• ホーム
  • ブログ
  • [2022年最新] 完璧AWS-Solutions-Architect-Associate問題集問題と解答で一年無料最速更新 [Q71-Q87]

[2022年最新] 完璧AWS-Solutions-Architect-Associate問題集問題と解答で一年無料最速更新 [Q71-Q87]

Share

[2022年最新] 完璧AWS-Solutions-Architect-Associate問題集問題と解答で一年無料最速更新

更新されたのは2022年リアルな無敵AWS-Solutions-Architect-Associate問題集で100% 無料AWS-Solutions-Architect-Associate試験問題集

質問 71
A company is deploying a multi-instance application within AWS that requires minimal latency between the instances.
What should a solutions architect recommend?

  • A. Use an Auto Scaling group with multiple Availability Zones in the same AWS Region.
  • B. Use an Auto Scaling group with single Availability Zone in the same AWS Region.
  • C. Use an Auto Scaling group with a cluster placement group.
  • D. Use a Network Load Balancer with multiple Amazon EC2 Dedicated Hosts as the targets

正解: C

 

質問 72
Can I test my DB Instance against a new version before upgrading?

  • A. Only in VPC
  • B. Yes
  • C. No

正解: B

 

質問 73
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.
What is the MOST secure way to do this?

  • A. Upload the file to Amazon WorkDocs and share the public link with the vendor.
  • B. Enable public read on the S3 object and provide the link to the vendor.
  • C. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multifactor authentication.
  • D. Generate a presigned URL and have the vendor download the log file before it expires.

正解: D

解説:
Explanation
Share an object with others
All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a presigned URL, using their own security credentials, to grant time-limited permission to download the objects.
When you create a presigned URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (GET to download the object) and expiration date and time. The presigned URLs are valid only for the specified duration.
Anyone who receives the presigned URL can then access the object. For example, if you have a video in your bucket and both the bucket and the object are private, you can share the video with others by generating a presigned URL.
https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html

 

質問 74
An insurance company stores all documents related to annual policies for the duration of the policies. The documents are created once and then stored until they are required typically at Ute end of the policy. A document must be capable of being retrieved immediately. The company is now moving their document management to the AWS Cloud.
Which service should a Solutions Architect recommend as a cost-effective solution that meets the company's requirements?

  • A. Amazon RDS MySQL
  • B. Amazon S3 Standard
  • C. Amazon Glacier
  • D. Amazon S3 Standard-infrequent Access

正解: D

 

質問 75
A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with a default Auto Scaling termination policy. The web servers' Auto Scaling group currently has 15 instances running.
Which instance will be terminated first during a scale-in operation?

  • A. The instance closest to the next billing hour.
  • B. The instance in the Availability Zone that has most instances.
  • C. The instance with the oldest launch configuration.
  • D. The oldest instance in the group.

正解: B

解説:
Explanation
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html With the default termination policy, the behavior of the Auto Scaling group is as follows: Determine which Availability Zone(s) have the most instances, and at least one instance that is not protected from scale in. If there are multiple unprotected instances to choose from in the Availability Zone(s) with the most instances, an instance is selected for termination based on the following criteria (applied in the order shown).

 

質問 76
A user is planning to host a Highly Available system on the AWS VPC. Which of the below mentioned statements is helpful in this scenario?

  • A. Create VPC with only one private subnet and launch instances in different AZs using that subnet.
  • B. Create VPC with only one public subnet and launch instances in different AZs using that subnet.
  • C. Create VPC subnets in two separate availability zones and launch instances in different subnets.
  • D. Create two VPCs in two separate zones and setup failover with ELB such that if one VPC fails it will divert traffic to another VPC.

正解: C

解説:
Explanation/Reference:
Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. The VPC is always specific to a region. The user can create a VPC which can span multiple Availability Zones by adding one or more subnets in each Availability Zone. Each subnet must reside entirely within one Availability Zone and cannot span across zones.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPCSubnet

 

質問 77
A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.
Which solution meets these requirements and is the MOST operationally efficient?

  • A. Server-side encryption with Amazon S3 managed keys (SSE-S3)
  • B. Server-side encryption with customer-provided keys (SSE-C)
  • C. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation
  • D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automatic rotation

正解: D

 

質問 78
A company has an Amazon S3 bucket that contains confidential information in its production AWS account The company has turned on AWS CloudTrail for the account. The account sends a copy of its logs to Amazon CloudWatch Logs. The company has configured the S3 bucket to log read and write data events.
A company auditor discovers that some objects in the S3 bucket have been deleted A solutions architect must provide the auditor with information about who deleted the objects What should the solutions architect do to provide this information?

  • A. Create a CloudWatch Logs fitter to extract the S3 write API calls against the S3 bucket
  • B. Use AWS Trusted Advisor to perform security checks for S3 write API calls that deleted the content
  • C. Use AWS Config to track configuration changes on the S3 bucket Use these details to track the S3 write API calls that deleted the content
  • D. Query the CloudTrail togs with Amazon Athena to identify the S3 write API calls against the S3 bucket

正解: D

 

質問 79
An organization is setting up RDS for their applications. The organization wants to secure RDS access with VPC.
Which of the following options is not required while designing the RDS with VPC?

  • A. The organization must create a subnet group with VPC using more than one subnet which are a part of separate AZs.
  • B. The organization should keep minimum of one IP address in each subnet reserved for RDS failover.
  • C. The organization must create a subnet group with public and private subnets. Both the subnets can be in the same or separate AZ.
  • D. If the organization is connecting RDS from the internet it must enable the VPC attributes DNS hostnames and DNS resolution.

正解: C

解説:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources based on security and operational needs. A DB subnet group is a collection of subnets (generally private) that the user can create in a VPC and assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances.
Each DB subnet group should have subnets in at least two Availability Zones in a given region. If the RDS instance is required to be accessible from the internet the organization must enable the VPC attributes, DNS hostnames and DNS resolution. For each RDS DB instance that the user runs in a VPC, he should reserve at least one address in each subnet in the DB subnet group for use by Amazon RDS for recovery actions.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

 

質問 80
A company has a web application for travel ticketing. The application is based on a database that runs in a single data center in North America. The company wants to expand the application to serve a global user base. The company needs to display the application to multiple AWS Regions. Average latency must be less than 1 second on updates to reservation database.
The company wants to have separate deployments of its web platform across multiple Regions.
However, the company must maintain a single primary reservation database that is globally consistent.
Which solution should a solutions architect recommend to meet these requirements?

  • A. Migrate the database to an Amazon Aurora MySQL database. Deploy Aurora Read Replicas in each Region. Use the correct Region endpoint in each Regional deployment for access to the database.
  • B. Migrate the application to an Amazon Aurora Severless database. Deploy instances of the database to each Region. Use the correct Region endpoint in each Regional deployment to access the database. Use AWS Lambda functions to process event streams in each Region to synchronize the databases.
  • C. Migrate the database to an Amazon RDS for MySQL database. Deploy MySQL read replicas in each Region. Use the correct Regional endpoint In each Regional deployment for access to the database.
  • D. Convert the application to use Amazon DynamoDB. Use a global table for the center reservation table.
    Use the correct Regional endpoint in each Regional deployment.

正解: D

 

質問 81
Within the IAM service a GROUP is regarded as a:

  • A. There's no GROUP in IAM, but only USERS and RESOURCES.
  • B. A collection of users.
  • C. A collection of AWS accounts
  • D. It's the group of EC2 machines that gain the permissions specified in the GROUP.

正解: B

 

質問 82
An application generates audit logs of operational activities Compliance requirements mandate that the application retain the logs for 5 years How can these requirements be met?

  • A. Save the logs in an Amazon EBS volume and lake monthly snapshots
  • B. Save the logs in an Amazon S3 bucket and enable Multi-Factor Authentication Delete (MFA Delete) on the bucket
  • C. Save the logs in an Amazon EFS volume and use Network File System version 4 (NFSv4) locking with the volume
  • D. Save the logs in an Amazon Glacier vault and use the Vault Lock feature.

正解: D

 

質問 83
Which of the following commands accepts binary data as parameters?

  • A. --aws-customer-key
  • B. --describe-instances-user
  • C. --user-data
  • D. -cipher text-key

正解: C

解説:
For commands that take binary data as a parameter, specify that the data is binary content by using the fileb:// prefix.
Commands that accept binary data include: aws ec2 run-instances --user-data parameter.
aws s3api put-object --sse-customer-key parameter. aws kms decrypt --ciphertext-blob parameter.
http://docs.aws.amazon.com/cli/latest/userguide/aws-cli.pdf

 

質問 84
A company wants to optimize the cost of its data storage for data that is accessed quarterly. The company requires high throughput, low latency, and rapid access, when needed Which Amazon S3 storage class should a solutions architect recommend?

  • A. Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
  • B. Amazon S3 Standard (S3 Standard)
  • C. Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)
  • D. Amazon S3 Glacier (S3 Glacier)

正解: C

 

質問 85
You are migrating a legacy client-server application to AWS. The application responds to a specific DNS domain (e.g. www.example.com) and has a 2-tier architecture, with multiple application servers and a database server. Remote clients use TCP to connect to the application servers. The application servers need to know the IP address of the clients in order to function properly and are currently taking that information from the TCP socket. A Multi-AZ RDS MySQL instance will be used for the database.
During the migration you can change the application code, but you have to file a change request.
How would you implement the architecture on AWS in order to maximize scalability and high availability?

  • A. File a change request to implement Alias Resource support in the application. Use Route 53 Alias Resource Record to distribute load on two application servers in different AZs.
  • B. File a change request to implement Latency Based Routing support in the application. Use Route 53 with Latency Based Routing enabled to distribute load on two application servers in different AZs.
  • C. File a change request to implement Proxy Protocol support in the application. Use an ELB with a TCP Listener and Proxy Protocol enabled to distribute load on two application servers in different AZs.
  • D. File a change request to implement Cross-Zone support in the application. Use an ELB with a TCP Listener and Cross-Zone Load Balancing enabled, two application servers in different AZs.

正解: C

 

質問 86
Complete this statement: "When you load your table directly from an Amazon_____ table, you have the option to control the amount of provisioned throughput you consume."

  • A. DataPipeline
  • B. RDS
  • C. S3
  • D. DynamoDB

正解: D

解説:
When you load your table directly from an Amazon DynamoDB table, you have the option to control the amount of Amazon DynamoDB provisioned throughput you consume.
Reference:
http://docs.aws.amazon.com/redshift/latest/dg/t_Loading_tables_with_the_COPY_command.html

 

質問 87
......

AWS-Solutions-Architect-Associate問題集PDFとテストエンジン試験問題:https://www.goshiken.com/Amazon/AWS-Solutions-Architect-Associate-mondaishu.html

Get2022年最新の無料更新されたAmazon AWS-Solutions-Architect-Associate試験問題と解答:https://drive.google.com/open?id=1E7Xvy7SHrHumOENVqCkGvlgStW7kFZp_

関するブログ

もっと
AWS-Solutions-Architect-Associate無料問題集