AWS SAA-C03 MockTest 750
Yesterday, I attended a AWSKRUG Certification Studygroup OT.
During this OT, I was introduced to AWS Skill Builder and found a course related to AWS SAA-C03.
I took the AWS Certified Solutions Architect - Associate Official Practice Exam (SAA-C03 - English) on Skill Builder and got a totla of 750 points.
Result
I think I need to study it more closely. Basic study of the main services should be supplemented. Options that were not convered in practice, such as IPv6, need to be studied.
Reading Comprehension Issue
These are the questions I could have gotten right, but got wrong.
If I read a littel bit about the problem with the real-time recommendation application, the analysis should have run before the data went into S3, so it makes sens to query with Kinesis Data Analysis and then keep the data in Kinesis Firehose.
Ingesting Data with Kinesis Data Stream, retaining it in Firehose, and querying it with Athena doesn't seem like a good fit.
Take a good look at the requirements and architectural flow of service.When asked about stable deployment in a staging environment, the answer was Route53 with weight-based throttling + CloudFormation.
The problem with AWS Active Directory was that the Korean translation was weird. It would be nice to see the ambiguous question in the original English.
Since this was an ECS EC2 issue, assigning task permissions is correct. Why did I choose the IAM Profile specific wording? Let's read it carefully and choose wisely.
S3 Intelligence-Tiering is a good choice when you have uncertain and complex requirements around S3.
When peering VPCs, the VPC CIDR Blocks of the 2 VPCs must not overlap.
What I Learnded
"IPv6 support + resources within the VPC shouldn't be directly accessible from internet."
NAT does not support IPv4. So it must be implemented by setting up an externral-dedicated internet gateway. IPv6 is a new concept to me, and I haven't studied it carefully enough. It might be a good ideap to keep up with IPv6-related topics."Encrypting old/new un-encrypted data due to change in requirements"
Take a snapshot of the RDS instance
Snapshot encrypted relica
Restore the RDS instance from the encrypted snapshot
I felt like I had no knowledge about RDS encrypted replica of an un-encrypted DB instance and vice versa."A multi-region recovery plan with an RTO of 30 minutes in an ALB + Multi-AZ + EC2 + ASG + Multi-AZ RDS environment"
Pilot Light.
Of the four options, I had never heard of multi-site active/active and pilot light before. I'll have to study those keywords separately."Provisioned IOPS SSD (io1) volume type is costing me money and I need a cost reduction point."
Collect CloudWatch metrics + modify residuals to EBS volumes.
My understanding of the characteristics of EBS volume types seems to be low. It would be a good idea to study this area."Hundres of 10MB increments, storage does not exceed 1TB"
Provisioning throughput mode and EFS method. Bursty throughput mode improves performance as the volume size increases, but the requirements specify a maximum storage capacity, so provisioning throughput mode is appropriate."What should you do when EC2 quata is exceeded implication" : "There is something called Service Quotas".
Service Quatas Question"What actions can be taken to efficiently improve throughput when the VPN has residual throughput left over"
ECMP Routing and Site-to-site VPN
I don't know much about Site-to-site VPN, so I didn't understand it in the first place. I need to study site-to-site VPN and client VPN separately.