AWS Certified Solutions Architect Study Guide. David Higby Clinton
Читать онлайн книгу.
instance recently rebooted.CPU utilization is too high.The CPU utilization metric crossed the alarm threshold.The instance is stopped.
21 Where do AWS Config and CloudTrail store their logs?S3 bucketsCloudWatch LogsCloudTrail EventsDynamoDBAmazon Athena
22 True/false: An EC2 instance in a private subnet can resolve an “A” resource record for a public hosted zone hosted in Route 53.TrueFalse
23 You want to use Route 53 to send users to the application load balancer closest to them. Which of the following routing policies lets you do this with the least effort?Latency routingGeolocation routingGeoproximity routingEdge routing
24 True/false: You can use an existing domain name with Route 53 without switching its registration to AWS.TrueFalse
25 You're designing an application that takes multiple image files and combines them into a video file that users on the Internet can download. Which of the following can help you quickly implement your application in the fastest, most highly available, and most cost‐effective manner?EC2 spot fleetLambdaRelational Database Service (RDS)Auto Scaling
26 You're using EC2 Auto Scaling and want to implement a scaling policy that adds one extra instance only when the average CPU utilization of each instance exceeds 90 percent. However, you don't want it to add more than one instance every five minutes. Which of the following scaling policies should you use?SimpleStepTarget trackingPercentChangeInCapacity
27 True/false: EC2 Auto Scaling automatically replaces group instances directly terminated by the root user.TrueFalse
28 Which ElastiCache engine can persistently store data?MySQLMemcached MongoDBRedis
29 Which of the following is not an AWS service?CloudFormationPuppetOpsWorksSnowball
30 True/false: S3 cross‐region replication uses transfer acceleration.TrueFalse
31 Which of the following services can you deactivate on your account?Security Token Service (STS)CloudWatchVirtual Private Cloud (VPC)Lambda
32 Which of the following services can alert you to malware on an EC2 instance?AWS GuardDutyAWS InspectorAWS ShieldAWS Web Application Firewall
33 True/false: If versioning is enabled on an S3 bucket, applying encryption to an unencrypted object in that bucket will create a new, encrypted version of that object.TrueFalse
34 Which instance type will, if left running, continue to incur costs?SpotStandard reservedOn‐demandConvertible reserved
35 True/false: The EBS Lifecycle Manager can take snapshots of volumes that were once attached to terminated instances.TrueFalse
36 Which of the following lets you spin up new web servers the quickest?LambdaAuto ScalingElastic Container ServiceCloudFront
37 True/false: CloudFormation stack names are case‐sensitive.TrueFalse
38 Where might CodeDeploy look for the appspec.yml file? (Choose two.)GitHubCodeCommitS3CloudFormation
39 True/false: You can use either CodeDeploy or an AWS Systems Manager command document to deploy a Lambda application.TrueFalse
Answers to Assessment Test
1 B. The Business plan offers access to a support API, but the Developer plan does not. See Chapter 1 for more information.
2 B. Customers are responsible for managing the network configuration of EC2 instances. AWS is responsible for the physical network infrastructure. See Chapter 1 for more information.
3 C. Simple Queue Service (SQS) allows for event‐driven messaging within distributed systems that can decouple while coordinating the discrete steps of a larger process. See Chapter 1 for more information.
4 A.The dedicated host option lets you see the number of physical CPU sockets and cores on a host. See Chapter 2 for more information.
5 B. An elastic IP address will not change. A public IP address attached to an instance will change if the instance is stopped, as would happen when changing the instance type. See Chapter 2 for more information.
6 A.A Quick Start AMI is independent of the instance type. See Chapter 2 for more information.
7 D.With SSE‐C you provide your own keys for Amazon to use to decrypt and encrypt your data. AWS doesn't persistently store the keys. See Chapter 3 for more information.
8 A. Durability corresponds to an average annual expected loss of objects stored on S3, not including objects you delete. Availability measures the amount of time S3 will be available to let you retrieve those objects. See Chapter 3 for more information.
9 B. S3 uses a read‐after‐write consistency model for new objects, so once you upload an object to S3, it's immediately available. See Chapter 3 for more information.
10 C. You can't change the primary CIDR for a VPC, so you must create a new one to connect it to your internal network. See Chapter 4 for more information.
11 B. An EC2 instance can access the Internet from a private subnet provided it uses a NAT gateway or NAT instance. See Chapter 4 for more information.
12 A. The definition of a public subnet is a subnet that has a default route pointing to an Internet gateway as a target. Otherwise, it's a private subnet. See Chapter 4 for more information.
13 C. DynamoDB is a key‐value store that can be used to store items up to 400 KB in size. See Chapter 5 for more information.
14 A.You can create a global secondary index for an existing table at any time. You can create a local secondary index only when you create the table. See Chapter 5 for more information.
15 A. Enabling point‐in‐time recovery gives you an RPO of about five minutes. The recovery time objective (RTO) depends on the amount of data to restore. See Chapter 5 for more information.
16 B. Revoking unnecessary access for IAM users is the most effective of the listed measures for protecting your AWS account. See Chapter 6 for more information.
17 C. KMS can be used to encrypt Elastic Block Store (EBS) volumes that store an instance's operating system. See Chapter 6 for more information.
18 D. STS tokens expire and IAM access keys do not. An STS token can be used more than once. IAM access keys and STS tokens are both unique. An IAM principal can use an STS token. See Chapter 6 for more information.
19 B. EC2 doesn't track instance memory utilization. See Chapter 7 for more information.
20 C. The transition to the ALARM state simply implies that the metric crossed a threshold but doesn't tell you what the threshold is. Newly created alarms start out in the INSUFFICIENT_DATA state. See Chapter