高手来讨论下这两道AWS练习题

天朝屁民

A Solutions Architect must build a secure document -storage platform that allows clients to access data stored on Amazon S3. Documents must be readily available for the first 15 days. After that, documents need not be readily available, and storage costs should be reduced as much as possible.
Which of the following approaches will satisfy these requirements?
A. Create a lifecycle rule to transition the documents from the STANDARD storage class to the STANDARD_IA storage class after 15 days, and then to the GLACIER storage class after an additional
15 days.
B. Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 30 days.
C. Create a lifecycle rule to transition documents from the STANDARD storage class to the STANDARD_IA storage class after 30 days and then to the GLACIER storage class after an additional
30 days.
D. Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 15 days.

很多人都说选A, 但是我觉得选D, 因为GLACIER费用最低.


A company hosts a two-tier application that consists of a publicly accessible web server that communicates with a private database. Only HTTPS port 443 traffic to the web server must be allowed from the internet.
Which of the following options will achieve these requirements? (Select Two.)
A. Security group rule that allows inbound internet traffic for port 443
B. Security group rule that drives all inbound internet traffic expect port 443
C. Network ACL rule that allows port 443 inbound and all ports outbound for internet traffic
D. Security group rule that allows internet traffic for port 443 in both inbound and outbound
E. Network ACL rule that allows port 443 for both inbound and outbound for all Internet traffic
答案是选AE, 但是我觉得选AC. 因为Network ACL不是状态化的, 而且你也不知道外网客户端使用什么端口发起访问, outbound只允许443根本不能工作.

iamiii

注意有个30天的最低要求。很多15天都是不可行的。
https://docs.aws.amazon.com/Amaz ... considerations.html

iamiii

这题我选B

Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 30 days.

之所以不能选D，是因为系统限制不支持15天。

iamiii

第二题，443=Https=浏览器访问，不可能使用别的客户端的。。。

天朝屁民

iamiii 发表于 2019-7-17 11:13
注意有个30天的最低要求。很多15天都是不可行的。
https://docs.aws.amazon.com/AmazonS3/latest/dev/lifec ...

谢谢，我漏掉了这点

天朝屁民

iamiii 发表于 2019-7-17 11:16
这题我选B

Create a lifecycle rule to transition the documents from the STANDARD storage class to th ...

谢谢，分数今晚一定加上

iamiii

推荐这套模拟题，我就是做了这套题目，过了，分数881，还不错。

https://www.udemy.com/aws-certif ... zon-practice-exams/

天朝屁民

iamiii 发表于 2019-7-17 11:40
推荐这套模拟题，我就是做了这套题目，过了，分数881，还不错。

https://www.udemy.com/aws-certified-sol ...

谢谢，这套题目和考试的题目重合率高吗

kanweng

B,   AE

iamiii

天朝屁民 发表于 2019-7-17 11:54
谢谢，这套题目和考试的题目重合率高吗

还行吧。

这套题有点超纲

如果你能过这六套题，SAA考试肯定能过，而且高分。

天朝屁民

iamiii 发表于 2019-7-17 16:26
还行吧。

这套题有点超纲

非常感谢，我今天买了这个习题，做了第一套得了63%，要72%才过，还需要努力

天朝屁民

iamiii 发表于 2019-7-17 11:13
注意有个30天的最低要求。很多15天都是不可行的。
https://docs.aws.amazon.com/AmazonS3/latest/dev/lifec ...

仔细看了一下文档, 30天的最低要求是对STANDARD_IA or ONEZONE_IA来说的, GLACIER不受这个限制, 因此还是选择D:

From the STANDARD storage classes to STANDARD_IA or ONEZONE_IA. The following constraints apply:

For larger objects, there is a cost benefit for transitioning to STANDARD_IA or ONEZONE_IA. Amazon S3 does not transition objects that are smaller than 128 KB to the STANDARD_IA or ONEZONE_IA storage classes because it's not cost effective.

Objects must be stored at least 30 days in the current storage class before you can transition them to STANDARD_IA or ONEZONE_IA. For example, you cannot create a lifecycle rule to transition objects to the STANDARD_IA storage class one day after you create them.

Amazon S3 doesn't transition objects within the first 30 days because newer objects are often accessed more frequently or deleted sooner than is suitable for STANDARD_IA or ONEZONE_IA storage.

If you are transitioning noncurrent objects (in versioned buckets), you can transition only objects that are at least 30 days noncurrent to STANDARD_IA or ONEZONE_IA storage.

From the STANDARD_IA storage class to ONEZONE_IA. The following constraints apply:
Objects must be stored at least 30 days in the STANDARD_IA storage class before you can transition them to the ONEZONE_IA class.

iamiii

你说的对。

我做了一下实验，选STANDARD_IA or ONEZONE_IA的时候会有30天的警告出来。选Glacier
的时候没有警告。。。

iamiii

天朝屁民 发表于 2019-7-17 19:03
非常感谢，我今天买了这个习题，做了第一套得了63%，要72%才过，还需要努力 ...

这套题目的解释非常详细，建议把每道题目的解释都看一遍，会受益不浅。

bluehenry

iamiii 发表于 2019-7-17 11:40
推荐这套模拟题，我就是做了这套题目，过了，分数881，还不错。

https://www.udemy.com/aws-certified-sol ...

看着有85%折扣，加到购物车里就原价了。

sun2012

第二题 AC

试一下就知道了 AE 不行

hanxuema

A. Security group rule that allows inbound internet traffic for port 443
B. Security group rule that drives all inbound internet traffic expect port 443
C. Network ACL rule that allows port 443 inbound and all ports outbound for internet traffic
D. Security group rule that allows internet traffic for port 443 in both inbound and outbound
E. Network ACL rule that allows port 443 for both inbound and outbound for all Internet traffic


AE
You need to always ALLOW both inbound and outbound for ACL.