SAP-C02 第 115 题
题目
A team collects and routes behavioral data for an entire company. The company runs a Multi-AZ VPC environment with public subnets, private subnets, and in internet gateway. Each public subnet also contains a NAT gateway. Most of the company’s applications read from and write to Amazon Kinesis Data Streams. Most of the workloads run in private subnets. A solutions architect must review the infrastructure. The solution architect needs to reduce costs and maintain the function of the applications. The solutions architect uses Cost Explorer and notices that the cost in the EC2-Other category is consistently high. A further review shows that NatGateway-Bytes charges are increasing the cost in the EC2-Other category. What should the solutions architect do to meet these requirements?
中文翻译:
团队收集并传送整个公司的行为数据。该公司运行具有公共子网、私有子网和互联网网关的多可用区 VPC 环境。每个公共子网还包含一个 NAT 网关。该公司的大多数应用程序都会读取和写入 Amazon Kinesis Data Streams。大多数工作负载在私有子网中运行。解决方案架构师必须审查基础架构。解决方案架构师需要降低成本并维护应用程序的功能。解决方案架构师使用 Cost Explorer 并注意到 EC2-其他类别的成本始终很高。进一步的审查表明,NatGateway-Bytes 收费正在增加 EC2-其他类别的成本。解决方案架构师应该怎样做才能满足这些要求?
选项
A. Enable VPC Flow Logs. Use Amazon Athena to analyze the logs for traffic that can be removed. Ensure that security groups are blocking traffic that is responsible for high costs.
中文翻译:
启用 VPC 流日志。使用 Amazon Athena 分析日志以查找可以删除的流量。确保安全组阻止导致高成本的流量。
B. Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that applications have the correct IAM permissions to use the interface VPC endpoint.
中文翻译:
将 Kinesis Data Streams 的接口 VPC 终端节点添加到 VPC。确保应用程序具有正确的 IAM 权限来使用接口 VPC 终端节点。
C. Enable VPC Flow Logs and Amazon Detective. Review Detective findings for traffic that is not related to Kinesis Data Streams. Configure security groups to block that traffic.
中文翻译:
启用 VPC 流日志和 Amazon Detective。查看与 Kinesis Data Streams 无关的流量的检测结果。配置安全组以阻止该流量。
D. Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that the VPC endpoint policy allows traffic from the applications.
中文翻译:
将 Kinesis Data Streams 的接口 VPC 终端节点添加到 VPC。确保 VPC 终端节点策略允许来自应用程序的流量。
答案
D
解析
正确答案:D 解析: 本题应选择 D。 正确选项: D. 将 Kinesis Data Streams 的接口 VPC 终端节点添加到 VPC。确保 VPC 终端节点策略允许来自应用程序的流量。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:VPC、EC2、Kines...