正在查看 2 条回复
  • 作者
    帖子
    • #24484
      小菲喵
      参与者

      QUESTION 221
      If a provisioned IOPS volume of 4iGB is created, what are the possible correct values for IOPS for the volume in order for it to be created?
      A. 200
      B. 300
      C. 400
      D. 500

      Answer:不知道怎么算。。

       

      QUESTION 247
      A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every
      time it is requested. Which storage should a Solutions Architect recommend to bet accommodate this use case?
      A. Amazon S3
      B. Amazon RDS
      C. Amazon RedShift
      D. AWS Storage Gateway

      Answer: A or B?

       

      QUESTION 261
      A Security team reviewed their company’s VPC Flow Logs and found that traffic is being directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and Amazon S3 for storage. The company’s goal is to eliminate internet access and allow the application to continue to function.What change should be made in the VPC before updating the route table?
      A. Create a NAT gateway for Amazon S3 access
      B. Create a VPC endpoint for Amazon S3 access
      C. Create a VPC endpoint for Amazon EC2 access
      D. Create a NAT gateway for Amazon EC2 access

      Answer: B or C? 应该是用VPC endpoint的,但是for S3 or EC2有何讲究?

       

      QUESTION 270
      A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC will contain a group of Amazon EC2
      instances. All instances will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket with a policy that only allows
      access from the customer’s Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution
      that provides the highest level of security regarding network connectivity to the Amazon EC2 instances.How should the Architect design the infrastructure?
      A. Place the Amazon EC2 instances in the public subnet, with no EIPs; route outgoing traffic through the internet gateway.
      B. Place the Amazon EC2 instances in a public subnet, and assign EIPs; route outgoing traffic through the NAT gateway.
      C. Place the Amazon EC2 instances in a private subnet, and assign EIPs; route outgoing traffic through the internet gateway.
      D. Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic through the NAT gateway

      Answer: C or D? EC2放在private子网,需不需要EIP根据什么理由判断?

       

      QUESTION 275
      How can a user track memory usage in an EC2 instance?
      A. Call Amazon CloudWatch to retrieve the memory usage metric data that exists for the EC2 instance.
      B. Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric.
      C. Use an instance type that supports memory usage reporting to a metric by default.
      D. Place an agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric.

      Answer: A or D? 需不需要agent, 为什么?

       

      QUESTION 286
      A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality.What
      should be done after making the bucket private to restrict access with the LEAST operational overhead?
      A. Create a CloudFront origin access identity and create a security group that allows access from CloudFront.
      B. Create a CloudFront origin access identity and update the bucket policy to grant access to it.
      C. Create a bucket policy restricting all access to the bucket to include CloudFront IPs only.
      D. Enable the CloudFront option to restrict viewer access and update the bucket policy to allow the distribution.

      Answer:A or B? AB的差别在于A是为S3创建安全组允许CloudFront的访问,而B是S3桶策略允许CloudFront访问,有啥区别吗

       

      QUESTION 300
      A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An amazon DynamoDB Table
      maintains the locations of photos and thumbnails are easily re- created from the originals it they are accidentally How should the thumbnail images be stored
      to ensure the LOWEST cost?
      A. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication
      B. Amazon S3
      C. Amazon Glacier
      D. Amazon S3 with cross-region replication

      Answer:B?虽然S3应该是可以的,但是题干中没有看出什么信息可以排除 standard IA 和cross region,请教怎么考虑?

       

      谢谢老师每天的帮助!

       

    • #24509
      xj3xj3
      参与者

      抛砖引玉…

      221. io1 每GB 50个iops, 找个环境试着创建一下就知道了

      227. up-to-date version, S3不满足。选B

      261. 看服务提供者是谁

      270. private subnet不需要eip

      275. mem这个指标必须要通过agent获得

      286. 这道题有点难,吃不准是B和D之间不好选(可以看一遍小茶的视频,里面有步骤)。选B。至于A,S3哪里有SG?

      300. 阅读理解题,LOWEST COST

       

    • #31920
      叶威
      参与者

      227.up-to-date version of  data在这指最新的数据,我觉得S3是最合适的。

      261.这道题目说的不严谨,但是我觉得它的本意应该是考察如何让EC2内部访问S3而避免经过internet, 答案就是EC2利用VPC endpoint 来访问S3;理解了这点练习该题的目的就达到了。

      270.public subnet + eip + internet gateway,

      private subnet  + NAT gateway,

      这道题里面已经说用的是NAT gateway,故答案是D.

      300.选项A的cost要更便宜

       

      • #31921
        叶威
        参与者

        更新247题:答案是B。S3对于已存在的数据是eventually consistance(最终一致性),即刚写了的数据立马去读取仍可能是旧的数据,而RDS对数据的实时更新要更快,故答案是B.

  • 作者
    帖子
正在查看 2 条回复

哎呀,回复话题必需登录。 Login here