Amazon AWS-SysOps豪華セット学習ガイドにはオンライン試験エンジン [Q289-Q304]

Amazon AWS-SysOps豪華セット学習ガイドにはオンライン試験エンジン

AWS-SysOps問題集レビュー専門クイズ学習材料

Amazon AWS-SysOps 認定試験の出題範囲：

トピック	出題範囲
トピック 1	Demonstrate Understanding of the Shared Responsibility Model Demonstrate Ability to Prepare for Security Assessment Use of AWS
トピック 2	Demonstrate Ability to Monitor and Manage Billing and Cost Optimization Processes
トピック 3	Networking: Demonstrate Ability to Implement Networking Features of AWS Connectivity Features of AWS
トピック 4	Analysis: Optimize the Environment to Ensure Maximum Performance
トピック 5	High Availability: Implement Scalability and Elasticity Based on Scenario Ensure Level of Fault Tolerance Based on Business Needs

質問 289
An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often need to be churned, i.e. deleted and replaced, especially in the testing group. This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, production and testing, will not change in the foreseeable future.
Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy?

A. By launching the test and production instances in separate regions and allowing region wise access to the group
B. By defining the IAM policy that allows access based on the instance ID
C. By creating an IAM policy with a condition that allows access to only small instances
D. By defining the tags on the test and production team members IAM user IDs, and adding a condition to the IAM policy that allows access to specific tags

正解: D

解説:
Explanation
AWS Identity and Access Management is a web service that allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances, he should define proper tags and add to the IAM policy condition. The sample policy is shown below.

References:

質問 290
A user is sending the data to CloudWatch using the CloudWatch API.
The user is sending data 90 minutes in the future.
What will CloudWatch do in this case?

A. CloudWatch will accept the data
B. The user cannot send data for more than 60 minutes in the future
C. It is not possible to send data of the future
D. It is not possible to send the data manually to CloudWatch

正解: A

解説:
With Amazon CloudWatch, each metric data point must be marked with a time stamp. The user can send the data using CLI but the time has to be in the UTC format. If the user does not provide the time, CloudWatch will take the data received time in the UTC timezone. The time stamp sent by the user can be up to two weeks in the past and up to two hours into the future.

質問 291
ABC (with AWS account ID 111122223333) has created 50 IAM users for its organization's employees. What will be the AWS console URL for these associates?

A. https://signin.aws.amazon.com/console/111122223333/
B. https://signin.aws.amazon.com/111122223333/console/
C. https://111122223333.signin.aws.amazon.com/console/
D. https://signin.aws.amazon.com/console/

正解: C

解説:
When an organization is using AWS IAM for creating various users and manage their access rights, the IAM user cannot use the login URL http://aws.amazon.com/console to access AWS manage-ment console. The console login URL for the IAM user will have AWS account ID of that organiza-tion to identify the IAM user belongs to particular account. The AWS console login URL for the IAM user will be https://
<AWS_Account_ID>.signin.aws.amazon.com/console/. In this case it will be
https://111122223333.signin.aws.amazon.com/console/
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html

質問 292
A corporate website is hosted on several Amazon EC2 instances across multiple regions around the globe.
How should an Administrator configure the website to maintain high availability with minimal downtime if one of the regions has network connectivity congestion for an extended period of time?

A. Create an Elastic Load Balancer that fails over to the secondary site when the primary site is not reachable.
B. Create an Amazon Route 53 latency Based Routing Record Set that resolves to Elastic Load Balancers I each region and has the Evaluate Target Health flag set to "true".
C. Create an Elastic Load Balancer in front of all the Amazon EC2 instances.
D. Create an Amazon Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region. Set an appropriate health check on each ELB.

正解: B

解説:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/health-checks-how-route-53- chooses-records.html

質問 293
You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly.
What three CloudWatch RDS metrics will allow you to identify if the database is the bottleneck? (Choose three.)

A. The amount of disk space occupied by binary logs on the master.
B. The average number of disk I/O operations per second.
C. The amount of time a Read Replica DB Instance lags behind the source DB Instance
D. The number of outstanding IOs waiting to access the disk.
E. The amount of write latency.

正解: C,D,E

質問 294
A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephemeral storage data?

A. The data is preserved
B. All data will be erased and the ephemeral storage is released
C. It is not possible to restart an instance launched from an instance store backed AMI
D. All the data will be erased but the ephemeral storage will stay connected

正解: A

解説:
Explanation
Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API.
Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. When an instance launched from an instance store backed AMI is rebooted all the ephemeral storage data is still preserved.

質問 295
Which of the scaling options given below is not supported by Auto Scaling?

A. Scaling based on CPU utilization
B. Scaling based on time
C. All these options are supported by Auto Scaling
D. Manual scaling

正解: C

解説:
Auto Scaling supports three types of scaling:
Manual scaling
Scaling based on condition (e.g. CPU utilization is up or down, etc.) Scaling based on time (e.g.
First day of the quarter, 6 am every day, etc.) Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/scaling_plan.html

質問 296
A web service runs on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer.
External clients must whitelist specific public IP addresses in their firewalls to access the service.
What load balancer or ELB feature should be used for this application?

A. Application Load Balancer
B. Network Load Balancer
C. Classic Load Balancer
D. Load balancer target groups

正解: A

質問 297
A company uses AWS Organization with a multi-account structure. A Syslog Administrator was notified that an IAM user with the System Administrator policy applied was not able to launch any Amazon EC2 instance using a public?
Why is this occurring?

A. The account is an AWS Organization member account, and a service control policy is denying provisioning of EC2 instances.
B. The account is an AWS Organization master account, and it does not have an access key activated for the IAM account.
C. The account AWS Organization master account, and it does not have an access key activated for the IAM account.
D. The account is an AWS Organization master account, and by default it cannot provision EC2 instances.

正解: A

解説:
Explanation
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html

質問 298
In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?

A. Data is deleted from the instance store for security reasons.
B. Data persists in the instance store.
C. Data is partially present in the instance store.
D. Data in the instance store will be lost.

正解: B

解説:
Explanation
The data in an instance store persists only during the lifetime of its associated instance. If an instance reboots (intentionally or unintentionally), data in the instance store persists. However, data on instance store volumes is lost under the following circumstances.
Failure of an underlying drive
The instance is stopped
Terminating an instance
References:

質問 299
What is the main use of EMR?

A. Data-sensitive storage
B. authentication
C. Data-intensive processing tasks
D. Encryption

正解: C

解説:
Using Amazon EMR, you can instantly provision as much or as little capacity as you like to perform data-
intensive tasks for applications such as web indexing, data mining, log file analysis, machine learning, financial
analysis, scientific simulation, and bioinformatics research. Amazon
EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming set-up,
management or tuning of Hadoop clusters or the compute capacity upon which they sit.
Reference: https://aws.amazon.com/elasticmapreduce/faqs/

質問 300
A user is planning to use AWS CloudFormation. Which of the below mentioned functionalities does not help him to correctly understand CloudFormation?

A. AWS CloudFormation does not charge the user for its service but only charges for the AWS resources created with it.
B. CloudFormation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, ELB, etc.
C. CloudFormation follows the DevOps model for the creation of Dev & Test
D. CloudFormation provides a set of application bootstrapping scripts which enables the user to install Software.

正解: C

解説:
Explanation
AWS CloudFormation is an application management tool which provides application modelling, deployment, configuration, management and related activities. It supports a wide variety of AWS services, such as EC2, EBS, AS, ELB, RDS, VPC, etc. It also provides application bootstrapping scripts which enable the user to install software packages or create folders. It is free of the cost and only charges the user for the services created with it. The only challenge is that it does not follow any model, such as DevOps; instead customers can define templates and use them to provision and manage the AWS resources in an orderly way.

質問 301
In AWS Identity and Access Management, roles can be used by an external user authenticated by an external identity provider (IdP) service that is compatible with _____.

A. BNML (Business Narrative Markup Language)
B. SAML 2.0 (Security Assertion Markup Language 2.0)
C. CFML (ColdFusion Markup Language)
D. BPML (Business Process Modeling Language)

正解: B

解説:
Explanation
In AWS Identity and Access Management, roles can be used by an external user authenticated by an external identity provider (IdP) service that is compatible with SAML 2.0 (Security Assertion Markup Language 2.0).

質問 302
What does Amazon EBS stand for?

A. Elastic Basic Storage
B. Elastic Business Server
C. Elastic Block Store
D. Elastic Blade Server

正解: C

解説:
Explanation/Reference:
Explanation:
Amazon EBS stands for Elastic Block Store. It is a persistent storage that allows you to store the data of the Amazon EC2 Instances in a separated virtual storage automatically replicated within its Availability Zone in order to prevent component failure; with Amazon EBS the customer can add more storage every time they need it, and also add more performances with Amazon EBS Provi-sioned IOPS.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html

質問 303
An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?

A. The policy allowsthe IAM user to modify all credentials using only the console
B. The policy allows the IAM user to modify all IAM users' access keys using the console, SDK, CLI or APIs
C. The policy allows the IAM user to modify the IAM user's own credentials using the console, SDK, CLI or APIs
D. The policy allows the IAM user to modify all IAM users' credentials using the console, SDK, CLI or APIs

正解: B

解説:
AWS Identity and Access Management is a web service whichallows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their users to manage keys (access and secret access keys. of all IAM users, the organization should set the below mentioned policy which entitles the IAM user to modify keys of all IAM users with CLI, SDK or API.