If a provisioned IOPS volume of 4iGB is created, what are the possible correct values for IOPS for the volume in order for it to be created?
A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every
time it is requested. Which storage should a Solutions Architect recommend to bet accommodate this use case?
A. Amazon S3
B. Amazon RDS
C. Amazon RedShift
D. AWS Storage Gateway
Answer: A or B?
A Security team reviewed their company’s VPC Flow Logs and found that traffic is being directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and Amazon S3 for storage. The company’s goal is to eliminate internet access and allow the application to continue to function.What change should be made in the VPC before updating the route table?
A. Create a NAT gateway for Amazon S3 access
B. Create a VPC endpoint for Amazon S3 access
C. Create a VPC endpoint for Amazon EC2 access
D. Create a NAT gateway for Amazon EC2 access
Answer: B or C? 应该是用VPC endpoint的，但是for S3 or EC2有何讲究？
A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC will contain a group of Amazon EC2
instances. All instances will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket with a policy that only allows
access from the customer’s Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution
that provides the highest level of security regarding network connectivity to the Amazon EC2 instances.How should the Architect design the infrastructure?
A. Place the Amazon EC2 instances in the public subnet, with no EIPs; route outgoing traffic through the internet gateway.
B. Place the Amazon EC2 instances in a public subnet, and assign EIPs; route outgoing traffic through the NAT gateway.
C. Place the Amazon EC2 instances in a private subnet, and assign EIPs; route outgoing traffic through the internet gateway.
D. Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic through the NAT gateway
Answer: C or D? EC2放在private子网，需不需要EIP根据什么理由判断？
How can a user track memory usage in an EC2 instance?
A. Call Amazon CloudWatch to retrieve the memory usage metric data that exists for the EC2 instance.
B. Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric.
C. Use an instance type that supports memory usage reporting to a metric by default.
D. Place an agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric.
Answer: A or D? 需不需要agent, 为什么？
A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality.What
should be done after making the bucket private to restrict access with the LEAST operational overhead?
A. Create a CloudFront origin access identity and create a security group that allows access from CloudFront.
B. Create a CloudFront origin access identity and update the bucket policy to grant access to it.
C. Create a bucket policy restricting all access to the bucket to include CloudFront IPs only.
D. Enable the CloudFront option to restrict viewer access and update the bucket policy to allow the distribution.
Answer：A or B? AB的差别在于A是为S3创建安全组允许CloudFront的访问，而B是S3桶策略允许CloudFront访问，有啥区别吗
A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An amazon DynamoDB Table
maintains the locations of photos and thumbnails are easily re- created from the originals it they are accidentally How should the thumbnail images be stored
to ensure the LOWEST cost?
A. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication
B. Amazon S3
C. Amazon Glacier
D. Amazon S3 with cross-region replication
Answer：B？虽然S3应该是可以的，但是题干中没有看出什么信息可以排除 standard IA 和cross region，请教怎么考虑？
221. io1 每GB 50个iops， 找个环境试着创建一下就知道了
227. up-to-date version, S3不满足。选B
270. private subnet不需要eip
300. 阅读理解题，LOWEST COST
227.up-to-date version of data在这指最新的数据，我觉得S3是最合适的。
261.这道题目说的不严谨，但是我觉得它的本意应该是考察如何让EC2内部访问S3而避免经过internet, 答案就是EC2利用VPC endpoint 来访问S3；理解了这点练习该题的目的就达到了。
270.public subnet + eip + internet gateway,
private subnet + NAT gateway，
哎呀，回复话题必需登录。 Login here