• ホーム
  • ブログ
  • AWS-Solutions-Associate実際の問題解答PDFには100%カバー率リアル試験問題 [Q37-Q54]

AWS-Solutions-Associate実際の問題解答PDFには100%カバー率リアル試験問題 [Q37-Q54]

Share

AWS-Solutions-Associate実際の問題解答PDFには100%カバー率リアル試験問題

AWS-Solutions-Associate試験問題解答

質問 37
Which features can be used to restrict access to data in S3? Choose 2 answers

  • A. Set an S3 ACL on the bucket or the object.
  • B. Use S3 Virtual Hosting
  • C. Create a CloudFront distribution for the bucket.
  • D. Enable IAM Identity Federation
  • E. Set an S3 bucket policy.

正解: A,E

解説:
Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-contentrestricting-access-to-s3.html

 

質問 38
A company is running a multi-tier ecommerce web application in the AWS Cloud The web application is running on Amazon EC2 instances. The database tier Is on a provisioned Amazon Aurora MySQL DB cluster with a writer and a reader in a Multi-AZ environment. The new requirement for the database tier is to serve the application to achieve continuous write availability through an Instance failover.
What should a solutions architect do to meet this new requirement?

  • A. Migrate the database tier to an Aurora multi-master cluster.
  • B. Add a new reader In the same Availability Zone as the writer.
  • C. Add a new AWS Region to the DB cluster for multiple writes
  • D. Migrate the database tier to an Aurora DB cluster with parallel query enabled.

正解: D

 

質問 39
In Amazon AWS, which of the following statements is true of key pairs?

  • A. Key pairs are used for all Amazon services.
  • B. Key pairs are used only for Amazon SDKs.
  • C. Key pairs are used only for Elastic Load Balancing and AWS IAM.
  • D. Key pairs are used only for Amazon EC2 and Amazon CloudFront.

正解: D

解説:
Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront.
Reference: http://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

 

質問 40
What conditions could cause a Multi-AZ Amazon RDS failover to occur? (Choose two.)

  • A. Another master user is created
  • B. An Availability Zone becomes unavailable
  • C. A failure of the primary database instance
  • D. A replica of the RDS instance is created in a different region
  • E. The RDS instance is stopped manually

正解: B,C

解説:
Explanation
https://docs.aws.amazon.com/en_pv/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

 

質問 41
A company wants to run a static website served through Amazon CloudFront.
What is an advantage of storing the website content in an Amazon S3 bucket instead of an Amazon Elastic Block Store (Amazon EBS) volume?

  • A. S3 buckets are replicated globally, allowing for large scalability. EBS volumes are replicated only within an AWS Region.
  • B. S3 buckets support object-level read throttling, preventing abuse. EBS volumes do not provide object-level throttling.
  • C. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin
  • D. S3 buckets can be encrypted, allowing for secure storage of the web files. EBS volumes cannot be encrypted.

正解: C

解説:
Explanation
"For static files, store the definitive versions of your files in one or more origin servers. These could be Amazon S3 buckets. For your dynamically generated content that is personalized or customized, you can use Amazon EC2"

 

質問 42
An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

  • A. Use a VPC endpoint for DynamoDB.
  • B. Use a NAT gateway in a public subnet.
  • C. Use a NAT instance in a private subnet.
  • D. Use the internet gateway attached to the VPC.

正解: C

 

質問 43
Which procedure for backing up a relational database on EC2 that is using a set of RAIDed EBS volumes for storage minimizes the time during which the database cannot be written to and results in a consistent backup?

  • A. 1 detach EBS volumes, 2 start EBS snapshot of volumes, 3 re-attach EBS volumes
  • B. 1 stop the EC2 instance, 2 snapshot the EBS volume
  • C. 1 suspend disk I/O,2 start EBS snapshot of volumes, 3 resume disk I/O
  • D. 1 suspend disk I/O, 2 create an image of the EC2 instance, 3 resume disk I/O
  • E. 1 suspend disk I/O, 2 start EBS snapshot of volumes, 3 wait for snapshots to complete, 4 resume disk I/O

正解: A

 

質問 44
Which of the following statements is NOT correct when working with your AWS Direct Connect connection after it is set up completely?

  • A. You can delete a connection as long as there are no virtual interfaces attached to it.
  • B. You can manage your AWS Direct Connect connections and view the connection details.
  • C. You can accept a host connection by purchasing a hosted connection from the partner (APN).
  • D. You cannot view the current connection ID and verify if it matches the connection ID on the Letter of Authorization (LOA).

正解: D

解説:
You can manage your AWS Direct Connect connections and view connection details, accept hosted connections, and delete connections. You can view the current status of your connection. You can also view your connection ID, which looks similar to this example dxcon-xxxx, and verify that it matches the connection ID on the Letter of Authorization (LOA) that you received from Amazon.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/viewdetails.html

 

質問 45
A company deployed a three-tier web application on Amazon EBS backed Amazon EC2 instances for the web and application tiers, and Amazon RDS for the database tier. The company is concerned about loss of data in the web and application tiers.
What is the MOST efficient way to prevent data loss?

  • A. Create an Amazon EFS file system and run a shell script to copy the data
  • B. Create a snapshot lifecycle policy that takes periodic snapshots of the Amazon EBS volumes
  • C. Create an Amazon EBS snapshot using an Amazon CloudWatch Events rule
  • D. Create an Amazon S3 snapshot policy to back up the Amazon EBS volumes

正解: C

 

質問 46
An organization is setting up a backup and restore system in AWS of their in premise system. The organization needs High Availability(HA) and Disaster Recovery(DR) but is okay to have a longer recovery time to save costs.
Which of the below mentioned setup options helps achieve the objective of cost saving as well as DR in the most effective way?

  • A. Replicate on premise DB to EC2 at regular intervals and setup a scenario similar to the pilot light.
  • B. Setup the backup data on S3 and transfer data to S3 regularly using the storage gateway.
  • C. Setup pre-configured servers and create AMIs. Use EIP and Route 53 to quickly switch over to AWS from in premise.
  • D. Setup a small instance with AutoScaling; in case of DR start diverting all the load to AWS from on premise.

正解: B

解説:
AWS has many solutions for Disaster Recovery(DR) and High Availability(HA). When the organization wants to have HA and DR but are okay to have a longer recovery time they should select the option backup and restore with S3. The data can be sent to S3 using either Direct Connect, Storage Gateway or over the internet.
The EC2 instance will pick the data from the S3 bucket when started and setup the environment. This process takes longer but is very cost effective due to the low pricing of S3. In all the other options, the EC2 instance might be running or there will be AMI storage costs. Thus, it will be a costlier option. In this scenario the organization should plan appropriate tools to take a backup, plan the retention policy for data and setup security of the data.
Reference:
http://d36cz9buwru1tt.cloudfront.net/AWS_Disaster_Recovery.pdf

 

質問 47
A company has a three-tier image-sharing application. It uses an Amazon EC2 instance for the front-end layer, another for the backend tier, and a third for the MySQL database. A solutions architect has been tasked with designing a solution that is highly available, and requires the least amount of changes to the application Which solution meets these requirements?

  • A. Use Amazon S3 to host the front-end layer and a fleet of Amazon EC2 instances in an Auto Scaling group for the backend layer. Move the database to a memory optimized instance type to store and serve users' images.
  • B. Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers.
    Move the database to an Amazon RDS instance with multiple read replicas to store and serve users' images.
  • C. Use Amazon S3 to host the front-end layer and AWS Lambda functions for the backend layer. Move the database to an Amazon DynamoDB table and use Amazon S3 to store and serve users' images.
  • D. Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers.
    Move the database to an Amazon RDS instance with a Multi-AZ deployment. Use Amazon S3 to store and serve users' images.

正解: D

 

質問 48
A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.
What should a solutions architect do to mitigate any single point of failure in this architecture?

  • A. Add a second set of VPNs to the Management VPC from a second customer gateway device.
  • B. Add a second VPC peering connection between the Management VPC and the Production VPC.
  • C. Add a set of VPNs between the Management and Production VPCs.
  • D. Add a second virtual private gateway and attach it to the Management VPC.

正解: C

 

質問 49
A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest.
What should a solutions architect do to meet this requirement?

  • A. Create a customer master key (CMK) in AWS Key Management Service (AWS KMS) Enable encryption for the DB instances
  • B. Generate a certificate in AWS Identity and Access Management {IAM) Enable SSUTLS on the DB instances by using the certificate
  • C. Create an encryption key and store the key in AWS Secrets Manager Use the key to encrypt the DB instances
  • D. Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate

正解: A

 

質問 50
The Trusted Advisor service provides insight regarding which four categories of an AWS account?

  • A. Performance, cost optimization, access control, and connectivity
  • B. Security, fault tolerance, high availability, and connectivity
  • C. Performance, cost optimization, security, and fault tolerance
  • D. Security, access control, high availability, and performance

正解: C

 

質問 51
You are setting up a very complex financial services grid and so far it has 5 Elastic IP (EIP) addresses.
You go to assign another EIP address, but all accounts are limited to 5 Elastic IP addresses per region by default, so you aren't able to. What is the reason for this?

  • A. There are only 5 network interfaces per instance.
  • B. Public (IPV4) internet addresses are a scarce resource.
  • C. Hardware restrictions.
  • D. For security reasons.

正解: B

解説:
Public (IPV4) internet addresses are a scarce resource. There is only a limited amount of public IP space available, and Amazon EC2 is committed to helping use that space efficiently.
By default, all accounts are limited to 5 Elastic IP addresses per region. If you need more than 5 Elastic IP addresses, AWS asks that you apply for your limit to be raised. They will ask you to think through your use case and help them understand your need for additional addresses.
Reference: http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2

 

質問 52
You're running an application on-premises due to its dependency on non-x86 hardware and want to use AWS for data backup. Your backup application is only able to write to POSIX-compatible block-based storage. You have 140TB of data and would like to mount it as a single folder on your file server. Users must be able to access portions of this data while the backups are taking place.
What backup solution would be most appropriate for this use case?

  • A. Use Storage Gateway and configure it to use Gateway Cached volumes.
  • B. Use Storage Gateway and configure it to use Gateway Stored volumes.
  • C. Configure your backup software to use S3 as the target for your data backups.
  • D. Configure your backup software to use Glacier as the target for your data backups.

正解: B

解説:
Explanation/Reference:
Explanation:
Volume gateway provides an iSCSI target, which enables you to create volumes and mount them as iSCSI devices from your on-premises application servers. The volume gateway runs in either a cached or stored mode.
In the cached mode, your primary data is written to S3, while you retain some portion of it locally in a cache for frequently accessed data.
In the stored mode, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS.
In either mode, you can take point-in-time snapshots of your volumes and store them in Amazon S3, enabling you to make space-efficient versioned copies of your volumes for data protection and various data reuse needs.

 

質問 53
A customer implemented AWS Storage Gateway with a gateway-cached volume at their main office. An event takes the link between the main and branch office offline. Which methods will enable the branch office to access their data? Choose 3 answers

  • A. Make an Amazon Glacier Restore API call to load the files into another Amazon S3 bucket within four to six hours.
  • B. Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.
  • C. Use a HTTPS GET to the Amazon S3 bucket where the files are located.
  • D. Restore by implementing a lifecycle policy on the Amazon S3 bucket.
  • E. Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot.
  • F. Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance.

正解: B,C,E

 

質問 54
......

AWS-Solutions-Associate試験練習テスト問題:https://www.goshiken.com/Amazon/AWS-Solutions-Associate-mondaishu.html

合格させるAWS-Solutions-Associate試験情報と無料練習テスト:https://drive.google.com/open?id=10tV8qmdMcntSGIQcBUQic9mPTasGn9Hn

関するブログ

もっと
AWS-Solutions-Associate無料問題集