7일차는 야근과 함께 사라졌다. 퇴근을 하고 집에오니, 00시 30분이였고 씻고 공부를 하면 다음 날 컨디션에 영향을 주고 악순환의 시작임을 수차례 경험했기에 깔끔하게 7일차는 내주고 8일차 오늘 효율을 높여 하려고 했으나,,,
우영우 변호사님을 봐버렸다. 현재 11시 4분 전.
40분 시간동안 공부를 시작하고자 한다.
한가지 추가 소식은, 현재 덤프사이트로 유용하게 사용중인 오아클 서비스가 회원가입을 통해야만 하는 서비스로 변경되어 이메일로 가입을 했다. 새로 시작하시는 분들은 참고 하면 좋겠다.
※개발자님 감사합니다.
2022.07.12 - [자기개발] - (6일차) AWS 자격증 공부하기 SAA (AWS Certified Solutions Architect - Associate)
문제26
Every 90 days, a security team must enforce the rotation of all IAM users' access keys. If an access key is discovered to be out of date, it must be rendered inactive. and eliminated. A solutions architect must design a solution that will detect and remediate keys that are more than 90 days old.
Which solution satisfies these criteria with the LEAST amount of operational effort?
A.
Create an AWS Config rule to check for the key age. Configure the AWS Config rule to run an AWS Batch job to remove the key.
B.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Configure the rule to run an AWS Batch job to remove the key.
C. 최소한의 운영 노력이라는 말은, 서버리스 일 확률이 높다. 왜냐? 별도 서버를 운영하면 부가적으로 챙겨야 할게 많이 생기니까. Config는 AWS 리소스 구성 및 감사,평가를 할 수 있는 서비스로 access key를 확인하는데 적합하며, Config를 통해 이벤트가 발생했을 때, 무언가 동작을 해야하는데 그것을 Lambda를 사용하여 서버리스 아키텍처를 구성하는 것이다. 하지만 Config에서 발생한 이벤트가 Lambda가 인식하기 위해선 중간에 말을 전달해줘야 하는 사람이 필요하니까 그 역할이 Amazon EventBridge 인 것이다.
Create an AWS Config rule to check for the key age. Define an Amazon EventBridge (Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the key.
D.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to remove the key.
문제27
A business is utilizing Amazon Elastic Container Service (Amazon ECS) to host its application and want to assure high availability. The business needs to be able to update its application even if nodes in one Availability Zone are unavailable. The application is projected to get 100 requests per second, and each container job is capable of serving at least 60 requests per second. The organization configured Amazon ECS to use a rolling update deployment mode, with the minimum healthy percent parameter set to 50% and the maximum healthy percent parameter set to 100%.
Which task and availability zone configurations satisfy these requirements?
A.
Deploy the application across two Availability Zones, with one task in each Availability Zone.
B.
Deploy the application across two Availability Zones, with two tasks in each Availability Zone.
C.
Deploy the application across three Availability Zones, with one task in each Availability Zone.
D. 고가용성을 원하고, 초당 하나의 task 에서 최소 60개를 수행 한다고 한다. 예상은 초당 100개인데, 최소 60개니까 최대100개 까지도 처리 할 수 있지 않을까? 생각해보지만. 여기서 원하는 고.가.용.성. 임으로 최소를 기준으로 처리 능력이 있어야 한다. 그러니 못해도 task가 2개가 필요하다. 여기서부터는 숫자 놀이인데, 3개에 AZ에 task가 2개 씩이면 총 6개다. 이 문제에서 가정한 상황은 가용영역을 하나 못쓰게 되도 성능을 유지싶어 한다. 그러면 2개에 AZ에 task가 2개면 총 4개. 잊지 말아야 하는건 우리가 원하는건 못해도 task가 2개인데 이건 4개니까 많을수록 좋지. 하고 찍어도 될거 같다. 하지만, 좀더 정확한 계산을 오늘 아니면 해볼 일이 없을거 같아 더 해보면, 문제 마지막 쯤에 롤링 배포 할 때.헬스 퍼센트 파라미터를 50%로 최소 운영 한다고 했으니, 업데이트 상황에서는 task가 2개로 최소 운영 되는 것이다. 그러므로 정답은 D밖에 될 수 없다.
Deploy the application across three Availability Zones, with two tasks in each Availability Zone.
문제28
A business is in the process of deploying a data lake on Amazon Web Services (AWS). An architect of solutions must describe the encryption approach for data in transit and at rest. Amazon S3/ The following is stated in the company's security policy:
- Keys must be rotated every 90 days.
- Strict separation of duties between key users and key administrators must be implemented. - Auditing key usage must be possible.
What solutions architect recommendations should be made?
A. 이건 그냥 외우기로 했다.
Server-side encryption with AWS KMS managed keys (SSE-KMS) with customer managed customer master keys (CMKs)
B.
Server-side encryption with AWS KMS managed keys (SSE-KMS) with AWS managed customer master keys (CMKs)
C.
Server-side encryption with Amazon S3 managed keys (SSE-S3) with customer managed customer master keys (CMKs)
D.
Server-side encryption with Amazon S3 managed keys (SSE-S3) with AWS managed customer master keys (CMKs)
문제29
A business requires that an Amazon S3 gateway endpoint accept traffic only from trusted buckets.
Which approach should a solutions architect use in order to fulfill this requirement?
A.
Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's trusted VPCs.
B.
Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's S3 gateway endpoint IDs.
C.
Create an S3 endpoint policy for each of the company's S3 gateway endpoints that blocks access from any VPC other than the company's trusted VPCs.
D. S3 엔드포인트 정책에 ARN로 고유한 S3만 특정지어서 신뢰하는 트래픽만 허용!
Create an S3 endpoint policy for each of the company's S3 gateway endpoints that provides access to the Amazon Resource Name (ARN) of the trusted S3 buckets.
문제30
A business has a hybrid application that is hosted on a number of on-premises servers that all have static IP addresses. There is already a VPN in place that connects the VPC to the on-premises network. The corporation want to disperse TCP traffic for internet users among its on-premises servers.
What recommendations should a solutions architect make to provide a highly accessible and scalable solution?
A. 트래픽을 제어하고 싶고 TCP, L4 계층으로 NLB가 정답.
Launch an internet-facing Network Load Balancer (NLB) and register on-premises IP addresses with the NLB.
B.
Launch an internet-facing Application Load Balancer (ALB) and register on-premises IP addresses with the ALB.
C.
Launch an Amazon EC2 instance, attach an Elastic IP address, and distribute traffic to the on-premises servers.
D.
Launch an Amazon EC2 instance with public IP addresses in an Auto Scaling group and distribute traffic to the on-premises servers.
문제31
A business wants to enhance the availability and performance of its stateless UDP-based workload. The workload is spread across various AWS Regions using Amazon EC2 instances.
What should a solutions architect suggest as a means of achieving this?
A. 퍼포먼스 향상을 시키고 싶고 UDP면 L4, 문제를 보면 ALB, NLB로 있으니 우선 NLB이고 퍼포먼스 속도 향상은 Route53 역할이 아니고 Global Accelerator 서비스가 제공한다.
Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an accelerator using AWS Global Accelerator. Use the NLBs as endpoints for the accelerator.
B.
Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an accelerator using AWS Global Accelerator. Use the ALBs as endpoints for the accelerator.
C.
Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the NLBs.
D.
Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.
문제32
A business operates a website that is hosted on Amazon EC2 instances spread across two Availability Zones. The organization anticipates traffic increases around certain holidays and wants to provide a consistent customer experience.
How can a solutions architect satisfy this criterion?
A.
Use step scaling.
B.
Use simple scaling.
C.
Use lifecycle hooks.
D. 주말마다 트래픽이 증가하니까, 주말마다 안정적이게 가용성을 지키고 싶다는것. 주말은 고정적. 그러므로 스케줄.
Use scheduled scaling.
결혼하고 하나 혼자 깨달은게 있다면, 보통 와이프가 저녁에 자러 가자고 제안 할 때 안자고 열정이랍시고 불사르면 몸 어디가 아프거나 컨디션이 떨어져서 2~5일은 공부를 못하게 되는 악순환 사이클을 깨달았다.
이 말은, 와이프가 지금 자러 가자고 제안했으니 그 말을 듣고 포스팅을 마친다는 의미다.
푹자고 열일하고, 퇴근하고 다시 열공하러 돌아오겠다.
댓글