CramQuiz – Troubleshooting and Remediation – SOA-C02 Study Guide

CramQuiz

Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.

1. You are the administrator of a hybrid-cloud application that uses S3 as the central store for all the data being shared across the platforms. The Internet users are always directed to the AWS portion of the application, whereas the on-premises users are always directed to the local application running on the on-premises servers. Recently, the security team has pointed out that user credentials are hard-coded in the application, and an update was made to the application to use roles instead of the user access key and secret key coded into the application. Your team has already updated and tested the role that will be used within your application and found no issues. The last step is to update the S3 bucket policy to reflect the change. After you update the bucket policy, the on-premises users report receiving a 403 response when trying to retrieve documents from within the application. Interestingly, the Internet users don’t seem to have any issues accessing those same documents. What would be the most likely cause for this issue based on the problem description?

A. The S3 bucket policy is incorrectly written.

B. The application on the on-premises servers needs to be updated.

C. The role needs to be assumed on the on-premises servers.

D. The role is not attached to the EC2 instances.

2. You have been asked to collect the 400-type and 500-type errors from a third-party application running on your Linux on-premises servers. Your company would like you to deliver the errors to AWS and tie them into a CloudWatch Alarm. What would be the simplest way to achieve this?

A. Install the AWS CLI and copy the logs to an S3 bucket with the aws s3 cp command. Create an S3 trigger to a Lambda function that forwards the logs to CloudWatch for analysis and configure a CloudWatch Alarm to trigger on the specific log pattern.

B. Install the S3 CLI and copy the logs to an S3 bucket with the s3 cp command. Create an S3 trigger to a Lambda function that forwards the logs to CloudWatch for analysis and configure a CloudWatch Alarm to trigger on the specific log pattern.

C. Install the CloudWatch agent and point the logs to an S3 bucket. Create an S3 trigger to a Lambda function that forwards the logs to CloudWatch for analysis and create a CloudWatch Alarm to trigger on the specific log pattern.

D. Install the CloudWatch agent and point it to the application logs. Create a CloudWatch Alarm to trigger on the specific log pattern.

Cram Quiz Answers

1. Answer: C is correct. The issue is a 403 – permission denied. Because the web users are able to access the document and the issue is isolated to the on-premises servers, the on-premises servers are not correctly authenticated. The policy now allows the role to access the bucket instead of the user and is correctly configured. The role must have been attached to the EC2 instances because they allow web users to access the document. The most likely issue is that the role has not been assumed on the on-premises servers.

2. Answer: D is correct. Installing the CloudWatch agent is the simplest way to deliver the logs to CloudWatch. The metrics or logs collected can then be used directly on CloudWatch Alarms. It would also be possible to create the solution as described in A, but that approach is unnecessarily complicated.