[AWS CCP] QUIZ 정리 -1

* 본 글은 https://simuladoclf.s3.amazonaws.com/english.html 사이트 내 문제를 참조하였습니다. 

---

 

#1. A manufacturing company has a mission-critical application that runs in a remote location(외딴 지역) with a slow internet connection. The company wants to migrate the workload to AWS. The application is latency-sensitive and prone to connectivity disruptions. Which AWS service or feature should the company use to meet these requirements?

(클라우드 쓰고싶은데, 인터넷이 구려서 멀리 있는 AWS region 쓰기 힘듦

 

=> AWS Outposts(★)

AWS 서비스를 기업 자체 데이터센터에 설치하여 클라우드 환경을 구현, 격리된 환경에서 실행 가능

AWS 장치를 회사 내부에 설치하는 서비스

aws 인프라를 온프레미스에 설치(로컬에서 설치 > 지연 최소화)

인터넷 끊겨도 일부 작업 가능

allowing you to run workloads on-premises and connect to AWS services in the cloud.

 

+ Local Zone

AWS Region을 도시 근처로 확장

low latency for users in a city”

 

+ WaveLength

5g 통신망 안에서 실행

통신사 네트워크 내부에 위치

5G mobile application

---

#2. Which of the following are design principles for reliability in the AWS cloud? (Select TWO)

=> use automation to recover from failure immeiately

=> simulate failures to test recovery processes

 

Reliablity(신뢰성) : 장애가 나도 서비스 계속 유지, 빠르게 복구

장애나면 자동으로 복구 + 장애 만들어보고 사전에 대비 테스트

---

#3. which AWS service helps in detecting security flaws in applications?

=> AWS Inspector

애플리케이션과 서버의 "보안 취약점(security flaws)"을 자동으로 찾아주는 서비스

취약한 소프트웨어, 보안 설정 문제, 취약점 존재 여부 찾아

AWS Inspector is an automated security assessment service that helps improve the security and compliance of applications by detecting security vulnerabilities and flaws.

 

+ Amazon GuardDuty(★)

공격 탐지(실시간 위협 감지)

(inspector : 취약점 찾기 / GuardDuty : 공격 탐지)

 

+ AWS WAF

웹 공격 차단

 

+ AWS Shield

DDoS 방어(대량 트래픽 공격 방어), 자동 방어

---

#4. Which AWS service or tool provides on-demand access to AWS security and compliance reports?

=> AWS Artifact

AWS Artifact provides on-demand access to AWS security and compliance reports and agreements.

 

+ Amazon Inspector

애플리케이션과 서버의 "보안 취약점(security flaws)"을 자동으로 찾아주는 서비스

 

+ Amazon Trusted Advisor

 

+ AWS Billing Console

AWS 사용 비용 확인하고 관리하는 메인 화면

AWS에서 돈 관련 모든걸 보는 곳(현재 사용 요금, 서비스별 비용, 월별 예상 비용, 결제 내역 등)

---

#5. A company is setting up its AWS cloud environment. The company's administrators need to group users and apply permissions to the group. Which AWS service or feature can the company use to meet these requirements?

=> AWS IAM(Identity and Access Management)

The AWS service or feature that the company can use to group users and apply permissions to the group is AWS Identity and Access Management (IAM). IAM allows creating and managing users and groups and assigning policies that define permissions for the users in the groups.

 

+ AWS Organizations (★)

여러개 계정을 하나의 조직으로 묶어서 관리하는 서비스

핵심 기능 : 통합 결제, 계정 중앙 관리, 비용 절감 효과

키워드 : consolidate billing / multiple accounts

 

+ Resource Groups

여러 AWS 리소스 묶어서 한번에 관리

EC2, RDS, S3 같은 리소스를 프로젝트별, 환경별 그룹으로 묶어서 관리

키워드 : group resources, manage multiple resources

 

+ Resource Tagging

리소스에 라벨(이름표) 붙이는 것

리소스에 key-value 형태로 정보 추가

 

 “organize resources using metadata”
→ Tagging

 “manage multiple resources together”
→ Resource Groups

---

#6. A company wants its Amazon EC2 instances to operate in a highly available environment(고가용성), even in case of a natural disaster in a specific geographic area. Which solution achieves this goal?

=> Use EC2 instances across multiple AWS Regions
Using EC2 instances across multiple AWS Regions can help ensure high availability of the application, even in the event of natural disasters affecting a specific geographic area.

 

region : 완전 독립된 데이터센터 그룹, 서로 물리적으로 떨어져 있음

한 리전 장애발생 시 다른 리전 영향 없음

=> 고가용성 달성하려면 ec2를 여러 region에 배포, route 53으로 트래픽 분산 > 장애시 자동 failover

자연재해대비 -> multi-region

---

#7. A company is running applications on Amazon EC2 instances in the same AWS account for several different projects. The company wants to track infrastructure costs for each of the projects separately. The company must perform this tracking with the least possible impact on existing infrastructure and at no additional cost.

=> Use cost allocation tags with values specific to each project.

cost allocation tags are a way to track infrastructure costs for each of the projects separately. Cost allocation tags are key-value pairs that can be attached to AWS resources, such as EC2 instances, and used to categorize and group them for billing purposes. The other options are incorrect because they do not meet the requirements of the question. Using a different Amazon EC2 instance type for each project does not help track the costs of each project and may impact the performance and compatibility of the applications. Publishing project-specific Amazon CloudWatch custom metrics for each application does not help track the costs of each project and may incur additional costs for using CloudWatch. Deploying EC2 instances for each project in a separate AWS account helps track the costs of each project but impacts the existing infrastructure and incurs additional costs for using multiple accounts.

---

#8. Which AWS services can a company use to achieve a loosely coupled architecture? (Select TWO.)

B. Amazon Simple Queue Service (Amazon SQS), E. AWS Step Functions
Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

AWS Step Functions allows you to coordinate multiple AWS services into serverless workflows so you can build and update apps quickly.

 

loosely coupled(느슨한 결합) : 서비스 간 의존성 줄이기

서비스들이 서로 직접 붙어있지 않고, 느슨하게 연결된 구조

=> SQS : 서비스 사이 메시지 큐 둬서 연결 끊어줌

동작방법 : A에 메시지 큐(SQS)에 저장 > B가 나중에 가져감

서비스간 독립성, 확장성 확보

=> Step Function : 여러 서비스를 느슨하게 연결해서 흐름만 관리(흐름 제어)

coordinate multiple service

 

(메시징 서비스)

1) Amazon SNS(simple notification service)

하나 보내면 여러 곳에 동시전달

실시간 알림용

키워드 : multiple subscribers, push 

2) Amazon SQS(Simple Queue Service)

메시지 쌓아두고 하나씩 처리

3) Amazon EventBridge

이벤트 발생하면 자동으로 서비스 연결(이벤트 기반)

키워드 : event-driven

---

#9. What is the purpose of AWS CloudFormation?

=> Proivision and manage AWS resources

CloudFormation : 코드로 AWS 인프라를 생성하고 관리하는 서비스

AWS CloudFormation allows users to provision and manage AWS resources, using 'templates' to create and manage a collection of related resources, automating your infrastructure as code.

 

---

#10. A company runs an on-premises MySQL database. The company wants to run a copy of this database in the AWS cloud. Which AWS service would support this workload?

=> Amazon RDS

관리형 DB(Managed Service)(AWS가 대신 관리하는 서비스), MySQL과 호환성, 고가용성(Multi-AZ 구성 가능)

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups.

Amazon RDS supports six popular database engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server.

 

+ Amazon Neptune

관계(연결)를 빠르게 분석하는 "그래프 데이터베이스"

데이터 간 "관계"를 저장하고 분석

일반 DB는 데이터만 저장한다면, Neptune은 누가 누구랑 연결됐는지까지 저장

 

+ Amazon ElastiCache for Redis

데이터를 메모리에 저장해서 엄청 빠르게 조회하는 서비스

자주 사용하는 데이터를 DB대신 메모리에 저장(초고속 조회)

---

#11. A company wants to use the AWS Cloud to manage access and permissions for its third-party Software as a Service (SaaS) applications. The company wants to use a portal where end users can access the assigned AWS accounts and applications in the cloud. (한 번 로그인해서 여러 서비스에 접근하고 싶음)

=> AWS IAM Identity Center (AWS Single Sign-On)

하나의 계정으로 여러 AWS 계정, SaaS 앱에 로그인하는 서비스

SSO, 중앙권한관리, SaaS 통합(외부 서비스까지 연결 가능)

AWS IAM Identity Center (AWS Single Sign-On) is the AWS service that the company should use to meet the requirements for managing access and permissions for its third-party SaaS applications. AWS Single Sign-On is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. You can use AWS Single Sign-On to enable your users to sign in to a user portal with their corporate credentials and access all their assigned AWS accounts and applications from one place.

---

#12. A company needs to control incoming and outgoing traffic to an Amazon EC2 instance. Which AWS service or feature can the company associate with the EC2 instance to meet this requirement?

=> Security Group

EC2 인스턴스 레벨에서 트래픽 허용/거부하는 가상 방화벽(EC2 단위 방화벽)

특징 :

상태 저장(인바운드 허용-> 아웃바운드 자동 허용)

인스턴스 단위 적용(EC2마다 다른 Security group 적용 가능)

규칙 기반(IP, 포트, 프로토콜 기준 허용/차단)

A security group is a virtual firewall that can be associated with an Amazon EC2 instance to control incoming and outgoing traffic to and from the instance. You can specify which protocols, ports, and source or destination IP ranges are allowed or denied by the security group.

 

+ VPC route tables

VPC 서브넷 안에서 트래픽이 어디로 가야 하는지 결정하는 경로

VPC 안의 서브넷 → 다른 서브넷, 인터넷, VPN, NAT 등으로 트래픽 보내는 길을 지정

EC2 인스턴스가 인터넷이나 다른 네트워크와 통신할 수 있게 해줌

 

+ Network ACL

서브넷 단위로 트래픽을 허용/거부하는 방화벽(서브넷 단위 방화벽)

누구 들어오고 나갈 수 있는지 결정

---

#13.  A company is launching a new application on the AWS cloud. The application will run on an Amazon EC2 instance. More EC2 instances will be needed when the workload increases. Which AWS service or tool can the company use to launch the number of EC2 instances required to handle the workload?

=> Amazon EC2 Auto Scaling

트래픽 부하에 따라 EC2 인스턴스 자동으로 늘리거나 줄이는 서비스

Amazon EC2 Auto Scaling is the AWS service or tool that can help the company launch the number of EC2 instances required to handle the workload. Amazon EC2 Auto Scaling automatically adjusts the capacity of EC2 instances based on demand and predefined scaling policies. Amazon EC2 Auto Scaling also helps improve availability and reduce costs by scaling in and out as needed.

---

#14. Which AWS tool or service should a company use to forecast AWS spending?

=> Cost Explorer

Cost Explorer is a tool that allows users to analyze and forecast AWS spending, helping to plan future budgets.

---

#15. A company needs an automated vulnerability management service that continuously scans AWS workloads for software vulnerabilities(취약점). Which AWS service will meet these requirements?

=> Amazon Inspector

애플리케이션과 서버의 "보안 취약점(security flaws)"을 자동으로 찾아주는 서비스

취약한 소프트웨어, 보안 설정 문제, 취약점 존재 여부 찾아

키워드 : vulnerabilities, security flaws

Amazon Inspector is an automated vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure. Amazon Inspector automatically discovers workloads such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.

 

+ AWS GuardDuty(★)

공격 탐지(실시간 위협 감지)

(inspector : 취약점 찾기 / GuardDuty : 공격 탐지)

---

#16.  Which AWS services and features are provided to all customers at no additional cost? (Select TWO.)

=> VPC / IAM

VPC, IAM 같은 AWS 기본 인프라 서비스 : 추가 비용 없이 제공됨

 

VPC is a service that enables you to launch AWS resources in a logically isolated virtual network that you define. You can create and use a VPC at no additional cost and only pay for the resources you launch inside the VPC, such as EC2 instances or EBS volumes.

IAM is a service that enables you to manage access and permissions to AWS resources. You can create and use IAM users, groups, roles, and policies at no additional cost and only pay for the AWS resources that IAM entities access.

not free service : Amazon Aurora, Amazon SageMaker, and Amazon Polly

 

+ VPC : Virtual Private Cloud

AWS 내에서 고객만의 격리된 네트워크 제공

+IAM : 사용자, 그룹, 역할, 권한 관리 서비스

AWS 계정 내 접근 제어 및 권한 관리

---

#17. What is an advantage of AWS Cloud computing that minimizes variable costs?

a. high availability

b. econimies of scale

c. global reach

d. agility

 

AWS can achieve lower variable costs per unit of compute by distributing the fixed costs of building and maintaining data centers across a large number of customers. As a result, AWS can offer lower and more predictable prices to its customers, who only pay for the resources they consume.

---

#18. What is the purpose of having an Internet gateway within a VPC?

=> Allow communication between the VPC and the Internet

VPC와 인터넷 통신을 가능하게 하기 위해 필요

Internet Gateway : vpc 안 리소스가 인터넷과 통신하도록 허용 

An Internet gateway is a service that allows Internet traffic to come into a VPC. Otherwise, a VPC is completely segmented and the only way to access it is potentially through a VPN connection rather than an Internet connection. An Internet gateway is a logical connection between an AWS VPC and the Internet. It supports IPv4 and IPv6 traffic and does not cause availability risks or bandwidth constraints on network traffic.

---

#19. A company needs to continuously monitor its environment to analyze network and account activity and identify potential security threats. Which AWS service should the company use to meet these needs?

=> AWS GuardDuty

공격 탐지(실시간 위협 감지)

네트워크/계정 이상행위 탐

(inspector : 취약점 찾기 / GuardDuty : 공격 탐지)

Amazon GuardDuty is a service that provides threat detection and continuous monitoring for the AWS environment, analyzing network and account activity to identify anomalous or unauthorized behavior.

 

+ AWS Macie (★)

S3(데이터 창고)에 있는 민감한 데이터를 자동으로 식별하고 보호하는 보안 서비스

(특징)

데이터 식별(민감 데이터 자동으로 식별)

데이터 보호(식별한 민감데이터 기반으로 보안 경고 알림)

머신러닝 기반(자동으로 데이터 패턴 분석 > 이상 징후 감지)

 

---

#20. A company is building a serverless architecture that connects application data from multiple data sources. The company needs a solution that does not require additional code. Which AWS service meets these requirements?

=> Amazon EventBridge

코드 최소화로 이벤트 발생하면 자동으로 서비스 연결(이벤트 기반)

서버리스 > 인프라 관리 필요없음

다른 서비스 및 SaaS와 자동 통합 가능

Amazon EventBridge is a serverless solution that makes it easy to connect application data from multiple sources without requiring additional code.

---

#21. Which of the following promotes AWS Cloud architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems?

a. aws serverless application model framework

b. aws well-architected framework

The AWS Well-Architected Framework promotes AWS Cloud architectural best practices to help design and operate systems that are reliable, secure, efficient, and cost-effective.

 

AWS Well-Architected Framework : 신뢰성, 보안, 성능, 비용효율성을 고려한 aws 아키텍처 설계 모범 사례 가이드

---

#22. A cloud engineer wants to know the percentage of allocated compute units that are in use for a specific Amazon EC2 instance. Which AWS service can provide this information?

=> Amazon CloudWatch (★)

AWS 리소스(EC2, RDS, Lambda 등) 모니터링 및 지표 수집

CPU 가동률, 디스크 I/O, 네트워크 트래픽 등 제공

CPU, 리소스 사용률, 모니터링 -> CloudWatch

Amazon CloudWatch can provide this information through metrics that detail Amazon EC2 instance utilization, allowing users to view and optimize resource usage.

 

+ AWS Config

리소스 구성(Configuration) 추적

AWS 리소스 등의 설정 상태 기록

리소스 변경 내역과 히스토리 확인 가능

 

+ AWS CloudTrail

AWS 계정에서 발생한 모든 API 호출 기록(AWS 계정 활동 CCTV)

누가, 언제, 어떤 액션 했는지 추적 가능

---

#23. Which of the following are customer responsibilities according to the AWS Shared Responsibliry Modet?

=> security group configuration

=> encryption(암호화) of customer data on AWS

 

+ AWS 책임

- Physical security of aws facilities

- AWS lambda infrastructure management

- network bandwidth management of each aws region

---

#24. Which aws service uses a combination of publishers and subscribers?

=> Amazon Simple Notification Service(Amazon SNS)

Amazon Simple Notification Service (Amazon SNS) is a service that offers fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers.

---

#25.  How can an AWS user perform security assessments(보안 점검) on Amazon EC2 instances, NAT gateways, and Elastic Load Balancers in an AWS-approved manner? (AWS에서 승인된 방법으로 EC2, ELB, NAT Gateway 보안 취약점 점검)

=> Amazon Inspector

애플리케이션과 서버의 "보안 취약점(security flaws)"을 자동으로 찾아주는 서비스

취약한 소프트웨어, 보안 설정 문제, 취약점 존재, 규정 준수 위반 감지

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.

---

#26. A company wants to ensure that two Amazon EC2 instances are in separate data centers with minimal communication latency between the centers. How can the company meet this requirement?

=> place the EC2 instances in two separate Availability Zones within the same AWS Region 

물리적으로 다른 위치(AZ)에 배치 + 지연 줄이기 위해 같은 Region 내 AZ 선택
Placing the EC2 instances in two separate Availability Zones within the same AWS Region is the best way to meet the requirement. Availability Zones are isolated locations within an AWS Region that have independent power, cooling, and physical security, and are connected to each other with high-bandwidth, low-latency networks.

---

#27. A company wants to design a reliable web application hosted on Amazon EC2. Which approach will achieve this goal?

=> Spread EC2 instances across more than one Availability Zone.
The approach that will achieve the goal of designing a reliable web application hosted on Amazon EC2 is to spread the EC2 instances across more than one Availability Zone. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. By spreading EC2 instances across multiple Availability Zones, users can increase the fault tolerance and availability of their web applications, while reducing latency for end-users.

---

#28. Which AWS service or tool can be used to consolidate a company's payments with multiple AWS accounts?

=> AWS Organizations (★)

여러개 계정을 하나의 조직으로 묶어서 관리하는 서비스

핵심 기능 : 통합 결제, 계정 중앙 관리, 비용 절감 효과

키워드 : consolidate billing / multiple accounts

AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes consolidated billing and account management features that allow you to better meet the budgetary, security, and compliance needs of your business.

 

+ AWS Cost and Usage Report(원시 데이터)

상세한 비용 및 사용량 보고서 제공

 

+ Cost Explorer(시각화)

비용 시각화 및 분석

AWS Management Console에서 바로 사용 가능

 

+ AWS Budgets(알림/예산 관리)

예산 설정 및 알림

비용/사용량/예약 인스턴스 사용률 목표 설정 가능

목표 초과 시 이메일/SNS 알림 -> AWS 비용 경보 시스템

---

#29. Which AWS service or feature allows users to encrypt data at rest in Amazon S3?

=> server-side encryption

S3에 저장된 데이터를 AWS가 자동으로 암호화하여 보호하는 기능

Server-side encryption is an encryption option that Amazon S3 provides to encrypt data at rest in Amazon S3. With server-side encryption, Amazon S3 encrypts an object before saving it to disk in its data centers and decrypts it when you download the objects.

 

Client-side encryption : 업로드 전 암호화 후 S3 저장Server-side encryption : S3가 자동으로 암호화