|
Q1. A company's CISO has asked a Solutions Architect tore-engineer the company‘s current Cl/CD practices to make sure patchdeployments to its application can happen as quickly as possible with minimaldowntime if vulnerabilities are discovered. The company must also be able to quicklyroll back a change in case of errors The web application is deployed in a fleetof Amazon EC2 instances behind an Application Load Balancer. The company iscurrently using GitHub to host the application source code, and has onfiguredan AWS Code Build project to build the application. The company also intends touse AWS Code Pipeline to trigger builds from GitHub commits using the existingCode Build project. What Cl/CD configuration meets all of therequirements? A. Configure Code Pipeline with a deploy stage usingAWS Code Deploy configured for in-place deployment. Monitor the newly deployedcode, and, if there are any issues, push another code update. B. Configure Code Pipeline with a deploy stage usingAWS Code Deploy configured for blue/green deployments. Monitor the newlydeployed code, and, if there are any issues, trigger a manual rollback usingCode Deploy. C. Configure CodePipeline with a deploy stage usingAWS CloudFormation to create a pipeline for test and production stacks Monitorthe newly deployed code, and, if there are any issues, push another codeupdate. D. Configure the Code Pipeline with a deploy stageusing AWS Ops Works and in-place deployments. Monitor the newly deployed code,and, if there are any issues, push another code update. Answer: B --->fm04 Q2. A company has a webapplication that securely uploads pictures and videos to an Amazon S3 bucket(weixin:aws_tiku).The company requires that onlyauthenticated users are allowed to post content.The application generates a resigned url that is used to upload objects througha browser interface. Most users are reporting slow upload times for objectslarger than 100 MB. What can a Solutions architect do to improve theperformance of these uploads while ensuring only authenticated users areallowed to post content? A. Setup an Amazon API Gateway with an edge-optimized APi endpoint that has aresource as an S3 service proxy Configure the PUT method for this resource toexpose the S3 PutObject operation Secure the API gateway using a COGNITO_USER_POOLSauthorizer Have the browser interface use API Gateway instead of the presignedURL to upload Objects. B. Set up an Amazon APIGateway with a regional aPl endpoint that has a resource as an s3 serviceproxy. Configure the PUT method for this resource to expose the S3 Putobjectoperation. Secure the API gateway using an AWS Lambda authorizer Have thebrowser interface use API Gateway instead of the resigned URL to uploadobjects. C. Enable an S3Transfer Acceleration endpoint on the S3 bucket. Use the endpoint whengenerating the resigned URL Have the browser interface upload the objects tothis URL using the S3 multipart upload APl. D. Configure an AmazonCloud Front distribution for the destination S3 bucket Enable PUT and PosTmethods for the CloudFront cache behavior. Update the Cloud Front origin to usean origin access identity(OAl). Give the OAl user S3: Putobject permissions inthe bucket policy. Have the browser interface upload objects using theCloudFront distribution. Answer: C --->fm12 Q3. A company has an application that uses AmazonEC2 instances in an Auto Scaling group. The Quality Assurance(QA)departmentneeds to launch a large number of short-lived environments to test theapplication. The application environments are currently launched by the Managerof the department using an AWS CloudFormation template To launch the stack, theManager uses a role with permission to use CloudFormation, EC2, and AutoScaling APIs. The Manager wants to allow testers to launch their own environmentsbut does not want to grant broad permissions to each user. Which set up wouldachieve these goals? A. Upload the AWSCloudFormation template to Amazon S3. Give users in the QA departmentpermission to assume the Managers role and add a policy that restricts thepermissions to the template and the resources it creates. Train users to launchthe template from the CloudFormation console B. Create an AWSService Catalog product from the environment template. Add a launch constraintto the product with the existing role. Give users in the QA departmentpermission to use AWS Service Catalog APls only Train users to launch thetemplate from the AWS(weixin:aws_tiku) Service Catalog console. C. Upload the AWSCloudFormation template to Amazon S3. Give users in the QA departmentpermission to use CloudFormation and S3 APls, with conditions that restrict thepermissions to the template and the resources it creates.Train users to launchthe template from the CloudFormation console. D. Create an AWSElastic Beanstalk application from the environment template. Give users in theQA department permission to use Elastic Beanstalk permissions only Train usersto launch Elastic Beanstalk environments with the Elastic Beanstalk CLl,passing the existing role to the environment as a service role. Answer: B --->fm13 Q4. A financial servicescompany logs personally identifiable information to its application logs storedin Amazon S3. Due to regulatory compliance requirements, the log files must beencrypted at rest. The Security team has mandated that the company son-premises hardware security modules(HSMs)be used to generate the CMKmaterial. Which steps should theSolutions Architect take to meet these requirements? A. Create an AWSCloudHSM cluster Create a new CMK in AWS KMS using AWS CloudHSM as the sourcefor the keymaterial and an origin of AWS CloUdHSM. Enable automatic keyrotation on the CmK with a duration of 1 year. Configurea bucket policy on thelogging bucket that disallows uploads of unencrypted data and requires that theencryption source be AWS KMS. B. Provision an AWSDirect Connect connection, ensuring there is no overlap of the rFc 1918 addressspace between on-premises hardware and the VPCs. Configure an AWS bucket policyon the logging bucket that requires all objects to be encrypted. Configure thelogging application to query the on-premises HSMs from the AWS environment forthe encryption key material, and create a unique CMK for each logging event. C. Create a CMK in AWSKMS with no key material and an origin of EXTERNAL Import the key materialgenerated from the on-premises HSMs into the CMK using the public key andimport token provided by AWS Configure a bucket policy on th(weixin:aws_tiku)e logging bucketthat disallows uploads of non-encrypted data and requires that the encryptionsource be AWS KMS. D. Create a new CMK inAWS KMS with AWS-provided key material and an origin of AWS KMS. Disable thisCMK, and overwrite the key material with the key material from the on-premisesHSM using the public key and import token provided by AWS Re-enable the CMK.Enable automatic key rotation on the CMK with a duration of 1 year. Configure abucket policy on the logging bucket that disallows uploads of non-encrypteddata and requires that the encryption source be AWS KMS. Answer: C --->fm18 Q5. A company has severalteams, and each team has their own Amazon RDS database that totals 100 TB. Thecompany is building a dataquery platform for Business Intelligence analysts togenerate a weekly business report. The new system must run ad-hoc SQL queries What is the MOSTcost-effective solution? A. Create a new AmazonRedshift cluster. Create an AWS Glue ETL job to copy data from the RDSdatabases to the amazon Redshift cluster Use Amazon Redshift to run the query B. Create an Amazon EMRcluster with enough core nodes Run an Apache Spark job to copy data from therds databases to an Hadoop Distributed File System(HDFS). Use a local ApacheHive metastore to maintain the table definition. Use Spark SQL to run the query C. Use an AWS Glue ETLjob to copy all the rds databases to a single Amazon Aurora PostgreSQLdatabase. Run SQL queries on the Aurora PostgresQL database D. Use an AWS Gluecrawler to crawl all the databases and create tables in the AWS Glue DataCatalog. Use an AWS Glue ETL job to load data from the RDS databases to amazonS3, and use amazon Athena to run the queries. Answer: D --->fm23 Q6. Acompany needs to move its on-premises resources t(weixin:aws_tiku)o AWS. The current environmentconsists of 100 virtual machines (VMs)with a total of 40 TB of storage. Most ofthe VMs can be taken offline because they support functions during businesshours only, however some are mission critical. so downtime must be minimizedThe Administrator of the on-premises network provisioned 10 Mbps of internetbandwidth for the migration. The on-premises network throughput has reachedcapacity and would be costly to increase. A Solutions Architect must design amigration solution that can be performed within the next 3 months. Whichmethod would fulfill these requirements? A.Set up a 1 Gbps AWS Direct Connect connection. Then, provision a privatevirtual interface, and use Aws server Migration Service (SMS)to migrate the VMsinto Amazon EC2. B.Use AWS Application Discovery Service to assess each application, and determinehow to refactor and optimize each using AWS services or AWS Marketplacesolutions. C.Export the VMs locally, beginning with the most mission-critical servers firstUse AWS Transfer for SFTP to securely upload each VM to Amazon S3 after theyare exported. Use VM Import/Export to import the VMs into Amazon EC2. D.Migrate mission-critical VMs with AWS SMS Export the other VMs locally andtransfer them to Amazon S3 using Aws Snowball. Use VM Import/Export to importthe VMs into Amazon EC2. Answer: D --->fm30 Q7. Acompany has a website that enables users to upload videos. Company policystates the uploaded videos must be analyzed for restricted content. An uploadedvideo is placed in Amazon S3, and a message is pushed to an Amazon sQs queuewith the video's location. A backend application pulls this location fromAmazon sQs and analyzes the video Thevideo analysis is compute-intensive and occurs sporadically during the day. Thewebsite scales with demand. The video analysis application runs on a fixednumber of instances. Peak demand occurs during the holidays, so the c(weixin:aws_tiku)ompanymust add instances to the application during this time. All instances used arecurrently on-demand Amazon EC2 T2 instances. The company wants to reduce thecost of the current solution. Whichof the following solutions is MosT cost-eftective? A.Keepthe website on T2 instances. Determine the minimum number of website instancesrequired during off-peak times and use Spot Instances to cover them while usingReserved Instances to cover peak demand. Use Amazon EC2 R4 and Amazon EC2 R5Reserved Instances in an Auto Scaling group for the video analysis application. B.Keepthe website on T2 instances. Determine the minimum number of website instancesrequired during off-peak times and use Reserved Instances to cover them whileusing On-Demand Instances to cover peak demand. Use Spot Fleet for thevideo analysis application comprised of Amazon EC2 C4 and Amazon EC2 C5 SpotInstances. C.Migratethe website to AWS Elastic Beanstalk and Amazon EC2 C4 instances. Determine theminimum number of website instances required during off-peak times and useOn-Demand Instances to cover them while using Spot capacity tocover peak demand. Use Spot Fleet for the video analysis application comprisedof C4 and Amazon EC2 C5 instances. D.Migratethe website to AWS Elastic Beanstalk and Amazon EC2 R4 instances. Determine theminimum number of website instances required during off-peak times and useReserved Instances to cover them while using On-Demand Instances to cover peakdemand. Use Spot Fleet for the video analysis application comprised of R4 andAmazon EC2 R5 Instances. Answer: B --->fm36 Q8. Acompany's main intranet page has experienced degraded response times as itsuser base has increased although there are no reports of users seeing errorpages. The application uses Amazon DynamoDB in read-only mode. Amazon DynamoDBlatency metrics for successful requests have been in a steady state even duringtimes when users have reported degradation. The Development team has correlatedthe issue to Provisioned ThroughputExceeded exceptions in the application logswhen doing Scan and read operations. The team also identified an access patternof steady spikes of read activity on adistributed set of individual data items Th(weixin:aws_tiku)e Chief Technology Officer wants toimprove the user experience. Whichsolutions will meet these requirements with the LEAST amount of changes to theapplication?(Select TWO.) A.Changethe data model of the dynamoDB tables to ensure that all Scan and readoperations meet DynamoDB best practices of uniform data access, reaching thefull request throughput provisioned for the DynamoDB tables. B.EnableDynamoDB auto scaling to manage the throughput capacity as table traffic increases.Set the upper and lower limits to control costs, and set a target utilizationgiven the peak usage and how quickly the traffic changes. C.ProvisionAmazon ElastiCache for Redis with cluster mode enabled. The cluster should beprovisioned with enough shards to spread the application load and provision atleast one read replica node for each shard. D.Implementthe DynamoDB Accelerator(DAX) client and provision a DAX cluster with theappropriate node types to sustain the application load. Tune the item and querycache configuration for an optimal user experience. E.Remove error retries and exponential backoffs in the application code to handlethrottling errors. Answer: BD --->fm41 Q9. Acompany is having issues with a newly deployed serverless infrastructure thatuses Amazon API Gateway, Amazon Lambda, and Amazon DynamoDB In a steady state,the application performs as expected. However, during peak loa(weixin:aws_tiku)d, tens ofthousands of simultaneous invocations are needed and user requests failmultiple times before succeeding. The company has checked the logs for eachcomponent, focusing specifically on Amazon CloudWatch Logs for Lambda. Thereare no errors logged by the services or applications Whatmight cause this problem? A.Lambdahas very low memory assigned, which causes the function to fail at peak load B.Lambda is in a subnet that uses a nat gateway to reach out to the internet, andthe function instance does not have sufficient Amazon EC2 resources in the VPCto scale with the load. C.The throttle limit set on APl Gateway is very low. During peak load, theadditional requests are not making their way through to lambda. D.DynamoDB is set up in an auto scaling mode. During peak load, DynamoDB adjustscapacity and throughput behind the scenes, which is causing the temporarydowntime. Once the scaling completes, the retries go through successfully. Answer: C --->fm43 Q10. Acompany recenty transformed its legacy infrastructure provisioning scripts to AWSCloudFormation templates. The newly developed templates are hosted in thecompany's private GitHub repository. Since adopting CloudFormation, the companyhas encountered several issues with updates to the CloudFormation templates,causing failed executions or creating unstable environments Management isconc(weixin:aws_tiku)erned by the increase in errors and has asked a Solutions Architect todesign the automated testing of CloudFormation template updates. Whatshould the Solutions Architect do to meet these requirements? A.Use AWS CodePipeline to create a change set from the Cloud Formation templatesstored in the private GitHub repository Execute the change set using AWS CodeDeploy. Include a CodePipeline action to test the deployment with testingscripts run by AWS Code Build the Cloud Formation templates and execute it HaveCode Deploy test the deployment with testing scripts run by AWS CodeBuild. B.Mirror the GitHub repository to AWS Code Commit using AWS Lambda. Use AWS CodeDeploy to create a change set from Code build C.Use AWS Code Pipeline to create and execute a change set from the CloudFormation templates stored in the private GitHub repository. Configure a CodePipeline action to test the deployment with testing scripts run by AWSCodeBuild D.Mirror the GitHub repository to AWS CodeCommit using AWS Lambda. Use AWS CodeBuild to create a change set from the CloudFormation templates and execute itHave CodeBuild test the deployment with testing scripts Answer: C
| 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2020-6-17 23:21:46
置顶卡
喧嚣卡
变色卡
千斤顶
楼主
