SAP-C02 第 112 题
题目
A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework. While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company’s developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types. The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch. Which solution will meet these requirements?
中文翻译:
一家大型移动游戏公司已成功将其所有本地基础设施迁移到 AWS 云。解决方案架构师正在审查环境,以确保它是根据设计构建的,并且它的运行符合架构完善的框架。在检查 Cost Explorer 中之前的每月成本时,解决方案架构师注意到,多个大型实例类型的创建和后续终止占据了成本的很大一部分。解决方案架构师发现该公司的开发人员正在启动新的 Amazon EC2 实例作为测试的一部分,并且开发人员没有使用适当的实例类型。解决方案架构师必须实现控制机制来限制只有开发人员可以启动的实例类型。哪种解决方案可以满足这些要求?
选项
A. Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
中文翻译:
在 AWS Config 中创建所需实例类型的托管规则。使用允许的实例类型配置规则。将规则附加到事件以在每次启动新的 EC2 实例时运行。
B. In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers’ IAM accounts.
中文翻译:
在 EC2 控制台中,创建指定允许的实例类型的启动模板。将启动模板分配给开发人员的 IAM 账户。
C. Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
中文翻译:
创建新的 IAM 策略。指定允许的实例类型。将策略附加到包含开发人员的 IAM 账户的 IAM 组
D. Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.
中文翻译:
使用 EC2 Image Builder 为开发人员创建映像管道并协助他们创建黄金映像。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 创建新的 IAM 策略。指定允许的实例类型。将策略附加到包含开发人员的 IAM 账户的 IAM 组 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:EC2、IAM、Config。 排除思路: A、B、D 通常会在...