来源:AWS解决方案架构师认证-助理级(SAA-C03)仿真练习题
4 题,免费题库,题目质量不高,仅供自己复习使用。
如果侵权请联系删除。
🌟 单词:
- approximatelyadv. 大约,大概,约莫
- secureadj. 安心的;安全的;牢固的;有把握的;稳定的 | v. 使安全;担保,保护;(使)获得
- consistentadj. 一致的;始终如一的;连续的;持续的;相符的;符合的;相互连贯的
一、AWS Web Application Firewall (WAF) - Block IP address
A company’s website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer
(ALB). There is also an Amazon CloudFront distribution, and AWS WAF is being used to protect against SQL injection attacks. The ALB is the origin for the
CloudFront distribution. A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website.
What should a solutions architect do to protect the application?
- ❌ Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
- ✅ Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.
- Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
- Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
✨ 关键词:CloudFront、WAF、Block IP address
4️⃣ ❌ -> 2️⃣ ✅
💡 解析:Reference:
https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/
二、AWS account root user access
A solution architect has created a new AWS account and must secure AWS account root user access.
Which combination of actions will accomplish this? (Choose two.)
- ❌ Ensure the root user uses a strong password.
- ✅ Enable multi-factor authentication to the root user.
- Store root user access keys in an encrypted Amazon S3 bucket.
- ✅ Add the root user to a group containing administrative permissions.
- Apply the required permissions to the root user with an inline policy document.
✨ 关键词:root user、permissions
1️⃣ 2️⃣ ❌ -> 2️⃣ 4️⃣ ✅
💡 解析:无。
三、Amazon S3 One Zone-IA
A data science team requires storage for nightly log processing. The size and number of logs is unknown and will persist for 24 hours only.
What is the MOST cost-effective solution?
- Amazon S3 Glacier
- ❌ Amazon S3 Standard
- Amazon S3 Intelligent-Tiering
- ✅ Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
✨ 关键词:nightly log、persist for 24 hours only
2️⃣ ❌ -> 4️⃣ ✅
💡 解析:Reference:
https://aws.amazon.com/s3/storage-classes/#Unknown_or_changing_access
- Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
S3 单区 - IA 适用于不常访问、但在需要时要求快速访问的数据。
四、AWS Snowball & AWS Direct Connect & AWS Site-to-Site VPN
A recently acquired company is required to build its own infrastructure on AWS and migrate multiple applications to the cloud within a month. Each application has approximately 50 TB of data to be transferred. After the migration is complete, this company and its parent company will both require secure使安全 network connectivity with consistent throughput from their data centers to the applications. A solutions architect must ensure one-time data migration and ongoing network connectivity.
Which solution will meet these requirements?
1. AWS Direct Connect for both the initial transfer and ongoing connectivity.
2. AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity.
3. ✅ AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.
4. ❌ AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity.
✨ 关键词:50 TB Data one-time migration、two companies connect
4️⃣ ❌ -> 3️⃣ ✅
💡 解析:Reference:
https://docs.aws.amazon.com/dms/latest/userguide/CHAP_LargeDBs.html
https://aws.amazon.com/directconnect/