AWS Certified Solutions Architect Study Guide. David Higby Clinton
Чтение книги онлайн.
Читать онлайн книгу AWS Certified Solutions Architect Study Guide - David Higby Clinton страница 13
7 D.With SSE‐C you provide your own keys for Amazon to use to decrypt and encrypt your data. AWS doesn't persistently store the keys. See Chapter 3 for more information.
8 A. Durability corresponds to an average annual expected loss of objects stored on S3, not including objects you delete. Availability measures the amount of time S3 will be available to let you retrieve those objects. See Chapter 3 for more information.
9 B. S3 uses a read‐after‐write consistency model for new objects, so once you upload an object to S3, it's immediately available. See Chapter 3 for more information.
10 C. You can't change the primary CIDR for a VPC, so you must create a new one to connect it to your internal network. See Chapter 4 for more information.
11 B. An EC2 instance can access the Internet from a private subnet provided it uses a NAT gateway or NAT instance. See Chapter 4 for more information.
12 A. The definition of a public subnet is a subnet that has a default route pointing to an Internet gateway as a target. Otherwise, it's a private subnet. See Chapter 4 for more information.
13 C. DynamoDB is a key‐value store that can be used to store items up to 400 KB in size. See Chapter 5 for more information.
14 A.You can create a global secondary index for an existing table at any time. You can create a local secondary index only when you create the table. See Chapter 5 for more information.
15 A. Enabling point‐in‐time recovery gives you an RPO of about five minutes. The recovery time objective (RTO) depends on the amount of data to restore. See Chapter 5 for more information.
16 B. Revoking unnecessary access for IAM users is the most effective of the listed measures for protecting your AWS account. See Chapter 6 for more information.
17 C. KMS can be used to encrypt Elastic Block Store (EBS) volumes that store an instance's operating system. See Chapter 6 for more information.
18 D. STS tokens expire and IAM access keys do not. An STS token can be used more than once. IAM access keys and STS tokens are both unique. An IAM principal can use an STS token. See Chapter 6 for more information.
19 B. EC2 doesn't track instance memory utilization. See Chapter 7 for more information.
20 C. The transition to the ALARM state simply implies that the metric crossed a threshold but doesn't tell you what the threshold is. Newly created alarms start out in the INSUFFICIENT_DATA state. See Chapter 7 for more information.
21 A. Both store their logs in S3 buckets. See Chapter 7 for more information.
22 A. An EC2 instance in a private subnet still has access to Amazon's private DNS servers, which can resolve records stored in public hosted zones. See Chapter 8 for more information.
23 C. Geoproximity routing routes users to the location closest to them. Geolocation routing requires you to create records for specific locations or create a default record. See Chapter 8 for more information.
24 A. Route 53 is a true DNS service in that it can host zones for any domain name. You can also register domain names with or transfer them to Route 53. See Chapter 8 for more information.
25 B. Lambda is a highly available, reliable, “serverless” compute platform that runs functions as needed and scales elastically to meet demand. EC2 spot instances can be shut down on short notice. See Chapter 10 for more information.
26 A. A simple scaling policy changes the group size and then has a cooldown period before doing so again. Step scaling policies don't have cooldown periods. Target tracking policies attempt to keep a metric at a set value. PercentChangeInCapacity is a simple scaling adjustment type, not a scaling policy. See Chapter 10 for more information.
27 A. Auto Scaling always attempts to maintain the minimum group size or, if set, the desired capacity. See Chapter 10 for more information.
28 D. ElastiCache supports Memcached and Redis, but only the latter can store data persistently. See Chapter 11 for more information.
29 B. Puppet is a configuration management platform that AWS offers via OpsWorks but is not itself an AWS service. See Chapter 11 for more information.
30 B. S3 cross‐region replication transfers objects between different buckets. Transfer acceleration uses a CloudFront edge location to speed up transfers between S3 and the Internet. See Chapter 11 for more information.
31 A. You can deactivate STS for all regions except US East. See Chapter 12 for more information.
32 A. GuardDuty looks for potentially malicious activity. Inspector looks for vulnerabilities that may result in compromise. Shield and Web Application Firewall protect applications from attack. See Chapter 12 for more information.
33 A. Applying encryption to an unencrypted object will create a new, encrypted version of that object. Previous versions remain unencrypted. See Chapter 12 for more information.
34 C. On‐demand instances will continue to run and incur costs. Reserved instances cost the same whether they're running or stopped. Spot instances will be terminated when the spot price exceeds your bid price. See Chapter 13 for more information.
35 A. The EBS Lifecycle Manager can take scheduled snapshots of any EBS volume, regardless of attachment state. See Chapter 13 for more information.
36 C. Elastic Container Service lets you run containers