每天半小时搞定 AoAWS (一)

Architecting on AWS 学习笔记系列文章导航页面


  1. A Solutions Architect is designing a service that must have four Amazon EC2 instances running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of those hours.
    What is the MOST cost-effective way to provide enough compute?
    A. Use one Amazon EC2 Reserved Instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.
    B. Use one Amazon EC2 On-Demand instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.
    C. Use one Amazon EC2 On-Demand instance and use an Auto Scaling Group scheduled action to add three EC2 Spot instances at 7:30 AM and remove three instances at 6:10 PM.
    D. Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM.

  1. A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re-created from the originals if they are accidentally deleted.
    How should the thumbnail images be stored to ensure the LOWEST cost?
    A. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication
    B. Amazon S3
    C. Amazon Glacier
    D. Amazon S3 with cross-region replication

  1. A company is storing application data in Amazon S3 bucket across multiple AWS Regions. Company policy requires that encryption keys be generated at the company headquarters, but the encryption keys may be stored in AWS after generation. The Solutions Architect plans to configure cross-region replication.
    Which solution will encrypt the data while requiring the LEAST amount of operational overhead?
    A. Configure the application to write to an S3 bucket using client-side encryption.
    B. Configure S3 buckets to encrypt using AES-256.
    C. Configure S3 object encryption using AWS CLI with Server_Side Encryption with AWS KMS_managed keys (SSE-KMS)
    D. Configure S3 bucket to use Server-Side encryption with AWS KMS-Management Keys (SSE-KMS) with imported key met— in both region.

  1. A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shares content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.
    Which of the following would be the LEAST complicated implementation?
    A. Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove that is older than 14 days
    B. Use an S3 bucket and provide direct access to the file. Design the application to trace purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days bases on a query to Amazon DynamoDB
    C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL
    D. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL, and recreate the URL as necessary

  1. A Solutions Architect plans to migrate a load balancer tier from a data center to AWS. Several websites have multiple domains that require secure balancing.. The Architect decides to use Elastic Load Balancing Application Load Balancers.
    What is the MOST efficient method for achieving secure communication?
    A. Create a wildcard certificate and upload it to the Application Load Balancer.
    B. Create an SNI certificate and upload it to the Application Load Balancer.
    C. Create a secondary proxy server to terminate SSL traffic before the traffic reaches the Application Load Balancer.
    D. Let a third-party Certificate Manager manage certificates required to all domains and upload them to the Application Load Balancer.

  1. A Solution Architect is developing as AWS Lambda-based service for a social networking game to retrieve information on tourist landmarks stored in an Amazon DynamoDB table. The solutions Architect wants to minimize costs as the service scales to many millions of users through a mobile app.
    How can the Solution Architect optimize performance while minimizing costs? (Select TWO)
    A. Use DynamoDB Accelerator (DAX), and configure Auto Scaling of read throughput on the DynamoDB table
    B. Configure AppSync to cache responses on the mobile client, and the configure Auto Scaling of reads on the DynamoDB table
    C. Configure Amazon CloudFront, specify an appropriate TTL for response caching, and configure the DynamoDB table as the origin
    D. Authorize mobile clients to communicate directly with DynamoDB through AWS STS token, and configure DynamoDB for global replication and Auto Scaling
    E. Expose the Lambda function through the Amazon API Gateway, configure the endpoint with caching, and configure Auto Scaling of read throughput on the DynamoDB table

你可能感兴趣的:(云存储,系统架构)