Exam CAS-004 topic 1 question 247 discussion

C. Autoscaling: This is important to ensure high availability and resiliency of the web-based application. By using autoscaling, additional resources can be automatically allocated to handle spikes in traffic or when the application is running at or near capacity. D. WAF: This is important for protecting the application against DoS and DDoS attacks. A Web Application Firewall (WAF) can help detect and block malicious traffic and attacks on the application. E. CDN: This is important for improving the performance and availability of the application. By using a Content Delivery Network (CDN), content can be delivered from a distributed network of servers, reducing latency and improving the user experience.

C. Autoscaling - keep the application running at 70% at all times. Scale up and down as traffic demands. E. Use a CDN, NOT A WAF!!! WAF does not protect against DOS and DDOS attackes, it protects against other types of attacks. H. Containerization WITH AUTOSCALING is literally the industry standard for auto-recovery of applications today. I have no idea why anyone would say snapshot or what the idea would be--when the server fails a health check kick off a work pipeline to reinstantiate it? That will take FOREVER and also won't work for a few other reasons. Containerize your application and when the app fails (misses a health check with the load balancer) it will simply be replaced. That's how literally everything works today right now.

o The cloud architecture team should implement Autoscaling, WAF, and Continuous Snapshots to ensure high availability, resiliency, and automatic recovery of the sensitive web application.  Autoscaling: This feature automatically adjusts the resources allocated to an application based on demand, allowing it to handle increased traffic during peak times while minimizing costs when demand is low. This aligns with the requirement of running at 70% capacity at all times.  WAF (Web Application Firewall): This security measure protects the application from malicious attacks like DoS and DDoS by filtering incoming traffic and blocking harmful requests. It directly addresses the requirement to sustain DoS and DDoS attacks.  Continuous Snapshots: Regularly taking snapshots of the application's data allows for quick recovery in case of an outage or other disaster. This ensures service recovery automatically.

CDN (Content Delivery Network): CDNs improve website performance by caching content closer to users' geographical locations. While this can enhance user experience, it doesn't directly address the requirements of high availability, DoS/DDoS resistance, or automatic recovery. Encryption: While encryption is crucial for data security, it doesn't guarantee high availability or resiliency. It protects data at rest and in transit but doesn't address issues like maintaining uptime or recovering from attacks. Containerization: Containerization can improve application portability and isolation, but it is not a primary solution for the requirements outlined. Other technologies, like autoscaling and WAF, are more directly aligned with these needs.

Agree with CEH. I think CDN can handle DDoS attacks pretty well, if only. WAF is best at filtering malicious traffic. Container orchestration help with resiliency, recovery, and self-healing services; even autoscaling.

To meet the cloud architecture team's requirements, the best solutions are: C. Autoscaling – Ensures that the application can maintain 70% capacity, automatically scales based on demand, and enhances availability and resiliency. D. WAF – Provides protection against DoS/DDoS attacks, ensuring that the application can sustain traffic surges and malicious requests. E. CDN – Helps with DDoS mitigation, reduces latency, and ensures the application remains responsive even under high traffic.

C. Autoscaling Autoscaling automatically adjusts the capacity of the application based on traffic and demand, ensuring the application can handle varying loads and maintain the required 70% capacity. It also helps in sustaining DoS and DDoS attacks by adding more resources when needed. 2. D. WAF (Web Application Firewall) A WAF helps protect the application from DoS and DDoS attacks by filtering, monitoring, and blocking malicious traffic. This adds an additional layer of security to ensure availability under attack. 3. B. BCP (Business Continuity Plan) A BCP ensures that critical business functions continue during and after a disaster, covering recovery mechanisms, automatic service restoration, and contingency strategies to ensure high availability and resiliency of the services.

CDG. WAF for DoS, DDoS: WAF-https://learn.microsoft.com/en-us/azure/web-application-firewall/shared/application-ddos-protection.

• C. Autoscaling: Autoscaling allows the cloud architecture to automatically adjust the number of compute resources (such as virtual machines or containers) based on real-time traffic demands. It ensures that the application runs at 70% capacity or as required, thus maintaining availability during varying load conditions. • D. WAF (Web Application Firewall): A WAF protects web-based applications from a variety of threats, including DoS and DDoS attacks. It filters and monitors HTTP traffic between a web application and the internet, identifying and blocking malicious requests before they reach the application. • H. Containerization: Containerization, using tools like Docker and Kubernetes, enables the deployment and management of applications in lightweight, isolated containers. Containers are resilient to failure, and container orchestration platforms can automatically restart or reschedule containers in case of failure, ensuring service continuity and automatic recovery.

Compare out put from Gemini, Chat GPT, Copilot and best judgement.

Containers make automatic service recovery much easier. Since they mention service recovery, I'd go with that one. If they were focusing more on data recover, I'd have gone with continuous snapshots. The data will be separate from the web frontend services anyway.

Services must recover automatically. - F

Web-based applications must be online as much as possible. "High availability and resiliency" Snapshots are ideal when performing administrative changes and have to wait until verification that the new changes don't impact services. However, they do nothing for real-time resiliency to maintain operations. A Content delivery network includes the ability to keep website content online in the face of network problems, hardware failures, and network congestion. A CDN is designed to circumvent network congestion and be resilient against service interruption. WAF is to further mitigate DoS and DDoS attacks Autoscaling assists with handling any increase in workload until mitigation measures are enacted (DDoS measures are usually enacted automatically) CDN - focuses on high availability and seamless recovery.

C. Autoscaling: Autoscaling helps maintain the application at 70% capacity at all times by automatically adding or removing resources based on the current demand. It also ensures that the application is always available even during a surge in demand. D. WAF: A web application firewall (WAF) helps protect the application against DoS and DDoS attacks by filtering out malicious traffic before it reaches the application. It can also block suspicious traffic and help prevent common web application attacks. G. Continuous snapshots: Continuous snapshots help ensure that data is not lost in case of a disaster or an attack. By continuously backing up the data, the application can be restored to a recent state in case of a problem.

CDE, correct

CDG. While a CDN improves performance, it does nothing for high availability and resiliency. It doesn't address any of the other requirements either.

CDN instead of WAF. Restore the last snapshot to recover automatically