Are AWS Certifications worth it? : AWS SA-Professional (SAP) Certification 4
Written by Minhyeock Cha
It's been a while since I last tackled SAP exam questions. With my certification renewal date approaching, I thought it would be a good time to return and share some tips and solutions for the exams I've taken so far.
This post will focus entirely on solving certification exam questions. Although it may not directly address the question "Is it really useful?" as the blog title suggests, I'll make sure to include plenty of valuable tips to help you succeed.
Question 1.
Your company is storing millions of sensitive transactions across thousands of 100-GB files that must be encrypted in transit and at rest. Analysts concurrently depend on subsets of files, which can consume up to 5 TB of space, to generate simulations that can be used to steer business decisions.
You are required to design an AWS solution that can cost effectively accommodate the long-term storage and in-flight subsets of data.
Ⓐ Use Amazon Simple Storage Service (S3) with server-side encryption, and run simulations on subsets in ephemeral drives on Amazon EC2.
Ⓑ Use Amazon S3 with server-side encryption, and run simulations on subsets in-memory on Amazon EC2.
Ⓒ Use HDFS on Amazon EMR, and run simulations on subsets in ephemeral drives on Amazon EC2.
Ⓓ Use HDFS on Amazon Elastic MapReduce (EMR), and run simulations on subsets in-memory on Amazon Elastic Compute Cloud (EC2).
Ⓔ Store the full data set in encrypted Amazon Elastic Block Store (EBS) volumes, and regularly capture snapshots that can be cloned to EC2 workstations.
Solutions
Since it's been a while, I decided to start with a simple and straightforward problem.
This question can be easily solved with basic AWS knowledge and an understanding of storage concepts (e.g., storing more data but with slower access, storing less data but with faster access).
Key points from the question are:
Daily storage of 100GB of transactions
Up to 5TB of storage space
Long-term storage
Cost-effective solution
We can break down the solution based on these four key points.
Using the storage concepts mentioned earlier, we can evaluate the options provided: S3, HDFS on EMR, and EBS. Given that S3 is significantly cheaper compared to other storage options, anyone familiar with AWS would know to eliminate the other choices.
Additionally, long-term storage correlates directly with cost efficiency, making S3 the obvious answer.
💡 HDFS incurs additional costs related to usage and cluster maintenance, making S3 the obvious answer.Now, we're left with options A and B. The idea of running simulations using EC2 memory suggests that...
If you're confident in covering server costs, option B might be viable. However, for those looking to optimize costs, option A is the recommended choice.
Answer: A
Question 2.
You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment.
You plan to link each accounts bill to a Master AWS account using Consolidated Billing. To make sure you keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts.
Identify which option will allow you to achieve this goal.
Ⓐ Create IAM users in the Master account with full Admin permissions. Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account.
Ⓑ Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts.
Ⓒ Create IAM users in the Master account. Create cross-account roles in the Dev and Test accounts that have full Admin permissions and grant the Master account access.
Ⓓ Link the accounts using Consolidated Billing. This will give IAM users in the Master account access to resources in the Dev and Test accounts
Solutions
The question requires a consolidated billing architecture post-migration under the assumption of using separate Dev and Test accounts.
The accounts are divided as follows but are structured to allow consolidated billing through AWS Organizations, enabling unified billing.
The key challenge here is to prevent budget overruns by allowing the administrator of the master account to implement a way to stop, delete, and/or terminate resources in both the Dev and Test accounts. This involves permission assignment, thus eliminating option D immediately.
The core of this problem is not just about viewing the organization structure but focusing on IAM role switching.
Resource interference from the master account to other accounts is not a native feature of the organization service, necessitating the implementation of IAM role switching.
Steps to Solve:
Create an IAM user in the master account.
Create an Admin role in both the Dev and Test accounts.
By setting up this structure, the master account can control resources in other accounts.
Evaluation of Options:
Option A: Incorrect, because creating an Admin policy in the master account does not grant control over other accounts' resources.
Option B: Incorrect, because it creates cross-account roles without allowing access from the master account.
Option C: Correct, as it involves setting up the necessary roles and permissions to allow resource control from the master account.
Answer: C
Question 3
A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization.
The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto
Scaling group for the web application and EC2 instances running in an Auto Scaling group to process an Amazon SQS-queue. The company wants to re-architect the application to reduce operational overhead using AWS managed services where possible and remove dependencies on third-party software.
Which solution meets these requirements?
Ⓐ Use Amazon ECS containers for the web application and Spot instances for the Scaling group that processes the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.
Ⓑ Store the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application. Process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize the videos.
Ⓒ Host the web application in Amazon S3. Store the uploaded videos in Amazon S3. Use S3 event notification to publish events to the SQS queue. Process the SQS queue with an AWS Lambda function that call the Amazon Rekognition API to categorize the videos.
Ⓓ Use AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the application and launch a worker environment to process the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.
Solutions
This question involves modernizing an existing application currently operated on EC2 instances.
Key Points:
The site has variable traffic with peaks during certain months and serves "static content."
Minimize overhead and remove dependencies.
Combine the above key points to identify the correct solution among the provided options.
When thinking of static content, you might immediately consider the classic combination of CloudFront and S3. If you thought of this and chose option C, you can move on to the next question.
Answer: C
However, to provide more detail and context, let's delve into why option C is the correct choice by exploring its architecture and setup.
For static content web app hosting and video uploads, S3 buckets are used.
💡 S3 supports web hosting, which is appropriate for static content as mentioned in the question. However, for scenarios requiring WAS (Web Application Server) operations, this wouldn't be the most efficient method.Using CloudFront in front would enhance performance, but since it's not listed in the options, we'll exclude it for now.
S3 can trigger events to specific targets. In this scenario, it triggers an SQS queue when new videos are uploaded to the bucket.
The SQS queue is then processed by a Lambda function. This Lambda function uses Rekognition for video classification, organizing the videos back into the S3 bucket.
This problem can be a bit tricky because all the provided services are designed to be operationally feasible, making it difficult to identify the incorrect option. Therefore, it’s a good idea to clearly understand the core points of the problem and review the options again.
The key points of the problem are:
The site has variable traffic with peaks during certain months and serves "static content."
Minimize overhead and remove dependencies.
While static content can be managed easily, minimizing overhead and dependencies requires an architecture that involves minimal manual intervention, utilizing AWS-managed services.
Evaluating Other Options
Option A: Uses ECS, which involves managing containers and underlying EC2 instances, thus requiring more human resources.
Option B: Relies on EC2, which again involves managing the servers directly, leading to higher overhead.
Option D: Utilizes Elastic Beanstalk, which abstracts some management but still requires handling of the compute resources.
In contrast, option C utilizes fully managed AWS services, aligning with the problem's core requirement of minimizing overhead and dependencies.
Conclusion
I hope the AWS SA certification questions we covered today have been helpful to you. If you have any questions about the solutions, notice any errors, or have additional queries, please feel free to contact us anytime at partner@smileshark.kr.
Comentarios