Amazon Web Services Updated SOA-C02 Exam Questions and Answers by ivy-rae

The requirement is to implement a failover mechanism that minimizes downtime for an Amazon RDS for MySQL Single-AZ instance that handles read and write traffic.

From the RDS User Guide – Multi-AZ Deployments:

Multi-AZ deployments provide high availability and durability for Database (DB) instances, making them a natural fit for production database workloads.

When you create or modify your DB instance to run as a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone (AZ).

Failover is automatic and requires no manual intervention.

✅ Why A is correct:

Multi-AZ offers automated failover in case of instance failure, with minimal application downtime.

RDS automatically redirects traffic to the standby, which is promoted as the new primary.

❌ Why other options are incorrect:

B. Read replica is for read-only scaling. It does not support writes and is not a failover solution.

C. Auto Scaling Group cannot be applied to RDS instances, which are managed services.

D. RDS Proxy improves connection management, but does not provide failover capability for the RDS instance itself.

To meet the requirements of the workload, a company should store the data in an Amazon S3 Glacier vault and configure a vault lock policy for write-once, read-many (WORM) access. This will ensure that the data is stored securely and cannot be edited in the future. The other solutions (storing the data in an Amazon Elastic Block Store (Amazon EBS) volume and configuring AWS Key Management Service (AWS KMS) encryption, storing the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) and configuring server-side encryption, or storing the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) and configuring multi-factor authentication (MFA)) will not meet the requirements, as they do not provide a way to protect the audit logs from future edits.

https://docs.aws.amazon.com/zh_tw/AmazonS3/latest/userguide/object-lock.html

Step-by-Step Explanation:

Understand the Problem:

Minimize potential data loss and recovery time for a MySQL database running on an Amazon EC2 instance.

Analyze the Requirements:

Reduce the risk of data loss.

Ensure quick recovery in the event of a database failure.

Aim for operational efficiency.

Evaluate the Options:

Option A: Create a CloudWatch alarm to invoke a Lambda function that stops and starts the EC2 instance.

This addresses system failures but does not help with minimizing data loss or ensuring database redundancy.

Option B: Create an Amazon RDS for MySQL Multi-AZ DB instance and use a MySQL native backup stored in Amazon S3.

RDS Multi-AZ deployments provide high availability and durability by automatically replicating data to a standby instance in a different Availability Zone.

Using a MySQL native backup stored in Amazon S3 ensures data can be restored efficiently.

Option C: Create an RDS for MySQL Single-AZ DB instance with a read replica.

This provides read scalability but does not ensure high availability or failover capabilities.

Option D: Use Amazon DLM to take hourly snapshots of the EBS volume.

This helps with backups but does not provide immediate failover capabilities or minimize downtime effectively.

Select the Best Solution:

Option B: Using Amazon RDS for MySQL Multi-AZ ensures high availability and automated backups, significantly minimizing data loss and recovery time.

Amazon RDS Multi-AZ Deployments

Backing Up and Restoring an Amazon RDS DB Instance

Using Amazon RDS for MySQL Multi-AZ provides a highly available and durable solution with automated backups, ensuring minimal data loss and quick recovery.

AWS Systems Manager Run Command provides an efficient method to execute administrative tasks on EC2 instances. This solution will minimize the time and complexity involved:

Select Document: Choose AWS-RunShellScript for Linux-based instances or AWS-RunPowerShellScript for Windows-based instances.

Configure Command: Enter the mitigation script provided by the security team into the command document.

Target Instances: Use the tagging system to target only the instances that match the specific OS as identified by their tags.

Execute Command: Run the command across the targeted instances.

Verification and Reporting: The command history in Systems Manager will serve as evidence of execution and success, which can be reported back to the security team.

AWS Documentation Reference:

More about Run Command can be found here: AWS Systems Manager Run Command.