AWS Certified Associate SOA-C03 Updated Exam

Per the AWS Cloud Operations and EventBridge documentation, when events are sent across AWS accounts — particularly from multiple accounts in an AWS Organization — the target event bus in the receiver account must include a resource-based policy that explicitly allows events:PutEvents API calls from the sender accounts or the organization ID.

Even if the sender accounts have IAM permissions to call PutEvents, the receiving event bus must trust those accounts via a resource policy. Without this configuration, EventBridge automatically rejects incoming cross-account events, and those events never reach the target Lambda function for processing.

AWS guidance states that “Cross-account event delivery requires a resource-based policy on the event bus that grants permissions to the source accounts or organization.” The policy can include either individual AWS account IDs or the organization’s root ID.

In this scenario, because the events originate from multiple accounts and there is no resource policy on the target event bus to authorize those sender accounts, the events are not delivered.

Therefore, the correct cause is C – the resource-based policy on the target event bus must be modified to allow PutEvents API calls from the sender accounts.

According to the AWS Cloud Operations and Elastic Load Balancing documentation, Application Load Balancer (ALB) supports multiple routing algorithms to distribute requests among targets:

Round robin (default)

Least outstanding requests (LOR)

Weighted random

When applications require session affinity, AWS recommends using “least outstanding requests” as the load balancing algorithm because it reduces latency, distributes load evenly, and ensures consistent target responsiveness during high traffic.

Using weighted random routing with sticky sessions can cause sessions to be routed inconsistently if one target’s capacity fluctuates, leading to session mismatches and application errors — especially when user sessions rely on instance-specific state.

Disabling cross-zone balancing (Option C) or adjusting deregistration delay (Option D) does not address routing inconsistency. Anomaly mitigation (Option B) protects against target performance degradation, not sticky-session misrouting.

Therefore, the correct solution is Option A — changing the target group’s routing algorithm to least outstanding requests ensures smoother, predictable session handling and resolves random application errors.

AWS Systems Manager Patch Manager provides a centralized and automated way to scan, identify, and remediate missing patches across managed instances. Patch baselines define which patches are approved, and scan operations identify affected instances without applying changes.

Using Patch Now allows immediate remediation across Regions with minimal setup. Other options introduce unnecessary complexity or require manual intervention.

Therefore, Patch Manager with scan and Patch Now is the least operationally intensive solution.

Stateful applications require session persistence to ensure that subsequent requests from the same user are routed to the same backend instance. When CloudFront is used in front of an ALB, session-related cookies must be forwarded correctly; otherwise, CloudFront can route requests to different targets, causing session loss and random logouts.

Configuring cookie forwarding in the CloudFront cache behavior ensures that session cookies (such as authentication tokens) are forwarded to the ALB and not stripped or cached incorrectly. Without this configuration, CloudFront may serve cached responses that do not align with the user’s active session state, leading to authentication issues.

On the ALB side, sticky sessions (session affinity) must be enabled on the target group to ensure that requests with the same session cookie are consistently routed to the same EC2 instance. ALB stickiness uses application cookies to bind a user session to a specific target, which is critical for stateful applications that store session data in memory.

Option A affects load distribution efficiency but does not address session persistence. Option C (header forwarding) is unnecessary unless the application explicitly stores session state in headers, which is uncommon. Option D applies only when using multiple target groups and listener rules, which is not the case here.

Together, enabling cookie forwarding in CloudFront and sticky sessions at the ALB target group resolves the logout issue by maintaining consistent session routing from the user through CloudFront to the same backend instance.