ABOUT ME

-

Today
-
Yesterday
-
Total
-
  • [AWS] 덤프문제 공부
    카테고리 없음 2023. 6. 26. 23:02

    Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand?

    • A. Security
    • B. Reliability Most Voted
    • C. Performance efficiency
    • D. Cost optimization

    Which of the following are benefits of migrating to the AWS Cloud? (Choose two.)

    • A. Operational resilience Most Voted
    • B. Discounts for products on Amazon.com
    • C. Business agility Most Voted
    • D. Business excellence
    • E. Increased staff retention

    Which component of the AWS global infrastructure is made up of one or more discrete data centers that have redundant power, networking, and connectivity?

    • A. AWS Region
    • B. Availability Zone Most Voted
    • C. Edge location
    • D. AWS Outposts

    Which duties are the responsibility of a company that is using AWS Lambda? (Choose two.)

    • A. Security inside of code Most Voted
    • B. Selection of CPU resources
    • C. Patching of operating system
    • D. Writing and updating of code Most Voted
    • E. Security of underlying infrastructure

    Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)

    • A. ׀•׀¡2 Reserved Instances
    • B. EC2 Amazon Machine Images (AMIs) Most Voted
    • C. Amazon Elastic Block Store (Amazon EBS) snapshots Most Voted
    • D. AWS Shield
    • E. Amazon GuardDuty

    A user is comparing purchase options for an application that runs on Amazon EC2 and Amazon RDS. The application cannot sustain any interruption. The application experiences a predictable amount of usage, including some seasonal spikes that last only a few weeks at a time. It is not possible to modify the application.
    Which purchase option meets these requirements MOST cost-effectively?

    • A. Review the AWS Marketplace and buy Partial Upfront Reserved Instances to cover the predicted and seasonal load.
    • B. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run on Spot Instances.
    • C. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run at an On-Demand rate. Most Voted
    • D. Buy Reserved Instances to cover all potential usage that results from the seasonal usage.

    A company wants to migrate a critical application to AWS. The application has a short runtime. The application is invoked by changes in data or by shifts in system state. The company needs a compute solution that maximizes operational efficiency and minimizes the cost of running the application.
    Which AWS solution should the company use to meet these requirements?

    • A. Amazon EC2 On-Demand Instances
    • B. AWS Lambda Most Voted
    • C. Amazon EC2 Reserved Instances
    • D. Amazon EC2 Spot Instances

    A company plans to create a data lake that uses Amazon S3.
    Which factor will have the MOST effect on cost?

    • A. The selection of S3 storage tiers Most Voted
    • B. Charges to transfer existing data into Amazon S3
    • C. The addition of S3 bucket policies
    • D. S3 ingest fees for each request

    ※ 관련 개념

    S3 스토리지

    1) 일반 S3

    - 가장 보편적으로 사용되는 스토리지 타입이고, 높은 내구성, 가용성을 가짐 

    2) S3 - IA ( infrequent  acess )

    - 자주 접근되지는 않으나 접근하게되면 빠른 접근이 요구되는 파일이 많으면 유용

    - 비용은 저렴하지만 접근하면 추가 비용 발생

    - multi az 를 통하여 데이터 저장

    3) S3 - one zone IA

    - 단일 AZ를 통한 데이터 저장함 = 조금 낮은 가용성

    - S3 - IA 보다 20% 비용 저렴

    4) Glacier ( 빙하 )

    - 거의 접근하지 않을 데이터 저장 시 유용

    - 매우 저렴

    - 데이터 접근 시 대략 4-5 시간 소요됨

    5) Intelligent Tiering

    - 데이터 접근 주기가 불규칙할때 매우 유용

    - 2가지 티어 존재 ( Frequent Tier , Infrequent Tire )

    - 데이터 접근주기에 따라 두가지 티어 중 하나로 선택 됨

    - 최고의 비용 절감 효율을 누릴 수 있음

     

    Which AWS service or tool should a company use to centrally request and track service limit increases?

    • A. AWS Config
    • B. Service Quotas Most Voted
    • C. AWS Service Catalog
    • D. AWS Budgets

    Which task requires using AWS account root user credentials?

    • A. Viewing billing information
    • B. Changing the AWS Support plan Most Voted
    • C. Starting and stopping Amazon EC2 instances
    • D. Opening an AWS Support case

    What is the scope of a VPC within the AWS network?

    • A. A VPC can span all Availability Zones globally.
    • B. A VPC must span at least two subnets in each AWS Region.
    • C. A VPC must span at least two edge locations in each AWS Region.
    • D. A VPC can span all Availability Zones within an AWS Region. Most Voted

    A company needs to establish a connection between two VPCs. The VPCs are located in two different AWS Regions. The company wants to use the existing infrastructure of the VPCs for this connection.
    Which AWS service or feature can be used to establish this connection?

    • A. AWS Client VPN
    • B. VPC peering Most Voted
    • C. AWS Direct Connect
    • D. VPC endpoints

    What are some advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises? (Choose two.)

    • A. EC2 includes operating system patch management.
    • B. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM). Most Voted
    • C. EC2 has a 100% service level agreement (SLA).
    • D. EC2 has a flexible, pay-as-you-go pricing model. Most VotedMost Voted
    • E. EC2 has automatic storage cost optimization. --> S3 에 관한 설명임.

    A user needs to determine whether an Amazon EC2 instance's security groups were modified in the last month.
    How can the user see if a change was made?

    • A. Use Amazon EC2 to see if the security group was changed.
    • B. Use AWS Identity and Access Management (IAM) to see which user or role changed the security group.
    • C. Use AWS CloudTrail to see if the security group was changed. Most Voted
    • D. Use Amazon CloudWatch to see if the security group was changed.

    ※ 관련개념

    CloudTail :  AWS 계정에 대한 거버넌스, 규정 준수, 운영 및 위험 감사를 활성화하는 데 도움이 되는 AWS 서비스

    -> 요약하자면, AWS 상에서 일어나는 행위를 감시함 ( 주로 사용자나 그룹.. 역할 등에 대하여 )

    -> CloudWatch 는 리소스나 어플리케이션에 대해서 실시간으로 모니터링한다는 점에서 Tail 과는 관리 포인트가 다름

    Which AWS service or feature acts as a firewall for Amazon EC2 instances?

    • A. Network ACL
    • B. Elastic network interface
    • C. Amazon VPC
    • D. Security group Most Voted --> 마치 Virtual firewall 과 같은 역할을 함. 

    Which of the following are included in AWS Enterprise Support? (Choose two.)

    • A. AWS technical account manager (TAM) Most Voted
    • B. AWS partner-led support
    • C. AWS Professional Services
    • D. Support of third-party software integration to AWS Most Voted
    • E. 5-minute response time for critical issues

    A global media company uses AWS Organizations to manage multiple AWS accounts.
    Which AWS service or feature can the company use to limit the access to AWS services for member accounts?

    • A. AWS Identity and Access Management (IAM)
    • B. Service control policies (SCPs) Most Voted
    • C. Organizational units (OUs)
    • D. Access control lists (ACLs)

    AWS Organizations 와 AWS IAM을 비교해보자

    • IAM은 리소스에 대한 액세스를 제어할수 있고, 사용자 및 그룹을 만들고 접근 허용/거부를 설정할 수 있다.
    • Organzations은 AWS 계정을 생성하고, 그룹화(OU)하고, 정책(SCP)을 적용할 수 있다.

    조직단위 계정에 일종의 가이드를 적용하고자 한다면 Organization, 각 사용자별 세부 권한 조정을 하고자 할때는 IAM을 사용하면 된다. 그리고 계정/조직 레벨에서 각종 정책(백업, 리소스, 보안 등)이나 비용 등을 관리하고자 할때도 Organizations를 사용한다.

     

    A company is developing a mobile app that needs a high-performance NoSQL database.
    Which AWS services could the company use for this database? (Choose two.)

    • A. Amazon Aurora
    • B. Amazon RDS
    • C. Amazon Redshift
    • D. Amazon DocumentDB (with MongoDB compatibility) Most Voted
    • E. Amazon DynamoDB Most Voted
    관계형(SQL) 데이터베이스비관계형(NoSQL) 데이터베이스
    AWS DB 예 Amazon RDS, Amazon Redshift, Aurora DynamoDB, ElastiCache
    데이터 스토리지 행과 열로 이루어진 테이블 키 값, 와이드 컬럼, 그래프, 문서 또는 기타 모델
    스키마 고정 동적

     

    Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)

    • A. Patch the Amazon EC2 guest operating system. --> Customer 책임
    • B. Upgrade the firmware of the network infrastructure. Most Voted
    • C. Apply password rotation for IAM users. --> Customer 책임
    • D. Maintain the physical security of edge locations. Most Voted
    • E. Maintain least privilege access to the root user account. --> Customer 책임

    Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.)

    • A. They are stateless. Most Voted
    • B. They are stateful.
    • C. They evaluate all rules before allowing traffic.
    • D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic. Most Voted
    • E. They operate at the instance level.

    ACL이란?

    ACL(Network access control list, 네트워크 엑세스 제어 목록)은 VPC를 위한 하나 이상의 서브넷에서 들어오고 나가는 트래픽을 제어하기 위한 방화벽(firewall) 역할을 하는 추가적인 보안 계층이다. VPC에 보안그룹(security groups)과 비슷한 추가적인 보안 계층을 추가하기 위해서 ACL을 설정할 수 있다.

    네트워크 ACLs는  연결된 서브넷을 위한 서브넷 단(level)에서 inbound(들어오는) 및 outbound(나가는) 트래픽 둘 다 제어하는 방화벽(firewall) 역할을 한다.

    ACL은 라우팅 테이블을 지나 서브넷으로 들어가고 나가는(inbound & outbound) 트래픽을 제어한다!

     

    Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload?

    • A. Amazon Route 53
    • B. Amazon Macie
    • C. AWS Direct Connect Most Voted
    • D. AWS PrivateLink

    Site-to-Site VPN과 Direct Connect는 동일한 목적의 서비스로 AWS VPC와 AWS외부의 온-프레미스 데이터센터와의 프라이빗한 연결을 제공하는 서비스 입니다. AWS VPC의 서비스를 인터넷을 통해서 접속이 가능하지만 보안, 안정성, 퍼포먼스 등의 이유로 프라이빗한 연결이나 전용 연결을 만들어 트래픽을 주고 받게 됩니다.

    PrivateLink는 위와 조금 다르게 VPC와 AWS 서비스 간에 프라이빗 연결을 제공하는 서비스 입니다. 예를 들어 S3나 DynamoDB의 경우 인터넷을 통해서 트래픽을 주고받는 퍼블릭 서비스로 AWS VPC의 EC2가 S3에 접속을 하려면 인터넷을 통해서 트래픽을 주고받아야 합니다. 이 연결을 PrivateLink를 사용하면 퍼블릭 인터넷이 아닌 AWS 내부 네트워크(프라이빗 연결)를 통해 트래픽을 주고 받게 됩니다.

     

    Which AWS service uses machine learning to help discover, monitor, and protect sensitive data that is stored in Amazon S3 buckets?

    • A. AWS Shield
    • B. Amazon Macie Most Voted ---> 데이터보안 서비스
    • C. AWS Network Firewall
    • D. Amazon Cognito

    A large enterprise with multiple VPCs in several AWS Regions around the world needs to connect and centrally manage network connectivity between its VPCs.
    Which AWS service or feature meets these requirements?

    • A. AWS Direct Connect
    • B. AWS Transit Gateway Most Voted
    • C. AWS Site-to-Site VPN
    • D. VPC endpoints

    A user wants to deploy a service to the AWS Cloud by using infrastructure-as-code (IaC) principles.
    Which AWS service can be used to meet this requirement?

    • A. AWS Systems Manager
    • B. AWS CloudFormation Most Voted --> AWS의 대표적인 IaC 기반의 구성 조정 도구
    • C. AWS CodeCommit
    • D. AWS Config

    Which AWS service is used to provide encryption for Amazon EBS?

    • A. AWS Certificate Manager
    • B. AWS Systems Manager
    • C. AWS KMS Most Voted
    • D. AWS Config

    Which AWS services make use of global edge locations? (Choose two.)

    • A. AWS Fargate
    • B. Amazon CloudFront Most Voted
    • C. AWS Global Accelerator Most Voted
    • D. AWS Wavelength
    • E. Amazon VPC

    A company is migrating to Amazon S3. The company needs to transfer 60 TB of data from an on-premises data center to AWS within 10 days.
    Which AWS service should the company use to accomplish this migration?

    • A. Amazon S3 Glacier
    • B. AWS Database Migration Service (AWS DMS)
    • C. AWS Snowball Most Voted
    • D. AWS Direct Connect

    What type of database is Amazon DynamoDB?

    • A. In-memory
    • B. Relational
    • C. Key-value Most Voted
    • D. Graph

    A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an
    Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
    Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?

    • A. Security groups
    • B. AWS WAF Most Voted
    • C. Network ACLs
    • D. AWS Shield

    Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework?

    • A. Create annotated documentation.
    • B. Anticipate failure. Most Voted
    • C. Ensure performance efficiency.
    • D. Optimize costs.

    Which AWS Cloud benefit is shown by an architecture's ability to withstand failures with minimal downtime?

    • A. Agility
    • B. Elasticity
    • C. Scalability
    • D. High availability Most Voted

    A company needs to set up a petabyte-scale data warehouse in the AWS Cloud.
    Which AWS service will meet this requirement?

    • A. Amazon DynamoDB
    • B. Amazon RDS
    • C. Amazon Redshift Most Voted
    • D. Amazon ElastiCache

    Which AWS service monitors AWS accounts for security threats?

    • A. Amazon GuardDuty Most Voted
    • B. AWS Secrets Manager
    • C. Amazon Cognito
    • D. AWS Certificate Manager (ACM)

    A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory requirements, the data must remain local and on premises. There must be low latency between AWS and the company resources.
    Which AWS service or feature can be used to meet these requirements?

    • A. AWS Local Zones
    • B. Availability Zones
    • C. AWS Outposts Most Voted
    • D. AWS Wavelength Zones

    AWS Outposts란?

    • AWS 가 실제로 사용중인 것과 (거의) 같은 하드웨어를 온프레미스 환경에 렌탈을 해줍니다.
    • AWS 측에서 하드웨어의 설비와 유지관리를 풀매니지드 형태로 제공해줍니다.
    • Outposts 는 하나의 AWS 리젼의 일부를 연장하는 형태로 제공됩니다. (리젼안의 AZ 와 같은 취급)

    What are the five pillars of the AWS Well-Architected Framework?

    • A. Encryption, documentation, speed, hybrid design, and cost optimization
    • B. Containerization, cost margins, globalization, marketplace, and developer operations
    • C. Network, compute, storage, security, and developer operations
    • D. Operational excellence, reliability, performance efficiency, security, and cost optimization Most Voted

    What is the primary use case for Amazon GuardDuty?

    • A. Prevention of DDoS attacks
    • B. Protection against SQL injection attacks
    • C. Automatic monitoring for threats to AWS workloads Most Voted
    • D. Automatic provisioning of AWS resources1

    A company needs to identify personally identifiable information (PII), such as credit card numbers, from data that is stored in Amazon S3.
    Which AWS service should the company use to meet this requirement?

    • A. Amazon Inspector
    • B. AWS Shield
    • C. Amazon GuardDuty
    • D. Amazon Macie Most Voted

    Which AWS services are serverless? (Choose two.)

    • A. AWS Fargate Most Voted
    • B. Amazon Managed Streaming for Apache Kafka
    • C. Amazon EMR
    • D. Amazon S3 Most Voted
    • E. Amazon EC2

     

    Which task can a company complete by using AWS Organizations?

    • A. Track application deployment statuses globally.
    • B. Remove unused and underutilized AWS resources across all accounts.
    • C. Activate DDoS protection across all accounts.
    • D. Share pre-purchased Amazon EC2 resources across accounts. Most Voted

    A company needs to generate reports for business intelligence and operational analytics on petabytes of semistructured and structured data. These reports are produced from standard SQL queries on data that is in an Amazon S3 data lake.
    Which AWS service provides the ability to analyze this data?

    • A. Amazon RDS
    • B. Amazon Neptune
    • C. Amazon DynamoDB
    • D. Amazon Redshift Most Voted

     

     

    A retail company is migrating its IT infrastructure applications from on premises to the AWS Cloud.
    Which costs will the company eliminate with this migration? (Choose two.)

    • A. Cost of data center operations Most Voted
    • B. Cost of application licensing
    • C. Cost of marketing campaigns
    • D. Cost of physical server hardware Most VotedMost Voted
    • E. Cost of network management 

    Which AWS services can use AWS WAF to protect against common web exploitations? (Choose two.)

    • A. Amazon Route 53
    • B. Amazon CloudFront Most Voted
    • C. AWS Transfer Family
    • D. AWS Site-to-Site VPN
    • E. Amazon API Gateway Most Voted

    Which AWS service or tool is associated with an Amazon EC2 instance and acts as a virtual firewall to control inbound and outbound traffic?

    • A. AWS WAF
    • B. AWS Shield
    • C. Network access control list (ACL)
    • D. Security group Most Voted

     

    Which of the following describes some of the core functionality of Amazon S3?

    • A. Amazon S3 is a high-performance block storage service that is designed for use with Amazon EC2.
    • B. Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data availability. Most Voted
    • C. Amazon S3 is a fully managed, highly reliable, and scalable file storage system that is accessible over the industry-standard SMB protocol.
    • D. Amazon S3 is a scalable, fully managed elastic NFS for use with AWS Cloud services and on-premises resources.

    Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the AWS Cloud?

    • A. Go global in minutes.
    • B. Make frequent, small, reversible changes. Most Voted
    • C. Implement a strong foundation of identity and access management.
    • D. Stop spending money on hardware infrastructure for data center operations.

    A company needs to deploy applications in the AWS Cloud as quickly as possible. The company also needs to minimize the complexity that is related to the management of AWS resources.
    Which AWS service should the company use to meet these requirements?

    • A. AWS Config
    • B. AWS Elastic Beanstalk Most Voted
    • C. Amazon EC2
    • D. Amazon Personalize

    A company wants to use a template to reliably provision, manage, and update its infrastructure in the AWS Cloud.

    Which AWS service will meet these requirements?

    • A. AWS Lambda
    • B. AWS CloudFormation Most Voted
    • C. AWS Fargate
    • D. AWS CodeDeploy

    A company wants to accelerate migration from its data center to the AWS Cloud.
    Which combination of AWS services should the company use to meet this requirement? (Choose two.)

    • A. Amazon Connect
    • B. AWS Direct Connect Most Voted
    • C. AWS Server Migration Service (AWS SMS) Most Voted
    • D. Amazon Route 53
    • E. AWS Organizations

    What should a user do if the user loses an IAM secret access key?

    • A. Retrieve the secret access key by using the IAM console.
    • B. Create a new user with a new access key and a new secret access key.
    • C. Rotate the secret access key. Most Voted
    • D. Request a new secret access key from AWS Support.

     

    A company wants to deploy a Docker application to the AWS Cloud. However, the company does not want to manage the underlying servers.

    Which combination of AWS services should the company use to meet these requirements? (Choose two.)

    • A. Amazon EC2
    • B. Amazon EC2 Auto Scaling
    • C. AWS Elastic Beanstalk Most Voted
    • D. Amazon CloudFront
    • E. AWS Fargate Most Voted

    AWS Elastic Beanstalk  란?

    AWS Elastic Beanstalk는 Java, .NET, PHP, Node.js, Python, Ruby, Go 및 Docker를 사용하여 개발된 웹 애플리케이션 및 서비스를 Apache, Nginx, Passenger 및 IIS와 같은 친숙한 서버에서 손쉽게 배포하고 확장할 수 있는 서비스

     

    Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Choose two.)

    • A. Use the AWS account root user tor daily access.
    • B. Use access keys and secret access keys on Amazon EC2.
    • C. Rotate credentials on a regular basis. Most Voted
    • D. Create a shared set of access keys for system administrators.
    • E. Configure multi-factor authentication (MFA). Most Voted

    An ecommerce company has deployed a new web application on Amazon EC2 instances. The company wants to distribute incoming HTTP traffic evenly across all running instances.

    Which AWS service or resource will meet this requirement?

    • A. Amazon EC2 Auto Scaling
    • B. Application Load Balancer Most Voted
    • C. Gateway Load Balancer
    • D. Network Load Balancer

    Which AWS service or resource helps on-premises applications connect to AWS Cloud-based storage and caches the data locally for low-latency access?

    • A. AWS Direct Connect
    • B. AWS Storage Gateway Most Voted
    • C. Amazon S3
    • D. AWS Snowball Edge

    A company has a global website with static content.

    Which AWS service will deliver the static content with low latency?

    • A. AWS Lambda
    • B. Amazon CloudFront
    • C. Amazon EC2 Auto Scaling
    • D. AWS Compute Optimizer

    댓글

Designed by Tistory.