AWS Certified Solutions Architect Study Guide. David Higby Clinton
Читать онлайн книгу.
to provide implementation guidance
Ability to identify which AWS services meet a given technical requirement
An understanding of the five pillars of the Well‐Architected Framework
An understanding of the AWS global infrastructure, including the network technologies used to connect them
An understanding of AWS security services and how they integrate with traditional on‐premises security infrastructure
The exam covers five different domains, with each domain broken down into objectives.
Objective Map
The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain's objectives are covered.
| Domain | Percentage of Exam | Chapters |
|---|---|---|
| Domain 1: Design Resilient Architectures | 30% | |
| 1.1 Design a multi‐tier architecture solution | 2, 3, 5, 8, 9, 10, 11 | |
| 1.2 Design highly available and/or fault‐tolerant architectures | 2, 3, 5, 7, 8, 9, 10, 11, 14 | |
| 1.3 Design decoupling mechanisms using AWS services | 4, 5, 9, 10, 11, 14 | |
| 1.4 Choose appropriate resilient storage | 2, 3, 5, 9, 10, 11 | |
| Domain 2: Design High‐Performing Architectures | 28% | |
| 2.1 Identify elastic and scalable compute solutions for a workload | 2, 3, 5, 7, 8, 9, 11 | |
| 2.2 Select high‐performing and scalable storage solutions for a workload | 2, 3, 9, 11 | |
| 2.3 Select high‐performing networking solutions for a workload | 5, 8, 9, 11 | |
| 2.4 Choose high‐performing database solutions for a workload | 5, 11 | |
| Domain 3: Design Secure Applications and Architectures | 24% | |
| 3.1 Design secure access to AWS resources | 2, 3, 4, 6, 7, 12 | |
| 3.2 Design secure application tiers | 3, 6, 12 | |
| 3.3 Select appropriate data security options | 3, 4, 6, 7, 12 | |
| Domain 4: Design Cost‐Optimized Architectures | 18% | |
| 4.1 Identify cost‐effective storage solutions | 2, 3, 13 | |
| 4.2 Identify cost‐effective compute and database services | 2, 13 | |
| 4.3 Design cost‐optimized network architectures | 8, 13 |
Assessment Test
1 True/false: The Developer Support plan provides access to a support application programming interface (API).TrueFalse
2 True/false: AWS is responsible for managing the network configuration of your EC2 instances.TrueFalse
3 Which of the following services is most useful for decoupling the components of a monolithic application?SNSKMSSQSGlacier
4 An application you want to run on EC2 requires you to license it based on the number of physical CPU sockets and cores on the hardware you plan to run the application on. Which of the following tenancy models should you specify?Dedicated hostDedicated instanceShared tenancyBring your own license
5 True/false: Changing the instance type of an EC2 instance will change its elastic IP address.TrueFalse
6 True/false: You can use a Quick Start Amazon Machine Image (AMI) to create any instance type.TrueFalse
7 Which S3 encryption option does not require AWS persistently storing the encryption keys it uses to decrypt data?Client‐side encryptionSSE‐KMSSSE‐S3SSE‐C
8 True/false: Durability measures the percentage of likelihood that a given object will not be inadvertently lost by AWS over the course of a year.TrueFalse
9 True/false: After uploading a new object to S3, there will be a slight delay (one to two seconds) before the object is available.TrueFalse
10 You created a Virtual Private Cloud (VPC) using the Classless Inter‐Domain Routing (CIDR) block 10.0.0.0/24. You need to connect to this VPC from your internal network, but the IP addresses in use on your internal network overlap with the CIDR. Which of the following is a valid way to address this problem?Remove the CIDR and use IPv6 instead.Change the VPC's CIDR.Create a new VPC with a different CIDR.Create a secondary CIDR for the VPC.
11 True/false: An EC2 instance must be in a public subnet to access the Internet.TrueFalse
12 True/false: The route table for a public subnet must have a default route pointing to an Internet gateway as a target.TrueFalse
13 Which of the following use cases is well suited for DynamoDB?Running a MongoDB database on AWSStoring large binary files exceeding 1 GB in sizeStoring JSON documents that have a consistent structureStoring image assets for a website
14 True/false: You can create a DynamoDB global secondary index for an existing table at any time.TrueFalse
15 True/false: Enabling point‐in‐time RDS snapshots is sufficient to give you a recovery point objective (RPO) of less than 10 minutes.TrueFalse
16 Which of the following steps does the most to protect your AWS account?Deleting unused Identity and Access Management (IAM) policiesRevoking unnecessary access for IAM usersRotating root access keysRestricting access to S3 bucketsRotating Secure Shell (SSH) key pairs
17 Which of the following can be used to encrypt the operating system of an EC2 instance?AWS Secrets ManagerCloudHSMAWS Key Management Service (KMS)AWS Security Token Service (STS)
18 What is a difference between a token generated by the AWS Security Token Service (STS) and an IAM access key?The token generated by STS can't be used by an IAM principal.An IAM access key is unique.The token generated by STS can be used only once.The token generated by STS expires.
19 True/false: EC2 sends instance memory utilization metrics to CloudWatch every five minutes.TrueFalse
20 You configured a CloudWatch alarm to monitor CPU utilization for an EC2 instance. The alarm began in the INSUFFICIENT_DATA state and