• ホーム
  • ブログ
  • 2024年最新の実際に出ると確認されたAWS-Solutions-Architect-Professional試験問題集と解答でAWS-Solutions-Architect-Professional無料更新 [Q234-Q258]

2024年最新の実際に出ると確認されたAWS-Solutions-Architect-Professional試験問題集と解答でAWS-Solutions-Architect-Professional無料更新 [Q234-Q258]

Share

2024年最新の実際に出ると確認されたAWS-Solutions-Architect-Professional試験問題集と解答でAWS-Solutions-Architect-Professional無料更新

実際問題を使ってAWS-Solutions-Architect-Professional問題集で100%無料AWS-Solutions-Architect-Professional試験問題集


AWS-Solutions-Architect-Professional Certification Examは、AWSアーキテクチャと設計に関連する幅広いトピックで候補者をテストするように設計されています。これには、AWS上のスケーラブル、高度に利用可能な、障害耐性システムの設計と展開、特定のシナリオ用の適切なAWSサービスの選択、AWSへのオンプレミスアプリケーションの移行などのトピックが含まれます。また、候補者は、AWSセキュリティとコンプライアンスのベストプラクティス、およびAWSにマルチ層アプリケーションをアーキテクトアプリケーションを展開する機能についても強く理解する必要があります。

 

質問 # 234
A company wants to allow its marketing team to perform SQL queries on customer records to identify market segments. The data is spread across hundreds of files. The records must be encrypted in transit and at rest. The team manager must have the ability to manage users and groups but no team members should have access to services or resources not required for the SQL queries Additionally, administrators need to audit the queries made and receive notifications when a query violates rules defined by the security team.
AWS Organizations has been used to create a new account and an AWS IAM user with administrator permissions for the team manager. Which design meets these requirements'?

  • A. Apply a service control policy (SCP) that denies access to all services except IAM Amazon DynamoDB.
    and AWS CloudTrail Store customer records in DynamoDB and train users to run queries using the AWS CLI Enable DynamoDB streams to track the queries that are issued and use an AWS Lambda function for real-time monitoring and alerting
  • B. Apply a service control policy (SCP) that allows access to IAM Amazon RDS. and AWS CloudTrail Load customer records in Amazon RDS MySQL and train users to run queries using the AWS CLI.
    Stream the query logs to Amazon CloudWatch Logs from the RDS database instance Use a subscription filter with AWS Lambda functions to audit and alarm on queries against personal data
  • C. Apply a service control policy (SCP) that denies access to all services except IAM Amazon Athena Amazon S3 and AWS CloudTrail Store customer record files in Amazon S3 and tram users to run queries using the CLI via Athena Analyze CloudTrail events to audit and alarm on queries against personal data
  • D. Apply a service control policy (SCP) that allows access to IAM Amazon Athena; Amazon S3, and AWS CloudTrail Store customer records as files in Amazon S3 and train users to leverage the Amazon S3 Select feature and run queries using the AWS CLI Enable S3 object-level logging and analyze CloudTrail events to audit and alarm on queries against personal data

正解:C


質問 # 235
A Solutions Architect is designing the storage layer for a data warehousing application. The data files are large, but they have statically placed metadata at the beginning of each file that describes the size and placement of the file's index. The data files are read in by a fleet of Amazon EC2 instances that store the index size, index location, and other category information about the data file in a database. That database is used by Amazon EMR to group files together for deeper analysis.
What would be the MOST cost-effective, high availability storage solution for this workflow?

  • A. Store the content of the data files in Amazon DynamoDB tables with the metadata, index, and data as their own keys.
  • B. Store the data files in Amazon EFS mounted by the EC2 fleet and EMR nodes.
  • C. Store the data files on Amazon EBS volumes and allow the EC2 fleet and EMR to mount and unmount the volumes where they are needed.
  • D. Store the data files in Amazon S3 and use Range GET for each file's metadata, then index the relevant data.

正解:D

解説:
Explanation
https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html


質問 # 236
A company runs its sales reporting application in an AWS Region in the United States. The application uses an Amazon API Gateway Regional API and AWS Lambda functions to generate on-demand reports from data in an Amazon RDS for MySQL database. The frontend of the application is hosted on Amazon S3 and is accessed by users through an Amazon CloudFront distribution. The company is using Amazon Route 53 as the DNS service for the domain. Route 53 is configured with a simple routing policy to route traffic to the API Gateway API.
In the next 6 months, the company plans to expand operations to Europe. More than 90% of the database traffic is read-only traffic. The company has already deployed an API Gateway API and Lambda functions in the new Region.
A solutions architect must design a solution that minimizes latency for users who download reports.
Which solution will meet these requirements?

  • A. Configure a cross-Region read replica for the RDS database in the new Region. Change the Route 53 record to latency-based routing to connect to the API Gateway API.
  • B. Configure a cross-Region read replica for the RDS database in the new Region. Change the Route 53 record to geolocation routing to connect to the API
  • C. Use an AWS Database Migration Service (AWS DMS) task with full load plus change data capture (CDC) to replicate the primary database in the original Region to the database in the new Region.
    Change the Route 53 record to geolocation routing to connect to the API Gateway API.
  • D. Use an AWS Database Migration Service (AWS DMS) task with full load to replicate the primary database in the original Region to the database in the new Region. Change the Route 53 record to latency-based routing to connect to the API Gateway API.

正解:A

解説:
The company should configure a cross-Region read replica for the RDS database in the new Region. The company should change the Route 53 record to latency-based routing to connect to the API Gateway API. This solution will meet the requirements because a cross-Region read replica is a feature that enables you to create a MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server read replica in a different Region from the source DB instance. You can use cross-Region read replicas to improve availability and disaster recovery, scale out globally, or migrate an existing database to a new Region1. By creating a cross-Region read replica for the RDS database in the new Region, the company can have a standby copy of its primary database that can serve read-only traffic from users in Europe. A latency-based routing policy is a feature that enables you to route traffic based on the latency between your users and your resources. You can use latency-based routing to route traffic to the resource that provides the best latency2. By changing the Route 53 record to latency-based routing, the company can minimize latency for users who download reports by connecting them to the API Gateway API in the Region that provides the best response time.
The other options are not correct because:
Using AWS Database Migration Service (AWS DMS) to replicate the primary database in the original Region to the database in the new Region would not be as cost-effective or simple as using a cross-Region read replica. AWS DMS is a service that enables you to migrate relational databases, data warehouses, NoSQL databases, and other types of data stores. You can use AWS DMS to perform one-time migrations or continuous data replication with high availability and consolidate databases into a petabyte-scale data warehouse3. However, AWS DMS requires more configuration and management than creating a cross-Region read replica, which is fully managed by Amazon RDS. AWS DMS also incurs additional charges for replication instances and tasks.
Creating an Amazon API Gateway Data API service integration with Amazon Redshift would not help with disaster recovery or minimizing latency. The Data API is a feature that enables you to query your Amazon Redshift cluster using HTTP requests, without needing a persistent connection or a SQL client.
It is useful for building applications that interact with Amazon Redshift, but not for replicating or recovering data from an RDS database.
Creating an AWS Data Exchange datashare by connecting AWS Data Exchange to the Redshift cluster would not help with disaster recovery or minimizing latency. AWS Data Exchange is a service that makes it easy for AWS customers to exchange data in the cloud. You can use AWS Data Exchange to subscribe to a diverse selection of third-party data products or offer your own data products to other AWS customers. A datashare is a feature that enables you to share live and secure access to your Amazon Redshift data across your accounts or with third parties without copying or moving the underlying data. It is useful for sharing query results and views with other users, but not for replicating or recovering data from an RDS database.
References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RDS_Fea_Regions_DB-eng.Featur
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency
https://aws.amazon.com/dms/
https://docs.aws.amazon.com/redshift/latest/mgmt/data-api.html
https://aws.amazon.com/data-exchange/
https://docs.aws.amazon.com/redshift/latest/dg/datashare-overview.html


質問 # 237
A company is running a web application with On-Demand Amazon EC2 instances in Auto Scaling groups that scale dynamically based on custom metrics After extensive testing, the company determines that the m5.2xlarge instance size is optimal for the workload Application data is stored in db.r4.4xlarge Amazon RDS instances that are confirmed to be optimal. The traffic to the web application spikes randomly during the day.
What other cost-optimization methods should the company implement to further reduce costs without impacting the reliability of the application?

  • A. Reserve capacity for the RDS database and the minimum number of EC2 instances that are constantly running.
  • B. Reduce the RDS instance size to db.r4.xlarge and add five equivalent^ sized read replicas to provide reliability.
  • C. Double the instance count in the Auto Scaling groups and reduce the instance size to m5.large
  • D. Reserve capacity for all EC2 instances and leverage Spot Instance pricing for the RDS database.

正解:A

解説:
Explanation
People are being confused by the term 'reserve capacity'. This is not the same as an on-demand capacity reservation. This article by AWS clearly states that by 'reserving capacity' you are reserving the instances and reducing your costs. See -
https://aws.amazon.com/aws-cost-management/aws-cost-optimization/reserved-instances/


質問 # 238
What is a possible reason you would need to edit claims issued in a SAML token?

  • A. The NameIdentifier claim cannot be the same as the username stored in AD.
  • B. The NameIdentifier claim must be the same as the username stored in A
  • C. The NameIdentifier claim cannot be the same as the claim URI.
  • D. Authentication fails consistently.

正解:A

解説:
The two reasons you would need to edit claims issued in a SAML token are:
The NameIdentifier claim cannot be the same as the username stored in AD, and
The app requires a different set of claim URIs.
Reference:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-saml-claims-customization/


質問 # 239
A company hosts a legacy application that runs on an Amazon EC2 instance inside a VPC without internet access Users access the application with a desktop program installed on their corporate laptops. Communication between the laptops and the VPC flows through AWS Direct Connect (DX). A new requirement states that all data in transit must be encrypted between users and the VPC.
Which strategy should a solutions architect use to maintain consistent network performance while meeting this new requirement?

  • A. Create a new public virtual interface for the existing DX connection, and create a new VPN that connects to the VPC over the DX public virtual interface
  • B. Create a new Site-to-Site VPN that connects to the VPC over the internet.
  • C. Create a new private virtual interface for the existing DX connection, and create a new VPN that connects to the VPC over the DX private virtual interface.
  • D. Create a client VPN endpoint and configure the laptops to use an AWS client VPN to connect to the VPC over the internet.

正解:C


質問 # 240
A company is migrating an application to the AWS Cloud. The application runs in an on-premises data center and writes thousands of images into a mounted NFS file system each night After the company migrates the application, the company will host the application on an Amazon EC2 instance with a mounted Amazon Elastic File System (Amazon EFS) file system.
The company has established an AWS Direct Connect connection to AWS Before the migration cutover. a solutions architect must build a process that will replicate the newly created on-premises images to the EFS file system What is the MOST operationally efficient way to replicate the images?

  • A. Deploy an AWS DataSync agent to an on-premises server that has access to the NFS file system Send data over the Direct Connect connection to an S3 bucket by using a public VIF Configure an AWS Lambda function to process event notifications from Amazon S3 and copy the images from Amazon S3 to the EFS file system
  • B. Configure a periodic process to run the aws s3 sync command from the on-premises file system to Amazon S3 Configure an AWS Lambda function to process event notifications from Amazon S3 and copy the images from Amazon S3 to the EFS file system
  • C. Deploy an AWS DataSync agent to an on-premises server that has access to the NFS file system Send data over the Direct Connect connection to an AWS PrivateLink interface VPC endpoint for Amazon EFS by using a private VIF Configure a DataSync scheduled task to send the images to the EFS file system every 24 hours.
  • D. Deploy an AWS Storage Gateway file gateway with an NFS mount point. Mount the file gateway file system on the on-premises server. Configure a process to periodically copy the images to the mount point

正解:C

解説:
Explanation
https://aws.amazon.com/blogs/storage/transferring-files-from-on-premises-to-aws-and-back-without-leaving-you


質問 # 241
A team has just received a task to build an application that needs to recognize faces in streaming videos. They will get the source videos from a third party which use a container format (MKV).
The APP should be able to quickly address faces through the video in real time and save the output in a suitable manner for downstream to process. As recommended by the AWS Solutions Architect colleague, they would like to develop the service using AWS Rekognition. Which below options are needed to accomplish the task? Select 3.

  • A. S3 buckets to store the source MKV videos for AWS Rekognition to process. S3 should be used in this case as it has provided an unlimited, highly available and durable storing space.
    Make sure that the third party has the write access to S3 buckets.
  • B. After the APP has utilized Rekognition API to fetch the recognized faces from live videos, use S3 or RDS database to store the output from Rekognition. Another lambda can be used to post-process the result and present to UI.
  • C. An Amazon Rekognition Video stream processor to manage the analysis of the streaming video. It can be used to start, stop, and manage stream processors according to needs.
  • D. A Kinesis video stream for sending streaming video to Amazon Rekognition Video. This can be done by using Kinesis PutMedia?API in Java SDK. The PutMedia operation writes video data fragments into a Kinesis video stream that Amazon Rekognition Video consumes.
  • E. Use EC2 or Lambda to call Rekognition API IetectFaces?with the source videos saved in S3 bucket. For each face detected, the operation returns face details. These details include a bounding box of the face, a confidence value, and a fixed set of attributes such as facial landmarks, etc.
  • F. A Kinesis data stream consumer to read the analysis results that Amazon Rekognition Video sends to the Kinesis data stream. It can be an Amazon EC2 instance by adding to one of Amazon Machine Images (AMIs). The consumer can be autoscaled by running it on multiple Amazon EC2 instances under an Auto Scaling group.

正解:C、D、F


質問 # 242
You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the Internet.
Which of the following options would you consider? (Choose 2 answers)

  • A. Implement IDS/IPS agents on each Instance running in VPC
  • B. Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.
  • C. Implement Elastic Load Balancing with SSL listeners in front of the web applications
  • D. Implement a reverse proxy layer in front of web servers and configure IDS/IPS agents on each reverse proxy server.

正解:A、D

解説:
Explanation
EC2 does not allow promiscuous mode, and you cannot put something in between the ELB and the web server (like a listener or IDP)


質問 # 243
A Development team is deploying new APIs as serverless applications within a company. The team is currently using the AWS Management Console to provision Amazon API Gateway, AWS Lambda, and Amazon DynamoDB resources. A Solutions Architect has been tasked with automating the future deployments of these serverless APIs.
How can this be accomplished?

  • A. Use AWS CloudFormation to define the serverless application. Implement versioning on the Lambda functions and create aliases to point to the versions. When deploying, configure weights to implement shifting traffic to the newest version, and gradually update the weights as traffic moves over.
  • B. Use AWS CloudFormation with a Lambda-backed custom resource to provision API Gateway.
    Use the AWS::DynamoDB::Table and AWS::Lambda::Function resources to create the Amazon DynamoDB table and Lambda functions. Write a script to automate the deployment of the CloudFormation template.
  • C. Commit the application code to the AWS CodeCommit code repository. Use AWS CodePipeline and connect to the CodeCommit code repository. Use AWS CodeBuild to build and deploy the Lambda functions using AWS CodeDeploy. Specify the deployment preference type in CodeDeploy to gradually shift traffic over to the new version.
  • D. Use the AWS Serverless Application Model to define the resources. Upload a YAML template and application files to the code repository. Use AWS CodePipeline to connect to the code repository and to create an action to build using AWS CodeBuild. Use the AWS CloudFormation deployment provider in CodePipeline to deploy the solution.

正解:D

解説:
https://aws-quickstart.s3.amazonaws.com/quickstart-trek10-serverless-enterprise- cicd/doc/serverless-cicd-for-the-enterprise-on-the-aws-cloud.pdf
https://aws.amazon.com/quickstart/architecture/serverless-cicd-for-enterprise/


質問 # 244
True or false: In a CloudFormation template, you can reuse the same logical ID several times to reference the resources in other parts of the template.

  • A. False, you cannot reference other parts of the template.
  • B. False, a logical ID must be unique within the template.
  • C. True, a logical ID can be used several times to reference the resources in other parts of the template.
  • D. False, you can mention a resource only once and you cannot reference it in other parts of a template.

正解:B

解説:
In AWS CloudFormation, the logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. You use the logical name to reference the resource in other parts of the template.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-resources.html


質問 # 245
A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet.
Which of the below mentioned statements is true with respect to this scenario?

  • A. When the user launches a new instance it cannot use the same subnet
  • B. Secondary network interfaces attached to the terminated instances may persist.
  • C. The user cannot delete the VPC since the subnet is not deleted
  • D. The subnet to which the instances were launched with will be deleted

正解:B

解説:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. By default, network interfaces that are automatically created and attached to instances using the console are set to terminate when the instance terminates. However, network interfaces created using the command line interface aren't set to terminate when the instance terminates.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html


質問 # 246
A retail company is operating its ecommerce application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses an Amazon RDS DB instance as the database backend. Amazon CloudFront is configured with one origin that points to the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.
After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway) error. The root cause is malformed HTTP headers that are returned to the ALB. The webpage returns successfully when a solutions architect reloads the webpage immediately after the error occurs.
While the company is working on the problem, the solutions architect needs to provide a custom error page instead of the standard ALB error page to visitors.
Which combination of steps will meet this requirement with the LEAST amount of operational overhead?
(Choose two.)

  • A. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Target.FailedHealthChecks is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a publicly accessible web server.
  • B. Modify the existing Amazon Route 53 records by adding health checks. Configure a fallback target if the health check fails. Modify DNS records to point to a publicly accessible webpage.
  • C. Add a custom error response by configuring a CloudFront custom error page. Modify DNS records to point to a publicly accessible web page.
  • D. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Elb.InternalError is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a public accessible web server.
  • E. Create an Amazon S3 bucket. Configure the S3 bucket to host a static webpage. Upload the custom error pages to Amazon S3.

正解:C、E

解説:
Explanation
"Save your custom error pages in a location that is accessible to CloudFront. We recommend that you store them in an Amazon S3 bucket, and that you don't store them in the same place as the rest of your website or application's content. If you store the custom error pages on the same origin as your website or application, and the origin starts to return 5xx errors, CloudFront can't get the custom error pages because the origin server is unavailable."
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.htm


質問 # 247
A user is creating a Provisioned IOPS volume. What is the maximum ratio the user should configure between Provisioned IOPS and the volume size?

  • A. 30 to 1
  • B. 50 to 1
  • C. 10 to 1
  • D. 20 to 1

正解:D

解説:
Provisioned IOPS SSD (io1) volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency. An io1 volume can range in size from 4 GiB to 16 TiB and you can provision 100 up to 20,000 IOPS per volume. The maximum ratio of provisioned IOPS to requested volume size (in GiB) is
50:1. For example, a 100 GiB volume can be provisioned with up to 5,000 IOPS. Any volume 400 GiB in size or greater allows provisioning up to the 20,000 IOPS maximum.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html


質問 # 248
Which of the following components of AWS Data Pipeline specifies the business logic of your data management?

  • A. Task Runner
  • B. Pipeline definition
  • C. Amazon Simple Storage Service (Amazon S3)
  • D. AWS Direct Connect

正解:B

解説:
A pipeline definition specifies the business logic of your data management.
http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/what-is-datapipeline.html


質問 # 249
A company has multiple applications that use Amazon RDS for MySQL as is database. The company recently discovered that a new custom reporting application has increased the number of Queries on the database. This is slowing down performance.
How should a solutions architect resolve this issue with the LEAST amount of application changes?

  • A. Set up a road replica and Multi-AZ on Amazon RDS.
  • B. Use caching on Amazon RDS to improve the overall performance.
  • C. Set up a standby replica and Multi-AZ on Amazon RDS.
  • D. Add a secondary DB instance using Multi-AZ.

正解:B

解説:
Explanation


質問 # 250
A software company is using three AWS accounts for each of its 1 0 development teams The company has developed an AWS CloudFormation standard VPC template that includes three NAT gateways The template is added to each account for each team The company is concerned that network costs will increase each time a new development team is added A solutions architect must maintain the reliability of the company's solutions and minimize operational complexity What should the solutions architect do to reduce the network costs while meeting these requirements?

  • A. Create a single VPC with three NAT gateways in a shared services account Configure each account VPC with a default route through a transit gateway to the NAT gateway in the shared services account VPC Remove all NAT gateways from the standard VPC template
  • B. Remove two NAT gateways from the standard VPC template Rely on the NAT gateway SLA to cover reliability for the remaining NAT gateway.
  • C. Create a single VPC with three NAT gateways in a shared services account Configure a Site-to-Site VPN connection from each account to the shared services account Remove all NAT gateways from the standard VPC template
  • D. Create a single VPC with three NAT gateways in a shared services account Configure each account VPC with a default route through a VPC peering connection to the NAT gateway in the shared services account VPC Remove all NAT gateways from the standard VPC template

正解:A


質問 # 251
A company maintains a restaurant review website. The website is a single-page application where files are stored in Amazon S3 and delivered using Amazon CloudFront. The company receives several fake postings every day that are manually removed.
The security team has identified that most of the fake posts are from bots with IP addresses that have a bad reputation within the same global region. The team needs to create a solution to help restrict the bots from accessing the website.
Which strategy should a solutions architect use?

  • A. Associate an AWS WAF web ACL with the CloudFront distribution. Select the managed Amazon IP reputation rule group for the web ACL with a deny action.
  • B. Use AWS Firewall Manager to control the CloudFront distribution security settings. Select the managed Amazon IP reputation rule group and associate it with Firewall Manager with a deny action.
  • C. Use AWS Firewall Manager to control the CloudFront distribution security settings. Create a geographical block rule and associate it with Firewall Manager.
  • D. Associate an AWS WAF web ACL with the CloudFront distribution. Create a rule group for the web ACL with a geographical match statement with a deny action.

正解:A


質問 # 252
You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link each account's bill to a Master AWS account using Consolidated Billing. To make sure you keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts. Identify which option will allow you to achieve this goal.

  • A. Create IAM users in the Master account.
    Create cross-account roles in the Dev and Test accounts that have full Admin permissions and grant the Master account access.
  • B. Create IAM users in the Master account with full Admin permissions.
    Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account.
  • C. Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts.
  • D. Link the accounts using Consolidated Billing.
    This will give IAM Users in the Master account access to resources in the Dev and Test accounts.

正解:A

解説:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html


質問 # 253
A company is running an application in the AWS Cloud. The application runs on containers in an Amazon Elastic Container Service (Amazon ECS) cluster. The ECS tasks use the Fargate launch type. The application's data is relational and is stored in Amazon Aurora MySQL. To meet regulatory requirements, the application must be able to recover to a separate AWS Region in the event of an application failure. In case of a failure, no data can be lost. Which solution will meet these requirements with the LEAST amount of operational overhead?

  • A. Set up AWS DataSync for continuous replication of the data to a different Region.
  • B. Use Amazon Data Lifecycle Manager {Amazon DLM) to schedule a snapshot every 5 minutes.
  • C. Provision an Aurora Replica in a different Region.
  • D. Set up AWS Database Migration Service (AWS DMS) to perform a continuous replication of the data to a different Region.

正解:A


質問 # 254
A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts Each VPC consists of public subnets and private subnets that span across multiple Availability Zones NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.
A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC The solutions architect already has deployed a NAT gateway in an egress VPC in a central AWS account Which set of additional steps should the solutions architect take to meet these requirements?

  • A. Create peering connections between the egress VPC and the spoke VPCs Configure the required routing to allow access to the internet
  • B. Create a transit gateway and share it with the existing AWS accounts Attach existing VPCs to the transit gateway Configure the required routing to allow access to the internet
  • C. Create an AWS PrivateLink connection between the egress VPC and the spoke VPCs Configure the required routing to allow access to the internet
  • D. Create a transit gateway in every account Attach the NAT gateway to the transit gateways Configure the required routing to allow access to the internet

正解:B


質問 # 255
A company needs to run a software package that has a license that must be run on the same physical host for the duration of its use. The software package is only going to be used for 90 days. The company requires patching and restarting of all instances every 30 days.
How can these requirements be met using AWS?

  • A. Run an On-Demand instance with a Reserved Instance to ensure consistent placement.
  • B. Run the instance on a dedicated host with Host Affinity set to Host.
  • C. Run the instance on a licensed host with termination set for 90 days.
  • D. Run a dedicated instance with auto-placement disabled.

正解:B


質問 # 256
A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted.
How can the company prevent users from accidentally deleting data in this way?

  • A. Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources.
  • B. Modify IAM policies to deny deleting RDS and EBS resources that are tagged with an
    "aws:cloudformation:stack-name" tag.
  • C. Use AWS Config rules to prevent deleting RDS and EBS resources.
  • D. Configure a stack policy that disallows the deletion of RDS and EBS resources.

正解:A

解説:
Explanation
With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, Amazon S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html


質問 # 257
A Solutions Architect is designing a system that will store Personally Identifiable Information (PII) in an
Amazon S3 bucket. Due to compliance and regulatory requirements, both the master keys and
unencrypted data should never be sent to AWS.
What Amazon S3 encryption technique should the Architect choose?

  • A. Amazon S3 client-side encryption with a client-side master key
  • B. Amazon S3 client-side encryption with an AWS KMS-managed customer master key (CMK)
  • C. Amazon S3 server-side encryption with an AWS KMS-managed key
  • D. Amazon S3 server-side encryption with a customer-provided key

正解:A

解説:
Explanation/Reference:
Reference: http://jayendrapatil.com/aws-s3-data-protection/


質問 # 258
......


AWS認定ソリューションアーキテクト - プロフェッショナル認定試験は、Amazon Web Services(AWS)プラットフォームで分散アプリケーションとシステムを設計する上で高度な技術スキルと経験を持つ個人向けに設計されています。この認定は、AWSで安全でスケーラブルなアプリケーションをアーキテクトと展開する個人の能力を検証し、クラウドアーキテクチャの構築と設計のためのベストプラクティスの知識を実証します。

 

合格させるAWS-Solutions-Architect-Professional試験問題は更新された435問あります:https://www.goshiken.com/Amazon/AWS-Solutions-Architect-Professional-mondaishu.html

AWS-Solutions-Architect-Professional試験問題集、テストエンジン練習テスト問題:https://drive.google.com/open?id=1uYnauCh7BhpFOzFbuGl96tfQ7v0Vb6BY

関するブログ

もっと
AWS-Solutions-Architect-Professional無料問題集