AWS 架構師證照考古題大全 20240922
Amazon Web Service(AWS 亞馬遜)全系列考古題,2024年最新題庫,持續更新,全網最完整。AWS 證照含金量高,自我進修、跨足雲端產業必備近期版本更新,隨時追蹤最新趨勢變化。
QUESTION 21
A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed
What should the solutions architect recommend?
A. Launch an Amazon EC2 instance in us-east-1 and migrate the site to it
B. Move the website to Amazon S3 Use cross-Region replication between Regions.
C. Use Amazon CloudFront with a custom origin pointing to the on-premises servers
D. Use an Amazon Route 53 geoproximity routing policy pointing to on-premises servers
Correct Answer: C
Section: (none)
QUESTION 22
A company has recently updated its internal security standards. The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted with keys created and periodically rotated by internal security specialists.
The company is looking for a native, software-based AWS service to accomplish this goal. What should a solutions architect recommend as a solution?
A. Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it in AWS Secrets Manager.
B. Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routing to re-create a new key periodically and replace it in AWS KMS.
C. Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine a re-create a new key periodically and replace it in the CloudHSM cluster nodes.
D. Use AWS Systems Manager Parameter Store with customer master keys (CMKs) keys to store master key material and apply a routine to re-create a new periodically and replace it in the Parameter Store.
Correct Answer: B
Section: (none)
探索雲端無限可能!了解更多關於小豬科技的全方位解決方案。點擊這裡
QUESTION 23
A solution architect must design a solution that uses Amazon CloudFront with an Amazon S3 to store a static website.
The company security policy requires that all websites traffic be inspected by AWS WAF.How should the solution architect company with these requirements?
A. Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only
B. Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin,
C. Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only Associate AWS WAF to CloudFront.
D. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
Correct Answer: D
Section: (none)
QUESTION 24
A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application.
The media files must be resilient to the loss of an Availability Zone Some files are accessed frequently while other files are rarelyaccessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.
Which storage option meets these requirements?
A. S3 Standard
B. S3 Intelligent-Tiering
C. S3 Standard-Infrequent Access (S3 Standard-IA)
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
Correct Answer: B
Section: (none)
QUESTION 25
An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate readtraffic from write traffic. A solutions architect needs to optimize the application's performance quickly.
What should the solutions architect recommend?
A. Change the existing database to a Multi-AZ deployment. Serve the readrequests from the primary Availability Zone.
B. Change the existing database to a Multi-AZ deployment. Serve the read requestsfrom the secondary Availability Zone.
C. Create read replicas for the database.
Configure the read replicas with half of the compute and storage resources as the source database.
D. Create read replicas for the database.
Configure the read replicas with the same compute and storage resources as the source database.
Correct Answer: D
Section: (none)
QUESTION 26
A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances. Amazon RDS DB instances andAmazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check. What should a solutions architect do to accomplish this''
A. Use AWS Config rules to define and detect resources that are not property tagged
B. Use Cost Explorer to display resources that are not properly tagged Tag those resources manually.
C. Write API calls to check all resources for proper tag allocation. Periodically run the code on an EC2 instance.
D. Write API calls to check all resources for proper tag allocation.
Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code
Correct Answer: A
Section: (none)
QUESTION 27
A company stores call recordings on a monthly basis Statistically, the recorded data may be referenced randomly within a year but accessed rarely after 1 year. Files that are newer than 1 year old must be queried and retrieved as quickly as possible. A delay in retrieving older files is acceptable A solutions architect needs to store the recorded data at a minimal cost.
Which solution is MOST cost-effective?
A. Store individual files in Amazon S3 Glacier and store search metadata in object tags created in S3 Glacier.
Query S3 Glacier tags and retrieve the files from S3 Glacier
B. Store individual files in Amazon S3 Use lifecycle policies to move the files to Amazon S3 Glacier after 1 year.
Query and retrieve the files from Amazon S3 or S3 Glacier.
C. Archive individual files and store search metadata for each archive in Amazon S3. Use lifecycle policies to move the files to Amazon S3 Glacier after 1 year.
Query and retrieve the files by searching for metadata from Amazon S3
D. Archive individual files in Amazon S3.
Use lifecycle policies to move the files to Amazon S3 Glacier after 1 year.
Store search metadata in Amazon DynamoDB Query the files from DynamoDB and retrieve them from Amazon S3 or S3 Glacier
Correct Answer: B
Section: (none)
QUESTION 28
A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it.
The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost-effective solution that meets the requirements of the job.
What should the solutions architect recommend?
A. Implement EC2 Spot Instances
B. Purchase EC2 Reserved Instances
C. Implement EC2 On-Demand Instances
D. Implement the processing on AWS Lambda
Correct Answer: A
Section: (none)
QUESTION 29
A company runs a production application on a fleet of Amazon EC2 instances. The application reads the data from an Amazon SQS queue and processes the messages in parallel. The message volume is unpredictable and often has intermittent traffic. This application should continually process messages without any downtime Which solution meets these requirements MOST cost-effectively?
A. Use Spot Instances exclusively to handle the maximum capacity required
B. Use Reserved Instances exclusively to handle the maximum capacity required
C. Use Reserved Instances for the baseline capacity and use Spot InstaKes to handle additional capacity
D. Use Reserved instances for the baseline capacity and use On-Demand Instances to handle additional capacity
Correct Answer: C
Section: (none)
QUESTION 30
A company provides an API to its users that automates inquiries for tax complutations based on item prices. The companyexperiences a larger number of inquires during the holiday season only that cause slower response times. A solution architectneeds to design a solution that is scalable and elastic. What should the solutions architect do to accomplish this?
A. Provide an API hosted on an Amazon EC2 instance.
The EC2 instance performs the required computations when the API request is made.
B. Design a REST API using Amazon API Gateway that accepts the item names, API Gateway passes item names to AWS Lambada for tax computations.
C. Create ans Application Load Balancer that has two Amazon EC2 instances behind it. The EC2 instances will compute the tax on the recieved item names.
D. Design a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instance, APIGateway accepts and passes the item names to the EC2 instance for tax computations.
Correct Answer: B
Section: (none)
需要個性化雲端解決方案?聯絡小豬科技專員,我們為您提供最佳建議!立即聯絡
QUESTION 31
A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IP 4 CIDR blocks. There isone public subnet and one private subnet in each of three Availability Zone (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2instances to download software updates. What should the solutions architect do to enable Intrnet access for the private subnets?
A. Create three NAT gateways, one for each public subnet in each AZ.
Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.
B. Create three NAT gateways, one for each private subnet in each AZ.
Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.
C. Create second internet gateway on one of the private subnets.
Update the rout table for the private subnets that forward non-VPC traffic to the private internt gateway.
D. Create an egress-only internet gateway on one of the public subnets.
Update the route table for the private subnets that forward non-VPC traffic to the egress-only internet gateway.
Correct Answer: A
Section: (none)
QUESTION 32
A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company'ssolutions architect must recommend a solution to detect and protect against large-scale DDoS attacks.
Which solution meets these requirements?
A. Enable Amazon Guard Duty on th account
B. Enable Amazon Inspector on the EC2 instances
C. Enable AWS Shield and assign Amazon Route 53 to it.
D. Enable AWS Shield Advancd and assign the ELB to it.
Correct Answer: D
Section: (none)
QUESTION 33
A company has a dynamic web application hostes on two Amazon EC2 instances. The company has its own SSL certificate,which is on each instance to perform SSL termination. There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit. What should a solutions architect do to increase the application's performance?
A. Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance.
B. Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination.
C. Create another EC2 instance as a proxy server.
Migrate the SSL certificate to the new instance and configure it to direct connctions to the existing EC2 instances.
D. Import the SSL certificate into AWS Crtificate Manager (ACM).
Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
Correct Answer: D
Section: (none)
QUESTION 34
A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains over 10 million rows. The database has 2 TB of General Purpose SSD (gp2) storage. There are millions of updates against this data every day through the company's website. The company has noticed some operations are taking 10 seconds or longer, and has determined that the database storage performance is bottleneck.
Which solution addresses the performance issues?
A. Change the storage type to Provissioned IOPS SSD (io1).
B. Change the instance to a memory-optimized instance class.
C. Change the instance to a burstable performance DB instance class.
D. Enable Multi-AZ RDS read replicas with MySQL natice asynchronous replication.
Correct Answer: A
Section: (none)
QUESTION 35
A company has na application that generates a large number of files, each approximately 5 MB in size. The files are stored inAmazon S3. Company policy requires teh files to be stored for 4 years before they can be deleted. Immediate accessibility isalways required as teh files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.
Which storage solution is MOST cost effective?
A. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Glacier 30 days from object creation.
Delete the files 4 years after the object creation.
B. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 30 days from object creation.
Delete the files 4 years after the object creation.
C. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation.
Delete the files 4 years after the object creation.
D. Create an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation.
Move the file to S3 Glacier 4 years after object creation.
Correct Answer: C
Section: (none)
想要快速啟動雲端服務?現在就註冊小豬科技,輕鬆開通您的雲端伺服器!立即註冊
QUESTION 36
A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Key must be rotated every year.
Which solution meets these requirements and is the MOST operationally effecient?
A. Server-side encryption with customer-provided keys (SSE-C)
B. Server-side encryption with Amazon S3 managed keys (SSE-S3)
C. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation.
D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automatic rotation.
Correct Answer: D
Section: (none)
QUESTION 37
A company wants to migrate its MySQL database from on-premises to AWS. The company recently experienced a databaseoutage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.
Which solution meets these requirements?
A. Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.
B. Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.
C. Create an Amazon RDS MySQL DB instance with Multi-AZ and the create a read replica in a separate AWS Region that synchronously replicates the data.
D. Create and Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda fucntion to synchronously replicate the data to an Amazon RDS MySQL DB instance.
Correct Answer: B
Section: (none)
QUESTION 38
A company has an automobile sales website that stores its listings in an database on Amazon RDS When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.
Which design should a solutions architect recommend?
A. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume.
B. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume.
C. Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics. Use AWS Lambda functions to update the targets.
D. Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets.
Correct Answer: D
Section: (none)
QUESTION 39
A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?
A. Use multi-factor authentication (MFA) to protect the encryption keys
B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
C. Use AWS Certificate Manager (ACM) to create, store and assign the encryption keys
D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys
Correct Answer: B
Section: (none)
QUESTION 40
A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application'sinfrastructure. Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)
A. Migrate the PostgreSQL database to Amazon Aurora
B. Migrate the web application to be hosted on Amazon EC2 instances.
C. Set up an Amazon CloudFront distribution for the web application content.
D. Set up Amazon ElastiCache between the web application and the PostgreSQL database
E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS)
Correct Answer: AE
Section: (none)
需要更多資訊?小豬科技專員隨時為您服務,聯絡我們,為您的業務提供最佳的雲端解決方案!點擊聯絡