Amazon's AWS Certified Solutions Architect - Associate SAA-C02 (2021.10.18)

4. A company is migrating from an on-premises infrastructure to the AWS Cloud. One of the companys’ applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync. A solutions architect needs to replace the file server farm.
Which service should the solutions architect use?

·        B. Amazon FSx

-      기업 서버 인프라를 AWS로 이동하려고 함

-      데이터 싱크를 맞추려고 DFSR 을 사용하는 윈도우 파일 서버에 저장한다.

-      이 파일 서버 farm 을 교체할 수 있는 것은?

(server farm => 컴퓨터 서버의 모임, 수 천 개의 컴퓨터로 이루어짐. 동작 및 냉각에 많은 양의 전력 필요)

****윈도우 파일 서버 -> Amazon FSx

9.

An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database. When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database.
What should the solutions architect do to separate the read requests from the write requests?

• B. Update the application to read from the Multi-AZ standby instance.
• C. Create a read replica and modify the application to use the appropriate endpoint.
• very controversial

- 데이터베이스를 Amazon Aurora Multi-AZ deployement 에서 사용중

- 이 데이터베이스가 많은 입출력을 야기하고 요청을 입력할 때 지연시간이 많다는 것을 발견

- 요청을 write 과 read를 분리하려면?

****RDS의 경우 Multi-AZ를 활성화 하면 현재 DB와 다른 zone에 동기화로 복제를 하여 문제가 발생시 다른 zone의 DB가 대체되는 형식을 통해 가용성을 향상 시킬수 있다. 반면 동기화 복제로 인해 쓰기성능을 크게 저하시키는 요인이기도 하다. 오로라는 특성상 가용성과 신뢰성에 대한 이점을 가지고 있는데도 성능을 포기하면서도 Multi-AZ를 사용할 필요가 있는가?

오로라의 Multi-AZ는 RDS의 Multi-AZ와는 다르게 동작한다이다. 오로라의 구조의 특징상 활성화 해도 RDS의 Multi-AZ와 달리 쓰기 성능이 하락하는 일은 없을 것이라 생각한다.

*** RDS 와 Aurora는 다르다. 

15. Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.
Which action should the solutions architect take to accomplish this?

• D. Use Amazon CloudFront with the S3 bucket as its origin

- static HTML page를 온라인으로 데일리 리포트를 만들고 싶다. 전세계에서 볼 것이며

- Amazon S3 bucket에 저장되어 있음

=> static content on S3 이므로 Amazon CloudFront

 

18. A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images. Image customization parameters will be in any request sent to an AWS API Gateway API. The customized image will be generated on demand, and users will receive a link they can click to view or download their customized image. The solution must be highly available for viewing and customizing images.
What is the MOST cost-effective solution to meet these requirements?

• B. Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

- 이미지 카탈로그에 접근할 수 있고 사용자들이 이미지를 커스터마이즈 하기 위한 요청을 submit할 수 있음. 

- 커스터마이즈 파라미터는 AWS API Gateway API에 어떤 요청으로라도 보낼 수 있고. 커스터마이즈된 이미지는 on demand에서만 generate됨. 그리고 커스터마이즈된 것 클릭이나 다운로드할 수 잇는 링크를 받음

- 고가용성 for viewing and customizing images

**** image manipulation 필요 / 원본과 커스터마이즈된 이미지 둘 다 저장되어 있어야 함 / 고가용 & cost-effective

*** cost effective이므로 EC2 instance는 무조건 제거됨. (ELB도) - 사용하지 않을 때도, ongoing costs가 필요하기 때문에

***lamda는 manipulation 가능 -> 다른 S3 안에 원본과 변경된 이미지 저장 가능 ->highly available & scalable

*** CloudFront는 사용자에게 전달하기 쉬움

 

19. A company is planning to migrate a business-critical dataset to Amazon S3. The current solution design uses a single S3 bucket in the us-east-1 Region with versioning enabled to store the dataset. The company's disaster recovery policy states that all data multiple AWS Regions.
How should a solutions architect design the S3 solution?

• C. Create an additional S3 bucket with versioning in another Region and configure cross-Region replication.

- business-critical dataset을 Amazon S3에 옮기려고 함

- 한 region에 있는 하나의 S3 bucket에 데이타셋을 저장가능하게끔 versioning해서

*** Cross region replication(CRR) or Same region replication(SRR) needs S3 versioning to be enabled.

 

20. A company has application running on Amazon EC2 instances in a VPC. One of the applications needs to call an Amazon S3 API to store and read objects. The company's security policies restrict any internet-bound traffic from the applications.
Which action will fulfill these requirements and maintain security?

- VPC에 Amazon EC2 instance를 run하고 있음

- 그 중 하나가 오브젝트를 저장하고 읽기 위해 Amazon S3 API를 call해와야 함

- 회사의 보안 정책 상 어떠한 internet-bound traffice을 제한

• B. Configure an S3 gateway endpoint.

*** VPC는 virtual private cloud로 전용 가상 네트워크

***VPC 엔드포인트 - 인터넷 게이트웨이, NAT 디바이스, VPN 연결 또는 AWS Direct Connect 연결을 필요로 하지 않고 PrivateLink 구동 지원 AWS 서비스 및 VPC 엔드포인트 서비스에 VPC를 비공개로 연결할 수 있습니다. VPC의 인스턴스는 서비스의 리소스와 통신하는 데 퍼블릭 IP 주소를 필요로 하지 않습니다. VPC와 기타 서비스 간의 트래픽은 Amazon 네트워크를 벗어나지 않습니다.

 

22. A company wants to migrate a high performance computing (HPC) application and data from on-premises to the AWS Cloud. The company uses tiered storage on premises with hot high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.
Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Choose two.)

• A. Amazon S3 for cold data storage
• D. Amazon FSx for Lustre for high-performance parallel storage

*** Amazon FSx for Lustre provides a high-performance file system optimized for fast processing of workloads such as machine learning, high-performance computing (HPC), video processing, financial modeling, and electronic design automation (EDA).

*** lustre 러스터는 hpc 클러스터 및 환경에 사용되는 오픈 소스 병렬 분산 파일 시스템

 

23. A company's application is running on Amazon EC2 instances in a single Region. In the event of a disaster, a solutions architect needs to ensure that the resources can also be deployed to a second Region.
Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

• B. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.
• D. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination.

24. A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet.
What should the solutions architect do to accomplish this? (Choose two.)

• B. Create a gateway endpoint for DynamoDB.
• A. Create a route table entry for the endpoint.

*** provisions an ENI (private IP address) as an entry point (must attach security group) – most AWS services • Gateway: provisions a target and must be used in a route table – S3 and DynamoDB

*** Amazon DynamoDB와 S3는 gateway endpoint를 지원, not interface endpoint

 

25. A company's legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements, all existing and new data in this database must be encrypted.
How should this be accomplished?

• C. Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.

*** RDS instance cannot be encrypted directly

26. A manufacturing company wants to implement predictive maintenance on its machinery equipment. The company will install thousands of IoT sensors that will send data to AWS in real time. A solutions architect is tasked with implementing a solution that will receive events in an ordered manner for each machinery asset and ensure that data is saved for further processing at a later time.
Which solution would be MOST efficient?

• A. Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon S3.
• B. Use Amazon Kinesis Data Streams for real-time events with a shard for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon Elastic Block Store (Amazon EBS).
• C. Use an Amazon SQS FIFO queue for real-time events with one queue for each equipment asset. Trigger an AWS Lambda function for the SQS queue to save data to Amazon Elastic File System (Amazon EFS).
• D. Use an Amazon SQS standard queue for real-time events with one queue for each equipment asset. Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3.

*** ordered manner so SQS standard queue already falls short, that no ordered, SQS FIFO would be but using lambda to process larga amounts of realtimedata is not as efficient as Kinesis Data Streams + Kinesis Data Firehose. And EBS is not a target of Firehose so S3 is the correct option here

*** Amazon Kinesis Data Stream은 빅데이터의 real-time processing을 가능케 한다. 

***KDS, KDF and S3 doesn't guarantee order. SQS FIFO is not most efficient compared to standard.

27. A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The website has a mix of dynamic and static content. Users around the globe are reporting that the website is slow.
Which set of actions will improve website performance for users worldwide?

• A. Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.
• B. Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB.
• C. Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register instances with the same ALB using cross- Region VPC peering.
• D. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.

***CloudFront can provide low latency access to both static and dynamic content for global users, and can be integrated with Route 53.

***for static its will use cf & dynamic trafic will go to EC2 webserver