[cash1027]

最後一部分了,煩請請幫忙了,非常感謝

 

NO.15 A Solution Architect is creating a multi-tiered architecture for an application that includes a

public-facing web tier. Security requirement state that the Amazon EC2 instance running in the

application tier must not be accessible directly from the internet.

What should be done to accomplish this?

A. create a multi-VPC peering mesh with network access rules limiting Communications to specific

ports implements an internet gateway on each VCP for external communication.

B. Place all instances in a single Amazon VPC with AWS WAF as the web front-end communication

conduit Configure a NAT gateway for external communications.

C. Use VPC peering to peer with on-premises hardware. Direct enterprise traffic through the VPC

peer connection to the instances hosted in the private VPC.

D. Deploy the web and application instances in a private subnet Provision an Application Load

Balancer in the public subnet install gateway and use security groups to control communications

between the layers.

Answer: A

Ans: A or D

NO.35 A company wants to durably store data in 8 KB chunks. The company will access the data

once every few months. However, when the company does access the data, it must be done with as

little latency as possible.

Which AWS service should a Solutions Architect recommend if cost is NOT a factor?

A. Amazon DynamoDB

B. Amazon EBS Throughput Optimized HDD Volumes

C. Amazon EBS Cold HDD Volumes

D. Amazon ElastiCache

Answer: D

Ans:? 為何不是C

 

NO.58 A company is writing a new service running on Amazon EC2 that must create thumbnail

images of thousands of images in a large archive. The system will write scratch data to storage during

the process.

Which storage service is best suited for this scenario?

A. EC2 instance store

B. Amazon EFS

C. Amazon CloudSearch

D. Amazon EBS Throughput Optimized HDD (st1)

Answer: A

Ans:A or D

NO.81 A company is migrating on-premises databases to AWS. The company’s backend application
produces a large amount of database queries for reporting purposes, and the company wants to
offload some of those reads to Read Replica, allowing the primary database to continue performing
efficiently.
Which AWS database platforms will accomplish this? (Select TWO.)
A. Amazon RDS for Oracle
B. Amazon RDS for PostgreSQL
C. Amazon RDS for MariaDB
D. Amazon DynamoDB
E. Amazon RDS for Microsoft SQL Server
Answer: A B
為何不是B C

 

NO.83 A Security team reviewed their company’s VPC Flow Logs and found that traffic is being

directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and

Amazon S3 for storage. The company’s goal is to eliminate internet access and allow the application

to continue to function.

What change should be made in the VPC before updating the route table?

A. Create a NAT gateway for Amazon S3 access

B. Create a VPC endpoint for Amazon S3 access

C. Create a VPC endpoint for Amazon EC2 access

D. Create a NAT gateway for Amazon EC2 access

Answer: B

Ans: B or D

 

NO.86 A Solutions Architect must create a solution whereby user access to multiple Amazon Aurora

MySQL databases is securely managed with short-lived connection credentials.

How can the Solutions Architect meet these requirements?

A. Create a database user to run the GRANT statement with a short-lived token.

B. Create the user account to use the AWS-provided AWSAuthenticationPlugin with 1AM.

C. Use AWS Systems Manager to securely save the connection secrets, and use the secrets while

connecting.

D. Use AWS KMS to securely save the connection secrets, and use the secrets while connecting.

Answer: D

A or D

NO.101 An application publishes Amazon SNS messages in response to several events. An AWS
Lambda function subscribes to these messages. Occasionally the function will fail while processing a
message, so the original event message must be preserved for root cause analysis.
What architecture will meet these requirements without changing the workflow?
A. Subscribe an Amazon SQS queue to the Amazon SNS topic and trigger the Lambda function from
the queue.
B. Configure Lambda to write failures to an SQS Dead Letter Queue.
C. Configure a Dead Letter Queue for the Amazon SNS topic.
D. Configure the Amazon SNS topic to invoke the Lambda function synchronously.
Answer: B
Ans: A or B

 

NO.105 A customer has a production application that frequently overwrites and deletes data, the
application requires the most up-to-date version of the data every time it is requested.
Which storage should a Solutions Architect recommend to bet accommodate this use case?
A. Amazon S3
B. Amazon RDS
C. Amazon RedShift
D. AWS Storage Gateway
Answer: B
為何不是A

NO.111 A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private

connectivity to Amazon DynamoDB in the same AWS Region.

The design should route DynamoDB traffic through:

A. VPC peering connection.

B. NAT gateway

C. VPC endpoint

D. AWS Direct Connect

Answer: A

為何不是C

 

NO.146 A customer owns a simple API for their website that receives about 1,000 requests each day

and has an average response time of 50 ms. It is currently hosted on one c4.large instance.

Which changes to the architecture will provide high availability at the LOWEST cost?

A. Create an Auto Scaling group with a minimum of one instance and a maximum of two instances,

then use an Application Load Balancer to balance the traffic.

B. Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.

C. Create an Auto Scaling group with a maximum of two instances, then use an Application Load

Balancer to balance the traffic.

D. Recreate the API using Amazon API Gateway and integrate the new API with the existing backend

service.

Answer: B

Ans: A or B

 

NO.149 An organization is deploying Amazon ElastiCache for Redis and requires password

protection to improve their data security posture.

Which solution should a Solutions Architect recommend?

A. Redis Auth

B. AWS Single Sign-On

C. 1AM database authentication

D. VPC security group for Redis

Answer: B

Ans: A or B

 

NO.150 To meet compliance standards, a company must have encrypted archival data storage. Data

will be accessed infrequently, with lead times well in advance of when archived data must be

recovered. The company requires that the storage be secure, durable, and provided at the lowest

price per 1TB of data stored.

What type of storage should be used?

A. Amazon S3

B. Amazon EBS

C. Amazon Glacier

D. Amazon EFS

Answer: C

Ans:A or C

NO.159 A workload consists of downloading an image from an Amazon S3 bucket, processing the
image, and moving it to another Amazon S3 bucket. An Amazon EC2 instance runs a scheduled task
every hour to perform the operation.
How should a Solutions Architect redesign the process so that it is highly available?
A. Change the Amazon EC2 instance to compute optimized.
B. Launch a second Amazon EC2 instance to monitor the health of the first.
C. Trigger a Lambda function when a new object is uploaded.
D. Initially copy the images to an attached Amazon EBS volume.
Answer: A
為何不是C

NO.162 A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto
Scaling group.
Which of the following factors determine the health check grace period? (Select TWO.)
A. How frequently the Auto Scaling group scales up or down.
B. How many Amazon CloudWatch alarms are configured for status checks.
C. How much of the application code is embedded in the AMI.
D. How long it takes for the Auto Scaling group to detect a failure.
E. How long the bootstrap script takes to run.
Answer: C E
為何不是AD

NO.208 A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications
will save objects.
How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket,
the object is encrypted?
A. Set a CORS configuration.
B. Set a bucket policy to encrypt all Amazon S3 objects.
C. Enable default encryption on the bucket.
D. Set permission for users
Answer: A
為何不是C

 

NO.215 A company hosts a two-tier application that consists of a publicly accessible web server that

communicates with a private database. Only HTTPS port 443 traffic to the web server must be

allowed from the Internet.

Which of the following options will achieve these requirements? (Choose two.)

A. Security group rule that allows inbound Internet traffic for port 443.

B. Security group rule that denies all inbound Internet traffic except port 443.

C. Network ACL rule that allows port 443 inbound and all ports outbound for Internet traffic.

D. Security group rule that allows Internet traffic for port 443 in both inbound and outbound.

E. Network ACL rule that allows port 443 for both inbound and outbound for all Internet traffic.

Answer: A E

Ans: AC or AE?

 

NO.256 A company is developing a new stateless web service with low memory requirements.

The service needs to scale based on demand.

What is the MOST cost-effective solution?

A. Deploy the application onto AWS Elastic Beanstalk

B. Deploy the application onto AWS Lambda with access through Amazon API Gateway

C. Deploy the application onto an Amazon EC2 Spot Fleet

D. Deploy the application onto a container with an Amazon ECS EC2 launch type

Answer: D

Ans:A?

 

NO.274 A company runs a legacy application with a single-tier architecture on an Amazon EC2

instance. Disk I/O is low, with occasional small spikes during business hours. The company requires

the instance to be stopped from 8 PM to 8 AM daily.

Which storage option is MOST appropriate for this workload?

A. Amazon EC2 instance storage

B. Amazon EBS General Purpose SSD (gp2) storage

C. Amazon S3

D. Amazon EBS Provision IOPS SSD (io1) storage

Answer: B

Ans: B or C

[挨踢小茶]

建议下次这些题目先告诉我你自己的初步分析是什么哦。

Q15.  D是正解。因为题目说你有EC2实例做Web，但是不希望暴露到公网。所以一般是让ELB放在公网，然后EC2放在内网，再配置EC2可以让ELB访问，不让公网访问。

Q35.  D。在不考虑cost的情况下访问要最快，四个选项肯定是Elasticache最快了，因为它是基于内存的，而其他都是基于硬盘的（即使是SSD）。但是D相对其他选项来说cost会非常高，因此题目也提到了如果cost不是一个考虑因素。C的话速度是4个选项里面最慢的一个。

Q58. A，这题考察的关键词是“scratch data”，临时数据如何保存最好，当然是实例存储了。实例存储虽然不是持久的，但是速度最快，最适合保存临时数据。

Q81. 这题我感觉ABC都可以。。

Q83. B。因为题目至提到需要使用EC2和S3，所以通过VPC Endpoint可以让EC2访问S3而同时保证EC2不能访问Internet。挂了NAT GW也是能访问Internet的。

Q86. 这题不是很确定，感觉像是C

Q101. B。Lambda执行错误，重试3次之后会进入到死信队列，方便我们来做排错的

Q105. B是对的，因为文章要求对覆盖和删除操作有强一致性，S3对这两个操作是最终一致性，不能满足这个要求。

Q111. 这题必须是C，VPC Peering做不到这个效果，因为DynamoDB是不在VPC内部的，是在Region级别的。

Q146. 这题严格来说A也是可以的，但是我要做到高可用，Auto Scaling组设置1个最大实例就可以了。但是要最大节约成本，肯定使用API GW+Lambda的组合了，毫无疑问的。

Q149. 这题真的不确定了

Q150. 绝对是C了，几个关键词，archival, infrequently, lowest price，还说读取的适合能提前知道

 

 

[挨踢小茶]

Q159. 我也会选择C

Q162. CE，这题是考察ASG启动的时候的流程，涉及了AMI内的程序，以及你的启动脚本

Q208. 我也觉得是C

Q215. AC是正解，这题这几天回答过。。搜下论坛

Q256. D。几个关键词，Stateless，low memory，很适合用容器服务，因为容器服务能最大化利用实例的资源。

Q274. B，S3和EC2结合使用，在高IO的情况下性能也不是很好

[cash1027]

好的，我會注意，再次感謝你的幫忙

[叶威]

请问81题的D选项为什么不可以呢？

[挨踢小茶]

因为D的DynamoDB涉及的是Nosql，虽然题目没有提及on-prem用的是sql还是nosql，但是如果是nosql的话，其他答案就都不正确了。如果要把nosql迁移到sql的话，需要做很多更改scheme的事情。

[作者]

帖子