刚考过了AWS的developer认证,顺手做了一下SysOps的样题。以下是题目和答案。


When working with Amazon RDS, by default AWS is responsible for implementing which two
management-related activities? (Pick 2 correct answers)
A. Importing data and optimizing queries
B. Installing and periodically patching the database software
C. Creating and maintaining automated database backups with a point-in-time recovery of up to five minutes
D. Creating and maintaining automated database backups in compliance with regulatory long-term retention
requirements

答案:B C

参考文档:http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.html


You maintain an application on AWS to provide development and test platforms for your developers.
Currently both environments consist of an m1.small EC2 instance. Your developers notice performance
degradation as they increase network load in the test environment.
How would you mitigate these performance issues in the test environment?
A. Upgrade the m1.small to a larger instance type
B. Add an additional ENI to the test instance
C. Use the EBS optimized option to offload EBS traffic
D. Configure Amazon Cloudwatch to provision more network bandwidth when network utilization
exceeds 80%

答案:A

解析:添加ENI并不会增加带宽;m1.small机器类型没有EBS optimized option;network utilisation与机器类型相关,无法对m1.small provision更多的带宽


Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:
A. may be performed by the customer against their own instances, only if performed from EC2
instances.
B. may be performed by AWS, and is periodically performed by AWS.
C. may be performed by AWS, and will be performed by AWS upon customer request.
D. are expressly prohibited under all circumstances.
E. may be performed by the customer against their own instances with prior authorization from AWS.

答案:E

参考文档:https://aws.amazon.com/security/penetration-testing/


You have been tasked with identifying an appropriate storage solution for a NoSQL database that
requires random I/O reads of greater than 100,000 4kB IOPS.
Which EC2 option will meet this requirement?
A. EBS provisioned IOPS
B. SSD instance store
C. EBS optimized instances
D. High Storage instance configured in RAID 10

答案:B

解析:这道题只有SSD instance store能提供10万的IOPS


Instance A and instance B are running in two different subnets A and B of a VPC. Instance A is not able to
ping instance B.
What are two possible reasons for this? (Pick 2 correct answers)
A. The routing table of subnet A has no target route to subnet B
B. The security group attached to instance B does not allow inbound ICMP traffic
C. The policy linked to the IAM role on instance A is not configured correctly
D. The NACL on subnet B does not allow outbound ICMP traffic

答案:B D

解析:同一个VPC下的所有subnet默认可以相互连接,所以A不对;ping连接不需要什么AWS权限,所以C也不对。而控制机器访问有两层,一层是给subnet指定的ACL,另一层是给机器指定的SG。


Your web site is hosted on 10 EC2 instances in 5 regions around the globe with 2 instances per region.
How could you configure your site to maintain site availability with minimum downtime if one of the 5
regions was to lose network connectivity for an extended period of time?
A. Create an Elastic Load Balancer to place in front of the EC2 instances. Set an appropriate health
check on each ELB.
B. Establish VPN Connections between the instances in each region. Rely on BGP to failover in the
case of a region wide connectivity outage
C. Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in
each region. Set an appropriate health check on each ELB.
D. Create a Route 53 Latency Based Routing Record Set that resolves to Elastic Load Balancers in
each region and has the Evaluate Target Health flag set to true.

答案:D

参考文档:http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html

解析:只有开启了Evaluate Target Health flag,Route53才会根据健康情况进行路由


You run a stateless web application with the following components: Elastic Load Balancer (ELB), 3
Web/Application servers on EC2, and 1 MySQL RDS database with 5000 Provisioned IOPS. Average
response time for users is increasing. Looking at CloudWatch, you observe 95% CPU usage on the
Web/Application servers and 20% CPU usage on the database. The average number of database disk
operations varies between 2000 and 2500.
Which two options could improve response times? (Pick 2 correct answers)
A. Choose a different EC2 instance type for the Web/Application servers with a more appropriate
CPU/memory ratio
B. Use Auto Scaling to add additional Web/Application servers based on a CPU load threshold
C. Increase the number of open TCP connections allowed per web/application EC2 instance
D. Use Auto Scaling to add additional Web/Application servers based on a memory usage threshold

答案:A B

解析:这里是application机器CPU过载,解决方式是要不加强application机器性能,要不增加更多的application机器,C没有用,D是基于内存门槛,所以都不对


Which features can be used to restrict access to data in S3? (Pick 2 correct answers)
A. Create a CloudFront distribution for the bucket.
B. Set an S3 bucket policy.
C. Use S3 Virtual Hosting.
D. Set an S3 ACL on the bucket or the object.
E. Enable IAM Identity Federation.

答案:B D

参考文档:http://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html


You need to establish a backup and archiving strategy for your company using AWS. Documents should
be immediately accessible for 3 months and available for 5 years for compliance reasons.
Which AWS service fulfills these requirements in the most cost effective way?
A. Use StorageGateway to store data to S3 and use life-cycle policies to move the data into Redshift for
long-time archiving
B. Use DirectConnect to upload data to S3 and use IAM policies to move the data into Glacier for longtime
archiving
C. Upload the data on EBS, use life-cycle policies to move EBS snapshots into S3 and later into Glacier
for long-time archiving
D. Upload data to S3 and use life-cycle policies to move the data into Glacier for long-time archiving

答案:D

参考文档:http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

解析:S3可以存放经常使用的文档,然后存档文件可以使用life-cycle policies放置到Glacier上


Given the following IAM policy:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*", "s3:List*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::corporate_bucket/*"
}
]
}

What does the IAM policy allow? (Pick 3 correct answers)
A. The user is allowed to read objects from all S3 buckets owned by the account
B. The user is allowed to write objects into the bucket named ‘corporate_bucket’
C. The user is allowed to change access rights for the bucket named ‘corporate_bucket’
D. The user is allowed to read objects in the bucket named ‘corporate_bucket’ but not allowed to list the objects
in the bucket
E. The user is allowed to read objects from the bucket named ‘corporate_bucket’

答案:A B E

解析:AWS的权限认证遵循最小化原则。即:默认情况都是deny的;显式allow会覆盖默认deny;显式deny会覆盖显式allow。

AWS的SysOps认证考试样题解析的更多相关文章

  1. AWS开发人员认证考试样题解析

    最近在准备AWS的开发人员考试认证.所以特意做了一下考试样题.每道题尽量给出了文档出处以及解析. Which of the following statements about SQS is true ...

  2. 1+X Web前端开发(中级)理论考试样题(附答案)

    传送门 教育部:职业教育将启动"1+X"证书制度改革 职业教育改革1+X证书制度试点启动 1+X成绩/证书查询入口 一.单选题(每小题2分,共30小题,共 60 分) 1.在Boo ...

  3. JS-常考算法题解析

    常考算法题解析 这一章节依托于上一章节的内容,毕竟了解了数据结构我们才能写出更好的算法. 对于大部分公司的面试来说,排序的内容已经足以应付了,由此为了更好的符合大众需求,排序的内容是最多的.当然如果你 ...

  4. 《Web前端开发》等级考试样题~以国家“1+X”职业技能证书为标准,厚溥推出Web前端开发人才培养方案

    1+x证书Web前端开发初级理论考试样题2019 http://blog.zh66.club/index.php/archives/149/ 1+x证书Web前端开发初级实操考试样题2019 http ...

  5. 1+x证书《Web前端开发》等级考试样题

    Web前端开发初级理论考试样题2019 http://blog.zh66.club/index.php/archives/149/ Web前端开发初级实操考试样题2019 http://blog.zh ...

  6. 1+X Web前端开发(初级)理论考试样题(附答案)

    传送门 教育部:职业教育将启动"1+X"证书制度改革 职业教育改革1+X证书制度试点启动 1+X成绩/证书查询入口 一.单选题(每题 2 分,共 60 分) 1.在 HTML 中, ...

  7. AWS助理架构师样题解析

    AWS 认证是对其在 AWS 平台上设计.部署和管理应用程序所需的技能和技术知识的一种认可.获得证书有助于证明您使用 AWS 的丰富经验和可信度,同时还能提升您所在的组织熟练使用基于 AWS 云服务应 ...

  8. AWS助理架构师认证考经

    上周考了亚马逊的解决方案架构师-助理级别的认证考试并顺利通过.这也算是对自己AWS服务熟悉程度的一种检验.在准备考试的过程中,把自己学习到的AWS知识都梳理了一遍,也算是收获颇丰.这次特意分享了该认证 ...

  9. 《PHP程序员面试笔试真题解析》——新书上线

    你好,是我--琉忆.很高兴可以跟你分享我的新书. 很高兴,在出版了PHP程序员面试笔试宝典后迎来了我的第二本书出版--<PHP程序员面试笔试真题解析>. 如果你是一个热爱PHP的程序员,刚 ...

随机推荐

  1. 对抗密码破解 —— Web 前端慢 Hash

    (更新:https://www.cnblogs.com/index-html/p/frontend_kdf.html ) 0x00 前言 天下武功,唯快不破.但在密码学中则不同.算法越快,越容易破. ...

  2. RabbitMq应用一的补充(RabbitMQ的应用场景)

    直接进入正题. 一.异步处理 场景:发送手机验证码,邮件 传统古老处理方式如下图 这个流程,全部在主线程完成,注册->入库->发送邮件->发送短信,由于都在主线程,所以要等待每一步完 ...

  3. 微信网页开发之获取用户unionID的两种方法--基于微信的多点登录用户识别

    假设网站A有以下功能需求:1,pc端微信扫码登录:2,微信浏览器中的静默登录功能需求,这两种需求就需要用到用户的unionID,这样才能在多个登录点(终端)识别用户.那么这两种需求下用户的unionI ...

  4. 如何在Elasticsearch中安装中文分词器(IK+pinyin)

    如果直接使用Elasticsearch的朋友在处理中文内容的搜索时,肯定会遇到很尴尬的问题--中文词语被分成了一个一个的汉字,当用Kibana作图的时候,按照term来分组,结果一个汉字被分成了一组. ...

  5. Spring获取ApplicationContext

    在Spring+Struts+Hibernate中,有时需要使用到Spring上下文.项目启动时,会自动根据applicationContext配置文件初始化上下文,可以使用ApplicationCo ...

  6. springmvc+mybatis+spring 整合 bootstrap html5

    A 调用摄像头拍照,自定义裁剪编辑头像 [新录针对本系统的视频教程,手把手教开发一个模块,快速掌握本系统]B 集成代码生成器 [正反双向](单表.主表.明细表.树形表,开发利器)+快速构建表单;  技 ...

  7. 图解CSS3制作圆环形进度条的实例教程

    圆环形进度条制作的基本思想还是画出基本的弧线图形,然后CSS3中我们可以控制其旋转来串联基本图形,制造出部分消失的效果,下面就来带大家学习图解CSS3制作圆环形进度条的实例教程 首先,当有人说你能不能 ...

  8. Node.js入门

    开始之前,安利一本正在看的书<站在两个世界的边缘>,作者程浩,上帝丢给他太多理想,却忘了给他完成理想的时间.OK,有兴趣的可以看一看. node.js如标题一样,我也是刚开始接触,大家一起 ...

  9. Maven仓库搭建和配置

    maven在本地搭建仓库的实际需求maven在项目构建过程需要下载一些必要的软件包,这些默认的下载链接都是访问maven的远程中央仓库Central Repo.如果项目中的成员,每次第一次构建的时候都 ...

  10. Xamarin. Android实现下拉刷新功能

    PS:发现文章被其他网站或者博客抓取后发表为原创了,给图片加了个水印 下拉刷新功能在安卓和iOS中非常常见,一般实现这样的功能都是直接使用第三方的库,网上能找到很多这样的开源库.然而在Xamarin. ...