Here you have the best Amazon SOA-C02-2 practice exam questions
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?
To quickly and temporarily deny access from a specific IP address block, modifying the Network ACLs (Access Control Lists) associated with all public subnets in the VPC is the most appropriate solution. Network ACLs act at the subnet level and can deny incoming or outgoing traffic from certain IP address blocks, making them suitable for blocking access quickly and effectively. Unlike Security Groups, which act at the instance level and typically do not support deny rules, Network ACLs are specifically designed to provide an additional layer of security for subnets and can easily be modified to implement such restrictions.
When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit? (Choose three.)
When preparing for a compliance assessment of your system built inside of AWS, it is best to gather evidence of your IT operational controls as part of your internal documentation. Additionally, it is essential to request and obtain applicable third-party audited AWS compliance reports and certifications to verify that AWS meets certain compliance standards, which can then be used to support your compliance efforts. Finally, it is important to request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system's Instances and endpoints to ensure that your system complies with security requirements and to identify any potential vulnerabilities.
You have started a new job and are reviewing your company's infrastructure on AWS You notice one web application where they have an Elastic Load Balancer
(&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances in Availability Zone
(AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?
To balance the instances across Availability Zones (AZs), you need to ensure that Auto Scaling is configured to launch instances in both AZs. This configuration allows for better distribution and fault tolerance by spreading the load evenly between different AZs. This setup ensures high availability and resilience of your application, as it prevents all instances from being concentrated in a single AZ.
You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS.
Which option will provide the most scalable solution for communicating between the application and SQS?
To achieve high scalability for an application communicating with Amazon SQS, launching application instances in private subnets with an Auto Scaling group and configuring Auto Scaling triggers to monitor the SQS queue size is the best approach. This ensures that the number of instances can dynamically adjust based on the load, maintaining sufficient bandwidth and resource availability. This setup allows your application to handle varying levels of traffic efficiently by scaling out when the demand is high and scaling in when the demand decreases, thereby providing a robust and scalable solution.
You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 In the same region.
How do you remedy this situation?
When experiencing network throughput bottlenecks on an m1.small EC2 instance while uploading data to Amazon S3 in the same region, upgrading to a larger instance is a practical solution. Larger instances typically offer better network performance and higher throughput capabilities, which can help to alleviate the bottleneck. The m1.small instance has limited network performance, and switching to a larger instance can provide access to enhanced networking features that improve data transfer rates.