201-220 Flashcards
201
A developer is deploying an application on Amazon EC2 instances that run in Account A. The application needs to read data from an existing Amazon Kinesis data stream in Account B. Which actions should the developer take to provide the application with access to the stream? (Choose two.)
A. Update the instance profile role in Account A with stream read permissions.
B. Create an IAM role with stream read permissions in Account B.
C. Add a trust policy to the instance profile role and IAM role in Account B to allow the instance profile role to assume the IAM role.
D. Add a trust policy to the instance profile role and IAM role in Account B to allow reads from the stream.
E. Add a resource-based policy in Account B to allow read access from the instance profile role.
B. Create an IAM role with stream read permissions in Account B.
C. Add a trust policy to the instance profile role and IAM role in Account B to allow the instance profile role to assume the IAM role.
https://docs.aws.amazon.com/kinesisanalytics/latest/java/examples-cross.html
202
A developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key. Which IAM permissions should the developer request for the Lambda function to achieve this functionality?
A.
dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem
B.
dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable
C.
dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable
D.
dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem
D.
dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem
203
A company is using AWS CloudFormation templates to deploy AWS resources. The company needs to update one of its AWS CloudFormation stacks. What can the company do to find out how the changes will impact the resources that are running?
A. Investigate the change sets.
B. Investigate the stack policies.
C. Investigate the Metadata section.
D. Investigate the Resources section.
A. Investigate the change sets.
204
A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function. When calling the API. the developer receives the following error:
~~~
Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502
~~~
What should the developer do to resolve the error?
A. Change the HTTP endpoint of the API to an HTTPS endpoint.
B. Change the format of the payload sent to the API Gateway.
C. Change the format of the Lambda function response to the API call.
D. Change the authorization header in the API call to access the Lambda function.
C. Change the format of the Lambda function response to the API call.
205
A company’s social media application stores image files in an Amazon S3 bucket. All the images are stored in S3 Standard storage. Users access images frequently during the first week after images are uploaded. Users rarely access images that were uploaded more than 1 week ago. The company needs a solution to reduce the application’s storage cost. Users must be able to access all images in the same amount of time, regardless of when the images were uploaded. Which solution will meet these requirements with the LEAST amount of effort?
A. Modify the application to use S3 Intelligent-Tiering for all the images.
B. Modify the application to use S3 One Zone-Infrequent Access (S3 One Zone-IA) for all the images.
C. Use an S3 Lifecycle policy to move images that were uploaded more than 1 week ago to S3 Glacier Deep Archive.
D. Use an S3 Lifecycle policy to move images that were uploaded more than 1 week ago to S3 Glacier Flexible Retrieval.
A. Modify the application to use S3 Intelligent-Tiering for all the images.
206
A development team is designing a mobile app that requires multi-factor authentication. Which steps should be taken to achieve this? (Choose two.)
A. Use Amazon Cognito to create a user pool and create users in the user pool.
B. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code.
C. Enable multi-factor authentication for the Amazon Cognito user pool.
D. Use AWS IAM to create IAM users.
E. Enable multi-factor authentication for the users created in AWS IAM.
A. Use Amazon Cognito to create a user pool and create users in the user pool.
C. Enable multi-factor authentication for the Amazon Cognito user pool.
207
A company is using AWS CodePipeline pipelines to deploy development Amazon EC2 instances for multiple teams. All the pipelines are using the same AWS CloudFormation template to deploy the EC2 instances and create dedicated CloudFormation stacks for each team. Each pipeline passes a parameter that is named TeamName to the CloudFormation stack to tag resources with the appropriate team’s name. The company discovers that each team’s usage of EC2 instances is not consistent with the type of EC2 instances that the teams are deploying. The company needs to allow the teams to deploy different types of EC2 instances. Which solution will meet this requirement with the LEAST change to the pipelines?
A. For each team, use a dedicated CloudFormation template that includes different types of EC2 instances. Update CodePipeline to use the dedicated template for each team.
B. For each team, use a dedicated CloudFormation template that includes an InstanceType parameter and a value that is specific to the team’s requirement. Update CodePipeline to use the dedicated template for each team
C. Update the CloudFormation template by creating an InstanceType parameter. Update CodePipeline to pass the InstanceType parameter value that is specific to the team’s requirement.
D. Update the CloudFormation template by adding a map for the instance types to the Mappings section. Create a list of all the teams. Configure the required instance type for each team in the map.
D. Update the CloudFormation template by adding a map for the instance types to the Mappings section. Create a list of all the teams. Configure the required instance type for each team in the map.
A developer is creating an application for a company. The application needs to read the file doc txt that is placed in the root folder of an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The company’s security team requires the principle of least privilege to be applied to the application’s IAM policy.
Which IAM policy statement will meet these security requirements?
A.
{"Action": ["s3:Getobject"],
"Effect": "Allow"
"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET/doc.txt" }
B.
{"Action": ["s3:*"],
"Effect": "Allow"
"Resource":"*"}
C.
{"Action": ["s3:Getobject"],
"Effect": "Allow"
"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"}
D.
{"Action": ["s3:*"],
"Effect": "Allow"
"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET/doc.txt" }
A.
{"Action": ["s3:Getobject"],
"Effect": "Allow"
"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET/doc.txt" }
209
A company has migrated an application to Amazon EC2 instances. Automatic scaling is working well for the application user interface. However, the process to deliver shipping requests to the company’s warehouse staff is encountering issues. Duplicate shipping requests are arriving, and some requests are lost or arrive out of order.
The company must avoid duplicate shipping requests and must process the requests in the order that the requests arrive. Requests are never more than 250 KB in size and take 5-10 minutes to process. A developer needs to rearchitect the application to improve the reliability of the delivery and processing of the requests. What should the developer do to meet these requirements?
A. Create an Amazon Kinesis Data Firehose delivery stream to process the requests. Create an Amazon Kinesis data stream. Modify the application to write the requests to the Kinesis data stream.
B. Create an AWS Lambda function to process the requests. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the Lambda function to the SNS topic. Modify the application to write the requests to the SNS topic.
C. Create an AWS Lambda function to process the requests. Create an Amazon Simple Queue Service (Amazon SQS) standard queue. Set the SQS queue as an event source for the Lambda function. Modify the application to write the requests to the SQS queue.
D. Create an AWS Lambda function to process the requests. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the SQS queue as an event source for the Lambda function. Modify the application to write the requests to the SQS queue.
D. Create an AWS Lambda function to process the requests. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the SQS queue as an event source for the Lambda function. Modify the application to write the requests to the SQS queue.
210
A team of developers must migrate an application running inside an AWS Elastic Beanstalk environment from a Classic Load Balancer to an Application Load Balancer. Which steps should be taken to accomplish the task using the AWS Management Console?
A.
1. Update the application code in the existing deployment.
2. Select a new load balancer type before running the deployment
3. Deploy the new version of the application code to the environment
B.
1. Create a new environment with the same configurations except for the load balancer type.
2. Deploy the same application version as used in the original environment.
3. Run the swap-environment-cnames action
C.
1. Clone the existing environment, changing the associated load balancer type.
2. Deploy the same application version as used in the original environment.
3. Run the swap-environment-cnames action
D.
1. Edit the environment definitions in the existing deployment.
2. Change the associated load balancer type according to the requirements.
3. Rebuild the environment with the new load balancer type.
B.
1. Create a new environment with the same configurations except for the load balancer type.
2. Deploy the same application version as used in the original environment.
3. Run the swap-environment-cnames action
211
What does an Amazon SQS delay queue accomplish?
A. Messages are hidden for a configurable amount of time when they are first added to the queue.
B. Messages are hidden for a configurable amount of time after they are consumed from the queue.
C. The consumer can poll the queue for a configurable amount of time before retrieving a message.
D. Messages cannot be deleted for a configurable amount of time after they are consumed from the queue.
A. Messages are hidden for a configurable amount of time when they are first added to the queue.
212
A company stores the photographs in an Amazon S3 bucket. The company wants to resize the photographs automatically after writing the photographs to the S3 bucket. The company creates an AWS Lambda function to resize the photographs. Which solution will meet these requirements?
A. Configure S3 Event Notifications to invoke the Lambda function
B. Configure an S3 Lifecycle rule to invoke the Lambda function.
C. Configure S3 Select on a schedule to invoke the Lambda function.
D. Configure S3 Storage Lens to invoke the Lambda function.
A. Configure S3 Event Notifications to invoke the Lambda function
213
A developer is automating a new application deployment with AWS Serverless Application Model (AWS SAM). The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects. How should the developer configure AWS SAM to grant the necessary read privilege to the S3 bucket?
A. Reference a second Lambda authorizer function.
B. Add a custom S3 bucket policy to the Lambda function.
C. Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads Reference the topic in the template.
D. Add the S3ReadPolicy template to the Lambda function’s execution role.
D. Add the S3ReadPolicy template to the Lambda function’s execution role.
214
A company hosts a web application that writes to an Amazon DynamoDB table. Application users frequently observe and report errors. The development team examines Amazon CloudWatch logs and frequently sees the following error:
400 Bad Request ProvisionedThroughputExceededException
What is the cause of this error?
A. The application does not have the required permissions for the DynamoDB table.
B. The item that the application is placing on the table exceeds the item size limit.
C. The development team has not allocated enough space for the table and its indexes.
D. The development team has not allocated enough write capacity units (WCU) for the table and Its indexes.
D. The development team has not allocated enough write capacity units (WCU) for the table and Its indexes.
215
A company’s developer is building a static website to be deployed in Amazon S3 for a production environment. The website integrates with an Amazon Aurora PostgreSQL database by using an AWS Lambda function. The website that is deployed to production will use a Lambda alias that points to a specific version of the Lambda function. The company must rotate the database credentials every 2 weeks. Lambda functions that the company deployed previously must be able to use the most recent credentials.
Which solution will meet these requirements?
A. Store the database credentials in AWS Secrets Manager. Turn on rotation. Write code in the Lambda function to retrieve the credentials from Secrets Manager.
B. Include the database credentials as part of the Lambda function code. Update the credentials periodically and deploy the new Lambda function.
C. Use Lambda environment variables. Update the environment variables when new credentials are available.
D. Store the database credentials in AWS Systems Manager Parameter Store Turn on rotation. Write code in the Lambda function to retrieve the credentials from Systems Manager Parameter Store.
A. Store the database credentials in AWS Secrets Manager. Turn on rotation. Write code in the Lambda function to retrieve the credentials from Secrets Manager.
