AWS助理架构师样题解析

AWS 认证是对其在 AWS 平台上设计、部署和管理应用程序所需的技能和技术知识的一种认可。获得证书有助于证明您使用 AWS 的丰富经验和可信度,同时还能提升您所在的组织熟练使用基于 AWS 云服务应用的整体水平。

目前亚马逊推出了Solutions Architect,Developer和SysOps Administrator三个方向的认证。每个方向又分为Associate Level(助理级),Professional Level(专家级)和Master Level(大师级)。当然目前只有Solutions Architect开放了Professional Level,其他层级会逐步开放中。

最近在打算备考AWS的Solutions Architect的Associate Level。关于这个考试AWS出了一个考试样题。下载链接:http://awstrainingandcertification.s3.amazonaws.com/production/AWS_certified_solutions_architect_associate_blueprint.pdf

我把样题都做了一遍,并且都尽力找到了答案在AWS文档中的出处。以下是样题和解答。

Amazon Glacier is designed for: (Choose 2 answers)

A.active database storage.

B.infrequently accessed data.

C.data archives.

D.frequently accessed data.

E.cached session data.

答案:B和C

出处文档:http://aws.amazon.com/glacier/?nc2=h_ls

Amazon Glacier is an extremely low-cost cloud archive storage service that provides secure and durable storage for data archiving and online backup. In order to keep costs low, Amazon Glacier is optimized for data that is infrequently accessed and for which retrieval times of several hours are suitable.

Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You
configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health
checks, which statement will be true?

A.The instance is replaced automatically by the ELB.

B.The instance gets terminated automatically by the ELB.

C.The ELB stops sending traffic to the instance that failed its health check.

D.The instance gets quarantined by the ELB for root cause analysis.

答案:C

出处文档:http://aws.amazon.com/elasticloadbalancing/?nc2=h_ls

Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances.

You are building a system to distribute confidential training videos to employees. Using CloudFront, what
method could be used to serve content that is stored in S3, but not publically accessible from S3
directly?

A.Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3
bucket to that OAI.

B.Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket
policy.

C.Create an Identity and Access Management (IAM) User for CloudFront and grant access to the
objects in your S3 bucket to that IAM User.

D.Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target
bucket as the Amazon Resource Name (ARN).

答案:A

OAI介绍:http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

OAI基本上就是专为这个场景引入的。

Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an
associated Elastic IP is stopped and started? (Choose 2 answers)

A.The Elastic IP will be dissociated from the instance

B.All data on instance-store devices will be lost

C.All data on EBS (Elastic Block Store) devices will be lost

D.The ENI (Elastic Network Interface) is detached

E.The underlying host for the instance is changed

答案:B E

这个题难度比较高。可以用排除法,A,C,D肯定不能选,B是对的,那么剩下一个答案只有E了啊。

In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:

A.web server visible metrics such as number failed transaction
requests

B.operating system visible metrics such as memory utilization

C.database visible metrics such as number of connections

D.hypervisor visible metrics such as CPU utilization

答案:D

注意题干说的是basic monitoring,A,B,C肯定不对。具体支持的监控指标可见http://docs.aws.amazon.com/zh_cn/AmazonCloudWatch/latest/DeveloperGuide/ec2-metricscollected.html#ec2-metrics。D是唯一接近正确答案的,但是我对hypervisor了解不多,有些迷惑人。

Which is an operational process performed by AWS for data security?

A.AES-256 encryption of data stored on any shared storage device

B.Decommissioning of storage devices using industry-standard practices

C.Background virus scans of EBS volumes and EBS snapshots

D.Replication of data across multiple AWS Regions

E.Secure wiping of EBS data when an EBS volume is unmounted

答案:B

具体可以查看 was security whitepaper: https://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf

Storage Device Decommissioning 小节里面有这么一句话:

All decommissioned magnetic storage devices are
degaussed and physically destroyed in accordance with industry-standard practices.

To protect S3 data from both accidental deletion and accidental overwriting, you should:

A.enable S3 versioning on the bucket

B.access S3 data using only signed URLs

C.disable S3 delete using an IAM bucket policy

D.enable S3 Reduced Redundancy Storage

E.enable Multi-Factor Authentication (MFA) protected access

答案:A

出处文档:http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html

Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite.

时间: 2024-10-22 10:46:10

AWS助理架构师样题解析的相关文章

AWS助理架构师认证考经

上周考了亚马逊的解决方案架构师-助理级别的认证考试并顺利通过.这也算是对自己AWS服务熟悉程度的一种检验.在准备考试的过程中,把自己学习到的AWS知识都梳理了一遍,也算是收获颇丰.这次特意分享了该认证考经. 什么是AWS认证? AWS 认证是对其在 AWS 平台上设计.部署和管理应用程序所需的技能和技术知识的一种认可.获得证书有助于证明您使用 AWS 的丰富经验和可信度,同时还能提升您所在的组织熟练使用基于 AWS 云服务应用的整体水平. 目前亚马逊推出了Solutions Architect,

AWS的SysOps认证考试样题解析

刚考过了AWS的developer认证,顺手做了一下SysOps的样题.以下是题目和答案. When working with Amazon RDS, by default AWS is responsible for implementing which two management-related activities? (Pick 2 correct answers) A. Importing data and optimizing queries B. Installing and pe

通向架构师的道路 第十五天 IBM Websphere的安装与优化 (二)

5.3 在WAS内布署应用 一般我们使用ear格式在WAS内布署我们的web应用,因此此处和weblogic, tomcat稍稍有点不一样. 为此,我们做了一个ant脚本用于打包我们的ear. 一个ear文件的格式应该如下: myEAR |__ META-INF    |__application.xml |__myWAR.war 可以看到,一个ear文件: 包含一个META-INF目录,在该目录下会有一个application.xml文件. 然后和META-INF目录同级的地方会有一个.war

通向架构师的道路(第二十六天)漫谈架构与设计文档的写作技巧

前言: 这篇是一篇番外篇,没有太多代码与逻辑,完全是一种"软"技巧,但是它对于你如何成为一名合构的架构设计人员很重要. 在此要澄清一点,架构师本身也是"程序员",不是光动嘴皮子的家伙们,如果你不是一名程序虽出身那你根本谈不上也不可能成为一名架构师. 那么架构师还有哪些是作为一名程序员来说不具备的呢? 其中有一项能力就叫做"文档写作能力". 一.Soft Skill与Hard Skill 作为一名架构师除了是一名资深的程序员外,它还必须具有相应的S

驻云科技首席架构师肖凯:要融合云,不要混合云

混合云是当前企业云化的主流思路,但反对者认为,混合云并不能反映中国云计算市场的实际需求.驻云科技COO兼首席架构师肖凯表示,目前多个公有云混合的需求并不明显,企业关注的其实是公有云和内部部署IT集成的"融合云". 肖凯日前接受了记者的采访,给出了他对企业业务迁移到云服务的建议,并介绍了驻云科技相关产品和服务的设计理念.他表示,云计算的未来是公有云,私有云一定没有前途,但目前确实存在一些因素导致中国企业不可能直接完全迁移到公有云上,所以用户对所有的IT资源是需要一个统一的资源管理平台的.

通向架构师的道路(第一天)之Apache整合Tomcat

原文转自:  http://blog.csdn.net/lifetragedy/article/details/7698555 一.先从J2EE工程的通用架构说起 这是一个通用的Web即B/S工程的架构,它由: ü   Web Server ü   App Server ü   DB Server 三大部分组成,其中: ²  Web Server 置于企业防火墙外,这个防火墙,大家可以认为是一个CISCO路由器,然后在CISCO路由器上开放了两个端口为:80和443. 80端口:用于正常的htt

通向架构师的道路(第二十七天)IBM网格计算与企业批处理任务架构

一.批处理 我们在一些项目中如:银行.保险.零商业门店系统中的对帐.结帐.核算.日结等操作中经常会碰到一些"批处理"作业. 这些批处理经常会涉及到一些大数据处理,同时处理一批增.删.改.查等SQL,往往涉及到好几张表,这边取点数据那边写点数据,运行一些存储过程等. 批处理往往耗时.耗资源,往往还会用到多线程去设计程序代码,有时处理不好还会碰到内存泄漏.溢出.不够.CPU占用高达99%,服务器被严重堵塞等现象. 笔者曾经经历过一个批处理的3次优化,该批处理笔者按照数据库连接池的原理实现了

阿里云首席架构师唐洪:拥抱开源的云端更具生命力

近日, 国际开源界顶级会议LC3(LinuxCon + ContainerCon + CloudOpen)首次在国内举行,阿里云首席架构师唐洪作为特邀嘉宾出席并发表主题演讲.唐洪首先从一组数字开始,回顾了阿里云历史及重大技术突破时间点:第二部分主要分享了阿里云目前的技术架构和亮点,以及在此基础上形成的广泛的阿里云产品生态:第三部分重点讲述了阿里云和开源社区的合作及进展,特别是阿里云在广义的虚拟化技术领域的历程,及在开源社区取得的成绩:最后还展望了阿里云在容器和异构计算安全等方向上未来的目标.唐洪

云架构师前(钱)景这么好,我们该如何转型?这有两位阿里云云架构总监多年心得

当下,由于云计算具备在线(在线的价格.服务交付.管控运维和技术文档)等特点,很多场景下用户自己就能通过online的方式自助购买并使用云服务,但由于他们缺乏产品与解决方案层面的技术和决策能力,因此,不论是用户.还是云厂商对云架构师的依赖和需求都越来越大. 那什么是云架构师呢?或者咱们从起点出发--什么是云架构? 有些同学属于理论党,我们先来看看云架构的定义,维基里面的描述为: Cloud computing architecture refers to the components and su