Free & Accurate Amazon AWS Certified Solutions Architect - Associate SAA-C03 Practice Questions | ExamTopics
www.examtopics.com
@@ = 정답을 골랐지만 다시 볼 필요 있음.
Question #301
A university research laboratory needs to migrate 30 TB of data from an on-premises Windows file server to Amazon FSx for Windows File Server. The laboratory has a 1 Gbps network link that many other departments in the university share.
The laboratory wants to implement a data migration service that will maximize the performance of the data transfer. However, the laboratory needs to be able to control the amount of bandwidth that the service uses to minimize the impact on other departments. The data migration must take place within the next 5 days.
Which AWS solution will meet these requirements?
정답:
C. AWS DataSync
DataSync는 대역폭 사용을 조절할 수 있어 네트워크의 다른 사용에 미치는 영향을 최소화할 수 있다.
---
Question #302
A company wants to create a mobile app that allows users to stream slow-motion video clips on their mobile devices. Currently, the app captures video clips and uploads the video clips in raw format into an Amazon S3 bucket. The app retrieves these video clips directly from the S3 bucket. However, the videos are large in their raw format.
Users are experiencing issues with buffering and playback on mobile devices. The company wants to implement solutions to maximize the performance and scalability of the app while minimizing operational overhead.
Which combination of solutions will meet these requirements? (Choose two.)
오답:
E. Deploy an Auto Scaling group of Amazon EC2 instances to convert the video files to more appropriate formats.
정답:
A. Deploy Amazon CloudFront for content delivery and caching.
C. Use Amazon Elastic Transcoder to convert the video files to more appropriate formats.
Amazon Elastic Transcoder: 비디오 파일을 다양한 장치에서 재생 가능한 형식으로 변환하는 서비스.
---
Question #303
A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.
What should a solutions architect recommend?
오답:
C. Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.
정답:
D. Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.
AWS Application Auto Scaling을 사용하면 ECS 서비스의 태스크 수를 자동으로 조정할 수 있다.
---
Question #304
A company recently created a disaster recovery site in a different AWS Region. The company needs to transfer large amounts of data back and forth between NFS file systems in the two Regions on a periodic basis.
Which solution will meet these requirements with the LEAST operational overhead?
오답:
D. Use AWS Database Migration Service (AWS DMS).
정답:
A. Use AWS DataSync.
Database Migration Service는 일반 파일 시스템 데이터가 아닌 데이터베이스 마이그레이션을 위해 설계되었다.
---
Question #308
A company has multiple AWS accounts that use consolidated billing. The company runs several active high performance Amazon RDS for Oracle On-Demand DB instances for 90 days. The company’s finance team has access to AWS Trusted Advisor in the consolidated billing account and all other AWS accounts.
The finance team needs to use the appropriate AWS account to access the Trusted Advisor check recommendations for RDS. The finance team must review the appropriate Trusted Advisor check to reduce RDS costs.
Which combination of steps should the finance team take to meet these requirements? (Choose two.)
정답:
B. Use the Trusted Advisor recommendations from the consolidated billing account to see all RDS instance checks at the same time.
D. Review the Trusted Advisor check for Amazon RDS Idle DB Instances.
appropriate AWS account: consolidated billing account
사용되지 않는 RDS 인스턴스는 불필요한 비용을 발생시키기 때문에 Idle DB Instances 체크를 통해 활용도가 낮은 RDS 인스턴스를 식별하고 이를 종료하거나 크기를 조정하여 비용을 절감한다.
---
Question #309
A solutions architect needs to optimize storage costs. The solutions architect must identify any Amazon S3 buckets that are no longer being accessed or are rarely accessed.
Which solution will accomplish this goal with the LEAST operational overhead?
정답:
A. Analyze bucket access patterns by using the S3 Storage Lens dashboard for advanced activity metrics.
S3 Storage Lens는 객체 스토리지 사용량에 대한 포괄적인 view를 제공하는 완전관리형 S3 스토리지 분석 솔루션이다.
---
@@ Question #313
A company is building a mobile app on AWS. The company wants to expand its reach to millions of users. The company needs to build a platform so that authorized users can watch the company’s content on their mobile devices.
What should a solutions architect recommend to meet these requirements?
정답:
C. Use Amazon CloudFront. Provide signed URLs to stream content.
---
@@ Question #319
A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances. After a recent audit, the company’s security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.
Which solution will meet this requirement with the LEAST amount of administrative overhead?
정답:
A. Use AWS Systems Manager Session Manager to connect to the EC2 instances.
---
@@ Question #320
A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company’s data science team wants to query ingested data in near-real time.
Which solution provides near-real-time data querying that is scalable with minimal data loss?
정답:
A. Publish data to Amazon Kinesis Data Streams, Use Kinesis Data Analytics to query the data.
Kinesis Data Streams에 데이터를 게시하면 최대 1MB/s의 수집 속도를 지원하며 또한 실시간 데이터 처리를 제공할 수 있다.
Kinesis Data Analytics는 짧은 지연 시간으로 수집된 데이터를 실시간으로 쿼리할 수 있으며, 수집 속도 증가 또는 쿼리 요구 사항을 수용하기 위해 필요에 따라 솔루션을 확장할 수 있다.
또한 Kinesis Data Streams는 기본적으로 최대 7일 동안 지속되는 데이터 저장소가 있다. 따라서 EC2 인스턴스 재부팅 시 데이터 손실을 최소화한다.
---
@@ Question #321
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?
정답:
D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.
---
@@ Question #322
A solutions architect is designing a multi-tier application for a company. The application's users upload images from a mobile device. The application generates a thumbnail of each image and returns a message to the user to confirm that the image was uploaded successfully.
The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users to notify them that the original image was received. The solutions architect must design the application to asynchronously dispatch requests to the different application tiers.
What should the solutions architect do to meet these requirements?
정답:
C. Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received.
---
@@ Question #323
A company’s facility has badge readers at every entrance throughout the building. When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.
A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company’s security team to analyze.
Which system architecture should the solutions architect recommend?
정답:
B. Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.
기타:
C. Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function. Configure the Lambda function to process the messages and save the results to an Amazon DynamoDB table.
C가 안되는 이유: Route53에 의해 HTTP 엔드포인트가 public하게 노출된다.
---
Question #324
A company wants to implement a disaster recovery plan for its primary on-premises file storage volume. The file storage volume is mounted from an Internet Small Computer Systems Interface (iSCSI) device on a local storage server. The file storage volume holds hundreds of terabytes (TB) of data.
The company wants to ensure that end users retain immediate access to all file types from the on-premises systems without experiencing latency.
Which solution will meet these requirements with the LEAST amount of change to the company's existing infrastructure?
오답:
C. Provision an AWS Storage Gateway Volume Gateway cached volume. Set the local cache to 10 TB. Mount the Volume Gateway cached volume to the existing file server by using iSCSI, and copy all files to the storage volume. Configure scheduled snapshots of the storage volume. To recover from a disaster, restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance.
정답:
D. Provision an AWS Storage Gateway Volume Gateway stored volume with the same amount of disk space as the existing file storage volume. Mount the Volume Gateway stored volume to the existing file server by using iSCSI, and copy all files to the storage volume. Configure scheduled snapshots of the storage volume. To recover from a disaster, restore a snapshot to an Amazon Elastic Block Store (Amazon EBS) volume and attach the EBS volume to an Amazon EC2 instance.
C는 10TB로 제한되기 때문에 오답이다.
---
Question #325
A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider to authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that are stored in another S3 bucket.
Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.
Which solution meets these requirements?
오답:
D. Update the Amazon Cognito pool to use custom attribute mappings within the identity pool and grant users the proper permissions to access the protected content.
정답:
A. Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected content.
보호된 콘텐츠에 액세스하기 위한 적절한 IAM 역할을 맡도록 Amazon Cognito 자격 증명 풀을 업데이트하면, 인증된 사용자에게 AWS 자원에 대한 임시 AWS 자격증명을 제공할 수 있다.
Amazon Cognito에서 사용자 지정 속성 매핑을 업데이트해도 사용자에게 보호된 콘텐츠에 액세스할 수 있는 적절한 권한이 직접 부여되지 않으므로 옵션 D는 틀리다.
---
Question #326
An image hosting company uploads its large assets to Amazon S3 Standard buckets. The company uses multipart upload in parallel by using S3 APIs and overwrites if the same object is uploaded again. For the first 30 days after upload, the objects will be accessed frequently. The objects will be used less frequently after 30 days, but the access patterns for each object will be inconsistent. The company must optimize its S3 storage costs while maintaining high availability and resiliency of stored assets.
Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)
오답:
D. Move assets to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
정답:
A. Move assets to S3 Intelligent-Tiering after 30 days.
B. Configure an S3 Lifecycle policy to clean up incomplete multipart uploads.
30일 후에 엑세스 패턴은 일정하지 않다 -> Intelligent-Tiering
---
Question #327
A solutions architect must secure a VPC network that hosts Amazon EC2 instances. The EC2 instances contain highly sensitive data and run in a private subnet. According to company policy, the EC2 instances that run in the VPC can access only approved third-party software repositories on the internet for software product updates that use the third party’s URL. Other internet traffic must be blocked.
Which solution meets these requirements?
오답:
B. Set up an AWS WAF web ACL. Create a custom set of rules that filter traffic requests based on source and destination IP address range sets.
정답:
A. Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall firewall. Configure domain list rule groups.
네트워크 방화벽에서 소프트웨어 패치 다운로드를 위해 특정 도메인을 허용하고 다른 모든 도메인을 거부하는 상태 저장 아웃바운드 규칙을 만들 수 있 다.
AWS WAF는 주로 웹 애플리케이션을 보호하기 위해 사용되며, IP 주소 범위를 기반으로 하는 트래픽 필터링 규칙을 설정할 수 있다. 그러나 이 시나리오에서는 URL 기반의 트래픽 필터링이 필요하므로 AWS WAF는 직접적인 요구 사항을 충족시키지 못한다.
---
Question #332
A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees’ devices.
The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.
.
Which solution will meet these requirements?
오답:
C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
정답:
B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
"signed URL"은 URL을 가진 사람은 누구나 다운로드 할 수 있다.
Active Directory: 마이크로소프트가 개발한 디렉토리 서비스. 네트워크 상의 사용자, 컴퓨터, 프린터, 파일, 그룹 등 다양한 리소스에 대한 정보를 저장하고 관리하는데 사용된다. windows 서버 환경에서 사용되며 네트워크 상의 객체들에 대한 인증 및 권한 부여를 중앙에서 관리할 수 있게 해준다.
---
Question #333
A company’s application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month-end financial calculation batch runs. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.
What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?
오답:
B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
정답:
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
조정이 CPU 또는 메모리를 기반으로 한 경우 해당 임계값을 초과하는 특정 시간(예: 5분)이 필요하며 이는 CPU가 5분 동안 100% 상태가 된다 (가동 중지 시간)
---
@@ Question #335
A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine Image (AMI). The instances will run in an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.
Which solution meets these requirements?
정답:
B. Enable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot. Provision an AMI by using the snapshot. Replace the AMI in the Auto Scaling group with the new AMI.
---
Question #339
A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.
What should a solutions architect do to meet these requirements?
오답:
A. Use AWS Key Management Service (AWS KMS) to create keys. Configure the application to load the database credentials from AWS KMS. Enable automatic key rotation.
정답:
C. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager.
AWS KMS는 암호화 키 관리에 사용되며, 주로 암호화 및 복호화 작업에 사용된다. 데이터베이스 자격증명 관리와 직접적인 연관은 없다.
자격 증명을 저장하기 위해 DB가 필요한 경우 AWS Secret Manager를 사용한다.
Parameter Store는 CloudFormation용으로 사용되며 자동 자격 증명 교체를 제공하지 않는다.
---
@@ Question #341
A company has an Amazon S3 data lake that is governed by AWS Lake Formation. The company wants to create a visualization in Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database. The company wants to enforce column-level authorization so that the company’s marketing team can access only a subset of columns in the database.
Which solution will meet these requirements with the LEAST operational overhead?
정답:
D. Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake. Use Lake Formation to enforce column-level access control for the QuickSight users. Use Amazon Athena as the data source in QuickSight.
---
Question #342
A transaction processing company has weekly scripted batch jobs that run on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group. The number of transactions can vary, but the baseline CPU utilization that is noted on each run is at least 60%. The company needs to provision the capacity 30 minutes before the jobs run.
Currently, engineers complete this task by manually modifying the Auto Scaling group parameters. The company does not have the resources to analyze the required capacity trends for the Auto Scaling group counts. The company needs an automated way to modify the Auto Scaling group’s desired capacity.
Which solution will meet these requirements with the LEAST operational overhead?
오답:
B. Create a scheduled scaling policy for the Auto Scaling group. Set the appropriate desired capacity, minimum capacity, and maximum capacity. Set the recurrence to weekly. Set the start time to 30 minutes before the batch jobs run.
정답:
C. Create a predictive scaling policy for the Auto Scaling group. Configure the policy to scale based on forecast. Set the scaling metric to CPU utilization. Set the target value for the metric to 60%. In the policy, set the instances to pre-launch 30 minutes before the jobs run.
"회사에는 Auto Scaling 그룹 수에 필요한 용량 추세를 분석할 리소스가 없다."
---
Question #344
A company has a Java application that uses Amazon Simple Queue Service (Amazon SQS) to parse messages. The application cannot parse messages that are larger than 256 KB in size. The company wants to implement a solution to give the application the ability to parse messages as large as 50 MB.
Which solution will meet these requirements with the FEWEST changes to the code?
정답:
A. Use the Amazon SQS Extended Client Library for Java to host messages that are larger than 256 KB in Amazon S3.
---
Question #345
A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS. The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users. The solution needs to integrate with the main web application and serve web content globally. The solution must also scale as the company's user base grows while providing the lowest login latency possible.
Which solution will meet these requirements MOST cost-effectively?
정답:
A. Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.
CloudFront=전역적으로.
Lambda@edge = 권한 부여/지연 시간 단축.
- Lambda@Edge는 Amazon CloudFront와 통합되어 작동하는 AWS Lambda의 기능.
- Lambda@Edge는 사용자에게 더 가까운 위치에서 코드를 실행함으로써 응답 시간을 단축하고 사용자 경험을 개선할 수 있다.
Cognito=웹 앱에 대한 인증.
---
Question #346
A company has an aging network-attached storage (NAS) array in its data center. The NAS array presents SMB shares and NFS shares to client workstations. The company does not want to purchase a new NAS array. The company also does not want to incur the cost of renewing the NAS array’s support contract. Some of the data is accessed frequently, but much of the data is inactive.
A solutions architect needs to implement a solution that migrates the data to Amazon S3, uses S3 Lifecycle policies, and maintains the same look and feel for the client workstations. The solutions architect has identified AWS Storage Gateway as part of the solution.
Which type of storage gateway should the solutions architect provision to meet these requirements?
정답:
D. Amazon S3 File Gateway
S3 File Gateway는 NFS 및 SMB 파일 인터페이스를 사용하여 사실상 무제한으로 클라우드 스토리지에 액세스할 수 있는 on-premise application을 제공한다.
---
Question #347
A company has an application that is running on Amazon EC2 instances. A solutions architect has standardized the company on a particular instance family and various instance sizes based on the current needs of the company.
The company wants to maximize cost savings for the application over the next 3 years. The company needs to be able to change the instance family and sizes in the next 6 months based on application popularity and usage.
Which solution will meet these requirements MOST cost-effectively?
오답:
B. EC2 Instance Savings Plan
정답:
A. Compute Savings Plan
EC2 Instance Savings Plan: 특정 인스턴스 패밀리 내에서 가장 높은 할인율을 제공한다.
"The company needs to be able to change the instance family and size"
---
Question #353
A company hosts a three-tier web application on Amazon EC2 instances in a single Availability Zone. The web application uses a self-managed MySQL database that is hosted on an EC2 instance to store data in an Amazon Elastic Block Store (Amazon EBS) volume. The MySQL database currently uses a 1 TB Provisioned IOPS SSD (io2) EBS volume. The company expects traffic of 1,000 IOPS for both reads and writes at peak traffic.
The company wants to minimize any disruptions, stabilize performance, and reduce costs while retaining the capacity for double the IOPS. The company wants to move the database tier to a fully managed solution that is highly available and fault tolerant.
Which solution will meet these requirements MOST cost-effectively?
오답:
A. Use a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with an io2 Block Express EBS volume.
정답:
B. Use a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with a General Purpose SSD (gp2) EBS volume.
RDS는 IO2 또는 IO2express를 지원하지 않는다. (IO1, GP2, GP3까지 지원한다)
gp2 EBS 볼륨은 최대 16,000 IOPS를 처리할 수 있으며 최대 64TiB까지 스토리지를 확장할 수도 있다.
---
Question #355
A company is migrating an old application to AWS. The application runs a batch job every hour and is CPU intensive. The batch job takes 15 minutes on average with an on-premises server. The server has 64 virtual CPU (vCPU) and 512 GiB of memory.
Which solution will run the batch job within 15 minutes with the LEAST operational overhead?
오답:
A. Use AWS Lambda with functional scaling.
정답:
D. Use AWS Batch on Amazon EC2.
AWS Lambda는 Lambda 함수에 대해 최대 10GB의 메모리와 6개의 vCPU 코어를 지원.
job takes 15 minutes on average이기 때문에 15분을 초과하는 경우도 있다.
---
Question #359
A hospital needs to store patient records in an Amazon S3 bucket. The hospital’s compliance team must ensure that all protected health information (PHI) is encrypted in transit and at rest. The compliance team must administer the encryption key for data at rest.
Which solution will meet these requirements?
오답:
B. Use the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS). Configure default encryption for each S3 bucket to use server-side encryption with S3 managed encryption keys (SSE-S3). Assign the compliance team to manage the SSE-S3 keys.
정답:
C. Use the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS). Configure default encryption for each S3 bucket to use server-side encryption with AWS KMS keys (SSE-KMS). Assign the compliance team to manage the KMS keys.
"aws:SecureTransport" 조건을 사용하면 S3 버킷에 대한 모든 연결이 전송 중에 암호화된다.
SSE-S3를 사용하면 암호화 키는 규정 준수 팀이 아닌 AWS에서 관리된다.
---
Question #360
A company uses Amazon API Gateway to run a private gateway with two REST APIs in the same VPC. The BuyStock RESTful web service calls the CheckFunds RESTful web service to ensure that enough funds are available before a stock can be purchased. The company has noticed in the VPC flow logs that the BuyStock RESTful web service calls the CheckFunds RESTful web service over the internet instead of through the VPC. A solutions architect must implement a solution so that the APIs communicate through the VPC.
Which solution will meet these requirements with the FEWEST changes to the code?
오답:
A. Add an X-API-Key header in the HTTP header for authorization.
정답:
B. Use an interface endpoint.
인터넷을 통해 호출하는 것이 문제이기 때문에 A는 오답이다.
interface endpoint: ENI를 사용하여 대부분의 AWS 서비스와 통신한다.
gateway endpoint: S3, DynamoDB 전용.
---
Question #362
A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent. Otherwise, the payments might be processed incorrectly.
Which actions should a solutions architect take to meet this requirement? (Choose two.)
오답:
A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key.
정답:
B. Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.
Kinesis data stream에 결제 ID를 파티션 키로 사용하면 해당 결제 ID에 대한 모든 메시지가 동일한 샤드로 전송되므로 메시지 순서가 유지된다.
DynamoDB는 파티션 내 레코드 순서를 보장하지는 않는다.
---
Question #363
A company is building a game system that needs to send unique events to separate leaderboard, matchmaking, and authentication services concurrently. The company needs an AWS event-driven system that guarantees the order of the events.
Which solution will meet these requirements?
정답:
B. Amazon Simple Notification Service (Amazon SNS) FIFO topics
SNS도 FIFO topics로 순서 유지가 가능하다.
---
Question #364
A hospital is designing a new application that gathers symptoms from patients. The hospital has decided to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) in the architecture.
A solutions architect is reviewing the infrastructure design. Data must be encrypted at rest and in transit. Only authorized personnel of the hospital should be able to access the data.
Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
오답:
C. Turn on encryption on the SNS components. Update the default key policy to restrict key usage to a set of authorized principals. Set a condition in the topic policy to allow only encrypted connections over TLS.
정답:
B. Turn on server-side encryption on the SNS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply a key policy to restrict key usage to a set of authorized principals.
D. Turn on server-side encryption on the SQS components by using an AWS Key Management Service (AWS KMS) customer managed key. Apply a key policy to restrict key usage to a set of authorized principals. Set a condition in the queue policy to allow only encrypted connections over TLS.
SSE가 적용된 모든 토픽에 대한 요청은 HTTPS and Signature Version 4가 적용된다.
---
@@ Question #369
A company has migrated an application to Amazon EC2 Linux instances. One of these EC2 instances runs several 1-hour tasks on a schedule. These tasks were written by different teams and have no common programming language. The company is concerned about performance and scalability while these tasks run on a single instance. A solutions architect needs to implement a solution to resolve these concerns.
Which solution will meet these requirements with the LEAST operational overhead?
정답:
A. Use AWS Batch to run the tasks as jobs. Schedule the jobs by using Amazon EventBridge (Amazon CloudWatch Events).
AWS Batch: 일괄 작업의 볼륨 및 특정 리소스 요구 사항을 기반으로 최적의 컴퓨팅 리소스 수량과 유형을 동적으로 프로비저닝 한다.
---
Question #371
A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application. The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS).
Which combination of actions will meet this requirement with the LEAST operational overhead? (Choose two.)
정답
C. Enable EBS encryption by default in the AWS Region where the EKS cluster will be created. Select the customer managed key as the default key.
D. Create the EKS cluster. Create an IAM role that has a policy that grants permission to the customer managed key. Associate the role with the EKS cluster.
EKS 클러스터가 배포될 리전에서 EBS 암호화를 기본적으로 활성화함으로써 해당 리전에서 생성되는 모든 새로운 EBS 볼륨이 지정된 고객 관리 키로 자동으로 암호화된다.
EKS 클러스터와 그 리소스가 고객 관리 키로 암호화된 EBS 볼륨을 사용하려면 클러스터가 암호화 및 복호화 작업에 키를 사용할 수 있는 권한이 필요하다. 필요한 권한을 가진 IAM 역할을 생성하고 이 역할을 EKS 클러스터와 연결한다.
---
@@ Question #372
A company wants to migrate an Oracle database to AWS. The database consists of a single table that contains millions of geographic information systems (GIS) images that are high resolution and are identified by a geographic code.
When a natural disaster occurs, tens of thousands of images get updated every few minutes. Each geographic code has a single image or row that is associated with it. The company wants a solution that is highly available and scalable during such events.
Which solution meets these requirements MOST cost-effectively?
오답:
D. Store the images in Amazon S3 buckets. Store geographic codes and image S3 URLs in a database table. Use Oracle running on an Amazon RDS Multi-AZ DB
정답:
B. Store the images in Amazon S3 buckets. Use Amazon DynamoDB with the geographic code as the key and the image S3 URL as the value.
다중 AZ의 RDS는 더 많은 성능이나 쓰기 확장성을 제공하지 않는다.
확장성(Scalability): 어플리케이션이나 시스템이 늘어나는 부하, 사용자 수, 또는 데이터양을 효율적으로 처리할 수 있는 능력.
---
@@ Question #375
An ecommerce company is building a distributed application that involves several serverless functions and AWS services to complete order-processing tasks. These tasks require manual approvals as part of the workflow. A solutions architect needs to design an architecture for the order-processing application. The solution must be able to combine multiple AWS Lambda functions into responsive serverless applications. The solution also must orchestrate data and services that run on Amazon EC2 instances, containers, or on-premises servers.
Which solution will meet these requirements with the LEAST operational overhead?
정답:
A. Use AWS Step Functions to build the application.
---
@@ Question #379
A company hosts a frontend application that uses an Amazon API Gateway API backend that is integrated with AWS Lambda. When the API receives requests, the Lambda function loads many libraries. Then the Lambda function connects to an Amazon RDS database, processes the data, and returns the data to the frontend application. The company wants to ensure that response latency is as low as possible for all its users with the fewest number of changes to the company's operations.
Which solution will meet these requirements?
정답:
B. Configure provisioned concurrency for the Lambda function that handles the requests.
Provisioned Concurrency: 요청된 수의 실행 환경을 초기화하여 함수 호출에 즉시 응답할 수 있도록 준비한다. 추가 요금 부과.
---
Question #383
A company is planning to migrate a commercial off-the-shelf application from its on-premises data center to AWS. The software has a software licensing model using sockets and cores with predictable capacity and uptime requirements. The company wants to use its existing licenses, which were purchased earlier this year.
Which Amazon EC2 pricing option is the MOST cost-effective?
정답:
A. Dedicated Reserved Hosts
전용 인스턴스: 인스턴스는 단일 tanent 하드웨어에서 실행된다.
-> 사용자의 인스턴스가 실행되는 물리적 서버에는 사용자의 AWS 계정에서 시작된 다른 인스턴스만이 배치된다 하지만 물리적 서버의 전체 제어나 구성을 정할 수는 없다.
전용 호스트: 사용자가 제어할 수 있는 구성을 갖춘 격리된 서버에서 실행된다.
많은 상용 소프트웨어 라이선스는 소켓 또는 코어의 수를 기반으로 비용이 책정됨.
software licensing model using sockets and cores -> Dedicated Reserved Hosts.
---
Question #388
A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.
The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs, security groups, and route tables are still in their default states.
What should a solutions architect recommend to fix the application?
오답:
B. Add a route in the VPC route table to allow traffic between the web tier’s EC2 instances and the database tier.
정답:
D. Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group.
VPC 내의 리소스는 기본적으로 서로 통신할 수 있으므로, 이 경우 특별한 라우트 추가가 필요하지 않다.
---
Question #390
A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB). All ecommerce data is stored in an Amazon RDS for MariaDB Multi-AZ DB instance.
The company wants to optimize customer session management during transactions. The application must store session data durably.
Which solutions will meet these requirements? (Choose two.)
오답:
A. Turn on the sticky sessions feature (session affinity) on the ALB.
C. Deploy an Amazon Cognito user pool to manage user session information.
정답:
A. Turn on the sticky sessions feature (session affinity) on the ALB.
D. Deploy an Amazon ElastiCache for Redis cluster to store customer session information.
Amazon Cognito는 거래 중 세션 데이터 저장보다는 사용자 ID 관리에 더 적합하다.
---
Question #391
A company needs a backup strategy for its three-tier stateless web application. The web application runs on Amazon EC2 instances in an Auto Scaling group with a dynamic scaling policy that is configured to respond to scaling events. The database tier runs on Amazon RDS for PostgreSQL. The web application does not require temporary local storage on the EC2 instances. The company’s recovery point objective (RPO) is 2 hours.
The backup strategy must maximize scalability and optimize resource utilization for this environment.
Which solution will meet these requirements?
오답:
B. Configure a snapshot lifecycle policy to take Amazon Elastic Block Store (Amazon EBS) snapshots. Enable automated backups in Amazon RDS to meet the RPO.
정답:
C. Retain the latest Amazon Machine Images (AMIs) of the web and application tiers. Enable automated backups in Amazon RDS and use point-in-time recovery to meet the RPO.
웹 애플리케이션에는 EC2 인스턴스에 임시 로컬 스토리지가 필요하지 않습니다. => EBS 스냅샷이 필요하지 않으며 최신 AMI를 유지하는 것으로 충분하다.
RDS도 PITR을 지원하면 최대 35일 이전까지 되돌릴 수 있다.
---
Question #393
A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The company needs to capture the text from the audio files. The company must remove from the text any personally identifiable information (PII) that belongs to customers.
What should a solutions architect do to meet these requirements?
오답:
B. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call recordings.
정답:
C. Configure an Amazon Transcribe transcription job with PII redaction turned on. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start the transcription job. Store the output in a separate S3 bucket.
Amazon Transcribe: 음성을 텍스트로 변환, 실시간 스트림 및 PII 식별 및 수정 기능 제공.
---
Question #394
A company is running a multi-tier ecommerce web application in the AWS Cloud. The application runs on Amazon EC2 instances with an Amazon RDS for MySQL Multi-AZ DB instance. Amazon RDS is configured with the latest generation DB instance with 2,000 GB of storage in a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume. The database performance affects the application during periods of high demand.
A database administrator analyzes the logs in Amazon CloudWatch Logs and discovers that the application performance always degrades when the number of read and write IOPS is higher than 20,000.
What should a solutions architect do to improve the application performance?
오답:
B. Increase the number of IOPS on the gp3 volume.
정답:
D. Replace the 2,000 GB gp3 volume with two 1,000 GB gp3 volumes.
gp3 Max IOPS per volume: 16000
gp3 * 2 volume with 16 000 = 2 * 16000 = 32 000 IOPS
---
Question #395
An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.
Which service should the solutions architect use to find the desired information?
오답:
A. Amazon GuardDuty
정답:
C. AWS CloudTrail
'DevOps' 카테고리의 다른 글
| AWS SAA C03 요약(1) Access & Computing (1) | 2024.02.18 |
|---|---|
| AWS SAA C03 덤프 오답 정리 (400 ~ 500) (2) | 2024.02.10 |
| AWS SAA C03 덤프 오답 정리 (200 ~ 300) (2) | 2024.01.30 |
| AWS SAA C03 덤프 오답 정리 (100 ~ 200) (0) | 2024.01.26 |
| AWS SAA C03 덤프 오답 정리 (0 ~ 100) (0) | 2024.01.16 |
