Go back

SAA 考试每日练习 - 2024/11/22

| 0 Views Edit page

来源:Amazon AWS Certified Solutions Architect - Associate SAA-C03 Exam
5 题 (No.41 ~ No.45),仅供自己复习使用。
如果侵权请联系删除。

🌟 单词:

  1. concernedadj. 担心的,忧虑的;感兴趣的;关切的,关注的 | v. 涉及,牵涉;让……担忧(“concern”的过去式和过去分词)
  2. time-sensitive时间敏感的
  3. long-term长期的
  4. criticaladj. 批评的,批判的;紧要的,关键性的;严重的,危急的;审慎的,严谨的;评论性的;挑剔的;临界的
  5. accidentaladj. 意外的,偶然的;不测的;非本质的;附带的 | n. 偶然,临时符,变音记号
  6. occasionallyadv. 偶尔地
  7. correspondingadj. 符合的,相应的,相关的 | v. “correspond”的现在分词

一、Data flows from SaaS

A company’s application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.
Which solution will meet these requirements with the LEAST operational overhead?

  1. Create an Auto Scaling group so that EC2 instances can scale out. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
  2. ✅ Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
  3. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output data. Configure the S3 bucket as the rule’s target. Create a second EventBridge (Cloud Watch Events) rule to send events when the upload to the S3 bucket is complete. Configure an Amazon Simple Notification Service (Amazon SNS) topicas the second rule’s target.
  4. Create a Docker container to use instead of an EC2 instance. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete

✨ 关键词:LEAST operational overhead、

2️⃣ ✅

💡 解析:应该程序接收数据并上传到 S3 存储桶,上传完成后发送通知给客户。现在遇到性能问题。希望使用最简单的架构。
上传后的通知可以通过 S3 事件 + SNS 实现,数据的传输 AppFlow 就能实现。

Amazon AppFlow 软件即服务(SaaS)和 AWS 服务之间的自动化数据流

Amazon AppFlow 是一项完全托管的集成服务,让您只需单击几下即可在 Salesforce、Marketo、Slack 和 ServiceNow 之类的软件即服务 (SaaS) 应用程序与 Amazon S3 和 Amazon Redshift 之类的 AWS 服务之间安全地传输数据。使用 AppFlow,您可以根据计划几乎以任何规模按您选择的频率针对业务事件要求或按需运行数据流。您可以配置强大的数据转换功能,例如筛选和验证,以生成丰富、随时可用的数据作为流本身的一部分,无需执行额外步骤。AppFlow 会自动加密动态数据,使用户可以限制与 AWS PrivateLink 集成的 SaaS 应用程序的数据在公共互联网上流动,从而减少暴露于安全威胁之中的风险。

👨‍👨‍👦‍👦 社区讨论:It says “LEAST operational overhead” (ie do it in a way it’s the less workfor me).
If you know a little Amazon AppFlow (see the some videos) you’ll see you’ll need time to configure and test it,and at the end cope with the errors during the extraction and load the info to the target.
The customer in the example ALREADY has some EC2 that do the work, the only problem is the performance, that WILL be improved scaling out and adding a queue (SNS) to decouple the work of notify the user.
The operational load of doing this is LESS that configuring AppFlow.

二、VPC Gateway endpoint

A company runs a highly available image-processing application on Amazon EC2 instances in a single VPC. The EC2 instances run inside several subnets across multiple Availability Zones. The EC2 instances do not communicate with each other.
However, the EC2 instances download images from Amazon S3 and upload images to Amazon S3 through a single NAT gateway. The company is concerned担忧 about data transfer charges.
What is the MOST cost-effective way for the company to avoid Regional data transfer charges?

  1. Launch the NAT gateway in each Availability Zone.
  2. Replace the NAT gateway with a NAT instance.
  3. ✅ Deploy a gateway VPC endpoint for Amazon S3.
  4. Provision an EC2 Dedicated Host to run the EC2 instances.

✨ 关键词:the MOST cost-effective way、NAT gateway、data transfer charges

3️⃣ ✅

💡 解析:不同子网、不同可用区的 EC2 实例访问 S3 存在网络传输问题,之前是使用一个 NAT 网关,那么就相当于走公网了,需要改成走私网。
毫无疑问选择 网关终端节点(只支持 S3DynamoDB)。

👨‍👨‍👦‍👦 社区讨论:Deploying a gateway VPC endpoint for Amazon S3 is the most cost-effective way for the company to avoid Regional data transfer charges. A gateway VPC endpoint isa network gateway that allows communication between instances in a VPC and a service, such as Amazon S3, without requiring an Internet gateway or a NAT device. Data transfer between the VPC and the service through a gateway VPC endpoint is free of charge, while data transfer between the VPC and the Internet through an Internet gateway or NAT device is subject to data transfer charges. By using a gateway VPC endpoint, the company can reduce its data transfer costs byeliminating the need to transfer data through the NAT gateway to access Amazon S3.This option would provide the required connectivity to Amazon S3 and minimize data transfer charges.

三、Internet bandwidth limitations

A company has an on-premises application that generates a large amount of time-sensitive时间敏感的 data that is backed up to Amazon S3. The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long-term长期的 solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.
Which solution meets these requirements?

  1. Establish AWS VPN connections and proxy all traffic through a VPC gateway endpoint.
  2. ✅ Establish a new AWS Direct Connect connection and direct backup traffic through this new connection.
  3. Order daily AWS Snowball devices. Load the data onto the Snowball devices and return the devices to AWS each day.
  4. Submit a support ticket through the AWS Management Console. Request the removal of S3 service limits from the account.

✨ 关键词:on-premises application、time-sensitive data、timely backups to Amazon S3、minimal impact on internet connectivity for internal users

2️⃣ ✅

💡 解析:本地部署的应用程序定时存数据到 S3,同时公网用户抱怨网络传输速度。需要长期的解决方案。
本地应用程序有公网传输速度瓶颈,又需要使用 S3,似乎需要本地部署基础设施。但是选项中没有,选 2️⃣ 是唯一可以解决公网传输速度瓶颈问题的。

👨‍👨‍👦‍👦 社区讨论:A: VPN also goes through the internet and uses the bandwidth
C: dailySnowball transfer is not reallya long-term solution when it comes to cost and efficiency
D: S3 limits don’t change anything here

四、Protect critical data from accidental deletion

A company has an Amazon S3 bucket that contains critical关键的 data. The company must protect the data from accidental意外的 deletion.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

  1. ✅ Enable versioning on the S3 bucket.
  2. ✅ Enable MFA Delete on the S3 bucket.
  3. ❌ Create a bucket policy on the S3 bucket.
  4. Enable default encryption on the S3 bucket.
  5. Create a lifecycle policy for the objects in the S3 bucket.

✨ 关键词:critical data、protect from accidental deletion

2️⃣ 3️⃣ ❌ -> 1️⃣ 2️⃣ ✅

💡 解析:需要对 S3 存储桶进行操作来防止用户误删关键数据。
1️⃣ 开启版本支持,可以做到误删后还原。 2️⃣ 开启删除时的二步验证。
3️⃣ 开启存储桶策略,可以做到保护,但是无法做到授权可访问用户的意外删除。 4️⃣ 开启默认加密,无法阻止删除操作。
5️⃣ 开启生命周期策略,做文件转移,无法保护其不被删除。

题目似乎聚焦于 architect 误删 这个动作,更多强调的是有权删除的用户不小心删除重要文件。
需要做的是保证误删后的立即恢复以及二步验证做确认。

除了 1️⃣ 版本控制 2️⃣ 二步验证以外,官方还推荐进行 Cross-Region Replication 跨区域复制保留副本来应对误删行为。

👨‍👨‍👦‍👦 社区讨论:The correct solution is AB,as you can see here:
https://aws.amazon.com/it/premiumsupport/knowledge-center/s3-audit-deleted-missing-objects/

It states the following:

To prevent or mitigate future accidental deletions, consider the following features:
Enable versioning to keep historical versions of an object.
Enable Cross-Region Replication of objects.
Enable MFA delete to require multi-factor authentication (MFA) when deleting an object version.

五、Data ingestion with queue

A company has a data ingestion workflow that consists of the following:

  • An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries
  • An AWS Lambda function to process the data and record metadata

The company observes that the ingestion workflow fails occasionally偶尔地 because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding相应的 data unless the company manually reruns the job.
Which combination of actions should a solutions architect take to ensure that the Lambda function ingests all data in the future? (Choose two.)

  1. Deploy the Lambda function in multiple Availability Zones.
  2. ✅ Create an Amazon Simple Queue Service (Amazon SQS) queue, and subscribe it to the SNS topic.
  3. Increase the CPU and memory that are allocated to the Lambda function.
  4. Increase provisioned throughput for the Lambda function.
  5. ✅ Modify the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue.

✨ 关键词:the Lambda function does not ingest the corresponding data、SNS

2️⃣ 5️⃣ ✅

💡 解析:数据处理工作流程:SNS 发送新数据达到的通知,Lambda 处理数据并记录元数据。由于网络原因偶发 Lambda 函数不接受新数据的问题,只能通过公司手动重启工作才能恢复。做什么才能确保 Lambda 处理所有数据。
SQS FIFO 队列可以确保数据不丢失和先进先出。没有 FIFO 的话也没有关系,2️⃣ 4️⃣ 就能解决问题。
SNS + SQS 是 Fan Out 架构,同时让 Lambda 函数监听 SQS 队列,处理一条消费一条保证不丢失。

👨‍👨‍👦‍👦 社区讨论:A, C, D optionsare out, since Lambda is fully managed service which provides high availabilityand scalability by its own
Answersare B and E

Edit page
Share this post on:
Share this post via WhatsAppShare this post on FacebookShare this post on XShare this post via TelegramShare this post on PinterestShare this post via email
Previous Post
AWS 知识点 - IAM (Identity and Access Management)
Next Post
日语翻译 - 新闻 - 精神障害になったとして労災と認められた管理職など 過去最多