Amazon Web Services certsexpert download Full Version Soa-c01 Exam by Aylah q237 vce pdf

Page: 6 / 9

Exam Name:	AWS Certified SysOps Administrator - Associate
Exam Code:	SOA-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Associate
Questions:	263 Q&A's	Shared By:	aylah

Question 24

A company uses LDAP-based credentials and Has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-Based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion.

Which API call should be used to retrieve credentials for federated programmatic access?

Options:

sts:AssumeRote

sts:AssumeRoleWithSAML

stsAssumeRoleWithWebldentity

sts:GetFederationToken

Discussion

Question 25

A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.

What should the sysops administrator do to prevent similar attacks?

Options:

Install Amazon Inspector on the EC2 instances and configure a rules package Use the findings reports to identify and block SQL injection attacks.

Modify the security group of the ALB Use the IP addresses from the logs to block the IP addresses where SQL injection originated.

Create an AWS WAF web ACL in front of the ALB. Add an SQL injection rule to the web ACL Associate the web ACL to the ALB

Enable Amazon GuardDuty in the AWS Region Use Amazon CloudWatch Events to trigger an AWS Lambda function response every time an SQL injection finding is discovered

Discussion

Ilyas

Definitely. I felt much more confident and prepared because of the Cramkey Dumps. I was able to answer most of the questions with ease and I think that helped me to score well on the exam.

Saoirse (not set)

That's amazing. I'm glad you found something that worked for you. Maybe I should try them out for my next exam.

Madeleine

Passed my exam with my dream score…. Guys do give these dumps a try. They are authentic.

Ziggy (not set)

That's really impressive. I think I might give Cramkey Dumps a try for my next certification exam.

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric (not set)

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka (not set)

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Question 26

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

Options:

Create a customer gateway to connect to Amazon S3 Modify the route table of the private subnets to use the customer gateway

Create a gateway VPC endpoint for Amazon S3 Modify the route table of the private subnets to use the gateway VPC endpoint.

Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.

Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Discussion

Question 27

A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.

Which solution meets these requirements with the LEAST amount of operational overhead''

Options:

Create a role for each department within AWS 1AM and assign each role the necessary permissions.

Create a user for each department within AWS 1AM and assign each user the necessary permissions.

Implement service control policies within AWS Organizations to determine which resources each department can access

Place each department into an organizational unit (OU) within AWS Organizations and use 1AM policies to determine which resources they can access

Discussion

Page: 6 / 9

Title

Questions

Posted

amazon web services.certshero.free access soa-c01 new release.by harper.q132.vce.pdf