来源:AWS解决方案架构师认证-助理级(SAA-C03)仿真练习题
3 题,免费题库,题目质量不高,仅供自己复习使用。
如果侵权请联系删除。
🌟 单词:
- vendorn. 供应商,小贩
- troubleshootv. 检修,分析难题
- secureadj. 安心的,安全的 | v. 使安全;担保,保护;使获得
- grantv. 同意;准予;承认 | n. 拨款;授权;合法转让
- optionallyadv. 随意地;可选择地;选择性地
- specify明确说明;具体指定;详细说明
- durationn. 持续时间,期间
- consistv. 组成,构成;存在于
- architecturen. 建筑学,建筑业;结构
- layern. 层, 层次, 表层, 阶层 | v. 把…分层堆放
- vulnerableadj. 易受攻击的;易受伤害的;(身体上或感情上)脆弱的
- architectn. 建筑师,设计师;缔造者,创造者
- efficientadj. 效率高的,高效的
- accomplishv. 完成
- featuren. 特色,特征;特写;特色节目 | v. 以…为特色;为…加特写;起重要特色,占重要地位
- optimaladj. 最适宜的, 最理想的, 最好的
- optimizev. 使最优化;使尽可能有效
- financialadj. 金融的;财政的;财务的
- lustren. 光泽;光彩;光辉;声望;荣誉
一、Share an object with others
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.
What is the MOST secure way to do this?
- Enable public read on the S3 object and provide the link to the vendor.
- Upload the file to Amazon WorkDocs and share the public link with the vendor.
- ✅ Generate a presigned URL and have the vendor download the log file before it expires.
- ❌ Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication.
✨ 关键词:S3、临时访问、Share an object with others
4️⃣ ❌ -> 3️⃣ ✅
💡 解析:Share an object with others - All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a presigned URL, using their own security credentials, to grant time-limited permission to download the objects.
When you create a presigned URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (GET to download the object) and expiration date and time. The presigned URLs are valid only for the specified duration.
Anyone who receives the presigned URL can then access the object. For example, if you have a video in your bucket and both the bucket and the object are private, you can share the video with others by generating a presigned URL.
Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
二、Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions
Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.
Which action should the solutions architect take to accomplish this?
1. Generate presigned URLs for the files.
2. Use cross-Region replication to all Regions.
3. Use the geoproximity feature of Amazon Route 53.
4. ✅ Use Amazon CloudFront with the S3 bucket as its origin.
✨ 关键词:S3、Different Regions
4️⃣ ✅
💡 解析:Using Amazon S3 Buckets for Your Origin.
When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket.
Using an existing Amazon S3 bucket as your CloudFront origin server doesn’t change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects at the standard Amazon S3 price. You incur regular Amazon S3 charges for storing the objects in the bucket.
Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin.
You can set up an Amazon S3 bucket that is configured as a website endpoint as custom origin with CloudFront.
When you configure your CloudFront distribution, for the origin, enter the Amazon S3 static website hosting endpoint for your bucket. This value appears in the Amazon S3 console, on the Properties tab, in the Static website hosting pane. For example: http://bucket-name.s3-website-region.amazonaws.com
For more information about specifying Amazon S3 static website endpoints, see Website endpoints in the Amazon Simple Storage Service Developer Guide.
When you specify the bucket name in this format as your origin, you can use Amazon S3 redirects and Amazon S3 custom error documents. For more information about Amazon S3 features, see the Amazon S3 documentation.
Using an Amazon S3 bucket as your CloudFront origin server doesn’t change it in any way. You can still use it as you normally would and you incur regular Amazon S3 charges.
Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html
三、Amazon FSx for Lustre
A solutions architect is designing storage for a high performance computing (HPC) environment based on Amazon Linux. The workload stores and processes a large amount of engineering drawings that require shared storage and heavy computing.
Which storage option would be the optimal solution?
- ❌ Amazon Elastic File System (Amazon EFS)
- ✅ Amazon FSx for Lustre
- Amazon EC2 instance store
- Amazon EBS Provisioned IOPS SSD (io1)
✨ 关键词:HPC、shared storage
1️⃣ ❌ -> 2️⃣ ✅
💡 解析:Amazon FSx for Lustre is a new, fully managed service provided by AWS based on the Lustre file system. Amazon FSx for Lustre provides a high-performance file system optimized for fast processing of workloads such as machine learning, high performance computing (HPC), video processing, financial modeling, and electronic design automation (EDA).
FSx for Lustre allows customers to create a Lustre filesystem on demand and associate it to an Amazon S3 bucket. As part of the filesystem creation, Lustre reads the objects in the buckets and adds that to the file system metadata. Any Lustre client in your VPC is then able to access the data, which gets cached on the high- speed Lustre filesystem. This is ideal for HPC workloads, because you can get the speed of an optimized Lustre file system without having to manage the complexity of deploying, optimizing, and managing the Lustre cluster.
Additionally, having the filesystem work natively with Amazon S3 means you can shut down the Lustre filesystem when you don’t need it but still access objects in Amazon S3 via other AWS Services. FSx for Lustre also allows you to also write the output of your HPC job back to Amazon S3.
Reference: https://d1.awsstatic.com/whitepapers/AWS%20Partner%20Network_HPC%20Storage%20Options_2019_FINAL.pdf