SOA-C02 Exam Dumps - AWS Certified SysOps Administrator - Associate (SOA-C02)

To automate the execution of a Python script every night efficiently:

Convert Python Script to Lambda:

Create an AWS Lambda function and upload the Python script.

Ensure the function has the necessary IAM permissions to perform the required maintenance tasks.

To control the production account efficiently, the most operationally efficient solution is to create a service control policy (SCP) and apply it to the production OU. SCPs allow you to manage permissions for AWS Organizations at the organizational unit (OU) or account level.

Service Control Policies (SCPs):

SCPs are a type of policy that can restrict what services and actions can be used in the accounts within an OU.

They are applied at the organizational unit level and provide a way to enforce corporate policies across multiple AWS accounts.

Steps to Implement:

Navigate to the AWS Organizations console.

Create a new SCP that specifies the allowed or denied services and actions.

Apply the SCP to the production OU.

References:

AWS Organizations SCPs

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking-awsvpc.html

To monitor traffic flows between ECS tasks, you need to use VPC Flow Logs and specify the awsvpc network mode in the task definition.

VPC Flow Logs:

VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC.

Enable VPC Flow Logs on the elastic network interfaces (ENIs) used by the ECS tasks.

awsvpc Network Mode:

The awsvpc network mode gives each task its own ENI, allowing for more granular network monitoring and security controls.

This mode is required to capture detailed traffic flow information for each ECS task.

References:

VPC Flow Logs

Amazon ECS Task Networking

To efficiently transfer a significant amount of data between VPCs in different regions, establishing an inter-region VPC peering connection is the most cost-effective method. This setup allows direct network connectivity between two VPCs in different regions, which can handle large data transfers without the need for intermediate devices or services. Option C is the most straightforward and economical choice for this requirement. Further details can be found in the AWS documentation on VPC Peering VPC Peering.

To find security groups that are open to the internet on port 3389, using AWS Trusted Advisor is the most straightforward solution.

AWS Trusted Advisor:

AWS Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

It includes a security check that identifies security groups with unrestricted access.

Steps to Use Trusted Advisor:

Open the AWS Trusted Advisor console.

In the "Security" category, look for the check that identifies security groups with unrestricted access.

Review the report to find security groups that allow unrestricted access on port 3389 (RDP).

References:

AWS Trusted Advisor

AWS Trusted Advisor Best Practices

To manage common components across multiple CloudFormation templates efficiently:

Create Nested Stacks:

Develop separate CloudFormation templates for the common components.

Use these templates as nested stacks within the main templates.

To stop EC2 instances in a development environment when they are not in use, you can create a CloudWatch alarm based on CPU utilization.

Create CloudWatch Alarm:

Navigate to the CloudWatch console.

Select "Alarms" and click on "Create Alarm".

Choose the EC2 instance metric for CPU utilization.

Set the condition to trigger the alarm when the average CPU utilization is less than 5% for a continuous 30-minute period.