AWS 综合测试分析

1. D. Auto Scaling may cause you to reach limits of other services, such as the default number of Amazon EC2 instances you can currently launch within a region, which is 20.

• AWS 单region最大的实例个数是20

2. B. The Elastic Load Balancing service allows you to distribute traffic across a group of Amazon Elastic Compute Cloud (Amazon EC2) instances in one or more Availability Zones within a region.

• ELB是region级别的，可以跨多个region，每个aws的region至少有3个AZ组成，每个国家一般至少有两个region

3. A and B. Amazon CloudWatch has two plans: basic and detailed. There are no diagnostic, precognitive, or retroactive monitoring plans for Amazon CloudWatch.

• CloudWatch base：5分钟传输一次指标，不需要付费，这个是开通的默认选项
• Cloudwatch detailed：1分钟传输一次指标，需要支付额外的费用

4. B, C, and E. You must do the following to create a public subnet with Internet access: Attach an IGW to your Amazon VPC. Create a subnet route table rule to send all non-local traffic (for example, 0.0.0.0/0) to the IGW. Configure your network ACLs and security group rules to allow relevant traffic to flow to and from your instance.You must do the following to enable an Amazon EC2 instance to send and receive traffic from the Internet:Assign a public IP address or EIP address.

• EC2访问公网需要有公共IP或者EIP，同时需要IGW网关，并attach到实例所在的VPC，创建一个路由表 0.0.0.0/0 指向IGW，最后就是检查acl和安全组是否开放了相关端口允许流量出入。

5. A, D, and E. If a security group is not specified at launch, then an Amazon EC2 instance will be launched into the default security group for the Amazon VPC. The default security group allows communication between all resources within the security group, allows all outbound traffic, and denies all other traffic.

• 如果自己不创建安全组，aws会为VPC提供一个默认的安全组。默认的安全组允许组内资源互相通讯，允许调用外部流量，不允许外部请求；

6. B and D. To protect data in transit from the clients to the web application, HTTPS with server certificate authentication should be used. To protect data in transit from the web application to the database, SSL/TLS for database connection should be used.

• 数据传输加密：从互联网访问应用的数据传输可以使用https
• 数据传输加密：从web服务器访问数据库，可以使用ssl/tls进行加密传输

7. A. Don't create an IAM user (or an IAM group) and pass the user's credentials to the application or embed the credentials in the application. Instead, create an IAM role that you attach to the Amazon EC2 instance to give applications running on the instance temporary security credentials. The credentials have the permissions specified in the policies attached to the role. A directory is not an identity object in IAM.

• 不建议创建IAM user或者IAM group 通过用户的授信信息保存到应用中调用资源。
• 建议通过为EC2创建 IAM role，将应用部署到EC2上，来获取访问AWS其他服务资源的权限。将角色的授信策略绑定到角色上。

8. B, C, and D. When a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:1) By default, all requests are denied (in general, requests made using the account credentials for resources in the account are always allowed).2) An explicit allow overrides this default.3) An explicit deny overrides any allows.

• AWS的服务调用决策逻辑有如下的规则：
  • 默认所有的请求都是被拒绝的；
  • 一个显式的允许将会覆盖默认；
  • 一个显式的拒绝会覆盖所有的允许；

9. A. Amazon EMR uses Apache Hadoop as its distributed data processing engine. Hadoop is an open source, Java software framework that supports data-intensive distributed applications running on large clusters of commodity hardware. Hive, Pig, and HBase are packages that run on top of Hadoop.

• AWS的EMR使用apache的Hadoop作为他的分布式数据处理引擎。Hadoop是开源的java分布式数据处理应用。支持hive，pig，hbase等软件包运行；

10. B. An environment tier whose web application runs background jobs is known as a worker tier. An environment tier whose web application processes web requests is known as a web server tier. Database and batch are not valid environment tiers.

• Beanstalk：web应用运行后台任务，就是一个worker tier
• Beanstalk：部署web应用处理web请求，就是一个web server tier；
• Beanstalk：不支持数据库和批处理环境；

11. D. Multi-AZ deployment uses synchronous replication to a different Availability Zone so that operations can continue on the replica if the master database stops responding for any reason. Automated backups provide disaster recovery, not high availability. Security groups, while important, have no effect on availability. Maintenance windows are actually times when the database may not be available.

• RDS如何提供高可用：只有Multi-AZ的跨区部署支持高可用。主备的模式，当主数据库宕机，从数据启动提供服务。高可用的意思是可用，不一定保定性能的意思；

12. A, B, and D. Amazon RDS will launch Amazon Elastic Compute Cloud (Amazon EC2) instances, install the database software, handle all patching, and perform regular backups. Anything within the database software (schema, user accounts, and so on) is the responsibility of the customer.

• AWS的RDS数据库的责任分担模型，aws负责如下的工作：
  • 安装数据库软件
  • 打补丁包
  • 常规的备份
• 客户的责任：数据库表的管理、创建表、存储过程、提供权限赋予 等工作

13. A. Amazon Redshift is a petabyte-scale data warehouse. It is not well suited for unstructured NoSQL data or highly dynamic transactional data. It is in no way a cache.

• aws Redshift：是一个PB级别的数据仓库，不适合nosql data，也 不适合用于事务性要求的数据存储，更不适用于cache 数据；

14. D. There can be one secondary index per table, and it must be created when the table is created.

• DynamoDB的二级索引分为全球二级索引和本地二级索引
• 全球二级索引和本地二级索引最多只能创建5个，这个是软件限制
• 全球二级索引可以随时创建、修改和删除。
• 本地二级索引必须随着表创建，不能独立删除和修改

15. B. The Amazon Kinesis family of services provides functionality to ingest large streams of data. Amazon Kinesis Firehose is specifically designed to ingest a stream and save it to any of the three storage services listed in Response B.

• AWS Kinesis提供了处理大量的流数据能力。而 Kinesis Firehose是用来提供流处理，同时将其保存到S3中、Redshift中、ElasticSearch中。

16. B. Amazon S3 and Amazon Glacier are the most cost-effective storage services. After a year, when the objects are unlikely to be accessed, you can save costs by transferring the objects to Amazon Glacier where the retrieval time is three to five hours.

• 关键点是1年后不再访问，7年后删除。可以用S3的生命周期管理策略来处理。都不需要通过 s3的ia能力，直接归档到Glacer中即可，7年后删除；

17. D. Server access logs provide a record of any access to an object in Amazon S3.

• S3提供了记录所有访问桶中对象的请求的能力。可以用于审计。

18. C. Amazon S3 provides read-after-write consistency for PUTs to new objects (new key),but eventual consistency for GETs and DELETEs of existing objects (existing key). Response C changes the existing object so that a subsequent GET may fetch the previous and inconsistent object.

• S3的哪些动作提供了最终一致性的可能？
• read after write for new object是提供了一致性的存储；
• 只有改变了现有的对象，才有可能导致最终一致性的问题发生；

19. B. AWS will never transfer data between regions unless directed to by you. Durability in Amazon S3 is achieved by replicating your data geographically to different Availability Zones regardless of the versioning configuration. AWS doesn't use tapes.

• S3的高持久性，默认是region内的多个AZ自动复制。与多版本配置没啥关系，同时S3也不使用磁盘存储；

20. C. Amazon CloudFront provides the best user experience by delivering the data from a geographically advantageous edge location. Signed URLs allow you to control access to authenticated users.

• Cloudfront解决了用户访问加速的问题，就是CDN的用处。但是CloudFront还可以作为接入AWS网络的边缘节点，提供动态内容的网络加速；

21. A, B, and D. In the AWS shared responsibility model, customers retain control of what security they choose to implement to protect their own content, platform, applications, systems, and networks, no differently than they would for applications in an on-site data center.

• 共享责任模型
• AWS为基础设施负责：
• 客户为基础设施以上的软件负责：内容安全、应用安全、os安全、防病毒等

22. B. An activity worker is a process or thread that performs the activity tasks that are part of your workflow. Each activity worker polls Amazon SWF for new tasks that are appropriate for that activity worker to perform; certain tasks can be performed only by certain activity workers. After receiving a task, the activity worker processes the task to completion and then reports to Amazon SWF that the task was completed and provides the result. The activity task represents one of the tasks that you identified in your application.

• activity 是SWF的task的实现的依托

23. B. In an Amazon VPC, an instance's Elastic IP address remains associated with an instance when the instance is stopped.

• EIP是手工绑定的，当instance被stop的时候，仍旧绑定在ec2上，同时也收费。

24. C. You pay a set hourly price for an On Demand instance from when you launch it until you explicitly stop or terminate it. Spot instances can be terminated when the spot price goes above your bid price. Reserved instances involve paying for an instance over a one or three-year term. Dedicated instances run on hardware dedicated to your account and are not a pricing model.

• on Demand 是按照小时收费的
• spot instance 是当价格超过竞标价格的时候自动终止；
• reserved instance：是固定时长，打折收费的。
• Dedicated instance：是运行在专属硬件上的，独立定价；

25. D. The data in an instance store persists only during the lifetime of its associated instance. If an instance is stopped or terminated, then the instance store does not persist. Rebooting an instance does not shut down the instance; if an instance reboots (intentionally or unintentionally), data on the instance store persists. Security groups have nothing to do with the lifetime of an instance and have no effect here.

• EC2的数据盘上的数据只有在stop和terminal的时候才不会被保存，因为再次启动的时候，启动盘已经不再原来的服务器上了。reboot的时候随机boot硬盘上的数据还是会被保留的。