• ホーム
  • ブログ
  • 2023年最新のAWS-Solutions-Associate問題集レビュー専門クイズ学習材料 [Q248-Q271]

2023年最新のAWS-Solutions-Associate問題集レビュー専門クイズ学習材料 [Q248-Q271]

Share

2023年最新のAWS-Solutions-Associate問題集レビュー専門クイズ学習材料

AWS-Solutions-Associateテスト準備トレーニング練習試験問題 練習テスト

質問 # 248
A company processed 10 TB of raw data to generate quarterly reports. Although it is unlikely to be used again, the raw data needs to be preserved for compliance and auditing purposes.
What is the MOST cost-effective way to store the data in AWS?

  • A. Amazon Glacier
  • B. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
  • C. Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
  • D. Amazon EBS Cold HDD (sc1)

正解:A

解説:
They didn't mention anything about time for data retrieval , they just mentioned the cost and that data is unlikely to be used again.


質問 # 249
An International company has deployed a multi-tier web application that relies on DynamoDB in a single region For regulatory reasons they need disaster recovery capability In a separate region with a Recovery Time Objective of 2 hours and a Recovery Point Objective of 24 hours They should synchronize their data on a regular basis and be able to provision me web application rapidly using CloudFormation.
The objective is to minimize changes to the existing web application, control the throughput of DynamoDB used for the synchronization of data and synchronize only the modified elements.
Which design would you choose to meet these requirements?

  • A. Use EMR and write a custom script to retrieve data from DynamoDB in the current region using a SCAN operation and push it to QynamoDB in the second region.
  • B. Use AWS data Pipeline to schedule a DynamoDB cross region copy once a day. create a Lastupdated' attribute in your DynamoDB table that would represent the timestamp of the last update and use it as a filter.
  • C. Send also each Ante into an SQS queue in me second region; use an auto-scaiing
    group behind the SQS queue to replay the write in the second region.
  • D. Use AWS data Pipeline to schedule an export of the DynamoDB table to S3 in the current region once a day then schedule another task immediately after it that will import data from S3 to DynamoDB in the other region.

正解:B


質問 # 250
A company allows its developers to attach existing IAM policies to existing IAM roles to enable (aster experimentation and agility However the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies How should a solutions architect address this issue?

  • A. Create an Amazon SNS topic to send an alert every time a developer creates a new policy
  • B. Prevent the developers from attaching any policies and assign all IAM duties to the security operations team
  • C. Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy
  • D. Use service control policies to disable IAM activity across all accounts in the organizational unit

正解:C


質問 # 251
When creation of an EBS snapshot is initiated, but not completed, the EBS volume:

  • A. Can be used in read-only mode while the snapshot is in progress.
  • B. Cannot be detached or attached to an EC2 instance until the snapshot completes
  • C. Can be used while the snapshot is in progress.
  • D. Cannot be used until the snapshot completes.

正解:C


質問 # 252
A company has registered its domain name with Amazon Route 53. The company uses Amazon API Gateway in the ca-central-1 Region as a public interface for its backend microservice APIs. Third-party services consume the APIs securely. The company wants to design its API Gateway URL with the company's domain name and corresponding certificate so that the third-party services can use HTTPS.
Which solution will meet these requirements?

  • A. Create a Regional API Gateway endpoint. Associate the API Gateway endpoint with the company's domain name. Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the us-east-1 Region. Attach the certificate to the API Gateway APIs.
    Create Route 53 DNS records with the company's domain name. Point an A record to the company's domain name.
  • B. Create stage variables in API Gateway with Name="Endpoint-URL" and Value="Company Domain Name" to overwrite the default URL. Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM).
  • C. Create a Regional API Gateway endpoint. Associate the API Gateway endpoint with the company's domain name. Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the same Region. Attach the certificate to the API Gateway endpoint.
    Configure Route 53 to route traffic to the API Gateway endpoint.
  • D. Create Route 53 DNS records with the company's domain name. Point the alias record to the Regional API Gateway stage endpoint. Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the us-east-1 Region.

正解:C

解説:
Explanation
To design the API Gateway URL with the company's domain name and corresponding certificate, the company needs to do the following: 1. Create a Regional API Gateway endpoint: This will allow the company to create an endpoint that is specific to a region. 2. Associate the API Gateway endpoint with the company's domain name: This will allow the company to use its own domain name for the API Gateway URL. 3. Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the same Region: This will allow the company to use HTTPS for secure communication with its APIs. 4.
Attach the certificate to the API Gateway endpoint: This will allow the company to use the certificate for securing the API Gateway URL. 5. Configure Route 53 to route traffic to the API Gateway endpoint: This will allow the company to use Route 53 to route traffic to the API Gateway URL using the company's domain name.


質問 # 253
A user has created a VPC with CIDR 20.0.0.0/16 using the VPC wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's data center. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console.
Will the console allow the user to delete the VPC?

  • A. No, since the NAT instance is running, the user cannot delete the VPC.
  • B. Yes, the user can use the CLI to delete the VPC that will detach the virtual private gateway automatically.
  • C. No, the VPC console needs to be accessed using an administrator account to delete the VPC.
  • D. Yes, the user can detach the virtual private gateway and then use the VPC console to delete the VPC.

正解:D

解説:
You can delete your VPC at any time (for example, if you decide it's too small). However, you must terminate all instances in the VPC first. When you delete a VPC using the VPC console, Amazon deletes all its components, such as subnets, security groups, network ACLs, route tables, Internet gateways, VPC peering connections, and DHCP options. If you have a VPN connection, you don't have to delete it or the other components related to the VPN (such as the customer gateway and virtual private gateway).
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPC_Deleting


質問 # 254
What happens when you create a topic on Amazon SNS?

  • A. You can create a topic on Amazon SQS, not on Amazon SNS.
  • B. An ARN (Amazon Resource Name) is created.
  • C. The topic is created, and it has the name you specified for it.
  • D. This question doesn't make sense.

正解:B


質問 # 255
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

  • A. Only via Console
  • B. Only via API
  • C. No
  • D. Yes

正解:D


質問 # 256
A Solutions Architect has designed a VPC that meets all necessary security requirements for their organization. Any applications deployed in the organization must use this VPC design.
How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort?

  • A. Use AWS Elastic Beanstalk to deploy both the VPC and the application.
  • B. Run a script that uses the AWS Command Line Interface to deploy the VPC.
  • C. Deploy an AWS CloudFormation template that defines components of the VPC.
  • D. Clone the existing authorized VPC for each new project.

正解:B


質問 # 257
A company is running a database on am Amazon RDS for MySQL DB instance. The company must maintain a near-real-time replica of the database on premises. The company needs to encrypt the data in transit and is using a 1 Gbps AWS Direct Connect connection.
Which solution will meet these requirements?

  • A. Use the RDS Multi-AZ feature. Choose on premises as the failover Availability Zone over an IPsec VPN on top of the Direct Connect connection.
  • B. Use AWS Data Pipeline to replicate from AWS to on premises over an IPsec VPN on top of the Direct Conned connection.
  • C. Use MySQL replication to replicate from AWS to on premises over an IPsec VPN on top of the Direct Connect connection
  • D. Use AWS Database Migration Service (AWS DMS) and Direct Connect with MACsec encryption to continuously replicate the data from AWS to on premises.

正解:C


質問 # 258
A company is selling up an application to use an Amazon RDS MySQL DB instance. The database must be architected for high availability across Availability Zones and AWS Regions with minimal downtime.
How should a solutions architect meet this requirement?

  • A. Set up an RDS MySQL Single-AZ DB instance. Copy automated snapshots to at least one other Region.
  • B. Set up an RDS MySQL Multi-AZ DB instance. Configure an appropriate backup window.
  • C. Set up an RDS MySQL Single-AZ DB instance. Configure a read replica in a different Region.
  • D. Set up an RDS MySQL Multi-AZ DB instance. Configure a read replica in a different Region.

正解:C


質問 # 259
A company needs to use AWS resources to expand capacity for a website hosted in an on- premises data center. The AWS resources will include load balancers, Auto Scaling, and Amazon EC2 instances that will access an on-premises database. Network connectivity has been established, but no traffic is going to the AWS environment.
How should Amazon Route 53 be configured to distribute load to the AWS environment? (Select TWO.)

  • A. Set up a routing policy for failover using the on-premises environment as primary and the load balancer as secondary.
  • B. Set up a weighted routing policy, distributing the workload between the load balancer and the on- premises environment.
  • C. Create multiple A records for the EC2 instances.
  • D. Set up a geolocation routing policy to distribute the workload between the load balancer and the on- premises environment.
  • E. Set up an A record to point the DNS name to the IP address of the load balancer.

正解:B、E


質問 # 260
How many relational database engines does RDS currently support?

  • A. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite.
  • B. Three: MySQL, Oracle and Microsoft SQL Server.
  • C. Just two: MySQL and Oracle.
  • D. Just one: MySQL.

正解:B


質問 # 261
True or False: Amazon ElastiCache supports the Redis key-value store.

  • A. False, ElastiCache does not support the Redis key-value store.
  • B. False, ElastiCache supports the Redis key-value store only if you are in a VPC environment.
  • C. True, ElastiCache supports the Redis key-value store.
  • D. True, ElastiCache supports the Redis key-value store, but with limited functionalities.

正解:C

解説:
This is true. ElastiCache supports two open-source in-memory caching engines: 1. Memcached - a widely adopted memory object caching system. ElastiCache is protocol compliant with Memcached, so popular tools that you use today with existing Memcached environments will work seamlessly with the service. 2. Redis - a popular open-source in-memory key-value store that supports data structures such as sorted sets and lists.
ElastiCache supports Master / Slave replication and Multi-AZ which can be used to achieve cross AZ redundancy.
Reference: https://aws.amazon.com/elasticache/


質問 # 262
A company hosts an application on multiple Amazon EC2 instances The application processes messages from an Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate records are found in the RDS table The SQS queue does not contain any duplicate messages What should a solutions archived do to ensure messages are being processed once only?

  • A. Use the AddPermission API call to add appropriate permissions
  • B. Use the ChangeMessageVisibility API call to increase the visibility timeout
  • C. Use the CreateQueue API call to create a new queue
  • D. Use the ReceiveMessage API call to set an appropriate wait time.

正解:B


質問 # 263
A company is implementing new data retention policies for all databases that run on Amazon RDS DB instances. The company must retain daily backups for a minimum period of 2 years. The backups must be consistent and restorable.
Which solution should a solutions architect recommend to meet these requirements?

  • A. Configure an AWS Database Migration Service (AWS DMS) replication task. Deploy a replication instance, and configure a change data capture (CDC) task to stream database changes to Amazon S3 as the target Configure S3 Lifecycle policies to delete the snapshots after 2 years.
  • B. Configure database transaction logs to be automatically backed up to Amazon CloudWatch Logs with an expiration period of 2 years
  • C. Create a backup vault in AWS Backup to retain RDS backups. Create a new backup plan with a daily schedule and an expiration period of 2 years after creation. Assign the RDS DB instances to the backup plan.
    Configure a backup window for the RDS DB Instances for daily snapshots. Assign a snapshot retention policy of 2 years to each RDS DB instance. Use Amazon Data Lifecycle Manager (Amazon DLM) B. to schedule snapshot deletions.

正解:C


質問 # 264
A company has enabled IPv6 in Amazon VPC wants to avoid having resources on the internet initiate communication with instances inside the private subnet. However, these instances need to communicate with the internet.
Which VPC component should the company use?

  • A. An internet gateway
  • B. An egress-only internet gateway
  • C. A NAT Gateway
  • D. A security group

正解:C


質問 # 265
A financial company hosts a web application on AWS. The application uses an Amazon API Gateway Regional API endpoint to give users the ability to retrieve current stock prices. The company's security team has noticed an increase in the number of API requests. The security team is concerned that HTTP flood attacks might take the application offline.
A solutions architect must design a solution to protect the application from this type of attack.
Which solution meats these requirements with the LEAST operational overhead?

  • A. Create an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours
  • B. Use Amazon CloudWatch metrics to monitor the Count metric and alert the security team when the predefined rate is reached
  • C. Create a Regional AWS WAF web ACL with a rate-based rule. Associate the web ACL with the API Gateway stage.
  • D. Create an Amazon CloudFront distribution with Lambda@Edge in front of the API Gateway Regional API endpoint Create an AWS Lambda function to block requests from IP addresses that exceed the predefined rate.

正解:C


質問 # 266
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

  • A. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us- east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.
  • B. Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).
  • C. Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.
  • D. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action.

正解:A


質問 # 267
A group requires permissions to list an Amazon S3 bucket and delete objects from that bucket. An administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket. The company follows least-privilege access rules.

Which statement should a solutions architect add to the policy to correct bucket access?

  • A.
  • B.
  • C.
  • D.

正解:A


質問 # 268
An application requires block storage for file updates. The data is 500 GB and must continuously sustain 100 MiB/s of aggregate read/write operations.
Which storage option is appropriate for this application?

  • A. Amazon EBS
  • B. Amazon Glacier
  • C. Amazon EFS
  • D. Amazon S3

正解:A

解説:
Explanation
https://aws.amazon.com/efs/when-to-choose-efs/
https://docs.aws.amazon.com/efs/latest/ug/performance.html


質問 # 269
An ecommerce company is experiencing an increase in user traffic. The company's store is deployed on Amazon EC2 instances as a two-tier web application consisting of a web tier and a separate database tier. As traffic increases, the company notices that the architecture is causing significant delays in sending timely marketing and order confirmation email to users. The company wants to reduce the time it spends resolving complex email delivery issues and minimize operational overhead.
What should a solutions architect do to meet these requirements?

  • A. Create a separate application tier using EC2 instances dedicated to email processing. Place the instances in an Auto Scaling group.
  • B. Configure the web instance to send email through Amazon Simple Notification Service (Amazon SNS)
  • C. Create a separate application tier using EC2 instances dedicated to email processing.
  • D. Configure the web instance to send email through Amazon Simple Email Service (Amazon SES).

正解:D


質問 # 270
An International company has deployed a multi-tier web application that relies on DynamoDB in a single region For regulatory reasons they need disaster recovery capability In a separate region with a Recovery Time Objective of 2 hours and a Recovery Point Objective of 24 hours They should synchronize their data on a regular basis and be able to provision me web application rapidly using CloudFormation.
The objective is to minimize changes to the existing web application, control the throughput of DynamoDB used for the synchronization of data and synchronize only the modified elements.
Which design would you choose to meet these requirements?

  • A. Use EMR and write a custom script to retrieve data from DynamoDB in the current region using a SCAN operation and push it to QynamoDB in the second region.
  • B. Use AWS data Pipeline to schedule a DynamoDB cross region copy once a day. create a Lastupdated' attribute in your DynamoDB table that would represent the timestamp of the last update and use it as a filter.
  • C. Send also each Ante into an SQS queue in me second region; use an auto-scaiing group behind the SQS queue to replay the write in the second region.
  • D. Use AWS data Pipeline to schedule an export of the DynamoDB table to S3 in the current region once a day then schedule another task immediately after it that will import data from S3 to DynamoDB in the other region.

正解:D


質問 # 271
......


AWS Certified Solutions Architect - Associate 認定資格は、特に AWS を使用する個人にとって、IT 業界で高く評価されています。この認定資格は、個人が AWS 上でスケーラブルで安全で信頼性の高いシステムを設計および展開するために必要なスキルと知識を持っていることを示しています。この認定資格は、個人に新しいキャリアの機会とより高い給与をもたらします。

 

試験問題解答ブレーン問題集でAWS-Solutions-Associate試験問題集PDF問題:https://www.goshiken.com/Amazon/AWS-Solutions-Associate-mondaishu.html

AWS-Solutions-Associate試験問題集、AWS-Solutions-Associate練習テスト問題:https://drive.google.com/open?id=1WAZUPqcojYbWo28ztFOH_CyAjyNPS7Ps

関するブログ

もっと
AWS-Solutions-Associate無料問題集