SAA 考试每日练习 - 2024/12/08

来源：Amazon AWS Certified Solutions Architect - Associate SAA-C03 Exam
30 题 (No.471 ~ No.500) 只记录了 8 道首次碰到的、错误的或有疑问的题目，仅供自己复习使用。
如果侵权请联系删除。

一、AWS Lambda function with .NET 6

A company containerized a Windows job that runs on .NET 6 Framework under a Windows container. The company wants to run this job in the AWS Cloud. The job runs every 10 minutes. The job’s runtime varies between 1 minute and 3 minutes.
Which solution will meet these requirements MOST cost-effectively?

1. ✅ Create an AWS Lambda function based on the container image of the job. Configure Amazon EventBridge to invoke the function every 10 minutes.
2. ❌ Use AWS Batch to create a job that uses AWS Fargate resources. Configure the job scheduling to run every 10 minutes.
3. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate to run the job. Create a scheduled task based on the container image of the job to run every 10 minutes.
4. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate to run the job. Create a standalone task based on the container image of the job. Use Windows task scheduler to run the job every 10 minutes.

✨ 关键词：containerized

2️⃣ ❌ -> 1️⃣ ✅

💡 解析：Introducing the .NET 6 runtime for AWS Lambda

You can now use the .NET 6 runtime to build AWS Lambda functions. The new managed runtime supports both x86 and Arm/Graviton2 processors.

Lambda 在 2022 年已经支持了 .NET 6，因此 1️⃣ 没问题。

AWS Batch 常见问题

AWS Batch 是一系列批处理管理功能，能够让开发人员、科学家和工程师轻松高效地在 AWS 上运行成千上万个批处理计算作业。AWS Batch 可根据提交的批处理作业的卷和特定资源需求动态预置最佳的计算资源（如 CPU 或内存优化计算资源）数量和类型。借助 AWS Batch，您无需安装和管理批处理计算软件或服务器集群，从而使您能够集中精力分析结果和解决问题。AWS Batch 使用 Amazon ECS、Amazon EKS 和 AWS Fargate 计划、安排和执行您的批处理计算工作负载，并可选择使用竞价型实例。

2️⃣ 也不存在问题，3️⃣ 也不存在问题。

👨‍👨‍👦‍👦 社区讨论：selected answer : A
AWS Lambda now supports .NET 6 as both a managed runtime and a container base image

二、Centralized corporate directory service

A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units. The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service.
Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)

1. ✅ Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.
2. Set up an Amazon Cognito identity pool. Configure AWS IAM Identity Center (AWS Single Sign-On) to accept Amazon Cognito authentication.
3. ❌ Configure a service control policy (SCP) to manage the AWS accounts. Add AWS IAM Identity Center (AWS Single Sign-On) to AWS Directory Service.
4. Create a new organization in AWS Organizations. Configure the organization’s authentication mechanism to use AWS Directory Service directly.
5. ✅ Set up AWS IAM Identity Center (AWS Single Sign-On) in the organization. Configure IAM Identity Center, and integrate it with the company’s corporate directory service.

✨ 关键词：

1️⃣ 3️⃣ ❌ -> 1️⃣ 5️⃣ ✅

💡 解析：题干中已经提到了 centralized corporate directory service（集中式的公司目录服务），因此选 5️⃣。
通过 5️⃣ 的 AWS Single Sign-On 并使用公司目录服务，就不用再创建一堆 AWS 账户了。

👨‍👨‍👦‍👦 社区讨论：A. By creating a new organization in AWS Organizations, you can establish a consolidated multi-account architecture.This allows you to create and manage multiple AWS accounts for different business units under a single organization.
E.Setting up AWS IAM Identity Center (AWS Single Sign-On) within the organization enables you to integrate it with the company’s corporate directory service. This integration allows for centralized authentication, where users can sign in using their corporate credentialsand access the AWS accounts within the organization.

Together, these actions create a centralized, multi-account architecture that leverages AWS Organizations for account management and AWS IAM Identity Center (AWS Single Sign-On) for authentication and access control.

三、Expedited retrievals

A company is looking for a solution that can store video archives in AWS from old news footage. The company needs to minimize costs and will rarely need to restore these files. When the files are needed, they must be available in a maximum of five minutes.
What is the MOST cost-effective solution?

1. ✅ Store the video archives in Amazon S3 Glacier and use Expedited retrievals.
2. Store the video archives in Amazon S3 Glacier and use Standard retrievals.
3. ❌ Store the video archives in Amazon S3 Standard-Infrequent Access (S3 Standard-IA).
4. Store the video archives in Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA).

✨ 关键词：5 min

3️⃣ ❌ -> 1️⃣ ✅

💡 解析：了解归档检索选项

• 加速 - 快速访问存储在 S3 Glacier Flexible Retrieval 存储类或 S3 Intelligent-Tiering 归档访问层中的数据。可以在偶尔需要紧急请求归档子集时使用此选项。对于除最大归档对象（250MB+）之外的所有其他归档对象，使用加速检索访问的数据通常在 1 到 5 分钟内可用。
• 标准 - 在数小时内访问您的任意归档对象。“标准”是未指定检索选项的检索请求的原定设置选项。对于存储在 S3 Glacier Flexible Retrieval 存储类或 S3 Intelligent-Tiering 归档访问层中的对象，标准检索通常在 3-5 小时内完成。对于存储在 S3 Glacier Deep Archive 存储类或 S3 Intelligent-Tiering 深度归档访问层中的对象，这些检索通常会在 12 小时内完成。对于存储在 S3 Intelligent-Tiering 中的对象，标准检索是免费的。

👨‍👨‍👦‍👦 社区讨论：By choosing Expedited retrievals in Amazon S3 Glacier, you can reduce the retrieval time to minutes, making it suitable for scenarios where quickaccess is required.Expedited retrievals come with a higher cost per retrieval compared to standard retrievals but provide faster access to your archived data.

四、SNS dead letter queue

An ecommerce company runs an application in the AWS Cloud that is integrated with an on-premises warehouse solution. The company uses Amazon Simple Notification Service (Amazon SNS) to send order messages to an on-premises HTTPS endpoint so the warehouse application can process the orders. The local data center team has detected that some of the order messages were not received.
A solutions architect needs to retain messages that are not delivered and analyze the messages for up to 14 days.
Which solution will meet these requirements with the LEAST development effort?

1. Configure an Amazon SNS dead letter queue that has an Amazon Kinesis Data Stream target with a retention period of 14 days.
2. Add an Amazon Simple Queue Service (Amazon SQS) queue with a retention period of 14 days between the application and Amazon SNS.
3. Configure an Amazon SNS dead letter queue that has an Amazon Simple Queue Service (Amazon SQS) target with a retention period of 14 days.
4. Configure an Amazon SNS dead letter queue that has an Amazon DynamoDB target with a TTL attribute set for a retention period of 14 days.

✨ 关键词：

2️⃣ ❌ -> 3️⃣ ✅

💡 解析：解决方案架构师需要保留未传递的消息，并分析消息长多 14 天。
Amazon SNS dead-letter queues

A dead-letter queue is an Amazon SQS queue that an Amazon SNS subscription can target for messages that can’t be delivered to subscribers successfully. Messages that can’t be delivered due to client errors or server errors are held in the dead-letter queue for further analysis or reprocessing. For more information, see Configuring an Amazon SNS dead-letter queue for a subscription and Amazon SNS message delivery retries.

死信队列是一个 Amazon SQS 队列，Amazon SNS 订阅可将其作为无法成功交付给订阅者的消息的目标。由于客户端错误或服务器错误而无法交付的消息会保留在死信队列中，以便进一步分析或重新处理。有关详细信息，请参阅为订阅配置 Amazon SNS 死信队列和 Amazon SNS 消息传递重试。

👨‍👨‍👦‍👦 社区讨论：A dead-letter queue isan Amazon SQS queue that an Amazon SNS subscription can target for messages that can’t be delivered to subscribers successfully.https://docs.aws.amazon.com/sns/latest/dg/sns-dead-letter-queues.html

五、SQS

A solutions architect is designing an asynchronous application to process credit card data validation requests for a bank. The application must be secure and be able to process each request at least once.
Which solution will meet these requirements MOST cost-effectively?

1. ✅ Use AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS Key Management Service (SSE-KMS) for encryption. Add the kms:Decrypt permission for the Lambda execution role.
2. Use AWS Lambda event source mapping. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use SQS managed encryption keys (SSE-SQS) for encryption. Add the encryption key invocation permission for the Lambda function.
3. ❌ Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use AWS KMS keys (SSE-KMS). Add the kms:Decrypt permission for the Lambda execution role.
4. Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS KMS keys (SSE-KMS) for encryption. Add the encryption key invocation permission for the Lambda function.

✨ 关键词：

3️⃣ ❌ -> 1️⃣ ✅

💡 解析：SQS 普通队列不会丢信，只会有可能一份信发多次。

👨‍👨‍👦‍👦 社区讨论：SQS FIFO is slightly more expensive than standard queue
https://calculator.aws/#/addService/SQS
I would still go with the standard because of the keyword “at least once” because FIFO process “exactly once”.That leaves us with A and D, I believe that lambda function only needs to decrypt so I would choose A

六、AI

A company wants to use artificial intelligence (AI) to determine the quality of its customer service calls. The company currently manages calls in four different languages, including English. The company will offer new languages in the future. The company does not have the resources to regularly maintain machine learning (ML) models.
The company needs to create written sentiment analysis reports from the customer service call recordings. The customer service call recording text must be translated into English.
Which combination of steps will meet these requirements? (Choose three.)

1. Use Amazon Comprehend to translate the audio recordings into English.
2. Use Amazon Lex to create the written sentiment analysis reports.
3. Use Amazon Polly to convert the audio recordings into text.
4. ✅ Use Amazon Transcribe to convert the audio recordings in any language into text.
5. ✅ Use Amazon Translate to translate text in any language to English.
6. ✅ Use Amazon Comprehend to create the sentiment analysis reports.

✨ 关键词：

4️⃣ 5️⃣ 6️⃣ ✅

💡 解析：看下 Lex 和 Polly 这两个 AI 服务是干什么的。
什么是 Amazon Lex？

Amazon Lex 是一款 AI 聊天构建器，采用与 Alexa 相同的技术，使用户能够使用自然语言语音或聊天与任何应用程序进行交互。使用 Amazon Lex 为任何应用程序构建和部署对话式 AI 界面。将 AI 聊天集成到现有的业务流程和用例中，可以为用户提供更多灵活性和支持，使他们能够以自然的方式完成工作。

什么是 Amazon Polly？

Amazon Polly 云服务可以将文本转化为逼真的语音。可以使用 Amazon Polly 开发能提高参与度和可用性的应用程序。Amazon Polly 支持多种语言，并包含各种逼真的语音。借助 Amazon Polly，您可以构建支持语音的应用程序，这些应用程序可在多个位置运行，并为客户使用理想的语音。此外，您只需为合成文本付费。您也可以免费缓存和重放 Amazon Polly 生成的语音。

👨‍👨‍👦‍👦 社区讨论：A: Comprehend cannot translate
B: Lex is like a chatbot so not useful
C: Polly converts text to audio (polly the parrot!) so this is wrong
D: Can convert audio to text
E: Can translate
F: Can do sentiment analysis reports

七、Direct Connect and Hosted connection

A company needs to minimize the cost of its 1 Gbps AWS Direct Connect connection. The company’s average connection utilization is less than 10%. A solutions architect must recommend a solution that will reduce the cost without compromising security.
Which solution will meet these requirements?

1. Set up a new 1 Gbps Direct Connect connection. Share the connection with another AWS account.
2. Set up a new 200 Mbps Direct Connect connection in the AWS Management Console.
3. Contact an AWS Direct Connect Partner to order a 1 Gbps connection. Share the connection with another AWS account.
4. ✅ Contact an AWS Direct Connect Partner to order a 200 Mbps hosted connection for an existing AWS account.

✨ 关键词：

4️⃣ ✅

💡 解析：托管连接在 50 Mbps ~ 200 Mbps，专用连接在 1 Gbps 以上：

👨‍👨‍👦‍👦 社区讨论：Hosted Connection 50 Mbps, 100 Mbps, 200 Mbps,
Dedicated Connection 1 Gbps, 10 Gbps,and 100 Gbps

八、File permissions

A company has multiple Windows file servers on premises. The company wants to migrate and consolidate its files into an Amazon FSx for Windows File Server file system. File permissions must be preserved to ensure that access rights do not change.
Which solutions will meet these requirements? (Choose two.)

1. ✅ Deploy AWS DataSyncagents on premises. Schedule DataSync tasks to transfer the data to the FSx for Windows File Server file system.
2. ❌ Copy the shares on each file server into Amazon S3 buckets by using the AWS CLI. Schedule AWS DataSync tasks to transfer the data to the FSx for Windows File Server file system.
3. Remove the drives from each file server. Ship the drives to AWS for import into Amazon S3. Schedule AWS DataSync tasks to transfer the data to the FSx for Windows File Server file system.
4. ✅ Order an AWS Snowcone device. Connect the device to the on-premises network. Launch AWS DataSyncagents on the device. Schedule DataSync tasks to transfer the data to the FSx for Windows File Server file system.
5. Order an AWS Snowball Edge Storage Optimized device. Connect the device to the on-premises network. Copy data to the device by using the AWS CLI. Ship the device back to AWS for import into Amazon S3. Schedule AWS DataSync tasks to transfer the data to the FSx for Windows File Server file system.

✨ 关键词：

1️⃣ 2️⃣ ❌ -> 1️⃣ 4️⃣ ✅

💡 解析：1️⃣ 是肯定正确的，而 4️⃣ 是完全独立的另一个可行方案，之前都是互补着选的 🤦‍

还是确认下 DataSync 对文件权限的保留吧：Understanding how DataSync handles file and object metadata
没怎么看懂，但是部分情况下是可以通过保留文件的元数据来保留权限的。

👨‍👨‍👦‍👦 社区讨论：A - This option involves deploying DataSync agents on your on-premises file serversand using DataSync to transfer the data directly to the FSx for Windows File Server. DataSync ensures that file permissionsare preserved during the migration process.
D - This option involves using an AWS Snowcone device,a portable data transfer device. You would connect the Snowcone device to your on-premises network, launch DataSync agents on the device, and schedule DataSync tasks to transfer the data to FSx for Windows File Server. DataSync handles the migration process while preserving file permissions.

B, C and E would copy the files to S3 first where permissions would be lost