Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

A security engineer must ensure that every internet-facing Application Load Balancer (ALB) and Amazon CloudFront distribution in a single AWS account is protected by an AWS WAF v2 web ACL. The engineer wants to receive automatic non-compliance findings without writing custom code. Which solution will provide the required visibility with the least operational overhead?

  • Turn on AWS CloudTrail Lake and create a query that searches for CreateLoadBalancer and CreateDistribution events without an accompanying CreateWebACLAssociation event.

  • Deploy an AWS Lambda function triggered by EventBridge events for every new or modified ALB or CloudFront distribution and inspect the resource configuration for the WebAclId field.

  • Enable the AWS Config managed rules alb-waf-enabled and cloudfront-associated-with-waf.

  • Stream AWS WAF logs to Amazon S3 through Kinesis Data Firehose and use Amazon Athena to run a scheduled query that lists resources without matching web ACL IDs.

AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot