AWS云计算专家架构师认证考试题库,英文,

此为在线阅读版,如需下载可打印版,请访问如下网址:

https://www.exam-pass.com/product/aws-sap/

 

 

 

Question: 1

By default, Amazon Cognito maintains the last-written version of the data. You can override this behavior and resolve data conflicts programmatically. In addition, push synchronization allows you to use Amazon Cognito to send a silent notification to all devices associated with an identity to notify them that new data is available.

A.get

B.post

C.pull

D.push

 

 

 

 

Answer: D

Explanation:

By default, Amazon Cognito maintains the last-written version of the data. You can override this behavior and resolve data conflicts programmatically. In addition, push synchronization allows you to use Amazon Cognito to send a silent push notification to all devices associated with an identity to notify them that new data is available.

Reference: http://aws.amazon.com/cognito/faqs/

 

 

 

 

Question: 2

You want to use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC). What criterion must be met for this to be possible?

A.The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public AWS CodeDeploy endpoint.

B.The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public Amazon S3 service endpoint.

C.The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.

D.It is not currently possible to use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC.)

 

 

 

 

 

Answer: C

Explanation:

You can use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC). However, the AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.

Reference: http://aws.amazon.com/codedeploy/faqs/

 

 

 

 

Question: 3

An IAM user is trying to perform an action on an object belonging to some other root account’s bucket. Which of the below mentioned options will AWS S3 not verify?

A.The object owner has provided access to the IAM user

B.Permission provided by the parent of the IAM user on the bucket

C.Permission provided by the bucket owner to the IAM user

D.Permission provided by the parent of the IAM user

 

 

 

 

Answer: B

Explanation:

If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.

Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-auth- workflow-object-ope ration.html

 

 

 

 

Question: 4

An organization is planning to extend their data center by connecting their DC with the AWS VPC using the VPN gateway. The organization is setting up a dynamically routed VPN connection. Which of the below mentioned answers is not required to setup this configuration?

A.The type of customer gateway, such as Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha.

B.Elastic IP ranges that the organization wants to advertise over the VPN connection to the VPC.

C.Internet-routable IP address (static) of the customer gateway’s external interface.

D.Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway.

 

 

 

 

 

Answer: B

Explanation:

The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. The organization wants to extend their network into the cloud and also directly access the internet from their AWS VPC. Thus, the organization should setup a Virtual Private Cloud (VPC) with a public subnet and a private subnet, and a virtual private gateway to enable communication with their data center network over an IPsec VPN tunnel. To setup this configuration the organization needs to use the Amazon VPC with a VPN connection. The organization network administrator must designate a physical appliance as a customer gateway and configure it. The organization would need the below mentioned information to setup this configuration:

发表评论

电子邮件地址不会被公开。 必填项已用*标注

error: Content is protected !!