AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
Your security team enabled AWS Shield Advanced on several Application Load Balancers and CloudFront distributions. They must receive near-real-time records for every DDoS event-including the attack vector (metric dimension), protected resource ARN, and the start and end timestamps-and forward them to the company-wide SIEM that ingests data from an Amazon Kinesis Data Firehose delivery stream in a separate AWS account. Which approach meets the requirement with the least custom code and ongoing maintenance?
Use an EventBridge schedule to trigger an AWS Lambda function every minute. The function calls ListAttacks and DescribeAttack APIs, formats the response, and sends it to the Firehose stream in the SIEM account.
Subscribe an Amazon SNS topic to Shield Advanced DDoS notifications and configure an HTTPS subscription that posts the messages directly to the SIEM endpoint in the other account.
Enable AWS Config recording for the AWSShieldProtection resource type and stream configuration snapshots to the SIEM account.
Create CloudWatch alarms for the Shield Advanced metrics DDoSDetected and DDoSAttack* on each protected resource. Configure an Amazon EventBridge rule that forwards CloudWatch Alarm State Change events to an Amazon Kinesis Data Firehose delivery stream in the SIEM account.
Shield Advanced publishes detection metrics such as DDoSDetected and DDoSAttackBits|Packets|RequestsPerSecond to Amazon CloudWatch for each protected resource. Creating a CloudWatch alarm for DDoSDetected (and optionally the DDoSAttack* metrics with the AttackVector dimension) on every protected resource generates a CloudWatch Alarm State Change event when an attack starts and ends. CloudWatch automatically routes those state-change events to Amazon EventBridge. By adding an EventBridge rule that selects the alarm events and targets a cross-account Kinesis Data Firehose delivery stream, the team gains structured, near-real-time records that include the metric namespace, metric name, dimensions (resource ARN and AttackVector), timestamp, and the new state (ALARM or OK). No polling, parsing logic, or custom Lambda code is required.
SNS notifications can be delayed and lack metric context, AWS Config tracks configuration changes rather than attack telemetry, and a custom polling Lambda that calls DescribeAttack adds operational overhead and code to maintain.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Shield Advanced and how does it help in DDoS protection?
Open an interactive chat with Bash
How do CloudWatch and EventBridge work together to monitor and respond to events?
Open an interactive chat with Bash
What is Amazon Kinesis Data Firehose and why is it used in this solution?
Open an interactive chat with Bash
What is AWS Shield Advanced, and how does it help with DDoS protection?
Open an interactive chat with Bash
How does CloudWatch interact with AWS Shield Advanced metrics?
Open an interactive chat with Bash
What is Amazon EventBridge, and how is it used here?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .