AWS 认证是对其在 AWS 平台上设计、部署和管理应用程序所需的技能和技术知识的一种认可。获得证书有助于证明您使用 AWS 的丰富经验和可信度,同时还能提升您所在的组织熟练使用基于 AWS 云服务应用的整体水平。

目前亚马逊推出了Solutions Architect,Developer和SysOps Administrator三个方向的认证。每个方向又分为Associate Level(助理级),Professional Level(专家级)和Master Level(大师级)。当然目前只有Solutions Architect开放了Professional Level,其他层级会逐步开放中。

最近在打算备考AWS的Solutions Architect的Associate Level。关于这个考试AWS出了一个考试样题。下载链接:http://awstrainingandcertification.s3.amazonaws.com/production/AWS_certified_solutions_architect_associate_blueprint.pdf

我把样题都做了一遍,并且都尽力找到了答案在AWS文档中的出处。以下是样题和解答。

Amazon Glacier is designed for: (Choose 2 answers)

A.active database storage.

B.infrequently accessed data.

C.data archives.

D.frequently accessed data.

E.cached session data.

答案:B和C

出处文档:http://aws.amazon.com/glacier/?nc2=h_ls

Amazon Glacier is an extremely low-cost cloud archive storage service that provides secure and durable storage for data archiving and online backup. In order to keep costs low, Amazon Glacier is optimized for data that is infrequently accessed and for which retrieval times of several hours are suitable.

Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You
configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health
checks, which statement will be true?

A.The instance is replaced automatically by the ELB.

B.The instance gets terminated automatically by the ELB.

C.The ELB stops sending traffic to the instance that failed its health check.

D.The instance gets quarantined by the ELB for root cause analysis.

答案:C

出处文档:http://aws.amazon.com/elasticloadbalancing/?nc2=h_ls

Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances.

You are building a system to distribute confidential training videos to employees. Using CloudFront, what
method could be used to serve content that is stored in S3, but not publically accessible from S3
directly?

A.Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3
bucket to that OAI.

B.Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket
policy.

C.Create an Identity and Access Management (IAM) User for CloudFront and grant access to the
objects in your S3 bucket to that IAM User.

D.Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target
bucket as the Amazon Resource Name (ARN).

答案:A

OAI介绍:http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

OAI基本上就是专为这个场景引入的。

Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an
associated Elastic IP is stopped and started? (Choose 2 answers)

A.The Elastic IP will be dissociated from the instance

B.All data on instance-store devices will be lost

C.All data on EBS (Elastic Block Store) devices will be lost

D.The ENI (Elastic Network Interface) is detached

E.The underlying host for the instance is changed

答案:B E

这个题难度比较高。可以用排除法,A,C,D肯定不能选,B是对的,那么剩下一个答案只有E了啊。

In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:

A.web server visible metrics such as number failed transaction
requests

B.operating system visible metrics such as memory utilization

C.database visible metrics such as number of connections

D.hypervisor visible metrics such as CPU utilization

答案:D

注意题干说的是basic monitoring,A,B,C肯定不对。具体支持的监控指标可见http://docs.aws.amazon.com/zh_cn/AmazonCloudWatch/latest/DeveloperGuide/ec2-metricscollected.html#ec2-metrics。D是唯一接近正确答案的,但是我对hypervisor了解不多,有些迷惑人。

Which is an operational process performed by AWS for data security?

A.AES-256 encryption of data stored on any shared storage device

B.Decommissioning of storage devices using industry-standard practices

C.Background virus scans of EBS volumes and EBS snapshots

D.Replication of data across multiple AWS Regions

E.Secure wiping of EBS data when an EBS volume is unmounted

答案:B

具体可以查看 was security whitepaper: https://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf

Storage Device Decommissioning 小节里面有这么一句话:

All decommissioned magnetic storage devices are
degaussed and physically destroyed in accordance with industry-standard practices.

To protect S3 data from both accidental deletion and accidental overwriting, you should:

A.enable S3 versioning on the bucket

B.access S3 data using only signed URLs

C.disable S3 delete using an IAM bucket policy

D.enable S3 Reduced Redundancy Storage

E.enable Multi-Factor Authentication (MFA) protected access

答案:A

出处文档:http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html

Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite.

AWS助理架构师样题解析的更多相关文章

  1. AWS助理架构师认证考经

    上周考了亚马逊的解决方案架构师-助理级别的认证考试并顺利通过.这也算是对自己AWS服务熟悉程度的一种检验.在准备考试的过程中,把自己学习到的AWS知识都梳理了一遍,也算是收获颇丰.这次特意分享了该认证 ...

  2. AWS发布架构师认证的专业解决方案

    完成Amazon EC2初始化几个例子就足够了,那么证明你的AWS建筑学专业技术需要长时间使用如何?AWS专业建筑师认证新颖的解决方案出炉! 2013年4月,AWS正式启动AWS认证计划,同时发布AW ...

  3. AWS 解决方案架构师考点(Storage)

    目录 一.S3 存储类 二.S3 考点 三.Storage Gateway 3.1.File Gateway 3.2.Volume Gateway /3.3.Tape Gateway 一.S3 存储类 ...

  4. aws基础架构学习笔记

    文章大纲 Aws 的优势 架构完善的框架(WAF) Aws 学习笔记 Aws架构中心 Aws 的优势 4.速度优势 5.全球优势 数分钟内实现全球部署 Aws全球基础设施 Aws 数据中心 来自多家O ...

  5. AWS的SysOps认证考试样题解析

    刚考过了AWS的developer认证,顺手做了一下SysOps的样题.以下是题目和答案. When working with Amazon RDS, by default AWS is respon ...

  6. 程序员Java架构师多线程面试题和回答解析

    当我们在Java架构师面试的过程中常见的多线程和并发方面的问题肯定是必不可少的一部分.那么在面试之前我们更应该多准备一些关于多线程方面的问题. 面试官只是想确信面试者有足够的Java线程与并发方面的知 ...

  7. 架构师之路-redis集群解析

    引子 上篇<架构师之路-https底层原理>里我提到了上面的整体视图,文章也介绍了想要真正能在工作中及时正确解决问题的基本功:原理理解透彻.今天以redis集群解析为例介绍一个及时敏锐的发 ...

  8. 添物零基础到大型全栈架构师 Java实战及解析(实战篇)- 概述

    ​ 实战篇是在基础之上,进一步提升的内容.通过实战篇可以深入理解Java相关框架和库的使用,能够独立开发小模块,或者按照架构师的指导进行代码编写和完善. 主要讲解核心框架和库的使用和使用场景介绍.通过 ...

  9. 月薪30k的Java架构师JVM常见面试题解析

    在做程序员的路上经常会遇到的JVM一些经典面试题,今天给大家分享出我自己的解题思路,希望对大家有帮助,后续有空会持续更新. 1.什么情况下会发生栈内存溢出. 思路: 描述栈定义,再描述为什么会溢出,再 ...

随机推荐

  1. IE WebBrowser事件触发

    <= IE6: IE6 下如果iframe很多,子框架的BeforeNavigate2,DownloadBegin,DownloadComplete,DocumentComplete可能交替出现 ...

  2. 如何辨别具体的一种SaaS是否安全?

    如何辨别具体的一种SaaS是否安全,需要把握以下几点: 1.传输协议加密 首先,要看SaaS产品提供使用的协议,是https://还是一般的http://,别小看这个s,这表明所有的数据在传输过程中都 ...

  3. vue2 上传图片

    <template> <div class="vue-upload-img-multiple"> <div v-if="images.len ...

  4. OD使用教程12

    载入程序输入关键字: 双击进入程序 仔细看发现并没有跳转直接跳到这个mov,往上看发现retn上面有一个push,在这种编写手法当中这种组合相当于一个jmp, 跳到离它最近的一个值(在这就是004A5 ...

  5. 【转】当你在浏览器地址栏输入一个URL后回车,将会发生的事情?

    http://igoro.com/archive/what-really-happens-when-you-navigate-to-a-url/ http://www.cnblogs.com/panx ...

  6. 如何用Matlab将cell数据写入文件

    我们知道,一般的文件读写函数是不接受直接将cell内容(非数值)直接写入文件的, 例如:dlmwrite('o.txt', C, 'delimiter', '\t');%C 为cell类型数据,会报错 ...

  7. MVC模式下向qq邮箱发送邮件

    将已经保存在数据库中的密码通过邮件发送到qq邮箱中.用的ssm框架,其中的config文件要先配置好. 用到的jar包有gson-2.2.1.jar,gson.jar,mail.jar,activat ...

  8. java线程小结3

    1. 多线程概述 要实现多线程可以通过继承Thread和实现Runnable接口.不过这两者之间存在一些区别.其中最重要的区别就是,如果一个类继承Thread类,则不适合于多个线程共享资源,而实现了R ...

  9. FreeRTOS run on eclipse

    所需软件包: FreeRTOS.7.1.0.7zeclipse-cpp-helios-SR2-win32.zipTDM-GCC-32(版本任意吧..但同平台就选择一致的,32位系统就一致32位的软件, ...

  10. <转>MFC注册系统/全局热键。

    <转>MFC注册系统/全局热键. 1. BEGIN_MESSAGE_MAP(CRS232TESTDlg, CDialog) //{{AFX_MSG_MAP(CRS232TESTDlg) O ...