2018-2019筆者收集的高質(zhì)量AWS 認證SAP練習(xí)題（題庫），一共577道題，這個欄目有20000字的字數(shù)限制，只能放十幾道題道題，有需要的朋友關(guān)注微信公眾號“云計算狂魔”進行自動獲取

Q1. You are managing a new team tasked with designing network infrastructures for clients. You hold a training session to go over how to configure subnets. How would you explain the rules of associating subnets with a specific network ACL? (Choose 3 answers)

?

A. A subnet can be associated with only one network ACL.

B. Subnets not associated with any custom ACL will be associated with the default network ACL.

C. All subnets associated with a network ACL will have the associated rules applied.

D. Subnets can be associated with more than one network ACL.

?

Answer: A,B,C

?

Explanation: To apply the rules of a network ACL to a particular subnet, you must associate the subnet with the network ACL. You can associate a network ACL with multiple subnets; however, a subnet can be associated with only one network ACL. Any subnet not associated with a particular ACL is associated with the default network ACL by default.

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html#NetworkACL

Q2. Your team has found that a client's load balancer needs to be configured with support for SSL offload using the default security policy. When negotiating the SSL connections between the client and the load balancer, you want the load balancer to determine which cipher is used for the SSL connection. Which actions perform this process on the load balancer? (Choose 3 answers)

?

A. Select the default security policy.

B. Enable SSL offload.

C. Select a client configuration preference option.

D. Choose the server order preference option.

?

Answer: A,B,D

?

Explanation: Elastic Load Balancing uses an Secure Socket Layer (SSL) negotiation configuration, known as a security policy, to negotiate SSL connections between a client and the load balancer. A security policy is a combination of SSL protocols, SSL ciphers, and the Server Order Preference option.

Reference:

http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-ba lancer.html#config-backend-auth

Q3. You are looking for a simple way to configure fault tolerance for your EC2 instances. You need to create a plan for replacing unhealthy or failed instances. It is acceptable to have a short amount of downtime in order to keep costs down. Which process is appropriate for achieving this?

?

A. Create a custom AMI and use it to create an Auto Scaling Launch Configuration; then create a "Steady State" AS policy using a min of 2 instances and a max of 2 instances.

B. Create a custom AMI of you EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of "Reboot this instance."

C. Create a custom AMI of your EC2 instances, use the custom AMI to create a new EC2 instance if there are issues with a current EC2 instance, and move the EIP to the new instance.

D. Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of "Recover this instance."

?

Answer: C

?

Explanation: Creating a custom AMI of the instance for which you are trying to provide HA allows you to bring the instance online quickly with no build time. Moving the EIP from the instance you are replacing to the new instance will send all traffic to the new instance without any change to DNS, which would take time to propagate. Using the AutoRecover option will not replace the unhealthy or failing instance. It will only try to restart it on another host. Creating a "Steady State" Auto Scaling Group would also be a good solution, although using 2 as a minimum would have a higher cost.

Reference:

http://media.amazonwebservices.com/AWS_Building_Fault_Tolerant_Applications.pdf

Q4. You are planning to deploy storage gateway on-premises. What are the minimum resources that has to be dedicated to the storage gateway VM? (Choose 3 answers)

?

A. 80 GB of free disk space

B. 4 virtual processors

C. 100 GB of free disk space

D. 16 GB of RAM

?

Answer: A,B,D

?

Explanation: When deploying your gateway on-premises, you must make sure that the underlying hardware on which you are deploying the gateway VM is able to dedicate the following minimum resources:

. Four virtual processors assigned to the VM.

. 16 GB of RAM assigned to the VM

. 80 GB of disk space for installation of VM image and system data Reference: http://docs.aws.amazon.com/storagegateway/latest/userguide/Requirements.html

Q5. You are developing a new application in which you need to transfer files over long distances between client-side storage and an S3 bucket. You decide to try sending data to the S3 bucket using S3 Transfer Acceleration. What must you do to achieve this? (Choose 2 answers)

?

A. Use the Cli S3 accelerate upload commands.

B. Use the SDK S3 accelerate upload commands.

C. Turn on S3 Transfer Acceleration for the bucket.

D. Use the new accelerate endpoints to transfer your data to S3.

?

Answer: C,D

?

Explanation: After you turn on S3 Transfer Acceleration for a bucket, two new endpoints are created for the bucket: one for IPv4 and one for IPv6. You can use either the accelerate endpoints or the standard endpoints if you choose not to use the accelerate feature. Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html

Q6. An instance is connected to an elastic network interface hosted on a subnet. The elastic network interface of the instance is then changed to a different elastic network interface hosted on a different subnet. What changes occur in regards to the instance and the NACLs assigned at the subnet? (Choose 2 answers)

?

A. The instance follows the rules of the newer subnet.

B. The instance follows the rules of the original subnet.

C. The NACLs of the new subnet apply to the instance.

D. The instance follows both rules of both subnets.

?

Answer: A,C

?

Explanation: The ENI subnet location is controlled by the associated NACLs. For example, if you're launching an instance into a subnet that has an associated IPv6 CIDR block, you can specify IPv6 addresses for any network interfaces that you attach. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Q7. The CTO of a customer has asked you to plan a move of 100s of TB of data into AWS. You typically use Amazon Snowball for these types of requests. What solution would provide the fastest transfer of data to Snowball?

?

A. Use a server with lots of memory, CPU, and networking capacity to run the client software.

B. Use a client workstation with lots of memory, CPU, and networking capacity to run the client software.

C. Use multiple workstations to run the client software.

D. Use a powerful EC2 instance type to run the client software.

?

Answer: C

?

Explanation: Uploading data to the Snowball Appliance requires a client application. The upload is CPU, memory, and networking intensive. If you are uploading large amounts of data, Amazon recommends that you run the client software on multiple workstations to distribute the load and thereby shorten the time the upload will take.

Reference: http://docs.aws.amazon.com/snowball/latest/ug/transfer-petabytes.html

Q8. Your team is setting up DynamoDB for a client. You need to explain to them how DynamoDB tables are partitioned. Which calculations are used to determine the number of partitions that will be created? (Choose 2 answers)

?

A. The total table size divided by 40 GB

B. The total RCU divided by 5000 + total WCU divided by 1000

C. The total RCU divided by 3000 + total WCU divided by 1000

D. The total table size divided by 10 GB

?

Answer: C,D

?

Explanation: DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate total size/10 GB. Then round up the higher of the two results.

Reference:

http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GuidelinesForTables.

html

Q9. You've carefully designed your auto-scaling groups and launch configurations for application servers based on the recommended specifications from the developers. The applications will be launched into separate regions. In US East there are no issues when initializing the application cluster. US West deployments generate error messages indicating the user request of an auto scaling group has failed. How can you attempt to solve this problem? (Choose 2 answers)

?

A. Choose a different region in which to launch the application servers.

B. Update your auto-scaling group with a new launch configuration and new instance type.

C. Ask the design team for different specifications for the application servers.

D. Create a new launch configuration following the recommendations listed in the error message.

?

Answer: B,D

?

Explanation: Different regions will have different resources available at different times. In almost all cases, updating your Auto Scaling group with a new placement group or launch configuration is warranted.

Reference:

http://docs.aws.amazon.com/autoscaling/latest/userguide/CHAP_Troubleshooting.html

Q10. You are designing monitoring and operation management for your environment on AWS and in the process of deciding which metrics to start with for your monitoring. Which of the following metrics should be included in your initial monitoring plan at minimum? (Choose 3 answers)

?

A. Disk Performance (Read and Write OPS)

B. CPU Utilization

C. Volume Queue Length

D. Memory Utilization

?

Answer: A,B,D

?

Explanation: To establish a baseline you should, at a minimum, monitor the following items:

CPU Utilization, Memory Utilization, Network Utilization, Disk Performance and Disk Space. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_ec2.html

Q11. You've successfully deployed a three-tier application at AWS. One of the components includes a monitoring instance that monitors key components and notifies Cloud Watch when failures occur. The system works flawlessly; however, you need to monitor the monitoring instance and be notified when it becomes unhealthy. How can you quickly achieve monitoring of the monitoring instance?

?

A. Run an additional monitoring instance that pings the original monitoring instance and alerts the operations team when failures occur.

B. Have the monitoring instance send messages to an SQS queue, and also queue these messages on another, backup monitoring instance; when the queue stops receiving new messages, failover to the backup monitor.

C. Define a Cloud Watch alarm based on EC2 instance status checks; if status checks fail, alert the operations team via email.

D. Create an auto-scaling group of a minimum and maximum of one instance; set up Cloud Watch alerts to scale the auto scaling group.

?

Answer: C

?

Explanation: Cloud Watch alarms are the easiest to set up for this example. You can add the stop, terminate, reboot, or recover actions to any alarm that is set on an Amazon EC2 per-instance metric, including basic and detailed monitoring metrics provided by Amazon CloudWatch (in the AWS/EC2 namespace), as well as any custom metrics that include the "InstanceId=" dimension, as long as the InstanceId value refers to a valid running Amazon EC2 instance.

Reference:

http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.htm l

Q12. While designing network security for your environment on AWS you are considering the role of Network Access Control List and how it will affect resources. In that context you have created a custom NACL that is intended for private subnets in your VPC. Which services and resources below are restricted based on this NACL rules? (Choose 2 answers)

?

A. Customer gateway attached through VPN connection

B. EC2 instances in any subnet (public or private) that has this NACL associated with it

C. EC2 instances in private subnets even if the NACL is not applied on it

D. RDS instances created in private subnets with this NACL associated with it

?

Answer: B,D

?

Explanation: NACLs control stateless access at the subnet level for all traffic. These rules apply to all instances in the subnet, so you must be careful not to make your security group rules too permissive.

Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html#ACLs

Q13. You are working on a plan to mitigate DDoS attacks. You want to make sure that your front-line EC2 instances can handle the larger volumes of incoming traffic that would be delivered during an attack. Which EC2 instances would best provide this functionality?

?

A. EC2 instances with a very limited number of ports open

B. EC2 instances with multiple ENIs

C. EC2 instances with a higher ratio of CPU to memory

D. EC2 instances that support "Enhanced Networking"

?

Answer: D

?

Explanation: EC2 instances with Enhanced Networking provide 10 Gb/s interfaces, which can handle a much higher volume of traffic into the interface. You are not charged for inbound traffic. Having a higher CPU-to-memory ratio would not allow a higher volume of network traffic. Additional ENIs do not increase network throughput. Limiting the open ports would not help as the attack would be directed at only one open port.

Reference: https://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf

Q14. You are an engineer at a large bank, responsible for managing your firm's AWS infrastructure. Your finance team has approached you, indicating their concern over the growing EC2 budget. They have asked you to identify strategies to reduce the EC2 spend by at least 25% before the next monthly billing cycle. How could you accomplish this? (Choose 3 answers)

?

A. Migrate from hvm to pv instances.

B. Reduce or eliminate over-provisioned or unused instances.

C. Look for opportunities to use reserved or spot instances.

D. Consolidate AWS accounts for billing.

?

Answer: B,C,D

?

Explanation: You can reduce EC2 spend by migrating to reserved/spot instances, eliminating/shrinking unused resources, or consolidating AWS accounts (to qualify for volume discounts). The paying account can benefit from volume pricing discounts gained thru aggregate account usage.

Reference: https://aws.amazon.com/ec2/pricing/

Q15. Your team is developing an application using Elastic Beanstalk and discussing the most appropriate environment for deployment. What two types of environments can be created when using Elastic Beanstalk? (Choose 2 answers)

?

A. Load-balancing and auto-scaling environment

B. Multi-region, multiple-instance environment

C. Web worker environment

D. Single-instance environment

?

Answer: A,D

?

Explanation: In Elastic Beanstalk, you can create a load-balancing, autoscaling environment or a single-instance environment. The type of environment that you require depends on the application that you deploy. For example, you can develop and test an application in a single-instance environment to save costs and then upgrade that environment to a load-balancing, autoscaling environment when the application is ready for production.

Reference:

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features-managing-env-types.

html

Q16. You have created an S3 bucket where project managers can upload their projects' files. Project files change frequently, so retaining multiple copies of files when changes occur is essential. Each project is also considered confidential, each project file must be encrypted at rest when stored in S3. How could you meet these requirements for your bucket and contents?

?

A. Versioning should be enabled on each project file; then client-side or server-side encryption can be utilized.

B. Delete all prior versions after a certain timestamp alert is met.

C. Versioning should be enabled on the bucket; then client-side or server-side encryption can be utilized.

D. Server-side encryption should be enabled on the S3 bucket.

?

Answer: C

?

Explanation: Versioning provides redundancy as it keeps multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

Q17. One of your developers is creating an application that must upload large files to a S3 bucket. You suggest that they use the multipart upload feature. Which actions are required from the developer to complete a multipart upload? (Choose 2 answers)

?

A. Create ordered ETag values to label each part.

B. Upload each part with an upload ID and a part number,

C. Construct the final object from the parts.

D. Send a request to initiate a multipart upload.

?

Answer: B,D

?

Explanation: When you send a request to initiate a multipart upload, Amazon S3 returns a response with an upload ID, which is a unique identifier for your multipart upload. You must include this upload ID whenever you upload parts, list the parts, complete an upload, or abort an upload. When uploading a part, in addition to the upload ID, you must specify a part number that uniquely identifies a part and its position in the object you are uploading. Amazon S3 returns an ETag header in its response. For each part upload, you must record the part number and the ETag value for use in each subsequent request. Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html

Q18. A member of your network operations center team needs to find out which AWS API services the group has utilized over the last month. What is the best way to access this information?

?

A. Run the Security Credentials script.

B. Enable flow logs to track traffic flow.

C. Use AWS Inspector.

D. Use CloudTrail logging.

?

Answer: D

?

Explanation: Authenticated requests to AWS service APIs are logged by CloudTrail, and these log entries contain information about who generated the request. The user identity information helps you determine whether the request was made with IAM user credentials, with temporary security credentials for a role or federated user, or by another AWS service. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html

Q19. You've deployed your application and database servers at AWS. For the first month performance was adequate. Now, due to increased customer demand, you want to change the instance type for new instances that will run in your application tier. In which area of auto scaling would you change the existing instance type definition?

?

A. Auto scaling group

B. Auto scaling launch configuration

C. Auto scaling tags

D. Auto scaling policy

?

Answer: A