[Practitioner] 오답 노트

Which AWS services is natively supported by AWS Snowball Edge?

• A. AWS Server Migration Service (AWS SMS)
• B. Amazon Aurora
• C. AWS Trusted Advisor
• D. Amazon EC2

https://aws.amazon.com/ko/blogs/storage/building-a-linux-edge-computing-solution-with-aws-snowball-edge-and-amazon-ec2/

 

 

Which AWS shared responsibility controls are shared? (Select two.)

• A. Awareness and training
• B. Patching of Amazon RDS
• C. Configuration management
• D. Physical and environmental controls
• E. Service and communications protection or security

Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

패치 관리 – AWS는 인프라 내의 결함을 패치하고 수정하는 역할을 담당하지만, 고객은 게스트 OS 및 애플리케이션에 패치를 적용해야 합니다.
구성 관리 – AWS는 인프라 장치의 구성을 유지 관리하지만 고객은 자체 게스트 운영 체제, 데이터베이스 및 애플리케이션을 구성해야 합니다.
인식 및 교육 - AWS는 AWS 직원을 교육하지만 고객은 자신의 직원을 교육해야 합니다.

 

 

After a single Availability Zone service disruption, a corporation must guarantee that the endpoint for a database instance stays the same. The program must continue database operations without human intervention from an administrator.

How are these stipulations to be met?

• A. Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on AWS Storage Gateway.
• B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the standby.
• C. Add multiple Application Load Balancers and deploy the database instance with AWS Elastic Beanstalk.
• D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon CloudFront origins.

A. AWS Storage Gateway provides cloud-based storage access to on-premises application, not database access. C. It is an automation deployment solution, not HA solution. D. CloudFront provides CDN access, not database access.

 

Which AWS products anticipate future AWS expenses automatically?

• A. AWS Support Center
• B. AWS Total Cost of Ownership (TCO) Calculator
• C. AWS Simple Monthly Calculator
• D. Cost Explorer

D. Cost Explorer

"Use forecasting to get a better idea of your what your costs and usage may look like in the future, so that you can plan ahead." https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

 

 

Amazon DynamoDB is used by a business in its AWS Cloud architecture.

Which of the following is a duty of the organization, according to the AWS shared responsibility model? (Select two.)

• A. Operating system patching and upgrades
• B. Application of appropriate permissions with IAM tools
• C. Configuration of data encryption options
• D. Creation of DynamoDB endpoints
• E. Infrastructure provisioning and maintenance

BC - Amazon does endpoints https://docs.aws.amazon.com/general/latest/gr/ddb.html

 

 

To achieve high availability, how many Availability Zones should computing resources be provided across?

• A. A minimum of one
• B. A minimum of two
• C. A minimum of three
• D. A minimum of four or more

2개, 가용영역은 가용성을 높이기 위함 -> 에러나 장애가(그게 그건가) 발생해도 사용할 수 있도록 하기 위해 리전 안에 영역을 나누어 놓은 것

 

 

Which tasks need the root user credentials for an AWS account? (Select two.)

• A. Creating an Amazon EC2 key pair
• B. Removing an IAM user from the administrators group
• C. Changing the AWS Support plan
• D. Creating an Amazon CloudFront key pair
• E. Granting an IAM user full administrative access

AWS 계정에 대한 루트 사용자 자격 증명이 필요한 작업은 무엇입니까?가 질문...

C, E

D가 아닌 이유는 : 'Amazon CloudFront는 이제 AWS 루트 계정 없이도 Amazon Identity and Access Management(IAM) 기반 사용자 권한을 통해 서명된 URL 및 서명된 쿠키에 사용되는 공개 키를 관리할 수 있다고 발표했습니다.'

 

 

Which solution enables users in various AWS Regions to have the FASTEST application response times for frequently requested data?

• A. AWS CloudTrail across multiple Availability Zones
• B. Amazon CloudFront to edge locations
• C. AWS CloudFormation in multiple regions
• D. A virtual private gateway over AWS Direct Connect

Amazon CloudFront를 사용하여 콘텐츠를 제공하고 웹 애플리케이션의 최종 사용자 대기 시간을 줄일 수 있습니다. CloudFront는 Edge location이라고 하는 글로벌 데이터 센터 네트워크를 활용하여 콘텐츠를 최종 사용자에게 가깝게 캐싱하여 제공 시간을 단축함으로써 콘텐츠 제공 속도를 높입니다.

CloudFront는 Amazon S3 버킷, Amazon EC2 인스턴스, Amazon Elastic Load Balancing 로드 밸런서 또는 자신의 웹 서버와 같은 오리진에서 콘텐츠를 가져옵니다. CloudFront를 사용하여 동적, 정적, 스트리밍 및 대화형 콘텐츠를 포함한 전체 웹 사이트 또는 애플리케이션을 제공할 수 있습니다.

 

 

Which qualities make AWS Cloud computing advantageous? (Select two.)

• A. A 100% service level agreement (SLA) for all AWS services
• B. Compute capacity that is adjusted on demand
• C. Availability of AWS Support for code development
• D. Enhanced security
• E. Increases in cost and complexity

SLA는 100%가 될 수 없다고 한다

C는 왜 아니지? 코드 개발을 위한 AWS Support의 가용성.. 말이 좀 이상하긴 함

 

 

A corporation anticipates a brief increase in internet traffic for their application. The program cannot be interrupted during the traffic spike. In addition, the organization must reduce costs while increasing flexibility.
To achieve these needs, which Amazon EC2 instance type should the organization use?

• A. On-Demand Instances Most Voted
• B. Spot Instances
• C. Reserved Instances Most Voted
• D. Dedicated Hosts

논란의 소지가 있는 답변

A가 많기는 하다만, 그 이유는 spot 인스턴스는 interrupt될 수 있다

reserved 인스턴스는 장기 계약의 경우 유리

 

 

An Amazon RDS database instance is deployed across several Availability Zones.

Which pillar of the AWS Well-Architected Framework is included in this strategy?

• A. Performance efficiency
• B. Reliability
• C. Cost optimization
• D. Security

multi AZs = reliability

With high availability results into reliability = 고가용성으로 인해 신뢰성이 향상됨

 

 

Amazon EC2, an Elastic Load Balancer, and Amazon RDS are all components of an architectural design.

What is the BEST method for estimating the monthly cost of this architecture?

• A. Open an AWS Support case, provide the architecture proposal, and ask for a monthly cost estimation.
• B. Collect the published prices of the AWS services and calculate the monthly estimate.
• C. Use the AWS Simple Monthly Calculator to estimate the monthly cost.
• D. Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost.

C. "The AWS Simple Monthly Calculator is an easy-to-use online tool that enables you to estimate the monthly cost of AWS services for your use case based on your expected usage. "

 

 

An Elastic Load Balancer, numerous Amazon EC2 instances, and Amazon RDS are used to run a web application on AWS.

Which security measures are AWS's responsibility? (Select two.)

• A. Running a virus scan on EC2 instances
• B. Protecting against IP spoofing and packet sniffing
• C. Installing the latest security patches on the RDS instance
• D. Encrypting communication between the EC2 instances and the Elastic Load Balancer
• E. Configuring a security group and a network access control list (NACL) for EC2 instances

RDS는 관리되는 데이터베이스 서비스이며, AWS는 보안 패치를 처리합니다.

• EC2의 바이러스 스캔은 고객의 책임입니다.
• EC2와 ELB 간의 통신을 암호화하려면 고객이 인증서를 적용하고 암호화를 위해 인스턴스 및 ELB를 구성해야 합니다.
• Security Group 및 NACL은 고객의 구성 책임입니다.

IP 스푸핑 및 패킷 스니핑에 대한 보호가 AWS의 책임이라고 결정할 수 있습니다.

이 모든 것은 일반적인 AWS 공유 책임 모델과 일치한다. 이 경우 AWS는 관리 서비스 및 네트워크 인프라에 대한 책임을 집니다.