Amazon Web Services certsexpert download Full Version Soa-c01 Exam by Aylah q237 vce pdf

Page: 6 / 9

Exam Name:	AWS Certified SysOps Administrator - Associate
Exam Code:	SOA-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	263 Q&A's	Shared By:	aylah

Question 24

A company uses LDAP-based credentials and Has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-Based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion.

Which API call should be used to retrieve credentials for federated programmatic access?

Options:

sts:AssumeRote

sts:AssumeRoleWithSAML

stsAssumeRoleWithWebldentity

sts:GetFederationToken

Discussion

Question 25

A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.

What should the sysops administrator do to prevent similar attacks?

Options:

Install Amazon Inspector on the EC2 instances and configure a rules package Use the findings reports to identify and block SQL injection attacks.

Modify the security group of the ALB Use the IP addresses from the logs to block the IP addresses where SQL injection originated.

Create an AWS WAF web ACL in front of the ALB. Add an SQL injection rule to the web ACL Associate the web ACL to the ALB

Enable Amazon GuardDuty in the AWS Region Use Amazon CloudWatch Events to trigger an AWS Lambda function response every time an SQL injection finding is discovered

Discussion

Question 26

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

Options:

Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway

Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.

Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.

Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Discussion

Rae

I tried using Cramkey dumps for my recent certification exam and I found them to be more accurate and up-to-date compared to other dumps I've seen. Passed the exam with wonderful score.

Rayyan Sep 14, 2024

I see your point. Thanks for sharing your thoughts. I might give it a try for my next certification exam.

Miley

Hey, I tried Cramkey Dumps for my IT certification exam. They are really awesome and helped me pass my exam with wonderful score.

Megan Aug 30, 2024

That’s great!!! I’ll definitely give it a try. Thanks!!!

Lennie

I passed my exam and achieved wonderful score, I highly recommend it.

Emelia Oct 2, 2024

I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Walter

Yayyy!!! I passed my exam with the help of Cramkey Dumps. Highly appreciated!!!!

Angus Nov 4, 2024

YES….. I saw the same questions in the exam.

Question 27

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead''

Options:

Create a role for each department within AWS 1AM and assign each role the necessary permissions.

Create a user for each department within AWS 1AM and assign each user the necessary permissions.

Implement service control policies within AWS Organizations to determine which resources each department can access

Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

Discussion

Page: 6 / 9

Title

Questions

Posted

amazon web services.certshero.free access soa-c01 new release.by harper.q132.vce.pdf