AWS Certified Solutions Architect AWS-Solutions-Architect-Professional完全版問題集には無料PDF問題で合格させる [Q25-Q46]

AWS Certified Solutions Architect AWS-Solutions-Architect-Professional完全版問題集には無料PDF問題で合格させる

100%更新されたのはAmazon AWS-Solutions-Architect-Professional限定版PDF問題集

AWS認定ソリューションアーキテクト - プロフェッショナル試験は、AWSソリューションの設計と展開における専門家のスキルと専門知識を検証する業界をリードする認定です。この認定は雇用主によって高く評価されており、クラウドコンピューティング業界の専門家に新しいキャリアの機会を開くことができます。この認定は、継続的な学習と開発へのコミットメントも実証しています。これは、今日のペースの速いテクノロジーの状況に不可欠です。

AWS認定ソリューションアーキテクト-プロフェッショナル認定は、AWSアーキテクチャと設計の高度な専門知識を持つ個人を示すために非常に価値があります。この認定を保持する個人は、AWSプラットフォーム上で複雑でスケーラブルなシステムを設計および展開するために必要なスキルを持っているため、需要が高いです。

 

質問 # 25
A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web
application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an
on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency)
rather than an ACID (Atomicity. Consistency isolation. Durability) consistency model. The application is
exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can
you reduce the load on your on-premises database resources in the most cost-effective way?

• A. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the
  on-premises database and a Hadoop cluster on AWS.
• B. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to
  the on-premises database.
• C. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the
  queue to the on-premises database.
• D. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two
  databases using Data Pipeline.

正解：A

質問 # 26
How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

• A. Detach the volume, then use the ec2-migrate-voiume command to move it to another AZ.
• B. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
• C. Simply create a new volume in the other AZ and specify the original volume as the source.
• D. Detach the volume and attach it to another EC2 instance in the other AZ.

正解：B

質問 # 27
A company wants to allow its marketing team to perform SQL queries on customer records to identify market segments. The data is spread across hundreds of files. The records must be encrypted in transit and at rest. The team manager must have the ability to manage users and groups but no team members should have access to services or resources not required for the SQL queries Additionally, administrators need to audit the queries made and receive notifications when a query violates rules defined by the security team.
AWS Organizations has been used to create a new account and an AWS IAM user with administrator permissions for the team manager. Which design meets these requirements'?

• A. Apply a service control policy (SCP) that denies access to all services except IAM Amazon DynamoDB.
  and AWS CloudTrail Store customer records in DynamoDB and train users to run queries using the AWS CLI Enable DynamoDB streams to track the queries that are issued and use an AWS Lambda function for real-time monitoring and alerting
• B. Apply a service control policy (SCP) that allows access to IAM Amazon RDS. and AWS CloudTrail Load customer records in Amazon RDS MySQL and train users to run queries using the AWS CLI.
  Stream the query logs to Amazon CloudWatch Logs from the RDS database instance Use a subscription filter with AWS Lambda functions to audit and alarm on queries against personal data
• C. Apply a service control policy (SCP) that allows access to IAM Amazon Athena; Amazon S3, and AWS CloudTrail Store customer records as files in Amazon S3 and train users to leverage the Amazon S3 Select feature and run queries using the AWS CLI Enable S3 object-level logging and analyze CloudTrail events to audit and alarm on queries against personal data
• D. Apply a service control policy (SCP) that denies access to all services except IAM Amazon Athena Amazon S3 and AWS CloudTrail Store customer record files in Amazon S3 and tram users to run queries using the CLI via Athena Analyze CloudTrail events to audit and alarm on queries against personal data

正解：D

質問 # 28
Select the correct statement about Amazon ElastiCache.

• A. It cannot run in the Amazon Virtual Private Cloud (Amazon VPC) environment.
• B. It makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.
• C. It allows you to quickly deploy your cache environment only if you install software.
• D. It does not integrate with other Amazon Web Services.

正解：B

解説：
ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory
cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching
solution, while removing the complexity associated with deploying and managing a distributed cache
environment. With ElastiCache, you can quickly deploy your cache environment, without having to
provision hardware or install software.
Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.html

質問 # 29
A company has migrated an on-premises Oracle database to an Amazon RDS for Oracle Multi-AZ DB instance in the us-east-l Region. A solutions architect is designing a disaster recovery strategy to have the database provisioned in the us-west-2 Region in case the database becomes unavailable in the us-east-1 Region. The design must ensure the database is provisioned in the us-west-2 Region in a maximum of 2 hours, with a data loss window of no more than 3 hours.
How can these requirements be met?

• A. Select the multi-Region option to provision a standby instance in us-west-2. The standby instance will be automatically promoted to master in us-west-2 in case the disaster recovery environment needs to be created.
• B. Edit the DB instance and create a read replica in us-west-2. Promote the read replica to master in us- west-2 in case the disaster recovery environment needs to be activated.
• C. Take automated snapshots of the database instance and copy them to us-west-2 every 3 hours.
  Restore the latest snapshot to provision another database instance in us-west-2 in case the disaster recovery environment needs to be activated.
• D. Create a multimaster read/write instances across multiple AWS Regions. Select VPCs in us-east-1 and us-west-2 to make that deployment. Keep the master read/write instance in us-west-2 available to avoid having to activate a disaster recovery environment.

正解：A

質問 # 30
An AWS customer is deploying an application that is composed of an AutoScaling group of EC2 instances.
The customers security policy requires that every outbound connection from these instances to any other service within the customers Virtual Private Cloud must be authenticated using a unique X.509 certificate that contains the specific Instance-id.
In addition, all X.509 certificates must be signed by the customer's key management service in order to be trusted for authentication.
Which of the following configurations will support these requirements?

• A. Configure the Auto Scaling group to send an SNS notification of the launch of a new instance to the trusted key management service. Have the key management service generate a signed certificate and send it directly to the newly launched instance.
• B. Configure an IAM Role that grants access to an Amazon S3 object containing a signed certificate and configure the Auto Scaling group to launch instances with this role.
  Have the instances bootstrap get the certificate from Amazon S3 upon first boot.
• C. Embed a certificate into the Amazon Machine Image that is used by the Auto Scaling group. Have the launched instances generate a certificate signature request with the Instance's assigned instance-id to the key management service for signature.
• D. Configure the launched instances to generate a new certificate upon first boot. Have the key management service poll the AutoScaling group for associated instances and send new instances a certificate signature that contains the specific Instance-id.

正解：A

解説：
The certificate must be signed by the customers key management service and this is the only option. Using S3 wont have it unique, embedding in AMI wont make it unique, Generating a new certificate by itself would defeat the requirement of getting it signed by customers key management service.
A - Accessing from S3 was fine but how can the file be unique when every time autoscaling generates different instances and instance-id.. Thats not predictable C - Embedding a certificate in AMI cannot make the certificate unique.
D - As the EC2 instances must generate unique X.509 certificate and this must be specific to the instance id. The EC2 instance can generate the certificate itself BUT it is clearly mentioned that the certificate must be signed by the customers key management service and not self signed.

質問 # 31
As a part of building large applications in the AWS Cloud, the Solutions Architect is required to implement the perimeter security protection. Applications running on AWS have the following endpoints:
Application Load Balancer
Amazon API Gateway regional endpoint
Elastic IP address-based EC2 instances.
Amazon S3 hosted websites.
Classic Load Balancer
The Solutions Architect must design a solution to protect all of the listed web front ends and provide the following security capabilities:
DDoS protection
SQL injection protection
IP address whitelist/blacklist
HTTP flood protection
Bad bot scraper protection
How should the Solutions Architect design the solution?

• A. Secure the endpoints by using network ACLs and security groups and adding rules to enforce the company's requirements. Use AWS Lambda to automatically update the rules.
• B. Deploy Amazon CloudFront in front of all the endpoints. The CloudFront distribution provides perimeter protection. Add AWS Lambda-based automation to provide additional security.
• C. Deploy Amazon CloudFront in front of all the endpoints. Deploy AWS WAF and AWS Shield Advanced.
  Add AWS WAF rules to enforce the company's requirements. Use AWS Lambda to automate and enhance the security posture.
• D. Deploy AWS WAF and AWS Shield Advanced on all web endpoints. Add AWS WAF rules to enforce the company's requirements.

正解：C

解説：
All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications. When you use AWS Shield Standard with Amazon CloudFront and Amazon Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.

質問 # 32
AWS CloudFormation ______ are special actions you use in your template to assign values to properties that are not available until runtime.

• A. output functions
• B. conditions declarations
• C. intrinsic functions
• D. properties declarations

正解：C

解説：
AWS CloudFormation intrinsic functions are special actions you use in your template to assign values to properties not available until runtime. Each function is declared with a name enclosed in quotation marks (""), a single colon, and its parameters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-fuctions- structure.html

質問 # 33
An application running on an Amazon EC2 instance needs to access an Amazon DynamoDB table. Both the EC2 instance and the DynamoDB table are in the same AWS account. A solutions architect must configure the necessary permissions.
Which solution will allow least privilege access to the DynamoDB table from the EC2 instance?

• A. Create an IAM role with the appropriate policy to allow access to the DynamoDB table. Create an instance profile to assign this IAM role to the EC2 instance.
• B. Create an IAM user with the appropriate policy to allow access to the DynamoDB table. Ensure that the application stores the IAM credentials securely on local storage and uses them to make the DynamoDB calls.
• C. Create an IAM user with the appropriate policy to allow access to the DynamoDB table. Store the credentials in an Amazon S3 bucket and read them from within the application code directly.
• D. Create an IAM role with the appropriate policy to allow access to the DynamoDB table. Add the EC2 instance to the trust relationship policy document to allow it to assume the role.

正解：A

質問 # 34
A company is using AWS CloudFormation as its deployment tool for all application. It stages all application binaries and templates within Amazon S3 bucket with versioning enable Developers have access to an Amazon EC2 instance that hosts the integrated development (IDE). The developers download the application binaries from Amazon S3 to the EC2 instance, make changes, and upload the binaries to an S3 bucket after running the unit locally. The developers want to improve the existing deployment mechanism and implement Ci/CD using AWS CodePipeline.
The developers have the following requirements:
Use AWS CodeCommit for source control
Automate unit testing and security scanning.
Alert the developers when unit tests fail
Turn application features on and off, and customize deployment dynamically as part of Ci/CD.
Have the lead developer provide approval before deploying an application.
Which solution will meet these requirements?

• A. Use AWS CodeBuild to run unit test and security scans. use Lambda in a subsequent stage in the pipeline to send Amazon SNS alerts to the developers when tests fail. Write Amplify plugins for different solution features and utilize user prompts to turn features on and off. Use Amazon SES is the pipleline to allow the lead developer to approve applications.
• B. Use Jenkins to run unit tests and security scans. Use an Amazon EventBridge rule in the pipeline to send Amazon SES alerts to the developers when unit tests (ail. Use AWS CloudFormation nested stacks for different solution features and parameters to turn features on and off. Use AWS Lambda in the pipeline to allow the lead developer to approve applications.
• C. Use AWS CodeDeploy to run unit tests and security scans. Use an Amazon CloudWatch alarm in the pipeline to send Amazon SNS alerts to the developers when unit tests fail. Use Docker images for different solution features and the AWS CLI to turn features on and off. Use a manual approval stage in the pipeline to allow the lead developer to approve applications.
• D. Use AWS CodeBuild to run tests and security scans. Use an Amazon EventBridge rule to send Amazon SNS alerts to the developers when unit test fail. Write AWS Cloud Developer kit (AWS CDK) constructs for different solution features, and use a manifest file to turn on and off in the AWS application. Use a manual improve stage in the pipeline to allow the lead developer to approve applications.

正解：D

質問 # 35
A Solutions Architect needs to migrate a legacy application from on premises to AWS. On premises, the application runs on two Linux servers behind a load balancer and accesses a database that is master- master on two servers. Each application server requires a license file that is tied to the MAC address of the server's network adapter. It takes the software vendor 12 hours to send ne license files through email. The application requires configuration files to use static. IPv4 addresses to access the database servers, not DNS.
Given these requirements, which steps should be taken together to enable a scalable architecture for the application servers? (Choose two.)

• A. Create a bootstrap automation to request a new license file from the vendor with a unique return email.
  Have the server configure itself with the received license file.
• B. Create bootstrap automation to attach an ENI from the pool, read the database IP addresses from AWS Systems Manager Parameter Store, and inject those parameters into the local configuration files.
  Keep SSM up to date using a Lambda function.
• C. Install the application on an EC2 instance, configure the application, and configure the IP address information. Create an AMI from this instance and use if for all instances.
• D. Create a pool of ENIs, request license files from the vendor for the pool, and store the license files within Amazon S3. Create automation to download an unused license, and attach the corresponding ENI at boot time.
• E. Create a pool of ENIs, request license files from the vendor for the pool, store the license files on an Amazon EC2 instance, modify the configuration files, and create an AMI from the instance. use this AMI for all instances.

正解：B、D

質問 # 36
A user is configuring MySQL RDS with PIOPS. What should be the minimum PIOPS that the user should
provision?

• A. 0
• B. 1
• C. 2
• D. 3

正解：A

解説：
If a user is trying to enable PIOPS with MySQL RDS, the minimum size of storage should be 100 GB and
the minimum PIOPS should be 1000.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.html

質問 # 37
A solutions architect must analyze a company's Amazon EC2 Instances and Amazon Elastic Block Store (Amazon EBS) volumes to determine whether the company is using resources efficiently The company is running several large, high-memory EC2 instances lo host database dusters that are deployed in active/passive configurations The utilization of these EC2 instances varies by the applications that use the databases, and the company has not identified a pattern The solutions architect must analyze the environment and take action based on the findings.
Which solution meets these requirements MOST cost-effectively?

• A. Install the Amazon CloudWatch agent on each of the EC2 Instances Turn on AWS Compute Optimizer, and let it run for at least 12 hours Review the recommendations from Compute Optimizer, and rightsize the EC2 instances as directed
• B. Sign up for the AWS Enterprise Support plan Turn on AWS Trusted Advisor Wait 12 hours Review the recommendations from Trusted Advisor, and rightsize the EC2 instances as directed
• C. Create a dashboard by using AWS Systems Manager OpsConter Configure visualizations tor Amazon CloudWatch metrics that are associated with the EC2 instances and their EBS volumes Review the dashboard periodically and identify usage patterns Rightsize the EC2 instances based on the peaks in the metrics
• D. Turn on Amazon CloudWatch detailed monitoring for the EC2 instances and their EBS volumes Create and review a dashboard that is based on the metrics Identify usage patterns Rightsize the FC? instances based on the peaks In the metrics

正解：B

質問 # 38
A company wants to use Amazon Workspaces in combination with thin client devices to replace aging desktops Employees use the desktops to access applications that work with clinical trial data Corporate security policy states that access to the applications must be restricted to only company branch office locations. The company is considering adding an additional branch office in the next 6 months.
Which solution meets these requirements with the MOST operational efficiency?

• A. Use AWS Certificate Manager (ACM) to issue trusted device certificates to the machines deployed in the branch office locations Enable restricted access on the Workspaces directory
• B. Create an IP access control group rule with the list of public addresses from the branch offices Associate the IP access control group with the Workspaces directory
• C. Use AWS Firewall Manager to create a web ACL rule with an IPSet with the list of public addresses from the branch office locations Associate the web ACL with the Workspaces directory
• D. Create a custom Workspace image with Windows Firewall configured to restrict access to the public addresses of the branch offices Use the image to deploy the Workspaces.

正解：A

質問 # 39
A Development team is deploying new APIs as serverless applications within a company. The team is currently using the AWS Management Console to provision Amazon API Gateway, AWS Lambda, and Amazon DynamoDB resources. A Solutions Architect has been tasked with automating the future deployments of these serverless APIs.
How can this be accomplished?

• A. Use AWS CloudFormation with a Lambda-backed custom resource to provision API Gateway.
  Use the AWS::DynamoDB::Table and AWS::Lambda::Function resources to create the Amazon DynamoDB table and Lambda functions. Write a script to automate the deployment of the CloudFormation template.
• B. Use the AWS Serverless Application Model to define the resources. Upload a YAML template and application files to the code repository. Use AWS CodePipeline to connect to the code repository and to create an action to build using AWS CodeBuild. Use the AWS CloudFormation deployment provider in CodePipeline to deploy the solution.
• C. Commit the application code to the AWS CodeCommit code repository. Use AWS CodePipeline and connect to the CodeCommit code repository. Use AWS CodeBuild to build and deploy the Lambda functions using AWS CodeDeploy. Specify the deployment preference type in CodeDeploy to gradually shift traffic over to the new version.
• D. Use AWS CloudFormation to define the serverless application. Implement versioning on the Lambda functions and create aliases to point to the versions. When deploying, configure weights to implement shifting traffic to the newest version, and gradually update the weights as traffic moves over.

正解：B

質問 # 40
With Amazon Elastic MapReduce (Amazon EMR) you can analyze and process vast amounts of data. The cluster is managed using an open-source framework called Hadoop. You have set up an application to run Hadoop jobs. The application reads data from DynamoDB and generates a temporary file of 100 TBs.
The whole process runs for 30 minutes and the output of the job is stored to S3.
Which of the below mentioned options is the most cost effective solution in this case?

• A. Use an on demand instance to run Hadoop jobs and configure them with EBS volumes for persistent storage.
• B. Use Spot Instances to run Hadoop jobs and configure them with EBS volumes for persistent data storage.
• C. Use Spot Instances to run Hadoop jobs and configure them with ethereal storage for output file storage.
• D. Use an on demand instance to run Hadoop jobs and configure them with ephemeral storage for output file storage.

正解：C

解説：
Explanation
AWS EC2 Spot Instances allow the user to quote his own price for the EC2 computing capacity. The user can simply bid on the spare Amazon EC2 instances and run them whenever his bid exceeds the current Spot Price.
The Spot Instance pricing model complements the On-Demand and Reserved Instance pricing models, providing potentially the most cost-effective option for obtaining compute capacity, depending on the application. The only challenge with a Spot Instance is data persistence as the instance can be terminated whenever the spot price exceeds the bid price. In the current scenario a Hadoop job is a temporary job and does not run for a longer period. It fetches data from a persistent DynamoDB. Thus, even if the instance gets terminated there will be no data loss and the job can be re-run. As the output files are large temporary files, it will be useful to store data on ethereal storage for cost savings.
http://aws.amazon.com/ec2/purchasing-options/spot-instances/

質問 # 41
You have launched an EC2 instance with four (4) 500 GB EBS Provisioned IOPS volumes attached. The EC2 instance is EBS-Optimized and supports 500 Mbps throughput between EC2 and EBS. The four EBS volumes are configured as a single RAID 0 device, and each Provisioned IOPS volume is provisioned with 4,000 IOPS (4,000 16KB reads or writes), for a total of 16,000 random IOPS on the instance. The EC2 instance initially delivers the expected 16,000 IOPS random read and write performance. Sometime later, in order to increase the total random I/O performance of the instance, you add an additional two 500 GB EBS Provisioned IOPS volumes to the RAID. Each volume is provisioned to 4,000 IOPs like the original four, for a total of 24,000 IOPS on the EC2 instance. Monitoring shows that the EC2 instance CPU utilization increased from 50% to
70%, but the total random IOPS measured at the instance level does not increase at all.
What is the problem and a valid solution?

• A. The standard EBS Instance root volume limits the total IOPS rate; change the instance root volume to also be a 500GB 4,000 Provisioned IOPS volume.
• B. Larger storage volumes support higher Provisioned IOPS rates; increase the provisioned volume storage of each of the 6 EBS volumes to 1TB.
• C. Small block sizes cause performance degradation, limiting the I/O throughput; configure the instance device driver and filesystem to use 64KB blocks to increase throughput.
• D. The EBS-Optimized throughput limits the total IOPS that can be utilized; use an EBSOptimized instance that provides larger throughput.
• E. RAID 0 only scales linearly to about 4 devices; use RAID 0 with 4 EBS Provisioned IOPS volumes, but increase each Provisioned IOPS EBS volume to 6,000 IOPS.

正解：A

解説：
Explanation
https://aws.amazon.com/sqs/faqs/

質問 # 42
A European online newspaper service hosts its public-facing WordPress site in collocated data center in London. The current WordPress infrastructure consists of a load balancer, two web servers, and one MySQL database server. A solutions architect is tasked with designing a solution with the following requirements:
* Improve the websites performance.
* Make the web tier scalable and stateless.
* Improve the database server performance for read-heavy loads.
* Reduce latency for users across Europe and the US
* Design the new architecture with a goal of 99.9% availability.
Which solution meets these requirements while optimizing operational efficiency?

• A. Use an Application Load Balancer (ALB) in front of an Auto Scaling group of WordPress Amazon EC2 instances m two AWS Regions and two Availability Zones in each Region Configure an Amazon ElastiCache cluster in front of a global Amazon Aurora MySQL database. Move the WordPress shared files to Amazon EFS. Configure Amazon CloudFront with the ALB as the origin and select a price class that includes the US and Europe. Configure EFS cross-Region replication.
• B. Use an Application Load Balancer (ALB) In front of an Auto Scaling group of WordPress Amazon EC2 Instances in one AWS Region and three Availability Zones. Configure an Amazon DocumentDB table in front of a Multi-AZ Amazon Aurora MySQL DB duster. Move the WordPress shared files to Amazon EFS Configure Amazon CloudFront with the ALB as the origin, and a price class that includes all global locations.
• C. Use an Application Load Balancer (ALB) in front of an Auto Scaling group of WordPress Amazon EC2 instances in two AWS Regions and three Availability Zones in each Region Configure an Amazon ElastiCache duster in front of a global Amazon Aurora MySQL database. Move the WordPress shared files to Amazon FSx with cross-Region synchronization. Configure Amazon CloudFront with the ALB as the origin and a price class mat includes the US and Europe.
• D. Use an Application Load Balancer (ALB) in front of an Auto Scaling group of WordPress Amazon EC2 instances in one AWS Region and three Availability Zones. Configure an Amazon cluster in front of a Multi-AZ Amazon Aurora MySQL DB cluster. Move the WordPress shared files to Amazon EPS.
  Configure Amazon CloudFront with the ALB as the origin, and select a price class that includes the US and Europe.

正解：D

質問 # 43
Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data.
If you also set up push sync, what does it allow you to do?

• A. Notify other devices that a user profile is available across multiple devices
• B. Synchronize online data faster
• C. Notify other devices immediately that an update is available
• D. Synchronize user profile data with less latency

正解：C

解説：
Explanation
Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data, and if you have also set up push sync, notify other devices immediately that an update is available.
http://docs.aws.amazon.com/cognito/devguide/sync/

質問 # 44
A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing Reserved Instances This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Select TWO.)

• A. Use AWS Config to report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedlnstancesOffering and ec2:ModifyReservedlnstances actions.
• B. Create an SCP that contains a deny rule to the ec2:PurchaseReservedlnstances0ffering and ec2:Mod.fyReservedlnstances actions. Attach the SCP to each organizational unit (OU) of the AWS Organizations structure.
• C. In each AWS account, create an IAM policy with a DENY rule to the
  ec2:PurchaseReservedlnstancesOffering and ec2:ModifyReservedlnstances actions.
• D. Ensure all AWS accounts are part of an AWS Organizations structure operating in all features mode.
• E. Ensure that all AWS accounts are part of an AWS Organizations structure operating in consolidated billing features mode

正解：C、D

質問 # 45
A company provides a centralized Amazon EC2 application hosted in a single shared VPC. The centralized application must be accessible from client applications running in the VPCs of other business units The centralized application front end is configured with a Network Load Balancer (NIB) foe scalability.
Up to 10 business unit VPCs will need to be connected to the shared VPC Some of the business unit VPC CIDR blocks overlap with the shared VPC and some overlap with each other Network connectivity to the centralized application in the shared VPC should be allowed from authorized business unit VPCs only Which network configuration should a solutions architect use to provide connectivity from the client applications in the business unit VPCs to the centralized application in the shared VPC?

• A. Create a VPC endpoint service using the centralized application NLB and enable the option to require endpoint acceptance Create a VPC endpoint in each of the business unit VPCs using the service name of the endpoint service Accept authorized endpoint requests from the endpoint service console
• B. Create a VPC peering connection from each business unit VPC to the shared VPC Accept the VPC peering connections from the shared VPC console Configure VPC routing tables to send traffic to the VPC peering connection
• C. Create an AWS Transit Gateway Attach the shared VPC and the authorized business unit VPCs to the transit gateway. Create a single transit gateway route table and associate it with all of the attached VPCs Allow automatic propagation of routes from the attachments into the route table. Configure VPC routing tables to send traffic to the transit gateway
• D. Configure a virtual private gateway for the shared VPC and create customer gateways for each of the authorized business unit VPCs Establish a Site-to-Site VPN connection from the business unit VPCs to the shared VPC Configure VPC routing tables to send traffic to the VPN connection

正解：A

質問 # 46
......

AWS認定ソリューションアーキテクト - プロフェッショナル試験を受ける資格を得るには、候補者はすでにAWS認定ソリューションアーキテクト - アソシエイト認定を取得している必要があり、AWSでクラウドアーキテクチャを設計および展開するための少なくとも2年間の実践的な経験を持っています。認定試験自体は、75の複数選択と複数の反応の質問で構成されており、候補者は試験を完了するのに3時間あります。

 

有効な試験問題を試そうAWS-Solutions-Architect-Professionalは無料サイトで限定お試しチャンス：https://www.goshiken.com/Amazon/AWS-Solutions-Architect-Professional-mondaishu.html

無料AWS Certified Solutions Architect AWS-Solutions-Architect-Professional公式認定ガイドPDFダウンロード：https://drive.google.com/open?id=1CvxLy-fg8woxUZIBQ4Nnzbk45VPd_JWM