SOA-C01 (Page 42)

In the context of AWS Security Best Practices for RDS, if you require encryption or data integrity authentication of data at rest for compliance or other purposes, you can add protection at the _____ using SQL cryptographic functions.Read More →

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket.Monitoring must include tracking the AWS account of the caller, the IAM user role of the caller, the time of the API call, and the IP address of the API.Where can the Administrator find this information?Read More →

A company is releasing a new static website hosted on Amazon S3.The static website hosting feature was enabled on the bucket and content was uploaded; however, upon navigating to the site, the following error message is received:403 Forbidden `” Access DeniedWhat change should be made to fix this error?Read More →

A company has a web application that is deployed in a VPC.Inbound traffic to this web application comes in through an internet gateway and arrives at a NetworkLoad Balancer (NLB).From there, the traffic travels to multiple Amazon EC2 instances in two private subnets.The company wants to perform deep packet inspection on the inbound traffic to identify potential hacking attempts.Which solution meets these requirements?Read More →

A company wants to ensure that each department operates within their own isolated environment, and they are only able to use pre-approved services.How can this requirement be met?Read More →

A web application’s performance has been degrading.Historically, the application has had highly-variable workloads, but lately, there has been a steady growth in traffic as the result of a new product launch.After reviewing several Amazon CloudWatch metrics, it is discovered that over the last two weeks the balance of CPU credits has dropped to zero several times.Which solutions will improve performance? (Choose two.)Read More →

A web service runs on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer.External clients must whitelist specific public IP addresses in their firewalls to access the service.What load balancer or ELB feature should be used for this application?Read More →

You are setting up security groups for both incoming traffic and outgoing traffic in your VPC net-work on the AWS CLI.Which of the following AWS CLI commands would you use for adding one or more incoming traffic rules to a security group?Read More →

In a hardware security module (HSM), what is the function of a Transparent Data Encryption (TDE)?Read More →

A user has enabled instance protection for his Auto Scaling group that has spot instances.If Auto Scaling wants to terminate an instance in this Auto Scaling group due to a CloudWatch trigger unre-lated to bid price, what will happen?Read More →