Architecting on AWS 学习笔记系列文章导航页面
53.Currently a company makes use of EBS snapshots to back up their EBS Volumes.
As a part of the business continuity requirement, these snapshots need to be made available in another region. How can this be achieved?
A. Directly create the snapshot in the other region.
B. Create Snapshot and copy the snapshot to a new region.
C. Copy the snapshot to an S3 bucket and then enable Cross-Region Replication for the bucket.
D. Copy the EBS Snapshot to an EC2 instance in another region.
54.Company has an application hosted in AWS.
This application consists of EC2 Instances which sit behind an ELB. The following are requirements from an administrative perspective:
a) Ensure notifications are sent when the read requests go beyond 1000 requests per minute
b) Ensure notifications are sent when the latency goes beyond 10 seconds
c) Any API activity which calls for sensitive data should be monitored
Which of the following can be used to satisfy these requirements? Choose 2 answers from the options given below.
A. Use CloudTrail to monitor the API Activity
B. Use CloudWatch logs to monitor the API Activity
C. Use CloudWatch metrics for the metrics that need to be monitored as per the requirement and set up an alarm activity to send out notifications when the metric reaches the set threshold limit.
D. Use custom log software to monitor the latency and read requests to the ELB.
Note:
AWS CloudTrail can be used to monitor the API calls. For more information on CloudTrail, please visit the following URL: (https://aws.amazon.com/cloudtrail/)
When you use CloudWatch metrics for an ELB, you can get the amount of read requests and latency out of the box. For more information on using Cloudwatch with the ELB, please visit the following URL: (https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html)
Option A is correct. CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service. (https://docs.aws.amazon.com/zh_cn/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)
Option C is correct. Use Cloudwatch metrics for the metrics that needs to be monitored as per the requirement and set up an alarm activity to send out notifications when the metric reaches the set threshold limit.
55.A company has resources hosted in their AWS Account.
There is a requirement to monitor API activity for all regions and the audit needs to be applied for future regions as well. Which of the following can be used to fulfill this requirement?
A. Ensure CloudTrail for each region, then enable for each future region.
B. Ensure one CloudTrail trail is enabled for all regions.
C. Create a CloudTrail for each region. Use CloudFormation to enable the trail for all future regions.
D. Create a CloudTrail for each region. Use AWS Config to enable the trail for all future regions.
Note:
当您创建AWS账户的时候,将对账户启用CloudTrail。当您的AWS账户中发生活动时,该活动将记录在CloudTrail事件中。您可以通过转到Event history轻松查看CloudTrail控制台中的事件。
利用事件历史纪录,您可以查看、搜索和下载AWS账户中过去90天的活动。此外,您还可以创建一个CloudTrail跟踪来存档、分析和响应您的AWS资源的变化。跟踪是一种配置,可用于将事件传送到您指定的Amazon S3存储桶中。
您可以为AWS账户创建两种类型的跟踪:
-
应用于所有区域的跟踪
当您创建一个应用于所有区域的跟踪时,CloudTrail 会记录每个区域中的事件,并将 CloudTrail 事件日志文件传输到您指定的 S3 存储桶。如果您在创建应用到所有区域的跟踪后又添加了一个区域,则该新区域会自动包括在内,该区域中的事件也将被记录。在 CloudTrail 控制台中创建跟踪时,这是默认选项。有关更多信息,请参阅在控制台中创建跟踪。 -
应用于一个区域的跟踪
当您创建一个只应用于一个区域的跟踪时,CloudTrail 仅记录该区域中的事件。然后,它将 CloudTrail 事件日志文件传输到您指定的 Amazon S3 存储桶。如果您另外创建了单个跟踪,可以让这些跟踪将 CloudTrail 事件日志文件传送到同一个 Amazon S3 存储桶或单独的存储桶。这是使用 AWS CLI 或 CloudTrail API 创建跟踪时的默认选项。有关更多信息,请参阅使用 AWS Command Line Interface 创建、更新和管理跟踪。
注意
对于这两种类型的跟踪,您可以指定来自任何区域的 Amazon S3 存储桶。
https://docs.aws.amazon.com/zh_cn/awscloudtrail/latest/userguide/how-cloudtrail-works.html
206
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
