Go back

SAA 考试每日练习 - 2024/11/20

| 0 Views Edit page

来源:Amazon AWS Certified Solutions Architect - Associate SAA-C03 Exam
5 题 (No.31 ~ No.40),仅供自己复习使用。
如果侵权请联系删除。

🌟 单词:

  1. near-real-time近实时的
  2. financialadj. 财政的,财务的,金融的,有钱的
  3. transactionn. 交易,生意;处理,办理
  4. sensitiveadj. 敏感的;灵敏的;脆弱的;易受伤害的;感光的;敏锐的;神经质的;容易生气的;善解人意的,体恤的
  5. retrievaln. 取回,索回,数据检索
  6. large-scale大规模

一、AWS Config

A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances. Amazon RDS DB instances. and Amazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check.
What should a solutions architect do to accomplish this?

  1. ✅ Use AWS Config rules to define and detect resources that are not properly tagged.
  2. Use Cost Explorer to display resources that are not properly tagged. Tag those resources manually.
  3. Write API calls to check all resources for proper tag allocation. Periodically run the code on an EC2 instance.
  4. Write API calls to check all resources for proper tag allocation. Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code.

✨ 关键词:AWS configuring

1️⃣ ✅

💡 解析:一般情况下看见 AWS configuring 资源配置相关的,都是选 AWS Config
什么是 AWS Config?

AWS Config 提供了您 AWS 账户中 AWS 资源配置的详细视图。这些信息包括资源之间的关联方式以及资源以前的配置方式,让您了解资源的配置和关系如何随着的时间的推移而更改。

👨‍👨‍👦‍👦 社区讨论:Answer from ChatGPT:

Yes, you can use AWS Config to create tags for your resources. AWS Config isa service that enables you to assess,audit,and evaluate the configurations of your AWS resources. You can use AWS Config to create rules that automatically tag resources when theyare created or when their configurations change.

To create tags for your resources using AWS Config, you will need to create an AWS Config rule that specifies the tag keyand value you want to use and the resources you want to apply the tag to. You can then enable the rule and AWS Config will automaticallyapply the tag to the specified resources when theyare created or when their configurations change.

二、Static Website

A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client-side JavaScript, and images.
Which method is the MOST cost-effective for hosting the website?

  1. Containerize the website and host it in AWS Fargate.
  2. ✅ Create an Amazon S3 bucket and host the website there.
  3. Deploy a web server on an Amazon EC2 instance to host the website.
  4. Configure an Application Load Balancer with an AWS Lambda target that uses the Express.js framework.

✨ 关键词:静态网站托管、cost-effective

2️⃣ ✅

💡 解析:纯静态网站托管使用 S3 即可。

👨‍👨‍👦‍👦 社区讨论:client-side JavaScript. the website is static, so it must be S3.

三、Amazon Kinesis Data Streams

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time近实时的 solution to share the details of millions of financial财务的 transactions交易,生意 with several other internal applications. Transactions also need to be processed to remove sensitive敏感的 data before being stored in a document database for low-latency retrieval检索.
What should a solutions architect recommend to meet these requirements?

  1. Store the transactions data into Amazon DynamoDB. Set up a rule in DynamoDB to remove sensitive data from every transaction upon write. Use DynamoDB Streams to share the transactions data with other applications.
  2. ❌ Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3. Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3.
  3. ✅ Stream the transactions data into Amazon Kinesis Data Streams. Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB. Other applications can consume the transactions data off the Kinesis data stream.
  4. Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3. The Lambda function then stores the data in Amazon DynamoDB. Other applications can consume transaction files stored in Amazon S3.

✨ 关键词:remove sensitive data

2️⃣ ❌ -> 3️⃣ ✅

💡 解析:题目场景是公司每小时服务数十万用户,需要分享财务数据给内部的多个应用。系统需要是弹性的、近实时的,同时需要对财务数据去除敏感信息,还需要将其存储文档数据库以支持低延迟检索。
毫无疑问需要使用 Amazon Kinesis Data 相关服务,重点是 Amazon Kinesis Data Firehose 还是 Amazon Kinesis Data Streams
社区存在一些争议,不过偏向 3️⃣ Amazon Kinesis Data Streams 的更多占 87%。

来看下这两个服务的区别:

  • Amazon Kinesis Data Streams:更偏向于(纯粹的)可以存储数据的数据管道,对管道内数据的提取、处理高度自定义。数据处理后可以存入 DynamoDB 等另外的服务中。
  • Amazon Kinesis Data Firehose:更偏向于对数据处理的工作流:数据一旦进入流,就会经由可能的 Lambda 函数等处理层,然后迅速的传入 S3 等存储层。

仅供参考

因此针对题目场景,两个服务都行,不过问题是 Amazon Kinesis Data Firehose 不支持将数据存入 DynamoDB,这是个明显错误
什么是 Amazon Data Firehose?
了解 Amazon Data Firehose 中的数据传输
截至 2024 年 11 月只支持 6 种存储:

  • Amazon S3
  • Amazon Redshift(数据仓库)
  • OpenSearch Service
  • SplunkSplunk 是一个运营智能工具,用于实时分析机器生成的数据)
  • HTTP 端点
  • Snowflake

👨‍👨‍👦‍👦 社区讨论:I would go for C.The tricky phrase is “near-real-time solution”, pointing to Firehouse, but it can’t send data to DynamoDB, so it leaves us with C as best option. Kinesis Data Firehose currently supports Amazon S3, Amazon Redshift, Amazon OpenSearch Service,Splunk, Datadog, NewRelic, Dynatrace,Sumologic, LogicMonitor, MongoDB,and HTTP End Point as destinations.

四、AWS Config & AWS CloudTrail

A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made to these resources.
What should a solutions architect do to meet these requirements?

  1. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls.
  2. ✅ Use AWS Config to track configuration changes and AWS CloudTrail to record API calls.
  3. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls.
  4. Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls.

✨ 关键词:configuration、record a history of API calls

2️⃣ ✅

💡 解析:涉及到记录 AWS 资源的 API 操作历史,需要使用 CloudTrail

CloudTrail 通过跟踪用户活动和 API 使用,支持审计、安全监控和操作故障排除。CloudTrail 记录、持续监控和保留与您的 AWS 基础设施中操作相关的账户活动,让您能够控制存储、分析和修复操作。

CloudWatch 是监控 AWS 资源和应用程序状态的,不选。

👨‍👨‍👦‍👦 社区讨论:CloudTrail - Track user activityand API call history.
Config - Assess,audits,and evaluates the configuration and relationships of tag resources.

五、DDoS attacks

A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company’s solutions architect must recommend a solution to detect and protect against large-scale大规模 DDoS attacks.
Which solution meets these requirements?

  1. Enable Amazon GuardDuty on the account.
  2. Enable Amazon Inspector on the EC2 instances.
  3. Enable AWS Shield and assign Amazon Route 53 to it.
  4. ✅ Enable AWS Shield Advanced and assign the ELB to it.

✨ 关键词:detect and protect against large-scale DDoS attacks、third-party DNS

4️⃣ ✅

💡 解析:AWS Shield Standard 也提供了基础的 DDoS 防御能力,应该也能使用。
不过之后看社区讨论指出了 Amazon Route 53 并非第三方 DNS 服务,是明显错误,可以排除 3️⃣,选 4️⃣。

👨‍👨‍👦‍👦 社区讨论:C is incorrect because question saysThird party DNS and route 53 is AWS proprietary

Edit page
Share this post on:
Share this post via WhatsAppShare this post on FacebookShare this post on XShare this post via TelegramShare this post on PinterestShare this post via email
Previous Post
AWS 知识点 - 部署和管理
Next Post
日语翻译 - 新闻 - バルト海 海底の通信ケーブル 切断や損傷が相次ぐ 当局が捜査