最近在準備AWS的開發人員考試認證。所以特意做了一下考試樣題。每道題儘量給出了文件出處以及解析。
Which of the following statements about SQS is true?
Messages will be delivered exactly once and messages will be delivered in First in, First out order
Messages will be delivered exactly once and message delivery order is indeterminate
Messages will be delivered one or more times and messages will be delivered in First in, First out order
Messages will be delivered one or more times and message delivery order is indeterminate
答案:D
參考文件:https://aws.amazon.com/sqs/faqs/
解析:SQS為了保持高可用,會在多個伺服器間duplicate訊息,所以訊息可能會被delivery多次,但會保證至少被delivery一次;另外由於分散式的特性,所以訊息的delivery順序無法得到保證
EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:
can be used to launch EC2 instances in any AWS region
can only be used to launch EC2 instances in the same country as the AMI is stored
can only be used to launch EC2 instances in the same AWS region as the AMI is stored
can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
答案:C
參考文件:http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
解析:AMI只在當前region可用(不過AMI的ID是global範圍內唯一的);如果想跨region的話需要copy到其它region。
Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability. The SQS consumers poll the imaging queue as often as possible to keep endto-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company B reduce the number of empty responses?
Set the imaging queue VisibilityTimeout attribute to 20 seconds
Set the imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
Set the DelaySeconds parameter of a message to 20 seconds
答案:B
參考文件:http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-long-polling.html
解析:這個需要使用SQS的long pulling;方式之一就是設定queue的ReceiveMessageWaitTimeSeconds屬性
You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist. What could explain this behavior?
US-STANDARD uses eventual consistency and it can take time for an object to be readable in a bucket.
Objects in Amazon S3 do not become visible until they are replicated to a second region.
US-STANDARD imposes a 1 second delay before new objects are readable
You exceeded the bucket object limit, and once this limit is raised the object will be visible.
答案:A
參考文件:http://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction.html
解析:這道題有點過時了,當時US-STANDARD不支援read-after-write,使用的是eventual consistency,所以當寫入一個object以後,不一定會立即讀到。現在已經沒有US-STANDARD region了(被重新命名了)。而且所有region都支援read-after-write了。
You have reached your account limit for the number of CloudFormation stacks in a region. How do you increase your limit?
Make an API call
Contact AWS
Use the console
You cannot increase your limit
答案:B
參考文件: http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_cloudformation
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html
解析:stack數量的限制只是一個軟限制,所以可以通過向AWS發請求來放寬限制。
Which statements about DynamoDB are true? (Pick 2 correct answers)
DynamoDB uses a pessimistic locking model
DynamoDB uses optimistic concurrency control
DynamoDB uses conditional writes for consistency
DynamoDB restricts item access during reads
DynamoDB restricts item access during writes
答案:BC
參考文件: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithItems.html 解析:這個題目需要對DynamoDB有深入瞭解,具體可以檢視相關文件
What is one key difference between an Amazon EBS-backed and an instance-store backed instance?
Instance-store backed instances can be stopped and restarted
Auto scaling requires using Amazon EBS-backed instances
Amazon EBS-backed instances can be stopped and restarted
Virtual Private Cloud requires EBS backed instances
答案:C
參考文件:http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Which two approaches can satisfy the objectives?
The application authenticates against LDAP. The application then calls the IAM Security Service to login to IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the appropriate S3 bucket.
The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the appropriate S3 bucket.
The application authenticates against IAM Security Token Service using the LDAP credentials. The application uses those temporary AWS security credentials to access the appropriate S3 bucket.
Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credentials. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.
答案:BD
參考文件:https://aws.amazon.com/blogs/aws/aws-identity-and-access-management-now-with-identity-federation/
解析:IAM認證一向是考察的重點。B採用的是assume role的方式,D採用的是federated user的方式。 A錯誤在於沒有login to IAM這個功能;C、E錯誤在於認證應該通過LDAP,而不是STS。
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?
Use CloudFront distributions for static content.
Remove public read access and use signed URLs with expiry dates.
Block the IPs of the offending websites in Security Groups.
Store photos on an EBS volume of the web server.
答案:B
參考文件:http://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
解析:使用signed URL或者建立bucket policy都可以防止盜鏈。
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposed upload exceeds the maximum allowed object size.” error message. What is a possible solution for this?
None, Simple Storage Service objects are limited to 5 GB
Use the multi-part upload API for this object
Use the large object upload API for this object
Contact support to increase your object size limit
Upload to a different region
答案:B
參考文件:http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html
解析:所以S3能存放的最大物件是5T,但單個put操作支援的最大物件只有5G,超過5G的需要使用multi-part upload API上傳。