SAA 考试每日练习 - 2024/11/17

来源：Amazon AWS Certified Solutions Architect - Associate SAA-C03 Exam
10 题 (No.1 ~ No.10)，仅供自己复习使用。
如果侵权请联系删除。

🌟 单词：

1. ingests_{v. 食入, 摄入, 咽下}
2. vary_{v. （使）改变，使多样化；变化；不同，有差异}
3. drastically_{adv. 彻底地；激烈地}
4. serves_{v. 服务；提供；接待；任期为；为…工作，服役 | n. 发球}
5. coordinate_{v. （使）协调，（使）相配合；使（身体各部位）动作协调 | n. 坐标；（衣服、家具等）搭配，协调 | adj. 同等的，并列的；坐标的}
6. modernize_{v. 使（制度、方法等）现代化，使（设备、概念等）现代化}
7. resiliency_{n. 跳回(回弹，弹力，弹性变形，冲击值)}
8. scalability_{n. 〔测〕可量测性；可扩展性}
9. frequently_{adv. 频繁地, 时常, 不断地}
10. rarely_{adv. 很少，罕有，不常}
11. low-latency_{adj. 低延迟的}
12. principal_{n. 校长；院长；负责人；主要演员；本金；委托人；主犯 | adj. 首要的；主要的；最重要的；资本的；本金的}

一、S3 Transfer Acceleration

A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents_洲，大陆. The average volume of data that the company collects from each site daily is 500 GB. Each site has a high-speed Internet connection.
The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must minimize operational complexity.
Which solution meets these requirements?

1. ✅ Turn on S3 Transfer Acceleration on the destination S3 bucket. Use multipart uploads to directly upload site data to the destination S3 bucket.
2. ❌ Upload the data from each site to an S3 bucket in the closest Region. Use S3 Cross-Region Replication to copy objects to the destination S3 bucket. Then remove the data from the origin S3 bucket.
3. Schedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region.Use S3 Cross-Region Replication to copy objects to the destination S3 bucket.
4. Upload the data from each site to an Amazon EC2 instance in the closest Region. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. At regular intervals, take an EBS snapshot and copy it to the Region that contains the destination S3 bucket. Restore the EBS volume in that Region.

✨ 关键词：500 GB、high-speed Internet connection、save into a single Amazon S3 bucket

2️⃣ ❌ -> 1️⃣ ✅

💡 解析：题目背景是公司从多个洲的城市收集数据，从每个网站（洲或城市）收集数据的大小是 500 GB，之间有高速互联网连接。需要将这些数据尽快传到单个 S3 存储桶。要求最简单的架构。
这是 S3 Transfer Acceleratio 的使用场景。

S3 Transfer Acceleration S3 远距离上传和下载更快
Amazon S3 Transfer Acceleration (S3TA) 可将与 Amazon S3 之间的内容传输速度加快 50-500%，以便大型对象远距离传输。拥有具有广泛用户的 Web 或移动应用程序或托管在远离其 S3 存储桶之处的应用程序的客户可以在 Internet 上体验长时间且可变的上传和下载速度。 S3 Transfer Acceleration (S3TA) 减少了可能影响传输的 Internet 路由、拥塞和速度的变化，并在逻辑上缩短了远程应用程序到 S3 的距离。S3TA 通过 Amazon CloudFront 遍布全球的边缘站点和 AWS 支柱网络来路由流量，并通过使用网络协议优化，从而提高了传输性能。您可以在 S3 控制台上点击几下打开 S3TA，并使用速度比较工具从您的位置测试其优势。
使用 S3TA，您只需为加速的传输付费。

不选 2️⃣ S3 Cross-Region Replication 的原因是它更偏向于制造副本的容灾场景。并且如果你使用复制的话，还需要删除源桶中的数据，较为繁琐。

👨‍👨‍👦‍👦 社区讨论：General line: Collect huge amount of the filesacross multiple continents
Conditions: High speed Internet connectivity
Task:aggregate the data from all in a single S3 bucket
Requirements:as quickas possible, minimize operational complexity

Correct answer A:S3 Transfer Acceleration because:

• ideally works with objects for long-distance transfer (usesEdge Locations)
• can speed up content transfers to and from S3 as much as 50-500%
• use cases: mobile & web application uploadsand downloads, distributed office transfers, data exchange with trusted partners. Generally for sharing of large data sets between companies, customers can set up special access to theirS3 buckets with accelerated uploads to speed data exchangesand the pace of innovation.

B - about disaster recovery C - about transferring data between your local environment and the AWS Cloud D - about disaster recovery

二、Amazon Athena

A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand. A solutions architect needs to perform the analysis with minimal changes to the existing architecture.
What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

1. ❌ Use Amazon Redshift to load all the content into one place and run the SQL queries as needed.
2. Use Amazon CloudWatch Logs to store the logs. Run SQL queries as needed from the Amazon CloudWatch console.
3. ✅ Use Amazon Athena directly with Amazon S3 to run the queries as needed.
4. Use AWS Glue to catalog the logs. Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed.

✨ 关键词：logs are stored in JSON format in an Amazon S3 bucket、Amazon Redshift

1️⃣ ❌ -> 3️⃣ ✅

💡 解析：日志以 JSON 格式保存在了 S3 存储桶中，需要按需进行检索。要求对当前架构有最小修改。最简单的架构。
这是 Amazon Athena 的使用场景。

Amazon Athena 灵活轻松地分析包含它的 PB 级数据

Amazon Athena 是一项基于开源框架的无服务器交互式分析服务，支持开源表和文件格式。Athena 提供了一种简化、灵活的方法来分析包含它的 PB 级数据。从 Amazon Simple Storage Service（S3）数据湖和超过 30 个数据来源（包括本地数据来源，或使用 SQL 或 Python 的其他云系统）分析数据或构建应用程序。Athena 基于开源 Trino 和 Presto 引擎以及 Apache Spark 框架构建，无需进行预配或配置。

3️⃣ 当然也能解决问题，将数据导入 Redshift 之后在进行检索，但是对比 1️⃣ 更复杂因此不选。

👨‍👨‍👦‍👦 社区讨论：Keyword:

• Queries will be simple and will run on-demand.
• Minimal changes to the existing architecture.

A: Incorrect - We have to do 2 step. load all content to Redshift and run SQL query (This is simple query so we can you Athena, for complex query we will apply Redshit) B: Incorrect - Our query will be run on-demand so we don’t need to use CloudWatch Logs to store the logs. C: Correct - This is simple query we can apply Athena directly on S3 D: Incorrect - This take 2 step: use AWS Glue to catalog the logsand use Sparkto run SQL query

三、AWS Organizations

A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead?

1. ✅ Add the aws PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.
2. Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.
3. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.
4. Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy.

✨ 关键词：IAM、AWS Organizations、S3 bucket policy

1️⃣ ✅

💡 解析：需要将 S3 存储桶中的产品报告分享给 AWS Organizations 中的用户。最少操作。
这是 PrincipalOrgID 的使用场景。

AWS:PrincipalOrgID 条件键

AWS:PrincipalOrgID 条件键
您可以使用此条件键将过滤条件应用于基于资源的策略的主体元素。您可以将任何字符串运算符（例如 StringLike）与此条件一起使用，并将 Amazon Organizations ID 指定为其值。

条件键	说明	运算符	值
aws:PrincipalOrgID	验证访问资源的主体是否属于您组织中的账户。	所有字符串运算符	任何Amazon Organizations ID

👨‍👨‍👦‍👦 社区讨论：aws:PrincipalOrgID Validates if the principal accessing the resource belongs to an account in your organization.

The following condition keysare especially useful with AWS Organizations:
aws:PrincipalOrgID – Simplifies specifying the Principal element in a resource-based policy.This global key providesan alternative to listing all the account IDs for all AWS accounts in an organization. Instead of listing all of the accounts that are members of an organization, you can specify the organization ID in the Condition element.

aws:PrincipalOrgPaths – Use this condition key to match members of a specific organization root,an OU, or its children.The aws:PrincipalOrgPaths condition key returns true when the principal (root user, IAM user, or role) making the request is in the specified organization path. A path isa text representation of the structure of an AWS Organizationsentity.

四、VPC Gateway Endpoint

An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3?

1. ✅ Create a gateway VPC endpoint to the S3 bucket.
2. Stream the logs to Amazon CloudWatch Logs. Export the logs to the S3 bucket.
3. Create an instance profile on Amazon EC2 to allow S3 access.
4. Create an Amazon API Gateway API with a private link to access the S3 endpoint.

✨ 关键词：S3 bucket、gateway VPC endpoint

1️⃣ ✅

💡 解析：运行在 VPC 中的 EC2 实例想要不经由互联网访问 S3 存储桶。
这是 网关终端节点（只支持 S3 和 DynamoDB​）的最佳使用场景。

👨‍👨‍👦‍👦 社区讨论：Keywords:

• EC2 in VPC
• EC2 instance needs to access the S3 bucket without connectivity to the internet

A: Correct - Gateway VPC endpoint can connect to S3 bucket privately without additional cost
B: Incorrect - You can set up interface VPC endpoint for CloudWatch Logs for private networkfrom EC2 to CloudWatch. But from CloudWatch to S3 bucket: Log data can take up to 12 hours to become available forexport and the requirement only need EC2 to S3
C: Incorrect - Create an instance profile just grant access but not help EC2 connect to S3 privately
D: Incorrect - API Gateway like the proxy which receive networkfrom out site and it forward request to AWS Lambda, Amazon EC2,Elastic Load Balancing products such as Application Load Balancers or Classic Load Balancers, Amazon DynamoDB, Amazon Kinesis, or any publiclyavailable HTTPS-based endpoint. But notS3

五、EFS

A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that, each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time.
What should a solutions architect propose to ensure users see all of their documents at once?

1. Copy the data so both EBS volumes contain all the documents
2. Configure the Application Load Balancer to direct a user to the server with the documents
3. ✅ Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS
4. Configure the Application Load Balancer to send the request to both servers. Return each document from the correct server

✨ 关键词：EFS、分布式数据不一致

3️⃣ ✅

💡 解析：公司从又在另一个可用区部署了一个使用 EBS 的 EC2 实例，并将其放置在 ALB 后，这导致了用户会随机在既存的一台和新的机器中跳转，存在上传了文件之后被跳转到另一台机器的情况。
使用 EFS 解决，之后两台 EC2 实例都使用着一个 EFS。

这里需要注意的是：EFS 是 区域 级别的资源，它将数据存储在多个可用区中。

六、AWS Snowball

A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth.
Which solution will meet these requirements?

1. Create an S3 bucket. Create an IAM role that has permissions to write to the S3 bucket. Use the AWS CLI to copy all files locally to the S3 bucket.
2. ✅ Create an AWS Snowball Edge job. Receive a Snowball Edge device on premises. Use the Snowball Edge client to transfer data to the device. Return the device so that AWS can import the data into Amazon S3.
3. Deploy an S3 File Gateway on premises. Create a public service endpoint to connect to the S3 File Gateway. Create an S3 bucket. Create a new NFS file share on the S3 File Gateway. Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.
4. Set up an AWS Direct Connect connection between the on-premises network and AWS. Deploy an S3 File Gateway on premises. Create a public virtual interface (VIF) to connect to the S3 File Gateway. Create an S3 bucket. Create a new NFS file share on the S3 File Gateway. Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.

✨ 关键词：70 TB、using the least possible network bandwidth、AWS Snowball

2️⃣ ✅

💡 解析：公司又总量 70 TB 且不再增长的适配文件需要存储，并决定将其迁移到 S3，使用最少的网络带宽。
这是 AWS Snowball 的最佳使用场景，申请 Snowball 设备，等收到设备后在本地将数据转移至 Snowball 设备，然后寄给 AWS。

• AWS Snowcone：14TB 的可用存储容量。
• Snowball Edge Storage Optimized：80TB 硬盘驱动器 (HDD) 容量，用于块卷和与 Amazon S3 兼容的对象存储。
• Snowball Edge Compute Optimized：80TB 可用 HDD 容量，用于与 Amazon S3 兼容的对象存储或与 Amazon EBS 兼容的块卷。28TB 可用 NVMe SSD 容量，用于与 Amazon EBS 兼容的块卷。同时性能更强、也支持添加 GPU 设备。
• AWS Snowmobile：是一个 45 英尺长的加固集装箱，由一台半挂卡车牵引，一次可以传输高达 100PB 的数据。

七、Fan Out

A company has an application that ingests incoming messages. Dozens of other applications and microservices then quickly consume these messages. The number of messages varies_变化 drastically_激烈地 and sometimes increases suddenly to 100,000 each second. The company wants to decouple the solution and increase scalability.
Which solution meets these requirements?

1. Persist the messages to Amazon Kinesis Data Analytics. Configure the consumer applications to read and process the messages.
2. Deploy the ingestion application on Amazon EC2 instances in an Auto Scaling group to scale the number of EC2 instances based on CPU metrics.
3. ❌ Write the messages to Amazon Kinesis Data Streams with a single shard. Use an AWS Lambda function to preprocess messages and store them in Amazon DynamoDB. Configure the consumer applications to read from DynamoDB to process the messages.
4. ✅ Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon SQS) subscriptions. Configure the consumer applications to process the messages from the queues.

✨ 关键词：Data Stream、messages number varies drastically、consume these messages

3️⃣ ❌ -> 4️⃣ ✅

💡 解析：需要消费数量变化的数据消息。
典型的 Fan Out 架构场景，最终的消费者应用程序肯定是连接 SQS 的。

这里社区讨论中提到了吞吐量，最新的 SQS 已经不限制吞吐量了：

无限吞吐量：标准队列支持使每个 API 操作的每秒事务数 (TPS) 几乎不受限制。

不过 FIFO 队列任然有限制：

高吞吐量：默认情况下，FIFO 队列每秒最多支持 300 条消息（每秒 300 次发送、接收或删除操作）。如果每次操作批处理 10 条消息（最多），FIFO 队列每秒最多可支持 3,000 条消息。如果您需要更高的吞吐量，可以在 Amazon SQS 控制台上为 FIFO 启用高吞吐量模式，该模式将支持每秒多达 24,000 条消息（使用批处理），或者在不进行批处理的情况下每秒最多支持 2,400 条消息。

👨‍👨‍👦‍👦 社区讨论：By default,an SQS queue can handle a maximum of 3,000 messages per second. However, you can request higher throughput by contacting AWS Support. AWS can increase the message throughput for your queue beyond the default limits in increments of 300 messages per second, up to a maximum of 10,000 messages per second.

It’s important to note that the maximum number of messages per second that a queue can handle is not the same as the maximum number of requests per second that the SQS API can handle.The SQS API is designed to handle a high volume of requests per second, so it can be used to send messages to your queue at a rate that exceeds the maximum message throughput of the queue.

八、EC2 Auto Scaling

A company is migrating a distributed application to AWS. The application serves_提供 variable workloads. The legacy platform consists of a primary server that coordinates_协调 jobs across multiple compute nodes. The company wants to modernize the application with a solution that maximizes resiliency_弹性 and scalability_可扩展性.
How should a solutions architect design the architecture to meet these requirements?

1. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs. Implement the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure EC2 Auto Scaling to use scheduled scaling.
2. ✅ Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs. Implement the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure EC2 Auto Scaling based on the size of the queue.
3. Implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure AWS CloudTrail as a destination for the jobs. Configure EC2 Auto Scaling based on the load on the primary server.
4. Implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure Amazon EventBridge (Amazon CloudWatch Events) as a destination for the jobs. Configure EC2 Auto Scaling based on the load on the compute nodes.

✨ 关键词：variable workloads、SQS、EC2 Auto Scaling

2️⃣ ✅

💡 解析：公司既有的框架中，有一台主要的服务器来分配工作负载，希望在迁移到 AWS 后最大化弹性和扩展性。
使用 SQS + EC2 弹性扩展组可以解决问题。
而 1️⃣ 和 2️⃣ 对比的话，显然计划扩展不如根据 SQS 队列长度扩展来的好。

👨‍👨‍👦‍👦 社区讨论：A - incorrect:Schedule scaling policy doesn’t make sense.
C, D - incorrect: Primary server should not be in same Auto Scaling group with compute nodes.

九、S3 and it’s lifecycle policy

A company is running an SMB file server in its data center. The file server stores large files that are accessed frequently_频繁地 for the first few days after the files are created. After 7 days the files are rarely_{少见地，罕有地} accessed. The total data size is increasing and is close to the company’s total storage capacity. A solutions architect must increase the company’s available storage space without losing low-latency_低延迟的 access to the most recently accessed files. The solutions architect must also provide file lifecycle management to avoid future storage issues.
Which solution will meet these requirements?

1. Use AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS.
2. ✅ Create an Amazon S3 File Gateway to extend the company’s storage space. Create an S3 Lifecycle policy to transition the data to S3 Glacier Deep Archive after 7 days.
3. Create an Amazon FSx for Windows File Server file system to extend the company’s storage space.
4. Install a utility on each user’s computer to access Amazon S3. Create an S3 Lifecycle policy to transition the data to S3 Glacier Flexible Retrieval after 7 days.

✨ 关键词：data size is increasing and is close to the company’s total storage capacity、without losing low-latency access、SMB

2️⃣ ✅

💡 解析：文件最初的几天访问频繁，7 天之后访问次数很少。文件总规模仍在扩大且快要触及公司存储上限。需要扩容并确保对最常访问文件的低延迟。还需要使用生命周期策略来覆盖未来的存储问题。
可能要使用到 S3 与其生命周期策略，在 2️⃣ 和 4️⃣ 中选择的话，2️⃣ 的操作更简单，且使用了 AWS 提供的解决方案。

什么是 Amazon S3 文件网关

AWS Storage Gateway 可以连接本地 IT 环境与 AWS 存储基础设施。
通过使用此组合，可以使用行业标准文件协议（如网络文件系统 (NFS)）和服务器消息块 (SMB) 在 Amazon S3 中存储和检索对象。
A S3 File Gateway simplifies file storage in Amazon S3, integrates to existing applications through industry-standard file system protocols, and provides a cost-effective alternative to on-premises storage. It also provides low-latency access to data through transparent local caching. A S3 File Gateway manages data transfer to and from AWS, buffers applications from network congestion, optimizes and streams data in parallel, and manages bandwidth consumption.

Amazon S3 File Gateway 使用了文件缓存来确保低延迟（使用 AWS 的网络传输似乎也能保证低延迟？）。

👨‍👨‍👦‍👦 社区讨论：B answwer is correct. low latency is only needed for newer files. Additionally, File GW provides low latencyaccess by caching frequentlyaccessed files locally so answer is B

十、Amazon SQS FIFO queue

A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received.
Which solution will meet these requirements?

1. Use an API Gateway integration to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when the application receives an order. Subscribe an AWS Lambda function to the topic to perform processing.
2. ✅ Use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue when the application receives an order. Configure the SQS FIFO queue to invoke an AWS Lambda function for processing.
3. Use an API Gateway authorizer to block any requests while the application processes an order.
4. Use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) standard queue when the application receives an order. Configure the SQS standard queue to invoke an AWS Lambda function for processing.

✨ 关键词：ensure that orders are processed in the order that they are received、Amazon SQS FIFO queue

2️⃣ ✅

💡 解析：需要按照顺序处理消息。
FIFO SQS 的最佳使用场景。

Amazon SQS 功能

FIFO 队列

• “正好一次”处理：消息只交付一次，在使用者处理并删除它之前一直可用。队列中不会引入重复项。
• 先进先出交付：严格保持消息的发送和接收顺序（即先进先出）。