To assist with service deployment, a

多选题
To assist with service deployment, a development team has built a number of AWS CloudFormation templates. They developed a framework for a
Network/virtual private cloud (VPC) stack, a database stack, a bastion host stack, and a stack specifically for web applications. Each service
Requires the deployment of at least the following:
✑ A network/Virtual Private Cloud stack
✑ A host stack that serves as a bastion
✑ A stack of web applications
Each template has a large number of input parameters, making it impossible to install the services independently using the AWS CloudFormation
Panel. Typically, the input parameters of one stack are the outputs of other stacks. For instance, the network stack's VPC ID, subnet IDs, and
Security groups may need to be utilized in the application or database stack.
Which activities will contribute to lowering both the operational load and the amount of parameters supplied into a service deployment? (Select
Two.)

A、
Create a new AWS CloudFormation template for each service. Alter the existing templates to use cross-stack references to eliminate
Passing many parameters to each template. Call each required stack for the application as a nested stack from the new stack. Call the newly
Created service stack from the AWS CloudFormation console to deploy the specific service with a subset of the parameters previously
Required.

B、
Create a new portfolio in AWS Service Catalog for each service. Create a product for each existing AWS CloudFormation template required
To build the service. Add the products to the portfolio that represents that service in AWS Service Catalog. To deploy the service, select the
Specific service portfolio and launch the portfolio with the necessary parameters to deploy all templates.

C、
Set up an AWS CodePipeline workflow for each service. For each existing template, choose AWS CloudFormation as a deployment action.
Add the AWS CloudFormation template to the deployment action. Ensure that the deployment actions are processed to make sure that
Dependencies are obeyed. Use configuration files and scripts to share parameters between the stacks. To launch the service, execute the
Specific template by choosing the name of the service and releasing a change.

D、
Use AWS Step Functions to define a new service. Create a new AWS CloudFormation template for each service. Alter the existing templates
To use cross- stack references to eliminate passing many parameters to each template. Call each required stack for the application as a
Nested stack from the new service template. Configure AWS Step Functions to call the service template directly. In the AWS Step Functions
Console, execute the step.

E、
Create a new portfolio for the services in AWS Service Catalog. Create a new AWS CloudFormation template for each service. Alter the
Existing templates to use cross-stack references to eliminate passing many parameters to each template. Call each required stack for the
Application as a nested stack from the new stack. Create a product for each application. Add the service template to the product. Add each
New product to the portfolio. Deploy the product from the portfolio to deploy the service with the necessary parameters only to start the
Deployment.

查看答案

下载APP答题

由4l***bi提供分享举报纠错

相关试题

单选题
A business is transferring its on-premises build artifact server to an Amazon Web Services (AWS) solution. The existing system is comprised of an
Apache HTTP server that provides artifacts to clients inside the perimeter firewall's local network. The majority of artifact consumers are built-in
Automation scripts that download artifacts over anonymous HTTP, which the firm will be unable to adjust during the timeframe of its migration.
The business chooses to migrate to Amazon S3 static website hosting. The artifact consumers will be transferred to Amazon EC2 instances
Inside a virtual private cloud's public and private subnets (VPC).
Which solution enables artifact consumers to download artifacts without altering the automated processes already in place?

A、
Create a NAT gateway within a public subnet of the VPC. Add a default route pointing to the NAT gateway into the route table associated
With the subnets containing consumers. Configure the bucket policy to allow the s3:ListBucket and s3:GetObject actions using the condition
IpAddress and the condition key aws:SourceIp matching the elastic IP address of the NAT gateway.

B、
Create a VPC endpoint and add it to the route table associated with subnets containing consumers. Configure the bucket policy to allow
S3:ListBucket and s3:GetObject actions using the condition StringEquals and the condition key aws:sourceVpce matching the identification of
The VPC endpoint.

C、
Create an IAM role and instance profile for Amazon EC2 and attach it to the instances that consume build artifacts. Configure the bucket
Policy to allow the s3:ListBucket and s3:GetObjects actions for the principal matching the IAM role created.

D、
Create a VPC endpoint and add it to the route table associated with subnets containing consumers. Configure the bucket policy to allow
S3:ListBucket and s3:GetObject actions using the condition IpAddress and the condition key aws:SourceIp matching the VPC CIDR block.

查看答案

单选题
A user want to arrange AutoScaling such that it scales up when the CPU usage exceeds 70% and down when the CPU utilization is less than 30%.
How can the user set AutoScaling to accommodate the aforementioned circumstance?

A、
Configure ELB to notify AutoScaling on load increase or decrease

B、
Use AutoScaling with a schedule

C、
Use AutoScaling by manually modifying the desired capacity during a condition

D、
Use dynamic AutoScaling with a policy

查看答案

单选题
A client of AWS is launching an application that utilizes an AutoScaling group of EC2 Instances.
According to the customer's security policy, any outbound connections from these instances to any other service inside the customer's Virtual
Private Cloud must be authenticated using a unique x 509 certificate including the instance's unique id.
Additionally, to be trusted for authentication, an x 509 certificate must be created by the customer's key management service.
Which of the following setups meets these specifications?

A、
Configure an IAM Role that grants access to an Amazon S3 object containing a signed certificate and configure the Auto Scaling group to
Launch instances with this role. Have the instances bootstrap get the certificate from Amazon S3 upon first boot.

B、
Embed a certificate into the Amazon Machine Image that is used by the Auto Scaling group. Have the launched instances generate a
Certificate signature request with the instance's assigned instance-id to the key management service for signature.

C、
Configure the Auto Scaling group to send an SNS notification of the launch of a new instance to the trusted key management service. Have
The Key management service generate a signed certificate and send it directly to the newly launched instance.

D、
Configure the launched instances to generate a new certificate upon first boot. Have the Key management service poll the Auto Scaling
Group for associated instances and send new instances a certificate signature (hat contains the specific instance-id.

查看答案

单选题
A company's recommendation service for video games has just gone popular. The firm is gaining new customers from all corners of the globe.
The service's website is hosted on a collection of Amazon EC2 instances organized in an Auto Scaling group and protected by an Application Load
Balancer (ALB). The website is composed of static content, with resources being loaded in accordance with the device type.
Recently, users claimed that the website's load time has risen. Administrators are reporting that the EC2 instances that host the service are
Experiencing significant demands.
Which specific activities should a solutions architect take in order to increase response times?

A、
Create separate Auto Scaling groups based on device types. Switch to Network Load Balancer (NLB). Use the User-Agent HTTP header in
The NLB to route to a different set of EC2 instances.

B、
Move content to Amazon S3. Create an Amazon CloudFront distribution to serve content out of the S3 bucket. Use Lambda@Edge to load
Different resources based on the User-Agent HTTP header.

C、
Create a separate ALB for each device type. Create one Auto Scaling group behind each ALB. Use Amazon Route 53 to route to different
ALBs depending on the User-Agent HTTP header.

D、
Move content to Amazon S3. Create an Amazon CloudFront distribution to serve content out of the S3 bucket. Use the User-Agent HTTP
Header to load different content.

查看答案

单选题
A business is executing a workload on thousands of Amazon EC2 instances. The workload is operating on a virtual private cloud (VPC) that
Comprises many public and private subnets. The public subnets provide a route for 0.0.0.0/0 to an already-established internet gateway. Each
Private subnet has a route to an existing NAT gateway for 0.0.0.0/0.
A solutions architect is responsible for migrating a complete fleet of Amazon EC2 instances to IPv6. Private subnet EC2 instances must be
Inaccessible from the public internet.
What actions should the solutions architect take to ensure that these criteria are met?

A、
Update the existing VPC, and associate a custom IPv6 CIDR block with the VPC and all subnets. Update all the VPC route tables, and add a
Route for ::/0 to the internet gateway.

B、
Update the existing VPC, and associate an Amazon-provided IPv6 CIDR block with the VPC and all subnets. Update the VPC route tables for
All private subnets, and add a route for ::/0 to the NAT gateway.

C、
Update the existing VPC, and associate an Amazon-provided IPv6 CIDR block with the VPC and all subnets. Create an egress-only internet
Gateway. Update the VPC route tables for all private subnets, and add a route for ::/0 to the egress-only internet gateway.

D、
Update the existing VPC, and associate a custom IPv6 CIDR block with the VPC and all subnets. Create a new NAT gateway, and enable IPv6
Support. Update the VPC route tables for all private subnets, and add a route for ::/0 to the IPv6-enabled NAT gateway.

查看答案

单选题
A user is attempting to connect to an EC2 instance through the SSH port 10.20.30.40/32.
Which of the following is the most secure method of configuring the instance such that it can be accessed only from this IP?

A、
In the security group, open port 22 for IP 10.20.30.40

B、
In the security group, open port 22 for IP 10.20.30.0

C、
In the security group, open port 22 for IP 10.20.30.40/32

D、
In the security group, open port 22 for IP 10.20.30.40/0

查看答案

单选题
A business has many Amazon EC2 instances linked to both public and private subnets inside a virtual private cloud (VPC) that is not connected to
The corporate network. A security group connected with the EC2 instances enables the firm to access the instances using the Windows remote
Desktop protocol (RDP) via the internet. The security team has detected attempted connections from unidentified sources. The business want to
Establish a more secure method of accessing its EC2 instances.
Which approach should be implemented by a solutions architect?

A、
Deploy a Linux bastion host on the corporate network that has access to all instances in the VPC.

B、
Deploy AWS Systems Manager Agent on the EC2 instances. Access the EC2 instances using Session Manager restricting access to users
With permission.

C、
Deploy a Linux bastion host with an Elastic IP address in the public subnet. Allow access to the bastion host from 0.0.0.0/0.

D、
Establish a Site-to-Site VPN connecting the corporate network to the VPC. Update the security groups to allow access from the corporate
Network only.

查看答案

单选题
A North American corporation with its headquarters on the East Coast is implementing a new web application in the us-east-1 Region using
Amazon EC2. The application's scalability should be dynamic in order to satisfy user demand while maintaining resilience. Additionally, the
Application must support active-passive disaster recovery in the us-west-1 Region.
Which actions should a solutions architect take after the creation of a virtual private cloud in the us-east-1 region?

A、
Create a VPC in the us-west-1 Region. Use inter-Region VPC peering to connect both VPCs. Deploy an Application Load Balancer (ALB)
Spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Region. Deploy EC2 instances across multiple AZs in each Region as
Part of an Auto Scaling group spanning both VPCs and served by the ALB.

B、
Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Region. Deploy EC2
Instances across multiple AZs as part of an Auto Scaling group served by the ALB. Deploy the same solution to the us-west-1 Region. Create
An Amazon Route 53 record set with a failover routing policy and health checks enabled to provide high availability across both Regions.

C、
Create a VPC in the us-west-1 Region. Use inter-Region VPC peering to connect both VPCs. Deploy an Application Load Balancer (ALB) that
Spans both VPCs. Deploy EC2 instances across multiple Availability Zones as part of an Auto Scaling group in each VPC served by the ALB.
Create an Amazon Route 53 record that points to the ALB.

D、
Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Region. Deploy EC2
Instances across multiple AZs as part of an Auto Scaling group served by the ALB. Deploy the same solution to the us-west-1 Region. Create
Separate Amazon Route 53 records in each Region that point to the ALB in the Region. Use Route 53 health checks to provide high availability
Across both Regions.

查看答案