2019-AWS-DVA-C01 练习题 1-20（Questions 1-20）
When you enter this command into the AWS CLI
aws ec2 describe-snapshots –snapshot-id snap-0123abcd
this message appears
“StateMessage”: “Given key ID is not accessible”
What might this indicate?
A. That someone attempted to copy an EC2-backed AMI without having the permissions to copy
AMIs within that particular region.
B. That someone attempted to encrypt an EC2 instance without having the permissions to use
any encryption keys.
C. That someone attempted to copy an EBS-backed AMI without having the permissions to copy
AMIs within that particular region.
D. That someone attempted to copy an encrypted EBS snapshot without having permissions to
use the encryption key.
Explanation: The command aws ec2 describe-snapshots –snapshot-id snap-0123abcd checks
the state of an EBS snapshot with the snapshot id “snap-0123abcd.”
The message “StateMessage”: “Given key ID is not accessible” indicates that access to the
snapshot has failed due to insufficient key permissions. This can occur if you attempt to copy an
encrypted snapshot without having permissions to use the encryption key.
You are leading a Cloud development effort in your organization. Upper management has been
reluctant to adopt the cloud and each use of a service needs to be reviewed by the Change
Control Board. You are presenting the benefits of the Simple Workflow Service. For what use
cases can Simple Workflow Service be used? (Choose 3 answers)
A. Maintaining your application’s execution state.
B. Serving as a message based queue service
C. Centralizing the coordination of steps in your application
D. Automating workflows that include long-running human tasks
Explanation: To maintain your application’s execution state, you do not have to use databases,
custom systems, or ad hoc solutions to keep execution state. To automate workflows that
include long-running human tasks (e.g., approvals, reviews, investigations, etc.), Amazon SWF
reliably tracks the status of processing steps that run up to several days or months. You can also
centralize the coordination of steps in your application. Your coordination logic does not have to
be scattered across different components, but can be encapsulated in a single program.
Your company has chosen Amazon RDS as their AWS database product. The only other product
in consideration was Amazon Redshift. From this information, what are some reasonable
conclusions you can make about the current data infrastructure of the company? (Choose 3 answers)
A. The company is interested in data warehousing.
B. The Amazon RDS storage type chosen is likely to be Magnetic (standard).
C. The Amazon RDS storage type chosen is likely to be General Purpose (SSD).
D. The company currently uses a database with a common database engine.
Explanation: The target feature of Amazon Redshift is data warehousing. Since this was the only
other product in consideration and Amazon RDS can also be used for data warehousing, it’s safe
to assume the company is interested in data warehousing. Magnetic storage is the best for data
warehousing. The choice of RDS over Redshift suggests that the company already has their own
database in place.
You have been temporarily assigned to the company security team and have been tasked with
tightening security on the company’s application (hosted in an Amazon VPC) by removing
unused rules restricting source IP addresses. Unfortunately, because you are new to the project
and the person you are temporarily replacing is on maternity leave, you do not have access to the
in-depth knowledge of the application’s active ports on the company’s Amazon EC2 instances necessary to implement this tightening of security. What steps could you take to develop a system that would help you determine unused rules and necessary source IP addresses? (Choose 3 answers)
A. Analyze network traffic from VPC Flow Logs using Amazon Elasticsearch Service.
B. Use VPC Flow Logs to capture information about the IP traffic in your Amazon VPC.
C. Inject VPC network data into Lambda triggers and have them written out to CloudFront logs.
D. Enrich VPC Flow Logs dataset with security group IDs by using Firehose and Lambda.
Explanation: Removing unused rules or limiting source IP addresses requires analysis of active
network traffic if an in-depth knowledge of an application’s active ports on Amazon EC2
instances is not available. The steps to do so are:
. Use VPC Flow Logs to capture information about the IP traffic in an Amazon VPC.
. Enrich the VPC Flow Logs dataset with security group IDs by using Firehose and Lambda.
. Demonstrate how to visualize and analyze network traffic from VPC Flow Logs by using Amazon
Elasticsearch Service (Amazon ES).
You want to migrate your application with tweaks to AWS and need to pick a database service.
You know a lot about SQL and very little about NoSQL, so you would like to keep your database
in SQL. However, based on the tweaks you would like to make, a colleague suggests that you
switch to NoSQL. What might be the reason?
A. Your application has super low-latency requirements and needs really high throughput.
B. Your application has super low-latency requirements and about 1GB of data total.
C. Your application needs really high throughput and NoSQL is a great deal better documented than SQL.
D. Your application has about 1GB of data total.
Explanation: NoSQL is targeted for low-latency and high throughput. It is also not as
well-documented as SQL.
You are a DBA for an enterprise organization that has recently started migrating some of their
databases from on-premises deployments to deployments on AWS Relational Database Service
(RDS). Your manager asks that you research scalability options within the RDS offering and
present your findings to the team. What options will you include in your presentation? (Choose 2 answers)
A. Vertical scaling with read replicas
B. Vertical scaling with instance classes
C. Horizontal scaling with instance classes
D. Horizontal scaling with read replicas
Explanation: The RDS offering provides two ways to scale a database to meet your performance
needs. You can vertically scale up an RDS deployment by changing the instance class and you
can horizontally scale an RDS deployment by using read replicas.
You are a cloud consultant helping a customer understand the differences between running
their applications in a managed datacenter and running their applications in AWS. When
reviewing the approaches your customer might take to implement elasticity in AWS, what best
practices and AWS platform options can you present? (Choose 3 answers)
A. Proactive Cyclic Scaling with scheduled scaling
B. Auto-scaling based on demand using Auto Scaling
C. Proactive Event-based Scaling with manual scaling
D. Auto-scaling based on demand using static scaling
Explanation: Understanding elasticity and how it works within AWS is critical to ensuring your
application meets the needs of your users while ensuring you achieve the cost benefits
associated with moving to a public cloud infrastructure like AWS. The AWS cloud best practices
guide notes 3 specific methods for implementing elasticity within the platform, including
Proactive Cyclic Scaling, Proactive Event-based Scaling, and Auto-scaling. Each of these
elasticity options can be implemented with scheduled scaling, manual scaling, and Auto Scaling.
Your company, which has several branch offices, has started using Amazon VPC and wants to
connect all office networks to their Amazon VPC environment. All office locations have buried
fiber optic cable internet connectivity as well as teams dedicated to implementing redundancy
and failover solutions. However, while high availability is on the list of priorities, there are no
teams yet established to implement high availability solutions. Which network design pattern to
connect to the Amazon VPC environment would make the most sense in this given scenario?
A. Establish a public connection from each office’s network to Amazon VPC using AWS Direct
B. Establish a hub-and-spoke model for connecting each office using AWS VPN CloudHub.
C. Establish a VPN connection from each office’s equipment to your software VPN appliance
running inside one of the company’s Amazon VPCs.
D. Establish a private, encrypted connection from each office’s network to Amazon VPC using
AWS Direct Connect.
Explanation: Establishing a hub-and-spoke model for connecting each office using AWS VPN
CloudHub (as backup connectivity to a third-party MPLS) makes the most sense in this scenario
since this allows reuse of existing internet and AWS VPN connections. The limitations of this
option (network latency, variability, and availability as well as needing to implement redundancy
and failover) are mitigated by the use buried fiber optic cable internet connectivity and teams
dedicated to redundancy and failover management.
You are interviewing for a development position but have not yet signed an NDA. As a result, the
interviewer can only talk about what technologies you would be working with, but nothing about
the specifics of the project you would be hired to work on. You are told that they are currently
using a memory-optimized Amazon EC2 instance (specifically R3) and Amazon Cognito. What
could be a reasonable hypothesis to make about the project?
A. The end goal is a mobile application that can access genome analysis results.
B. Media transcoding and batch processing of big workloads are the main concerns of this project.
C. Logging and auto-patching are the main concerns of this project.
D. The end goal is a mobile application that can perform large calculations using a GPU.
Explanation: R3 instances are well-suited for tasks such as in-memory analytics and genome
assembly and analysis. Amazon Cognito is target for user sign-ups and sign-in on mobile and
web apps. These two services together make it feasible to create a mobile application that can
access genome analysis results (where analysis is performed on the R3 instance).
You are working with a client that you have migrated to the cloud. The plan is to use
CloudFormation for provisioning. You are responsible for putting together a development team
and need to create a job description for developers. Ideally, you’d like to hire developers
proficient with CloudFormation templates. What languages should the developers be proficient
in? (Choose 2 answers)
Explanation: AWS CloudFormation templates are JSON or YAML-formatted text files that are
comprised of five types of elements:
. An optional list of template parameters (input values supplied at stack creation time)
. An optional list of output values (e.g. the complete URL to a web application)
. An optional list of data tables used to lookup static configuration values (e.g., AMI names)
. The list of AWS resources and their configuration values
. A template file format version number
The EC2 instance in your EC2-backed AMI has failed a status check. What are some ways to go
about troubleshooting the issue? (Choose 3 answers)
A. Retrieve the system log and look for errors.
B. Run the AWS Instance Debugger over the instance.
C. Terminate the instance and launch a replacement.
D. Wait for Amazon EC2 to resolve the issue.
Explanation: If a system status check has failed for a EC2 instance, you can try one of the
. Terminate the instance and launch a replacement.
. Wait for Amazon EC2 to resolve the issue.
. Retrieve the system log and look for errors.
. Stopping and restarting an instance is also an option, but only for EBS volumes, which is why
it’s not an option in this case.
You’ve hired a developer to work on CloudFormation templates because he has experience
working with JSON. But he does not have experience with CloudFormation templates, so you
give him a quick overview. You explain that you customize aspects of your template _____.
(Choose 3 answers)
A. only if they are already certified
B. with template parameters
C. but you cannot reuse them
D. at run time, when the stack is built
Explanation: With parameters, you can customize aspects of your template at run time, when
the stack is built. For example, the Amazon RDS database size, Amazon EC2 instance types,
database and web server port numbers can be passed to AWS CloudFormation when a stack is
You want to get a simple website up and running. You will be the only user for the foreseeable
future. Of the options available below, which of the following Amazon services would be the most
appropriate in this situation? (Choose 2 answers)
A. One t2.micro instance
B. Amazon DynamoDB
C. Three g2.8xlarge instances
D. One Elastic IP address
Explanation: In this case, you don’t need a huge instance (so a t2.micro will suffice) and one
instance can run the entire web stack (so you only need one instance total). You don’t need a
separate database and Amazon Redshift is for data warehousing. Having an Elastic IP address
and attaching it to your instance prevents the public DNS address for your instance from
changing and breaking any installations you may have.
Your company has a number of Amazon VPCs spread across multiple AWS regions and wants to
combine them all into one virtual network. The method currently under consideration is using
VPN connections established between company-managed software appliances that run inside
each Amazon VPC. What are some reasonable assumptions about company priorities that can
be made from this choice? (Choose 3 answers)
A. Having the ability to use a wider array of VPN vendors and products on both ends is a priority.
B. Having VPN instances that could potentially become a network bottleneck is considered a
major problem that needs immediate mediation.
C. Having a potential single point of failure is considered an acceptable risk.
D. Having full management of VPN endpoints on both sides of a connection is a priority.
Explanation: Using VPN connections established between company-managed software
appliances that run inside each Amazon VPC (aka Software VPN) is recommended when you
want to connect VPCS across multiple AWS regions and also want to fully manage both ends of
the VPN connection. A limitation of this approach is the potential for a single point of failure
which, if the company still chooses this design, is implied to be an acceptable risk.
You are overseeing a design meeting with your development team. One of the developers is
providing a powerpoint presentation on some of the features of the AWS cloud. Elastic Load
Balancers are incorrectly listed as one of the free services. You pull the developer aside after the
meeting and point this out. How are you billed for Elastic Load Balancers? (Choose 2 answers)
A. You are charged per hour for an ELB.
B. You are charged on a per Gb basis of usage.
C. You are charged per region for an ELB.
D. You are charged per autoscaling group for ELBs.
Explanation: With the Application Load Balancer, you only pay for what you use. You are
charged for each hour or partial hour your Application Load Balancer is running and per GB of
You are managing a VPC environment that is spread across to Availability Zones and contains
EC2 instances in an auto scaling group. CloudWatch monitoring shows that only two servers are
needed during low utilization off hours. During normal business hours, which are very busy,
four additional servers are needed. During a five-day period at the end of the year processing
period, there may be a need for an additional 10 servers. Which choices will meet the needs while
providing high availability and cost control? (Choose 2 answers)
A. Two on-demand (medium utilization) instances and four reserved instances (high utilization)
for the day to day processing
B. Auto scaling of up to ten additional servers using on-demand instances for year end processing
C. Auto scaling of up to ten additional servers using reserved instances for year end processing
D. Two reserved instances (medium utilization) instances and four reserved instances (high
utilization) for the day to day processing
Explanation: Reserved instances are the best and cheapest option when you are able to make a
long-term commitment to use the instances. Typical contract lengths are one or three years.
On-demand instances are best when you need instances for a short time period but their end of
life needs to be decided by you. Spot instances are a good option when you can afford to lose an
instance on very short notice. This happens when the current price of the spot instance exceeds
the price you had bid on it. In the case of year-end processing over a short time period, it would
not be advisable to use spot instances. A good example of using spot instances would be in mass
producing bar codes where you can easily pick up where you left off in processing.
You are attempting to use the DELETE action in your DynamoDB command-line using an
update call. However, it is erroring out. What might be some good things to check for before you
try the action again? (Choose 3 answers)
A. Check to see if you are calling DELETE on an empty set.
B. Check the data type of the attribute you’re calling DELETE on.
C. Check to see if you’re performing more than one action in a single expression.
D. Check to see if the attribute you’re calling DELETE is nested.
Explanation: The DELETE action only supports set data types, so you would want to check that
the data type is a set. Specifying an empty set will cause an error. It also only works on top-level
attributes, not nested attributes. Multiple actions can be performed in a single expression, so
that would NOT cause an error.
You are managing a development team in a very large organization. The team is using Elastic
Beanstalk for deployments and CloudFormation for provisioning. Your team keeps an internal
teamsite for important information. Due to the size of the company and the extensive use of
CloudFormation, you request that CloudFormation limits be placed on the teamsite. What limits
apply to CloudFormation? (Choose 2 answers)
A. Each AWS CloudFormation account is limited to a maximum of 200 stacks.
B. There are no limits to the number of templates.
C. Each AWS CloudFormation account is limited to a maximum of 20 stacks.
D. You can have 50 templates per region.
Explanation: There are no limits to the number of templates. Each AWS CloudFormation
account is limited to a maximum of 200 stacks. Template, Parameter, Output, and Resource
description fields are limited to 4096 characters. You can include up to 60 parameters and 60
outputs in a template.
You are a cloud engineer working at a regional retail group and you support several applications
hosted on AWS. During a holiday sale, one of your application teams reports poor performance
and they believe the issue to be related to application scaling. You log in to the AWS CLI and
retrieve the error message, which indicates a capacity-related issue. What possible workarounds
could you attempt to resolve this issue? (Choose 3 answers)
A. You have reached the limit set by the Desired Capacity parameter. Increase the limit using the
B. There are too many instances in the Auto Scaling group. Terminate an instance and monitor
C. Auto Scaling cannot support your instance type in the requested Availability Zone. Create a
new launch configuration or update your Auto Scaling group.
D. You have exceeded your AWS Service Limit on EC2 instances. Request an increase from support.
Explanation: Auto Scaling problems related to capacity limits are usually related to limits set on
the Auto Scaling group or insufficient capacity in the requested Availability Zone. It is also
possible that you have reached an AWS Service Limit; confirm that you have not exceeded your
current instance limit.
You have presented the benefits of CloudFormation for provisioning to your company. The
impressions have been favorable but you need to brief them on the costs associated with
CloudFormation. What can you tell your management about the costs of CloudFormation?
(Choose 2 answers)
A. There is no additional charge for AWS CloudFormation. You only pay for the AWS resources
that are created.
B. There is a small charge for AWS CloudFormation. Then you pay for the AWS resources that
C. Charges for AWS resources created during template instantiation apply even if you have to
D. There is a charge for CloudFormation but the resources created with it are free.
Explanation: There is no additional charge for AWS CloudFormation. You only pay for the AWS
resources that are created (e.g., Amazon EC2 instances, Elastic Load Balancing load balancers
etc.) Charges for AWS resources created during template instantiation apply irrespective of
whether the stack as a whole could be created successfully or not.