AWS综合测试

AWS 综合测试分析

  1. D. Auto Scaling may cause you to reach limits of other services, such as the default number of Amazon EC2 instances you can currently launch within a region, which is 20.
  • AWS 单region最大的实例个数是20
  1. B. The Elastic Load Balancing service allows you to distribute traffic across a group of Amazon Elastic Compute Cloud (Amazon EC2) instances in one or more Availability Zones within a region.
  • ELB是region级别的,可以跨多个region,每个aws的region至少有3个AZ组成,每个国家一般至少有两个region
  1. A and B. Amazon CloudWatch has two plans: basic and detailed. There are no diagnostic, precognitive, or retroactive monitoring plans for Amazon CloudWatch.
  • CloudWatch base:5分钟传输一次指标,不需要付费,这个是开通的默认选项
  • Cloudwatch detailed:1分钟传输一次指标,需要支付额外的费用
  1. B, C, and E. You must do the following to create a public subnet with Internet access: Attach an IGW to your Amazon VPC. Create a subnet route table rule to send all non-local traffic (for example, 0.0.0.0/0) to the IGW. Configure your network ACLs and security group rules to allow relevant traffic to flow to and from your instance.You must do the following to enable an Amazon EC2 instance to send and receive traffic from the Internet:Assign a public IP address or EIP address.
  • EC2访问公网需要有公共IP或者EIP,同时需要IGW网关,并attach到实例所在的VPC,创建一个路由表 0.0.0.0/0 指向IGW,最后就是检查acl和安全组是否开放了相关端口允许流量出入。
  1. A, D, and E. If a security group is not specified at launch, then an Amazon EC2 instance will be launched into the default security group for the Amazon VPC. The default security group allows communication between all resources within the security group, allows all outbound traffic, and denies all other traffic.
  • 如果自己不创建安全组,aws会为VPC提供一个默认的安全组。默认的安全组允许组内资源互相通讯,允许调用外部流量,不允许外部请求;
  1. B and D. To protect data in transit from the clients to the web application, HTTPS with server certificate authentication should be used. To protect data in transit from the web application to the database, SSL/TLS for database connection should be used.
  • 数据传输加密:从互联网访问应用的数据传输可以使用https
  • 数据传输加密:从web服务器访问数据库,可以使用ssl/tls进行加密传输
  1. A. Don't create an IAM user (or an IAM group) and pass the user's credentials to the application or embed the credentials in the application. Instead, create an IAM role that you attach to the Amazon EC2 instance to give applications running on the instance temporary security credentials. The credentials have the permissions specified in the policies attached to the role. A directory is not an identity object in IAM.
  • 不建议创建IAM user或者IAM group 通过用户的授信信息保存到应用中调用资源。
  • 建议通过为EC2创建 IAM role,将应用部署到EC2上,来获取访问AWS其他服务资源的权限。将角色的授信策略绑定到角色上。
  1. B, C, and D. When a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:1) By default, all requests are denied (in general, requests made using the account credentials for resources in the account are always allowed).2) An explicit allow overrides this default.3) An explicit deny overrides any allows.
  • AWS的服务调用决策逻辑有如下的规则:
    • 默认所有的请求都是被拒绝的;
    • 一个显式的允许将会覆盖默认;
    • 一个显式的拒绝会覆盖所有的允许;
  1. A. Amazon EMR uses Apache Hadoop as its distributed data processing engine. Hadoop is an open source, Java software framework that supports data-intensive distributed applications running on large clusters of commodity hardware. Hive, Pig, and HBase are packages that run on top of Hadoop.
  • AWS的EMR使用apache的Hadoop作为他的分布式数据处理引擎。Hadoop是开源的java分布式数据处理应用。支持hive,pig,hbase等软件包运行;
  1. B. An environment tier whose web application runs background jobs is known as a worker tier. An environment tier whose web application processes web requests is known as a web server tier. Database and batch are not valid environment tiers.
  • Beanstalk:web应用运行后台任务,就是一个worker tier
  • Beanstalk:部署web应用处理web请求,就是一个web server tier;
  • Beanstalk:不支持数据库和批处理环境;
  1. D. Multi-AZ deployment uses synchronous replication to a different Availability Zone so that operations can continue on the replica if the master database stops responding for any reason. Automated backups provide disaster recovery, not high availability. Security groups, while important, have no effect on availability. Maintenance windows are actually times when the database may not be available.
  • RDS如何提供高可用:只有Multi-AZ的跨区部署支持高可用。主备的模式,当主数据库宕机,从数据启动提供服务。高可用的意思是可用,不一定保定性能的意思;
  1. A, B, and D. Amazon RDS will launch Amazon Elastic Compute Cloud (Amazon EC2) instances, install the database software, handle all patching, and perform regular backups. Anything within the database software (schema, user accounts, and so on) is the responsibility of the customer.
  • AWS的RDS数据库的责任分担模型,aws负责如下的工作:
    • 安装数据库软件
    • 打补丁包
    • 常规的备份
  • 客户的责任:数据库表的管理、创建表、存储过程、提供权限赋予 等工作
  1. A. Amazon Redshift is a petabyte-scale data warehouse. It is not well suited for unstructured NoSQL data or highly dynamic transactional data. It is in no way a cache.
  • aws Redshift:是一个PB级别的数据仓库,不适合nosql data,也 不适合用于事务性要求的数据存储,更不适用于cache 数据;
  1. D. There can be one secondary index per table, and it must be created when the table is created.
  • DynamoDB的二级索引分为全球二级索引和本地二级索引
  • 全球二级索引和本地二级索引最多只能创建5个,这个是软件限制
  • 全球二级索引可以随时创建、修改和删除。
  • 本地二级索引必须随着表创建,不能独立删除和修改
  1. B. The Amazon Kinesis family of services provides functionality to ingest large streams of data. Amazon Kinesis Firehose is specifically designed to ingest a stream and save it to any of the three storage services listed in Response B.
  • AWS Kinesis提供了处理大量的流数据能力。而 Kinesis Firehose是用来提供流处理,同时将其保存到S3中、Redshift中、ElasticSearch中。
  1. B. Amazon S3 and Amazon Glacier are the most cost-effective storage services. After a year, when the objects are unlikely to be accessed, you can save costs by transferring the objects to Amazon Glacier where the retrieval time is three to five hours.
  • 关键点是1年后不再访问,7年后删除。可以用S3的生命周期管理策略来处理。都不需要通过 s3的ia能力,直接归档到Glacer中即可,7年后删除;
  1. D. Server access logs provide a record of any access to an object in Amazon S3.
  • S3提供了记录所有访问桶中对象的请求的能力。可以用于审计。
  1. C. Amazon S3 provides read-after-write consistency for PUTs to new objects (new key),but eventual consistency for GETs and DELETEs of existing objects (existing key). Response C changes the existing object so that a subsequent GET may fetch the previous and inconsistent object.
  • S3的哪些动作提供了最终一致性的可能?
  • read after write for new object是提供了一致性的存储;
  • 只有改变了现有的对象,才有可能导致最终一致性的问题发生;
  1. B. AWS will never transfer data between regions unless directed to by you. Durability in Amazon S3 is achieved by replicating your data geographically to different Availability Zones regardless of the versioning configuration. AWS doesn't use tapes.
  • S3的高持久性,默认是region内的多个AZ自动复制。与多版本配置没啥关系,同时S3也不使用磁盘存储;
  1. C. Amazon CloudFront provides the best user experience by delivering the data from a geographically advantageous edge location. Signed URLs allow you to control access to authenticated users.
  • Cloudfront解决了用户访问加速的问题,就是CDN的用处。但是CloudFront还可以作为接入AWS网络的边缘节点,提供动态内容的网络加速;
  1. A, B, and D. In the AWS shared responsibility model, customers retain control of what security they choose to implement to protect their own content, platform, applications, systems, and networks, no differently than they would for applications in an on-site data center.
  • 共享责任模型
  • AWS为基础设施负责:
  • 客户为基础设施以上的软件负责:内容安全、应用安全、os安全、防病毒等
  1. B. An activity worker is a process or thread that performs the activity tasks that are part of your workflow. Each activity worker polls Amazon SWF for new tasks that are appropriate for that activity worker to perform; certain tasks can be performed only by certain activity workers. After receiving a task, the activity worker processes the task to completion and then reports to Amazon SWF that the task was completed and provides the result. The activity task represents one of the tasks that you identified in your application.
  • activity 是SWF的task的实现的依托
  1. B. In an Amazon VPC, an instance's Elastic IP address remains associated with an instance when the instance is stopped.
  • EIP是手工绑定的,当instance被stop的时候,仍旧绑定在ec2上,同时也收费。
  1. C. You pay a set hourly price for an On Demand instance from when you launch it until you explicitly stop or terminate it. Spot instances can be terminated when the spot price goes above your bid price. Reserved instances involve paying for an instance over a one or three-year term. Dedicated instances run on hardware dedicated to your account and are not a pricing model.
  • on Demand 是按照小时收费的
  • spot instance 是当价格超过竞标价格的时候自动终止;
  • reserved instance:是固定时长,打折收费的。
  • Dedicated instance:是运行在专属硬件上的,独立定价;
  1. D. The data in an instance store persists only during the lifetime of its associated instance. If an instance is stopped or terminated, then the instance store does not persist. Rebooting an instance does not shut down the instance; if an instance reboots (intentionally or unintentionally), data on the instance store persists. Security groups have nothing to do with the lifetime of an instance and have no effect here.
  • EC2的数据盘上的数据只有在stop和terminal的时候才不会被保存,因为再次启动的时候,启动盘已经不再原来的服务器上了。reboot的时候随机boot硬盘上的数据还是会被保留的。
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,294评论 6 493
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,493评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,790评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,595评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,718评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,906评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,053评论 3 410
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,797评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,250评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,570评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,711评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,388评论 4 332
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,018评论 3 316
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,796评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,023评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,461评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,595评论 2 350

推荐阅读更多精彩内容