[2024年最新] 完璧AWS-Solutions-Associate問題集問題と解答で一年無料最速更新 [Q198-Q215]

[2024年最新] 完璧AWS-Solutions-Associate問題集問題と解答で一年無料最速更新

更新されたのは2024年リアルな無敵AWS-Solutions-Associate問題集で100% 無料AWS-Solutions-Associate試験問題集

AWS-Solutions-Associate認定試験に合格するには、1000点満点中720点以上のスコアが必要です。試験に合格すると、2年間有効なデジタルバッジと認証を受け取ることができます。また、トレーニング資料、ホワイトペーパー、ウェビナーなどの独占的なAWSリソースにアクセスできるようになり、最新のAWSテクノロジーやベストプラクティスについて最新情報を得ることができます。

 

質問 # 198
A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances that are deployed across Availability Zones.
What should a solution architect do to meet this requirement?

• A. Configure AWS Storage gateway in volume gateway mode. Mount the volume to each Windows instance.
• B. Configure an Amazon Elastic Block Store (Amazon EBS) volume with the required size. Attach each instance to the volume. Mount the file system within the volume to each Windows instance.
• C. Configure Amazon FSx for Windows File Server. Mount the Amazon FSx file system to each Windows instance.
• D. Configure a file system by using Amazon Elastic File System (Amazon EFS) Mounty the EFS file system to each Windows instance.

正解：D

質問 # 199
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

• A. Group member are denied any Amazon EC2 permissions in the us-east-1 Region unless they are tagged in with multi-factor authentication (MFA).
• B. Group members are allowed the ec2:StopInstances and ec2:Terminatelnstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members authorized any other Amazon EC2 action.
• C. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region
• D. Group members are permitted any Amazon EC2 action within the uss-east-1 Region. Statements after The Allow permission are not applied

正解：C

質問 # 200
An ecommerce company wants to launch a one-deal-a-day website on AWS. Each day will feature exactly one product on sale for a period of 24 hours. The company wants to be able to handle millions of requests each hour with millisecond latency during peak hours.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Use an Amazon S3 bucket to host the website's static content Deploy an Amazon CloudFront distribution. Set the S3 bucket as the origin Use Amazon API Gateway and AWS Lambda functions for the backend APIs Store the data in Amazon DynamoDB
• B. Deploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones Add an Application Load Balancer (ALB) to distribute the website traffic Add another ALB for the backend APIs Store the data in Amazon RDS for MySQL
• C. Migrate the full application to run in containers Host the containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use the Kubernetes Cluster Autoscaler to increase and decrease the number of pods to process bursts in traffic Store the data in Amazon RDS for MySQL
• D. Use Amazon S3 to host the full website in different S3 buckets Add Amazon CloudFront distributions Set the S3 buckets as origins for the distributions Store the order data in Amazon S3

正解：A

解説：
To launch a one-deal-a-day website on AWS with millisecond latency during peak hours and with the least operational overhead, the best option is to use an Amazon S3 bucket to host the website's static content, deploy an Amazon CloudFront distribution, set the S3 bucket as the origin, use Amazon API Gateway and AWS Lambda functions for the backend APIs, and store the data in Amazon DynamoDB. This option requires minimal operational overhead and can handle millions of requests each hour with millisecond latency during peak hours. Therefore, option D is the correct answer.
Reference:
https://aws.amazon.com/blogs/compute/building-a-serverless-multi-player-game-with-aws-lambda-and-amazon-

質問 # 201
True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted.

• A. FALSE
• B. TRUE

正解：B

質問 # 202
A company had decided to store its critical data on the AWS Cloud. Newly uploaded data is frequently accessed for a period of one month, after which the data is no longer frequently accessed. However, there is a requirement for older objects with a specific prefix to be accessed within milliseconds.
What services and features should the company use to meet this requirement is a durable, available, and cost-effective manner?

• A. Use the S3 STANDARDJA storage class to store the objects for the initial month. After one month, use lifecycle transition policies to change the storage class for all data to S3 ONEZONE_IA
• B. Use the S3 Standard storage class to store the objects for the initial month. After one month, use lifecycle transition policies to change the storage class for objects with the prefix to S3 STANDARDJA and the rest of the data to Amazon Glacier
• C. Use the S3 Standard storage class to store the objects for the initial month. After one month use lifecycle transition policies to change the storage class for all data to Amazon Glacier
• D. Use the S3 STANDARDJA storage class to store the objects for the initial month. After one month, use lifecycle transition policies to change the storage class for the objects with the prefix to S3 ONEZONEJA and the rest of the data to Amazon Glacier

正解：A

質問 # 203
A company is building applications in containers. The company wants to migrate its on-premises development and operations services from its on-premises data center to AWS. Management states that production system must be cloud agnostic and use the same configuration and administrator tools across production systems. A solutions architect needs to design a managed solution that will align open-source software.
Which solution meets these requirements?

• A. Launch the containers on Amazon Elastic Kubernetes Service (Amazon EKS) and EKS workers nodes.
• B. Launch the containers on Amazon Elastic Containers service (Amazon ECS) with AWS Fargate instances.
• C. Launch the containers on Amazon EC2 with EC2 instance worker nodes.
• D. Launch the containers on Amazon Elastic Container Service (Amazon EC) with Amazon EC2 instance worker nodes.

正解：A

質問 # 204
You are configuring your company's application to use Auto Scaling and need to move user state information. Which of the following AWS services provides a shared data store with durability and low latency?

• A. Amazon EC2 instance storage
• B. Amazon DynamoDB
• C. AWS ElasticCAche Memcached
• D. Amazon Simple Storage Service

正解：D

質問 # 205
A company wants to implement a backup strategy for Amazon EC2 data and multiple Amazon S3 buckets.
Because of regulatory requirements, the company must retain backup files for a specific time period. The company must not alter the files for the duration of the retention period.
Which solution will meet these requirements?

• A. Use AWS Backup to create a backup vault that has a vault lock in governance mode. Create the required backup plan.
• B. Use Amazon Data Lifecycle Manager to create the required automated snapshot policy.
• C. Use AWS Backup to create a backup vault that has a vault lock in compliance mode. Create the required backup plan.
• D. Use Amazon S3 File Gateway to create the backup. Configure the appropriate S3 Lifecycle management.

正解：C

解説：
AWS Backup is a fully managed service that allows you to centralize and automate data protection of AWS services across compute, storage, and database. AWS Backup Vault Lock is an optional feature of a backup vault that can help you enhance the security and control over your backup vaults. When a lock is active in Compliance mode and the grace time is over, the vault configuration cannot be altered or deleted by a customer, account/data owner, or AWS. This ensures that your backups are available for you until they reach the expiration of their retention periods and meet the regulatory requirements. References:
https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html

質問 # 206
A company has a hybrid application hosted on multiple on-premises servers with static IP addresses. There is already a VPN that provides connectivity between the VPC and the on-premises network. The company wants to distribute TCP traffic across the on-premises servers for internet users.
What should a solutions architect recommend to provide a highly available and scalable solution?

• A. Launch an Amazon EC2 instance with public IP addresses in an Auto Scaling group and distribute traffic to the on-premises servers.
• B. Launch an internet-facing Application Load Balancer (ALB) and register on-premises IP addresses with the ALB.
• C. Launch an internet-facing Network Load Balancer (NLB) and register on-premises IP addresses with the NLB.
• D. Launch an Amazon EC2 instance, attach an Elastic IP address, and distribute traffic to the on-premises servers.

正解：C

質問 # 207
A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an iPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (S3) keyspace specific to that user.
Which two approaches can satisfy these objectives? (Choose 2 answers)

• A. The application authenticates against IAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to access the appropriate S3 bucket.
• B. The application authenticates against LDAP the application then calls the AWS identity and Access Management (IAM) Security service to log in to IAM using the LDAP credentials the application can use the IAM temporary credentials to access the appropriate S3 bucket.
• C. Develop an identity broker that authenticates against IAM security Token service to assume a IAM role in order to get temporary AWS security credentials The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.
• D. Develop an identity broker that authenticates against LDAP and then calls IAM Security Token Service to get IAM federated user credentials The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
• E. The application authenticates against LDAP and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM role The application can use the temporary credentials to access the appropriate S3 bucket.

正解：D、E

質問 # 208
A user is planning a highly available application deployment with EC2. Which of the below mentioned options will not help to achieve HA?

• A. Elastic IP address
• B. PIOPS
• C. AMI
• D. Availability Zones

正解：B

解説：
In Amazon Web Service, the user can achieve HA by deploying instances in multiple zones. The elastic IP helps the user achieve HA when one of the instances is down but still keeps the same URL. The AMI helps launching the new instance. The PIOPS is for the performance of EBS and does not help for HA.
Reference: http://media.amazonwebservices.com/AWS_Web_Hosting_Best_Practices.pdf

質問 # 209
A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation.
What is the MOST efficient way to fulfill this requirement?

• A. Use an Amazon Elastic Load Balancer.
• B. Use Amazon API Gateway to monitor availability.
• C. Use Amazon CloudWatch to monitor utilization.
• D. Use Amazon Route 53 health checks.

正解：D

解説：
Explanation
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-simple-configs.html

質問 # 210
A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.
The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.
What should a solutions architect do to meet these requirements?

• A. Enable HTTP health checks on the NLB, supplying the URL of the company's application.
• B. Add a cron job to the EC2 instances to check the local application's logs once each minute. If HTTP errors are detected, the application will restart.
• C. Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL of the company's application. Configure an Auto Scaling action to replace unhealthy instances.
• D. Create an Amazon CloudWatch alarm that monitors the UnhealthyHostCount metric for the NLB. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

正解：C

質問 # 211
A credit card processing application, hosted on an on-premises server, needs to communicate directly with a database hosted on an Amazon EC2 instance running in a private subnet of a VPC. Compliance requirement state that end-to-end communication should be encrypted.
Which solution will ensure that this requirement is met?

• A. Use HTTPS for traffic over VPC peering between the VPC and the on-premises datacenter
• B. Use HTTPS for traffic over a VPN connection between the VPC and the on-premises datacenter
• C. Use HTTPS for traffic over gateway VPC endpoints that have configured for the Amazon EC2 instance
• D. Use HTTPS for traffic over the internet between the on-premises server and the Amazon EC2 instance

正解：B

質問 # 212
You have a load balancer configured for VPC, and all back-end Amazon EC2 instances are in service. However, your web browser times out when connecting to the load balancer's DNS name. Which options are probable causes of this behavior? Choose 2 answers

• A. The load balancer was not configured to use a public subnet with an Internet gateway configured
• B. The security groups or network ACLs are not property configured for web traffic.
• C. The load balancer is not configured in a private subnet with a NAT instance.
• D. The Amazon EC2 instances do not have a dynamically allocated private IP address
• E. The VPC does not have a VGW configured.

正解：A、B

質問 # 213
What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

• A. Instance-store backed instances can be stopped and restarted.
• B. Virtual Private Cloud requires EBS backed instances.
• C. Auto scaling requires using Amazon EBS-backed instances.
• D. Amazon EBS-backed instances can be stopped and restarted.

正解：D

解説：
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html#storagefor-the-root-device

質問 # 214
When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you want the upgrade to be performed now, rather than waiting for the maintenance window, specify the __ option.

• A. Apply This
• B. Apply Immediately
• C. Apply Now
• D. Apply Soon

正解：B

質問 # 215
......

AWS認定ソリューションアーキテクト - アソシエイト認定を獲得するには、候補者はAWS-Solutions-Architect-Associate試験に合格する必要があります。試験は、65の複数選択と複数の応答の質問で構成されており、試験の期間は130分です。この試験では、EC2、S3、RDS、VPC、AWS LambdaなどのAWSサービスに関する候補者の知識をテストします。また、候補者は、AWSで非常に利用可能、断層耐性、スケーラブルなシステムを設計および展開する能力についてテストされています。この認定は3年間有効であり、その後、候補者は認証ステータスを維持するために再認定する必要があります。全体として、AWS認定ソリューションアーキテクト - アソシエイト認定は、クラウドコンピューティング業界で高く評価されており、AWSサービスを使用してクラウドベースのソリューションの設計と展開に関する候補者の専門知識を示しています。

 

AWS-Solutions-Associate問題集PDFとテストエンジン試験問題：https://www.goshiken.com/Amazon/AWS-Solutions-Associate-mondaishu.html

Get2024年最新の無料更新されたAmazon AWS-Solutions-Associate試験問題と解答：https://drive.google.com/open?id=1XQO7bKyqWF0TVZadc1V3Jbo6VBn6zk5t