Cram Quiz 2 – Troubleshoot Network Connectivity – SOA-C02 Study Guide

Cram Quiz

Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.

1. You want to identify and count requests that are hitting a web application from varying on-premises datacenters. All datacenters are in the same country but have different IP address ranges. There is no identifying information in the header to indicate which datacenter is the origin. What condition of the web ACL could be used to determine this?

A. Destination IP match

B. Source IP match

C. Geo match

D. String match

2. You need visibility into traffic that is reaching a set of EC2 web servers and must block SQL injection attacks before they can reach the instances. Where can you configure the AWS WAF with a SQL injection rule to accomplish this? (Choose all that apply.)

A. CloudFront

B. Classic Load Balancer

C. Application Load Balancer

D. Auto Scaling Group

Cram Quiz Answers

1. Answer: B is correct. The source IP address could be used to determine how many requests are coming from each datacenter.

2. Answer: A and C are correct. The AWS WAF can be configured on a CloudFront distribution, an Amazon API Gateway REST API, and an Application Load Balancer. It cannot be configured on a Classic Load Balancer.

CloudFront Logs

This section covers the following objective of Domain 5 (Networking and Content Delivery) from the official AWS Certified SysOps Administrator – Associate (SOA-C02) exam guide:

5.3 Troubleshoot network connectivity issues

CramSaver

If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this section and then completing the Cram Quiz at the end of the section.

1. You need to troubleshoot the success of connections using HTTP response codes. Which logs should you review?

2. When you enable logging on a CloudFront distribution, what configuration changes are required on the destination S3 bucket?

Answers

1. Answer: You should review the CloudFront and Application Load Balancer logs.

2. Answer: The destination bucket ACL is automatically updated to allow log delivery.

Using CloudFront Logs

CloudFront is a content delivery network service that speeds up delivery of your static and dynamic web content. You can enable standard logs on a CloudFront distribution and deliver them to an S3 bucket. Real-time logs are also possible and enable you to view request information within seconds of the requests occurring.

As incoming requests reach the CloudFront edge locations, data is captured about the request in a log file that is specific to a single distribution. These log files are saved to S3 periodically. If there are no requests for an hour, a log file is not generated. When you configure logging on a distribution, the destination bucket ACL is automatically updated to allow log delivery.

You should not choose a bucket that is an S3 origin to contain these logs. Also, buckets in the following regions are not currently supported as CloudFront access log destinations: af-south-1, ap-east-1, eu-south-1, and me-south-1.