SAP-C02 第 360 题
题目
A financial services company has an asset management product that thousands of customers use around the world. The customers provide feedback about the product through surveys. The company is building a new analytical solution that runs on Amazon EMR to analyze the data from these surveys. The following user personas need to access the analytical solution to perform different actions: • Administrator: Provisions the EMR cluster for the analytics team based on the team’s requirements • Data engineer: Runs ETL scripts to process, transform, and enrich the datasets • Data analyst: Runs SQL and Hive queries on the data A solutions architect must ensure that all the user personas have least privilege access to only the resources that they need. The user personas must be able to launch only applications that are approved and authorized. The solution also must ensure tagging for all resources that the user personas create. Which solution will meet these requirements?
中文翻译:
一家金融服务公司拥有一款资产管理产品,全世界数以千计的客户都在使用。客户通过调查提供有关产品的反馈。该公司正在构建一个在 Amazon EMR 上运行的新分析解决方案,以分析这些调查的数据。以下用户角色需要访问分析解决方案以执行不同的操作: • 管理员:根据团队的要求为分析团队配置 EMR 集群 • 数据工程师:运行 ETL 脚本来处理、转换和丰富数据集 • 数据分析师:对数据运行 SQL 和 Hive 查询 解决方案架构师必须确保所有用户角色仅对他们需要的资源具有最低权限访问权限。用户角色必须能够仅启动经过批准和授权的应用程序。该解决方案还必须确保对用户角色创建的所有资源进行标记。哪种解决方案可以满足这些要求?
选项
A. Create IAM roles for each user persona. Attach identity-based policies to define which actions the user who assumes the role can perform. Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the administrator to remediate the noncompliant resources.
中文翻译:
为每个用户角色创建 IAM 角色。附加基于身份的策略来定义担任该角色的用户可以执行哪些操作。创建 AWS Config 规则来检查不合规的资源。配置规则以通知管理员修复不合规的资源。
B. Setup Kerberos-based authentication for EMR clusters upon launch. Specify a Kerberos security configuration along with cluster-specific Kerberos options.
中文翻译:
在启动时为 EMR 集群设置基于 Kerberos 的身份验证。指定 Kerberos 安全配置以及特定于集群的 Kerberos 选项。
C. Use AWS Service Catalog to control the Amazon EMR versions available for deployment, the cluster configuration, and the permissions for each user persona.
中文翻译:
使用 AWS Service Catalog 控制可用于部署的 Amazon EMR 版本、集群配置以及每个用户角色的权限。
D. Launch the EMR cluster by using AWS CloudFormation, Attach resource-based policies to the EMR cluster during cluster creation. Create an AWS. Config rule to check for noncompliant clusters and noncompliant Amazon S3 buckets. Configure the rule to notify the administrator to remediate the noncompliant resources.
中文翻译:
使用 AWS CloudFormation 启动 EMR 集群,在集群创建期间将基于资源的策略附加到 EMR 集群。创建 AWS。配置规则以检查不合规的集群和不合规的 Amazon S3 存储桶。配置规则以通知管理员修复不合规的资源。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 使用 AWS Service Catalog 控制可用于部署的 Amazon EMR 版本、集群配置以及每个用户角色的权限。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:S3、IAM、Config。 排除思路...