CramQuiz
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. Your company was recently a target of a malicious actor due to a misconfiguration of an S3 bucket ACL, making it publicly accessible. The CISO has instructed you that all S3 buckets need to be private. How would you discover public S3 buckets in your account and automatically remediate this issue?
A. Use AWS Config with the built-in s3-bucket-public-read-prohibited rule and enable automatic remediation.
B. Use AWS Config with the built-in s3-bucket-public-read-prohibited rule and use an AWS Lambda for remediation.
C. Use AWS Config with the built-in s3-bucket-public-read-prohibited rule and use an AWS Systems Manager for remediation.
D. Use AWS Config with the built-in s3-bucket-public-read-prohibited rule and remediate the buckets manually.
2. You have been asked to perform that inventory of EC2 instances in your AWS account. What would be the simplest way to determine the number and types of instances and which Amazon Machine Image (AMI) is being used across all regions?
A. Use AWS Systems Manager Automation to create a snapshot of the environment.
B. Use AWS Config to create a snapshot of the environment.
C. Use the AWS CLI and issue a list-instances command. Repeat for all regions.
D. Use the AWS SDK to write code to perform the list-instances API call. Create a Lambda function and invoke it. Repeat for all regions.
1. Answer: A is correct. AWS Config with the built-in s3-bucket-public-read-prohibited rule allows for automatic remediation of S3 buckets that have a publicly accessible ACL or policy attached.
2. Answer: B is correct. An AWS Config snapshot is the simplest way to capture the number, type, and AMI being used by your EC2 instances across all regions.
If you want more practice on this chapter’s exam objectives before you move on, remember that you can access all of the Cram Quiz questions on the Pearson Test Prep software online. You can also create a custom exam by objective with the Online Practice Test. Note any objective you struggle with and go to that objective’s material in this chapter.
This chapter covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domains:
Domain 2: Reliability and Business Continuity
Domain 3: Deployment, Provisioning, and Automation
Domain 5: Networking and Content Delivery
(For more information on the official AWS Certified SysOps Administrator – Associate [SOA-C02] exam topics, see the Introduction.)
Ensuring your application’s infrastructure is scalable and elastic delivers a double benefit for the application. First, by adding more resources dynamically when required, you can adapt to any amount of traffic to ensure you do not leave any request unanswered. Second, by removing resources, you ensure the application is cost-effective when little or no requests are being received. However, designing a scalable/elastic application is not always an easy task.
In this chapter, we examine scaling, request offloading, and loose coupling as strategies that can enable an application to meet demand while maintaining cost-effectiveness. Ensuring your application is scalable and elastic also builds a good underlying foundation to achieve high availability and resilience, which we discuss in Chapter 5, “High Availability and Resilience.”
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
