SOA-C01 VCE Exam Download

Page: 8 / 9

Question 32

A company’s use of AWS Cloud services is quickly growing, so a SysOps Administrator has been asked to generate details of daily spending to share with management.

Which method should the Administrator choose to produce this data?

Options:

Share the monthly AWS bill with management.

Use AWS CloudTrail Logs to access daily costs in JSON format.

Set up daily Cost and Usage Report and download the output from Amazon S3.

Monitor AWS costs with Amazon Cloud Watch and create billing alerts and notifications.

Question 33

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

Options:

The EC2 instances are in the same Availability Zone, causing contention between the two.

The route tables are not updated to allow traffic to flow between the ALB and the EC2 instances.

The ALB health check has failed, and the ALB has taken EC2 instances out of service.

The Amazon Route 53 health check has failed, and the ALB has taken EC2 instances out of service.

Question 34

A SysOps Administrator observes a large number of rogue HTTP requests on an Application Load Balancer (ALB). The requests originate from various IP addresses.

Which action should be taken to block this traffic?

Options:

Use Amazon CloudFront to cache the traffic and block access to the web servers

Use Amazon GuardDuty to protect the web servers from bots and scrapers

Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups

Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold

Question 35

A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.

Which solution will meet these requirements?

Options:

Set up an AWS Config rule to alert based on changes to any Cloud Formation stack. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.

Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call. An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation.

Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update:*

Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource names (ARNs) of the protected resources.

Page: 8 / 9