-
作者帖子
-
-
小菲喵参与者
QUESTION 176
A Solutions Architect is working on a PCI-compliant architecture that needs to call an external service provider’s API. The external provider requires IP whitelisting to verify the calling party.
How should the Solutions Architect provide the external party with the IP addresses for whitelisting?
A. Use an API Gateway in proxy mode, and provide the API Gateway’s IP address to the external service provider.
B. Associate a public elastic network interface to a published stage/endpoint in API Gateway, exposing the AWS Lambda function, and provide the IP address for the public network interface to the external party to whitelist.
C. Deploy the Lambda function in private subnets and route outbound traffic through a NAT gateway.
Provide the NAT gateway’s Elastic IP address to the external service provider.
D. Provide the external party the allocated AWS IP address range for Lambda functions, and send change notifications by using a subscription to the AmazonIpSpaceChanged SNS topic.Answer: 这题没什么思路。。求点拨
QUESTION 179
An application has a web tier that runs on EC2 instances in a public subnet. The application tier instances run in private subnets across two Availability Zones. All traffic is IPv4 only, and each subnet has its own custom route table.
A new feature requires that application tier instances can call an external service over the Internet; however, they must still not be accessible to Internet traffic.
What should be done to allow the application servers to connect to the Internet, maintain high availability, and minimize administrative overhead?
A. Add an Amazon egress-only internet gateway to each private subnet. Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the egress-only internal gateway in the same Availability Zone.
B. Add an Amazon NAT Gateway to each public subnet. Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the NAT Gateway in the same Availability Zone.
C. Add an Amazon NAT instance to one of the public subnets Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the Internet gateway in the VPC.
D. Add an Amazon NAT Gateway to each private subnet. Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the NAT Gateway in the
other Availability Zone.Answer: B or D?NAT Gateway放在pub or private子网不知有什么区别
QUESTION 182
A company has a web application running in a Docker container that connects to a MySQL server in an on-premises data center. The deployment and maintenance of this application are becoming time-consuming and slowing down new feature releases. The company wants to migrate the application to AWS and use services that helps facilitate infrastructure management and deployment.
Which architectures should the company consider on AWS? (Choose two.)
A. Amazon ECS for the web application, and an Amazon RDS for MySQL for the database.
B. AWS Elastic Beanstalk Docker Multi-container either for the web application or database.
C. AWS Elastic Beanstalk Docker Single Container for the web application, and an Amazon RDS for MySQL for the database.
D. AWS CloudFormation with Lambda Custom Resources without VPC for the web application, and an Amazon RDS for MySQL database.
E. AWS CloudFormation with Lambda Custom Resources running in a VPC for the web application, and an Amazon RDS for MySQL database.Answer: BE or CE? Elastic Beanstalk是因为本身具有高可用性所以Single Container就OK了?
CloudFormation with Lambda Custom Resources为什么要放在VPC中?
QUESTION 188
A legacy application needs to interact with local storage using iSCSI. A team needs to design a reliable storage solution to provision all new storage on AWS.
Which storage solution meets the legacy application requirements?
A. AWS Snowball storage for the legacy application until the application can be re-architected.
B. AWS Storage Gateway in cached mode for the legacy application storage to write data to Amazon S3.C. AWS Storage Gateway in stored mode for the legacy application storage to write data to Amazon S3.
D. An Amazon S3 volume mounted on the legacy application server locally using the File Gateway service.Answer: B or C? 知道Storage Gateway in cached mode和stored mode的区别,但是看了题干不知道哪句话需要区别这两个类型。
QUESTION 192
A customer has written an application that uses Amazon S3 exclusively as a data store. The application works well until the customer increases the rate at which the application is updating information. The customer now reports that outdated data occasionally appears when the application accesses objects in Amazon S3.
What could be the problem, given that the application logic is otherwise correct?
A. The application is reading parts of objects from Amazon S3 using a range header.
B. The application is reading objects from Amazon S3 using parallel object requests.
C. The application is updating records by writing new objects with unique keys.
D. The application is updating records by overwriting existing objects with the same keys.Answer: 看到outdated以为是TTL或者cache,但是都没有选项,A or B?
QUESTION 196
A Solutions Architect is designing a web application. The web and application tiers need to access the Internet, but they cannot be accessed from the Internet.
Which of the following steps is required?
A. Attach an Elastic IP address to each Amazon EC2 instance and add a route from the private subnet to the public subnet.
B. Launch a NAT gateway in the public subnet and add a route to it from the private subnet.
C. Launch Amazon EC2 instances in the public subnet and change the security group to allow outbound traffic on port 80.
D. Launch a NAT gateway in the private subnet and deploy a NAT instance in the private subnet.Answer: B or D? 还是不知道NAT gateway在pub or private 子网区别,但是觉得D的后半句 不对,求指点。
QUESTION 200
A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive reads and writes, so the database requires the LOWEST random I/O latency. Which data storage method fulfills the
above requirements?
A. Store data in a filesystem backed by Amazon Elastic File System (EFS).
B. Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a filesystem to the database server.
C. Store data in Amazon Dynamo DB and emulate relational database semantics.
D. Stripe data across multiple Amazon EBS volumes using RAID 0.Answer: 只能排除B和A,C和D不确定。
谢谢老师和论坛内大神们!
-
anthonyhenry参与者
学习中的学员抛个砖,等老师指点:
Q176: C
Q178: B 我理解NAT gateway必须在public subnet
Q182: CE 好像老师之前解过这题?不过说实话我也不是太明白
Q188: C 只能猜reliable storage要求不能是cache模式(AWS这不是自己打脸?)
Q192: D 用同样的key(名字)意味者是更新,是最终一致。
Q196: B
Q200: D
-
挨踢小茶管理员
Q176. 个人理解是C。A,APIGW没有听过proxy模式这个说法;B,APIGW也并不能关联自己创建的ENI;D,不太能理解这个选项。
Q179. B。因为NAT GW要放到pub subnet它自己本身才能上外网的。还有就是路由表改的时候,0.0.0.0/0默认路由指向的NATGW必须是同一个AZ的。因为一个subnet=1个AZ。
Q182. CE。因为B说的是数据库也放在容器中,感觉没有放在RDS好,而如果放在RDS,web只有一台机器,只需要single container就足够了。Lambda 在VPC中是因为需要访问RDS(RDS也在VPC中),默认情况下Lambda是不在VPC中运行的,是在Region级别运行的。
Q188. B。因为题目说是想数据存在AWS上,所以用cached mode数据存在AWS上,缓存到本地。
Q192. 我感觉是D。这题是考察数据一致性,当S3有大量数据(覆盖写入)的时候,是最终一致性,因此在很短间隔内是会有可能读取到旧信息的。
Q196. B,同上面有道题的解释
Q200。D,因为文中说是关系型数据库,可以直接排除C。
-
小菲喵参与者
谢谢老师和同学!
-
-
作者帖子
哎呀,回复话题必需登录。 Login here