• ホーム
  • ブログ
  • 合格させるAmazon AWS-Solutions-AssociateにはGoShiken提供の試験問題集で2023年11月更新 [Q122-Q144]

合格させるAmazon AWS-Solutions-AssociateにはGoShiken提供の試験問題集で2023年11月更新 [Q122-Q144]

Share

合格させるAmazon AWS-Solutions-AssociateにはGoShiken提供の試験問題集で2023年11月更新

完全版最新のAWS-Solutions-Associate問題集、100%カバー率問題と解答があなたをリアル試験で合格させる


AWS-Solutions-Architect-Associate認証試験は、AWS認定パスのエントリーレベルの認定であり、AWS Certified Solutions Architect-Professionalなどの高度な認定の前提条件です。これは、AWSプラットフォームでアプリケーションを設計および展開する際の専門知識を実証したいITプロフェッショナル、ソリューションアーキテクト、および開発者に最適です。この認定は、雇用市場で際立っており、クラウドコンピューティングでのキャリアを向上させるのに役立ちます。

 

質問 # 122
A Solutions Architect is building an online shopping application where users will be able to browse items, add items to a cart, and purchase the items. Images of items will be stored in Amazon S3 buckets organized by item category. When an item is no longer available for purchase, the item image will be deleted from the S3 bucket.
Occasionally, during testing, item images deleted from the S3 bucket are still visible to some users.
What is a flaw in this design approach?

  • A. Using Amazon S3 for persistence exposes the application to a single point of failure
  • B. Amazon S3 DELETE requests are eventually consistent, which may cause other users to view items that have already been purchased
  • C. Amazon S3 DELETE requests apply a lock to the S3 bucket during the operation, causing other users to be blocked
  • D. Defining S3 buckets by item may cause partition distribution errors, which will impact performance.

正解:B


質問 # 123
A bank is designing an online customer service portal where customers can chat with customer service agents.
The portal is required to maintain a 15-minute RPO or RTO in case of a regional disaster. Banking regulations require that all customer service chat transcripts must be preserved on durable storage for at least 7 years, chat conversations must be encrypted in-flight, and transcripts must be encrypted at rest. The Data Loss Prevention team requires that data at rest must be encrypted using a key that the team controls, rotates, and revokes.
Which design meets these requirements?

  • A. The chat application logs each chat message into Amazon CloudWatch Logs. A scheduled AWS Lambda function invokes a CloudWatch Logs CreateExportTask every 5 minutes to export chat transcripts to Amazon S3. The S3 bucket is configured for cross-region replication to the backup region. Separate AWS KMS keys are specified for the CloudWatch Logs group and the S3 bucket.
  • B. The chat application logs each chat message into two different Amazon CloudWatch Logs groups in two different regions, with the same AWS KMS key applied. Both CloudWatch Logs groups are configured to export logs into an Amazon Glacier vault with a 7-year vault lock policy with a KMS key specified.
  • C. The chat application logs each chat message into Amazon CloudWatch Logs. The CloudWatch Logs group is configured to export logs into an Amazon Glacier vault with a 7-year vault lock policy. Glacier cross-region replication mirrors chat archives to the backup region. Separate AWS KMS keys are specified for the CloudWatch Logs group and the Amazon Glacier vault.
  • D. The chat application logs each chat message into Amazon CloudWatch Logs. A subscription filter on the CloudWatch Logs group feeds into an Amazon Kinesis Data Firehose which streams the chat messages into an Amazon S3 bucket in the backup region. Separate AWS KMS keys are specified for the CloudWatch Logs group and the Kinesis Data Firehose.

正解:C


質問 # 124
A data science team requires storage for nightly log processing. The size and number of logs is unknown and will persist for 24 hours only What is the MOST cost-effective solution?

  • A. Amazon S3 Glacier
  • B. Amazon S3 intelligent-Tiering
  • C. Amazon S3 Standard
  • D. Amazon S3 One Zone-Infrequent Access {S3 One Zone-IA)

正解:A


質問 # 125
A company is hosting a website behind multiple Application Load Balancers. The company has different distribution rights for its content around the world. A solutions architect needs to ensure that users are served the correct content without violating distribution rights.
Which configuration should the solutions architect choose to meet these requirements?
D18912E1457D5D1DDCBD40AB3BF70D5D

  • A. Configure Amazon CloudFront with AWS WAF.
  • B. Configure Application Load Balancers with AWS WAF.
  • C. Configure Amazon Route 53 with a geolocation policy.
  • D. Configure Amazon Route 53 with a geoproximity routing policy.

正解:C


質問 # 126
Employees from several companies use an application once a year during a specific 30- day period. The periods are different for each company. Traffic to the application spikes during these 30-day periods.
How can the application be designed to handle these traffic spikes?

  • A. Use an Amazon Route 53 to cache static elements of the website requests
  • B. Use an Auto Scaling group to scale the number of EC2 instances to match the site traffic
  • C. Use Amazon CloudFront to serve static assets to decrease the load on the EC2 instances
  • D. Use Amazon S3 to cache static elements of the website requests

正解:D


質問 # 127
In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

  • A. Client secret
  • B. Registration ID
  • C. Client ID
  • D. Device token

正解:D

解説:
To send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following: Registration ID and Client secret.
Reference:
http://docs.aws.amazon.com/sns/latest/dg/SNSMobilePushPrereq.html


質問 # 128
By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag_____ to false when you launch the instance

  • A. RemoveOnTermination
  • B. DeleteOnTermination
  • C. TerminateOnDeletion
  • D. RemoveOnDeletion

正解:B


質問 # 129
A public retail web application uses an Application Load Balancer (ALB) in front of Amazon EC2 instances running across multiple Availability Zones (AZs) in a Region backed by an Amazon RDS MySQL Multi-AZ deployment. Target group health checks are configured to use HTTP and pointed at the product catalog page.
Auto Scaling is configured to maintain the web fleet size based on the ALB health check.
Recently, the application experienced an outage. Auto Scaling continuously replaced the instances during the outage. A subsequent investigation determined that the web server metrics were within the normal range, but the database tier was experiencing high load, resulting in severely elevated query response times.
Which of the following changes together would remediate these issues while improving monitoring capabilities for the availability and functionality of the entire application stack for future growth? (Choose two.)

  • A. Configure the target group health check to point at a simple HTML page instead of a product catalog page and the Amazon Route 53 health check against the product page to evaluate full application functionality.
    Configure Amazon CloudWatch alarms to notify administrators when the site fails.
  • B. Configure an Amazon CloudWatch alarm for Amazon RDS with an action to recover a high-load, impaired RDS instance in the database tier.
  • C. Configure an Amazon ElastiCache cluster and place it between the web application and RDS MySQL instances to reduce the load on the backend database tier.
  • D. Configure the target group health check to use a TCP check of the Amazon EC2 web server and the Amazon Route 53 health check against the product page to evaluate full application functionality. Configure Amazon CloudWatch alarms to notify administrators when the site fails.
  • E. Configure read replicas for Amazon RDS MySQL and use the single reader endpoint in the web application to reduce the load on the backend database tier.

正解:C、D


質問 # 130
You are trying to use SSH to connect from your laptop to an Amazon EC2 instance over the internet. You cannot establish a connection. What could be the problem?

  • A. The security group does not allow any outbound TCP traffic to your laptop IP address
  • B. The IAM access key on your laptop does not have console access to the Amazon EC2 instance
  • C. The network ACL is set to deny all outbound TCP traffic to your laptop IP address
  • D. There is no security group and no network ACL associated with the Amazon EC2 instance

正解:A


質問 # 131
How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

  • A. Query the local instance userdata
  • B. Query the local instance metadata
  • C. Use ipconfig or ifconfig command
  • D. Query the appropriate Amazon CloudWatch metric

正解:B


質問 # 132
A Solutions Architect is concerned that the current security group rules for a database tier are too permissive and may permit requests that should be restricted. Below are the current security group permissions for the database tier:
Protocol: TCP
Port Range: 1433 (MS SQL)
Source: ALL
Currently, the only identified resource that needs to connect to the databases is the application tier consisting of an Auto Scaling group of EC2 instances.
What changes can be made to this security group that would offer the users LEAST privilege?

  • A. Change the source to the application instances IDs.
  • B. Change the source to -1 to remove source IP addresses previously unseen.
  • C. Change the source to the security group ID attached to the application instances.
  • D. Change the source to the VPC CIDR block.

正解:A


質問 # 133
Out of the stripping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ?

  • A. Raid 0
  • B. Raid 1
  • C. Raid
  • D. RAID 1+0 (RAID 10)

正解:D


質問 # 134
A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.
Which steps should the solutions architect do in conjunction to reach this goal? (Select two.)

  • A. Have the deployment engineer use AWS account roof user credentials for performing AWS CloudFormation stack operations.
  • B. Create a new IAM user for the deployment engineer and add the IAM user to a group that has the Administrate/Access IAM policy attached.
  • C. Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only.
  • D. Create a new IAM user for the deployment engineer and add the IAM user to a group that has the PowerUsers IAM policy attached.
  • E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.

正解:C、E

解説:
Explanation
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html


質問 # 135
A company stores can wordings on a monthly basis Users access lie recorded files randomly within 1year of recording, but users rarely access the files after 1year. The company wants to optimize its solution by allowing only files that ant newer than 1year old to be queried and retrieved as quickly as possible. A delay in retrieving older fees is acceptable Which solution meets these requirements MOST cost-effectively?

  • A. Store individual files in Amazon S3. Use S3 Lifecycle polices to move the ties to S3 Glacier after
    1year. Query and retrieve the files that are in Amazon S3 by using Amazon Athena. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.
  • B. Store Individual files In Amazon S3 Store search metadata for each archive In Amazon S3 Use S3 Lifecycle policies to move the ties to S3 Glacier after 1 year Query and retrieve tie flies by searching for metadata from Amazon S3.
  • C. Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after
    1year. Store search metadata in Amazon RDS Query the Sea from Amazon RDS Retrieve the files from Amazon S3 or S3 Glacier
  • D. Store individual files in Amazon S3 Glacier Store search metadata in object tags that are created in S3 Glacier Query the S3 Glacier tags to retrieve the files from S3 Glacier.

正解:C


質問 # 136
Can I move a Reserved Instance from one Region to another?

  • A. Only if they are moving into GovCloud
  • B. No
  • C. Only if they are moving to US East from another region
  • D. Yes

正解:A


質問 # 137
A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda The hospital uses API Gateway and Lambda to upload reports that are in PDF format and JPEG format The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use Amazon Textract to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text
  • B. Use Amazon Rekognition to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text
  • C. Use existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text.
  • D. Use Amazon Textract to extract the text from the reports Use Amazon SageMaker to identify the PHI from the extracted text.

正解:A

解説:
Explanation
To meet the requirements of the company to have access to both AWS and on-premises file storage with minimum latency, a hybrid cloud architecture can be used. One solution is to deploy and configure Amazon FSx for Windows File Server on AWS, which provides fully managed Windows file servers. The on-premises file data can be moved to the FSx File Gateway, which can act as a bridge between on-premises and AWS file storage. The cloud workloads can be configured to use FSx for Windows File Server on AWS, while the on-premises workloads can be configured to use the FSx File Gateway. This solution minimizes operational overhead and requires no significant changes to the existing file access patterns. The connectivity between on-premises and AWS can be established using an AWS Site-to-Site VPN connection.
Reference:
AWS FSx for Windows File Server: https://aws.amazon.com/fsx/windows/
AWS FSx File Gateway: https://aws.amazon.com/fsx/file-gateway/
AWS Site-to-Site VPN: https://aws.amazon.com/vpn/site-to-site-vpn/


質問 # 138
A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows Me system attached to multiple Amazon EC2 Windows instances that are deployed across multiple Availability Zones What should a solutions architect do to meet this requirement?

  • A. Configure a file system by using Amazon Elastic File System (Amazon EFS) Mount the EPS file system to each Windows instance
  • B. Configure an Amazon Elastic Block Store (Amazon EBS) volume with the required size Attach each EC2 instance to the volume Mount the file system within the volume to each Windows instance
  • C. Configure Amazon FSx for Windows File Server Mount the Amazon FSx file system to each Windows instance
  • D. Configure AWS Storage Gateway in volume gateway mode Mount the volume to each Windows instance

正解:C


質問 # 139
A customer has an application that is used by enterprise customers outside of AWS.
Some of these customers use legacy firewalls that cannot whitelist by DNS name, but whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the amount of traffic.
What can a Solutions Architect do to support the customer and allow for more capacity?
(Choose two.)

  • A. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses to resolve one at a time.
  • B. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53
  • C. Create additional EC2 instances and put them on standby. Remap an Elastic IP address to a standby instance in the event of a failure.
  • D. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer.
  • E. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet.

正解:D、E

解説:
Explanation
https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-ba NLB enables static IP addresses for each Availability Zone. These static addresses don't change, so they are good for our firewalls' whitelisting.


質問 # 140
A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business To ensure this does not happen again the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes Which solution meets these requirements?

  • A. Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.
  • B. Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance
  • C. Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.
  • D. Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data.

正解:C


質問 # 141
A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.
Which actions should a solutions architect take to meet this requirement? (Select TWO.)

  • A. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.
  • B. Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID
  • C. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
  • D. Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key
  • E. Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.

正解:A、C


質問 # 142
A company serves content to its subscribers across the world using an application running on AWS The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) Due to a recent change in copyright restrictions the chief information officer (CIO) wants to block access for certain countries Which action will meet these requirements?

  • A. Use Amazon CloudFront to serve the application and deny access to blocked countries.
  • B. Use ALB listener rules to return access denied responses to incoming traffic from blocked countries.
  • C. Modify the ALB security group to deny incoming traffic from blocked countries.
  • D. Modify the security group for EC2 instances to deny incoming traffic from blocked countries.

正解:A

解説:
Explanation
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
"block access for certain countries." You can use geo restriction, also known as geo blocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution.


質問 # 143
You have an Amazon EC2 instance in a VPC that is in a stopped state. Which of the following actions can you perform on this instance?

  • A. Disable detailed monitoring
  • B. Detach the network interface
  • C. Change security groups
  • D. Attach to an Auto Scaling group

正解:C


質問 # 144
......


Amazon Web Services(AWS)は、世界で最も人気のあるクラウドコンピューティングプラットフォームの1つとなり、AWS-Solutions-Architect-Associate認定は、ITプロフェッショナルが求める最も求められる認定資格の1つです。この認定は、AWS上でスケーラブルで高可用性かつ耐障害性のあるシステムを設計および展開するために必要な知識とスキルを検証するために設計されています。


AWS Certified Solutions Architect-Associate(SAA-C02)試験は、Amazon AWS-Solutions-Architect-Associate Examとしても知られており、スケーラブルで高度に利用可能な設計と展開のスキルを実証したいIT専門家向けに設計された認定試験です。 Amazon Web Services(AWS)プラットフォーム上のシステム。この試験は、AWSでスケーラブル、高度に利用可能な、断層耐性システムの設計と展開に少なくとも1年の経験がある個人を対象としています。この試験では、AWSプラットフォームに安全で信頼できるアプリケーションを構築するためのさまざまなAWSサービス、アーキテクチャ、およびベストプラクティスに関する候補者の知識をテストします。

 

最新AWS-Solutions-Associate試験問題集有効で最新の問題集:https://www.goshiken.com/Amazon/AWS-Solutions-Associate-mondaishu.html

検証済みAWS-Solutions-Associate試験解答合格確定させる:https://drive.google.com/open?id=1qtTcoHJlJMId90tQr9LbQ9jQccrHjV2O

関するブログ

もっと
AWS-Solutions-Associate無料問題集