92
A company is running an application in the AWS Cloud. The application collects and stores a large amount of unstructured data in an Amazon S3 bucket. The S3 bucket contains several terabytes of data and uses the S3 Standard storage class. The data increases in size by several gigabytes every day.
一家公司正在 AWS 云中运行一个应用程序。这个应用程序收集并存储了大量的非结构化数据。S3存储桶包含几 TB 的数据,并使用 S3标准存储类。数据的大小每天增加几十亿字节。
The company needs to query and analyze the data. The company does not access data that is more than 1 year old. However, the company must retain all the data indefinitely for compliance reasons.
公司需要查询和分析数据。该公司不访问超过1年的数据。然而,出于合规原因,该公司必须无限期保留所有数据。
Which solution will meet these requirements MOST cost-effectively? 哪种解决方案能够最经济有效地满足这些要求?
A. Use S3 Select to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old to S3 Glacier Deep Archive. 使用 S3选择查询数据。创建一个 S3生命周期策略,将超过1年的数据转换为 S3冰川深度档案。 B. Use Amazon Redshift Spectrum to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old 10 S3 Glacier Deep Archive. 使用亚马逊红移光谱查询数据。创建一个 S3生命周期策略来转换超过1年历史的10个 S3冰川深度档案库的数据。 C. Use an AWS Glue Data Catalog and Amazon Athena to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old to S3 Glacier Deep Archive. 使用 AWS 胶水数据目录和 Amazon Athena 来查询数据。创建一个 S3生命周期策略,将超过1年的数据转换为 S3冰川深度档案。 D. Use Amazon Redshift Spectrum to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old to S3 Intelligent-Tiering. 使用亚马逊红移光谱查询数据。创建一个 S3生命周期策略,将超过1年的数据转换为 S3智能分层。
C : Glue Catalog 做元数据定义,Athena 抽取 s3 数据进行查询。 S3 Select 不能针对跨对象进行 query
https://docs.aws.amazon.com/zh_cn/athena/latest/ug/glue-athena.html (opens in a new tab)
96
A solutions architect needs to implement a client-side encryption mechanism for objects that will be stored in a new Amazon S3 bucket. The solutions architect created a CMK that is stored in AWS Key Management Service (AWS KMS) for this purpose. 解决方案架构师需要为存储在新的 AmazonS3桶中的对象实现客户端加密机制。解决方案架构师为此创建了一个存储在 AWS 密钥管理服务(AWS KMS)中的 CMK。
The solutions architect created the following IAM policy and attached it to an IAM role: 解决方案架构师创建了以下 IAM 策略,并将其附加到 IAM 角色:
During tests, the solutions architect was able to successfully get existing test objects in the S3 bucket. However, attempts to upload a new object resulted in an error message. The error message stated that the action was forbidden. 在测试期间,解决方案架构师能够成功地获得 S3 bucket 中的现有测试对象。但是,尝试上载新对象会导致错误消息。错误消息指出禁止该操作。
Which action must the solutions architect add to the IAM policy to meet all the requirements? 为了满足所有需求,解决方案架构师必须向 IAM 策略添加哪些操作?
A. kms:GenerateDataKey
B. kms:GetKeyPolicy
C. kms:GetPublicKey
D. kms:Sign