and D together meet both the proximity and failover requirements.

When a CloudFormation stack is deleted, CloudFormation’s default behavior is to delete the resources it created, including EC2 instances and attached resources defined in the template. The requirement is explicit: the company must keep the instances and all of the instances’ data even if someone deletes the stack. The CloudFormation mechanism intended for this outcome is the DeletionPolicy attribute, which controls what happens to a resource when the stack is deleted or when the resource is replaced during an update.

Setting DeletionPolicy: Retain on the EC2 instance resource instructs CloudFormation to preserve that resource instead of deleting it during stack deletion. With Retain, CloudFormation removes the resource from stack management but leaves the instance running (and therefore keeps the data that remains on the instance and its configured storage). This directly satisfies the requirement because the instance is not terminated as part of stack deletion.

Option A is incorrect for EC2 instances because Snapshot is applicable to certain resource types (commonly storage and database resources where snapshot semantics exist), not as a general “keep my instance” control for EC2 instance resources. Options B and C (DLM and AWS Backup) are valuable for backup and recovery strategies, but they do not prevent CloudFormation from terminating the instances when the stack is deleted. Backups could help restore later, but the requirement is to keep the original instances and their data even after deletion of the stack.

Therefore, the correct solution is to set DeletionPolicy to Retain for the EC2 instance resource in the CloudFormation template.

Network ACLs are stateless, meaning both inbound and outbound rules must explicitly allow traffic. While inbound HTTP traffic (port 80) was allowed, the return traffic from the EC2 instance uses ephemeral ports (typically 1024–65535). If outbound rules do not allow this ephemeral port range, the response traffic is dropped, preventing the website from loading.

Security groups are stateful and automatically allow return traffic, but network ACLs do not. This commonly causes connectivity issues when custom ACLs are applied without matching outbound rules.

Option B is incorrect because security groups allow all outbound traffic by default. Option C is irrelevant. Option D is incorrect because only one network ACL can be associated with a subnet at a time.

Thus, the missing outbound ephemeral port rule in the network ACL is the root cause.