AWS solutions Architect Associate 시험 오답노트 5

1. AWS Lambda

- max execution time of 900 seconds(15 minutes)

 

2. AWS Batch

: is used for running large numbers of batch computing jobs on AWS. AWS Batch dynamically provisions the EC2 instances. This is not a good solution for an ad-hoc use case such as this one where you just need to run a single script a few times a week.

 

3. VPC endpoint(Gateway endpoint)

There are two different types of VPC endpoint: interface endpoint, and gateway endpoint. With an interface endpoint you use an ENI in the VPC. With a gateway endpoint you configure your route table to point to the endpoint. Amazon S3 and DynamoDB use gateway endpoints. This solution means that all traffic will go through the VPC endpoint straight to DynamoDB using private IP addresses.

 

 

4. 문제: An application running on Amazon EC2 needs to regularly download large objects from Amazon S3. How can performance be optimized for high-throughput use cases?

 

Explanation:

Using the Range HTTP header in a GET Object request, you can fetch a byte-range from an object, transferring only the specified portion. You can use concurrent connections to Amazon S3 to fetch different byte ranges from within the same object. This helps you achieve higher aggregate throughput versus a single whole-object request. Fetching smaller ranges of a large object also allows your application to improve retry times when requests are interrupted.

CORRECT: “Issue parallel requests and use byte-range fetches” is the correct answer.

INCORRECT: “Use Amazon S3 Transfer acceleration” is incorrect. Amazon S3 Transfer Acceleration is used for speeding up uploads of data to Amazon S3 by using the CloudFront network. It is not used for downloading data.

INCORRECT: “Use Amazon CloudFront to cache the content” is incorrect. Amazon CloudFront is used for caching content closer to users. In this case the EC2 instance needs to access the data so CloudFront is not a good solution (the edge location used by CloudFront may not be closer than the EC2 instance is to the S3 endpoint.

INCORRECT: “Use AWS Global Accelerator” is incorrect. AWS Global Accelerator is used for improving availability and performance for Amazon EC2 instances or Elastic Load Balancers (ALB and NLB). It is not used for improving Amazon S3 performance.

 

5. unencrypted db를 encrypted로 바꾸는 방법

기존 db를 encrypt스냅샷 뜬 다음, 이걸로 새로운 encrypted db를 만들어야 한다. 

 

6. 문제: A web application is deployed in multiple regions behind an ELB Application Load Balancer. You need deterministic routing to the closest region and automatic failover. Traffic should traverse the AWS global network for consistent performance.

 

정답: 

Configure AWS Global Accelerator and configure the ALBs as targets” is the correct answer.

설명

AWS Global Accelerator is a service that improves the availability and performance of applications with local or global users. You can configure the ALB as a target and Global Accelerator will automatically route users to the closest point of presence.

Failover is automatic and does not rely on any client side cache changes as the IP addresses for Global Accelerator are static anycast addresses. Global Accelerator also uses the AWS global network which ensures consistent performance.

오답

- Create a Route 53 Alias record for each ALB and configure a latency-based routing policy” is incorrect. A Route 53 Alias record for each ALB with latency-based routing does provide routing based on latency and failover. However, the traffic will not traverse the AWS global network.

- “Use a CloudFront distribution with multiple custom origins in each region and configure for high availability” is incorrect. You can use CloudFront with multiple custom origins and configure for HA. However, the traffic will not traverse the AWS global network.

 

7. SQS with Cloudwatch

SQS에 있는 메세지의 수를 추종하는 cloudwatch metric을 설정해서 ASG의 스케일링을 조정할 수 있다.

 

8. scheduled reserved instance

특정 시간에만 사용하는 reserved instance.

예: 매일 9~5시

 

9. An organization has a large amount of data on Windows (SMB) file shares in their on-premises data center. The organization would like to move data into Amazon S3. They would like to automate the migration of data over their AWS Direct Connect link.

Which AWS service can assist them?

 

정답: 

AWS DataSync can be used to move large amounts of data online between on-premises storage and Amazon S3 or Amazon Elastic File System (Amazon EFS). DataSync eliminates or automatically handles many of these tasks, including scripting copy jobs, scheduling and monitoring transfers, validating data, and optimizing network utilization. The source datastore can be Server Message Block (SMB) file servers.

오답

- “AWS Database Migration Service (DMS)” is incorrect. AWS Database Migration Service (DMS) is used for migrating databases, not data on file shares.

- “AWS Snowball” is incorrect. AWS Snowball is a hardware device that is used for migrating data into AWS. The organization plan to use their Direct Connect link for migrating data rather than sending it in via a physical device. Also, Snowball will not automate the migration.

 

10. Redshift

Amazon RedShift is a data warehouse service used for online analytics processing (OLAP) workloads.

 

11. EFA

An Elastic Fabric Adapter is an AWS Elastic Network Adapter (ENA) with added capabilities. The EFA lets you apply the scale, flexibility, and elasticity of the AWS Cloud to tightly-coupled HPC apps. It is ideal for tightly coupled app as it uses the Message Passing Interface (MPI).

 

12. A High Performance Computing (HPC) application needs storage that can provide 135,000 IOPS. The storage layer is replicated across all instances in a cluster.

What is the optimal storage solution that provides the required performance and is cost-effective?

 

CORRECT: “Use Amazon Instance Store” is the correct answer.

Instance stores offer very high performance and low latency. As long as you can afford to lose an instance, i.e. you are replicating your data, these can be a good solution for high performance/low latency requirements.  Also, the cost of instance stores is included in the instance charges so it can also be more cost-effective than EBS Provisioned IOPS.

 

13. Direct Connect

: 설치 하는데 1개월 이상 걸린다.

 

14. An Architect needs to find a way to automatically and repeatably create many member accounts within an AWS Organization. The accounts also need to be moved into an OU and have VPCs and subnets created.

What is the best way to achieve this?

 

정답

CORRECT: “Use CloudFormation with scripts” is the correct answer.

The best solution is to use a combination of scripts and AWS CloudFormation. You will also leverage the AWS Organizations API. This solution can provide all of the requirements.

오답

INCORRECT: “Use the AWS Organizations API” is incorrect. You can create member accounts with the AWS Organizations API. However, you cannot use that API to configure the account and create VPCs and subnets.

INCORRECT: “Use the AWS Management Console” is incorrect. Using the AWS Management Console is not a method of automatically creating the resources.

INCORRECT: “Use the AWS CLI” is incorrect. You can do all tasks using the AWS CLI but it is better to automate the process using AWS CloudFormation.

 

15. AMI is region locked and the same ID cannot be used across regions

16. ALB는 HTTP, HTTPS, Websocket지원. TCP는 미지원(TCP는 NLB가 지원함)

17. ALB는 Hostname, Request Path, Source IP기반으로 라우팅 가능. Geography기반 라우팅은 불가능.

18. ALB with Elastic IP is not technically feasible. (alb에 static ip 쓰는건 불가능).

19. Network Load Balancers expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)

20.  ELB에 여러 ssl인증서 달고 싶을 땐 SNI. SNI (Server Name Indication) is a feature allowing you to expose multiple SSL certs if the client supports it.

21. Default Temination Policy for ASG:  It tries to balance across AZ first, and then delete based on the age of the launch configuration.

22. 문제: You are running a high-performance database that requires an IOPS of 210,000 for its underlying filesystem. What do you recommend?

정답: Use an EC@ Instance Store

해설

Is running a DB on EC2 instance store possible? It is possible to run a database on EC2. It is also possible to use instance store, but there are some considerations to have. The data will be lost if the instance is stopped, but it can be restarted without problems. One can also set up a replication mechanism on another EC2 instance with instance store to have a standby copy. One can also have back-up mechanisms. It's all up to how you want to set up your architecture to validate your requirements. In this case, it's around IOPS, and we build an architecture of replication and back up around i

23. You should use Multi Part upload when you file is bigger than 5GB.

Multi Part Upload is also recommended as soon as the file is over 100MB

24. 버킷 버저닝 하면 이미 기존에 존재하던 object들의 버전은 null이 된다.

25. With SSE-KMS you let AWS manage the encryption keys but you have full control of the key rotation policy

26. 질문 : The bucket policy allows our users to read/write files in the bucket, yet we were not able to perform a PutObject API call.

정답

The IAM user  must have an explicit DENY in the attached IAM policy

설명

Explicit DENY in an IAM policy will take precedence over a bucket policy permission.

 

27. Kinesis stream의 shard: Each shard allows for 1MB/s incoming and 2MB/s outgoing of data