2019-AWS-SAA-C01练习题 301-320

AWS Certified Solutions Architect–Associate C01 Test 2019 «««  click here 1000+ Questions

Q301. A Solutions Architect is designing a database solution that must support a high rate of random disk reads and writes. It must provide consistent performance and requires long-term persistence. Which storage solution BEST meets these requirements’?




 

  1. An Amazon EBS Provisioned IOPS volume
  2. An Amazon EBS General Purpose volume
  3. An Amazon EBS Magnetic volume
  4. An Amazon EC2 Instance Store

 

Answer: B

 

Q302. A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the problem.

One of the streams has a total of 10 Mb/s throughput. What should the Solutions Architect recommend to improve performance?

 

  1. Use AWS Lambda to preprocess the data and transform the records into a simpler format,such as CSV.
  2. Run the MergeShard command to reduce the number of shards that the consumer can more easily process
  3. Change the workflow to use Amazon Kinesis Data Firehose to gain a higher throughput
  4. Run the UpdateShardCount command to increase the number of shards in the stream

 

Answer: D

 

Q303. A Solutions Architect must select the storage type for a big data application that requires very high sequential I/A. The data must persist if the instance is stopped. Which of the following storage types will provide the best fit at the LOWEST cost for the application?

 

  1. An Amazon EC2 instance store local SSD volume
  2. An Amazon EBS provisioned IOPS SSD volume
  3. An Amazon EBS throughout optimized HDD volume
  4. An Amazon EBS general purpose

 

Answer: C




Q304. A website Keeps a record of user actions using a globally unique identifier (GUID) retrieved from Amazon Aurora in place of the user name within the audit record. Security protocols state that the GUID content must not leave the company’s Amazon VPC. As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID. What should be done to reduce the number of read replicas required while improving performance?

 

  1. Keep the user name and GUID in memory on the web server instance so that the association can be remade on demand. Remove the record after 30 minutes.
  2. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve the GUID from ElastiCache when required
  3. Encrypt the GUID using Base64 and store it in the user’s session cookie. Decrypt the GUID when an audit record is needed
  4. Change the GUID to an MD5 hash of the user name, so that the value can be calculated on demand without referring to the database





Answer: B

 

Q305. A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises. Which solution should the Architect use to meet the security requirements?

 

  1. AWS CloudHSM
  2. SSE-KMS: Server-side encryption with AWS KMS managed keys
  3. SSE-S3: Server-side encryption with Amazon-managed master key
  4. SSE-C: Server-side encryption with customer-provided encryption keys

 

Answer: A

 

Q306. A Solutions Architect is investigating purchasing options for a batch processing application on Amazon EC2. The batch job downloads an image trom an Amazon S3 bucket, adds copyright information and uploads it back to Amazon S3. It normally takes 5 to 10 hours to process all the files uploaded each week. The application has built-in capabilities to process files in parallel recover from the instance failures and continue the processing from where it left off. What is the MOST cost-effective purchasing option the Solutions Architect can recommend?

 

  1. Standard Reserved Instances
  2. Scheduled Reserved Instances
  3. Spot Instances
  4. On-Demand Instances

 

Answer: B

 

Q307. A Solutions Architect is designing an application that requires having six Amazon EC2 instances running at all times. The application will be deployed in the sa-east-1 region, which has three Availability Zones: sa-east-1a, sa-east-1b and sa-east-1c. Which action will provide 100 percent fault tolerance and the LOWEST cost in the event that one Availability Zone in the region becomes unavailable?

 

  1. Deploy six Amazon EC2 instances in sa-east-la, six Amazon EC2 instances a sa-east-1b and six Amazon EC2 instances in sa-east-1c
  2. Deploy six Amazon EC2 instances in sa-east-1a, four Amazon EC2 instances in sa-east-1b and two Amazon EC2 instances in sa-east-1c
  3. Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa-east-1b and three Amazon instances in sa-east-1c
  4. Deploy two Amazon EC2 instances in sa-east-1a, two Amazon EC2 instances in sa-east-1b, and two Amazon E. instances in sa-east-1c

 

Answer: C

Q308. A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium shared content that is stored in an S3 bucket Upon payment, content will be available for download for 14 days before the user is denied access. Which of the following would be the LEAST complicated implementation?

 

  1. Use an Amazon CloudFront distribution with an origin access identity (OAI).

Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs.

Design a Lambda function to remove data that is older than 14 days

  1. Use an S3 bucket and provide direct access to the file.

Design the application to track purchases in a DynamoDB table.

Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB.

  1. Use an Amazon CloudFront distribution with an OAI.

Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs.

Design the application to set an expiration of 14 days for the URL

  1. Use an Amazon CloudFront distribution with an OAI.

Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs.

Design the application to set an expiration of 60 minutes for the URL, and recreate the URL as necessary

 

Answer: C

 

Q309. A Solutions Architect is creating a multi-tiered architecture for an application that includes a public facing web tier. Security requirements state that the Amazon EC2 instances running in the application tier must not be accessible directly from the internet.

What should be done to accomplish this?

 

  1. Create a multi-VPC peering mesh with network access rules limiting communications to specific ports Implement an internet gateway on each VPC for external connectivity.
  2. Place all instances in a single Amazon VPC with AWS WAF as the web front-end communication conduit.

Configure a NAT gateway for external communications.

  1. Use VPC peering to peer with on-premises hardware. Direct enterprise traffic through the VPC peer connection to the instances hosted in the private VPC.
  2. Deploy the web and application instances in a private subnet. Provision an Application Load Balancer in the public subnet Install an internet gateway and use security groups to control communications between the layers

 

Answer: D





Q310. A client reports that they want see an audit log of any changes made to AWS resources in their account What can the client do to achieve this?

 

  1. Set up Amazon CloudWatch monitors on services they own
  2. Enable AWS CloudTrail logs to be delivered to an Amazon S3 bucket
  3. Use Amazon CloudWatch Events to parse logs
  4. Use AWS OpsWorks to manage their resources

 

Answer: B

 

Q311. A company is launching a static website using the zone apex (mycompany com). The company wants to use Amazon Route 53 for DNS.

Which steps should the company perform to implement a scalable and cost-effective solution? (Select TWO )

 

  1. A Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 alias record to the ELB endpoint
  2. Host the website using AWS Elastic Beanstalk and map a Route 53 alias record to the Beanstalk stack.
  3. Host the website on an Amazon EC2 instance, and map a Route alias record to the public IP address of the Amazon
  4. Serve the website from an Amazon S3 bucket and map a Route 53 alias record to the website endpoint
  5. Create a Route 53 hosted zone, and set the NS record of the domain to use Route 53 name servers.

 

Answer: DE

 

Q312. A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store. Network security rules prohibit any route table entry with a 0 0 0 0/0 destination. What infrastructure addition will allow access to the AWS service while meeting the requirements?

 

  1. VPC peering
  2. NAT instance
  3. NAT gateway
  4. AWS PrivateLink

 

Answer: D

 

Q313. A customer has an application that is used by enterpnse customers outside of AWS. Some of these customers use legacy firewalls that cannot whitelist by DNS name but can whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the amount of traffic What can a Solutions Architect do to support the customer and allow for more capacity? (Select TWO )

 

  1. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet.
  2. Create additional EC2 instances and put them on standby Remap an Elastic IP address to a standby instance in the event of a failure
  3. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses to resolve one at a time
  4. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53
  5. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer

 

Answer: BE

 

Q314. A Solutions Architect plans to migrate a load balancer tier from a data center to AWS. Several websites have multiple domains that require secure load balancing. The Architect decides to use Elastic Load Balancing Application Load Balancers.

What is the MOST efficient method for achieving secure communication?

 

  1. Create a wildcard certificate and upload it to the Application Load Balancer
  2. Create an SNI certificate and upload it to the Application Load Balancer
  3. Create a secondary proxy server to terminate SSL traffic before the traffic reaches the Application Load Balancer
  4. Let a third-party Certificate Manager manage certificates required to all domains and upload them to the Application Load Balancer

 

Answer: B

 

Q315. A three-tier application is being created to host small news articles. The application is expected to serve millions of users. When breaking news occurs, the site must handle very large spikes in traffic without significantly impacting database performance. Which design meets these requirements while minimizing costs?

 

  1. Use Auto Scaling groups to increase the number of Amazon EC2 instances delivering the web application
  2. Use Auto Scaling groups to increase the size of the Amazon RDS instances delivering the database
  3. Use Amazon DynamoDB strongly consistent reads to adjust for the increase in traffic
  4. Use Amazon DynamoDB Accelerator (DAX) cache read operations to the database

 

Answer: D





Q316. A Solutions Architect is designing an application that is expected to have millions of users. The Architect needs options to store session data

Which option is the MOST performant?

 

  1. Amazon ElastiCache
  2. Amazon RDS
  3. Amazon S3
  4. Amazon EFS

 

Answer: A




Q317. A Solutions Architect is designing an elastic application that will have between 10 and 5O Amazon EC2 concurrent instances running dependent on load. Each instance must mount storage that will read and write to the same 50 GB folder.

Which storage type meets the requirements?

 

  1. Amazon S3
  2. Amazon EFS
  3. Amazon EBS volumes
  4. Amazon EC2 instance store

 

Answer: B

 

Q318. A Solutions Architect is designing a three-tier web application that will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a subsecond response time to the customers uploading the images, the Solutions Architect wants to separate the web tier from the application tier Which service would allow the presentation tier to asynchronously dispatch the request to the application tier?

 

  1. AWS Step Functions
  2. AWS Lambda
  3. Amazon SNS
  4. Amazon SQS

Answer: D



Q319. An application generates audit logs of operational activities Compliance requirements mandate that the application retain the logs for 5 years.

How can these requirements be met?

 

  1. A Save the logs in an Amazon S3 bucket and enable Multi-Factor Authentication Delete (MFA Delete) on the bucket
  2. Save the logs in an Amazon EFS volume and use Network File System version 4 (NFSv4) locking with the volume
  3. Save the logs in an Amazon Glacier vault and use the Vault Lock feature
  4. Save the logs in an Amazon EBS volume and take monthly snapshots

 

Answer: C

 

Q320. A company is designing a new application to collect data on user behavior tor analysis at a later time Amazon Kinesis Data Streams will be used to receive user interaction events. What should be done to ensure the event data is retained indefinitely?

 

  1. Configure the stream to write records to an attached Amazon EBS volume.
  2. Configure an Amazon Kinesis Data Firehose delivery stream to store data on Amazon S3.
  3. Configure the stream data retention period to retain the data indefinitely.
  4. Configure an Amazon EC2 consumer to read from the data stream and store records in Amazon SQS

 

Answer: B




发表评论

电子邮件地址不会被公开。