A Cloud Guru Practice Exam Flashcards

1
Q

To what AWS service can Access Logs from an Application Load Balancer be delivered?

A

S3. S3 is the only service supported by AWS for receiving ALB access logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A developer deployed a serverless application consisting of an API Gateway and Lambda function using CloudFormation. Testing of the application resulted in a 500 status code and ‘Execution failed due to configuration’ error. What is a possible cause of the error?

A

POST method was not used when invoking the Lambda function from API Gateway. The POST method must be used when invoking a Lambda function via REST API. This should not be confused with the methods used to access the APIs on the API Gateway. When deploying AWS Lambda and API Gateway resources via CloudFormation, you must ensure that the POST method is used when integrating API Gateway with an AWS Lambda function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have been asked to run your in-house application code using Lambda. Which of the following services could you use to deploy your code?

CodeDeploy
CodeCommit
CloudFormation
AWS Serverless Application Model
CodeBuild
A

CodeDeploy, CloudFormation and AWS Serverless Application Model.

CodeCommit and CodeBuild cannot be used to deploy code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are developing a website that allows fee-paying users to access video rentals on demand and for a limited time. How would you design this application?

A. Store the videos in EBS.
B. Enable users to access the content using CloudFront with signed URLs.
C. Store the videos in CloudFront.
D. Store the videos in S3.
E. Use IAM to give each registered user permission to access the content.
F. Enable users to access the content using signed URLs

A

B & D: Enable users to access the content using CloudFront with signed URLs and store the videos in S3.

Using CloudFront, you can distribute private content using a signed URL that is valid for a limited time. Signed URLs that are valid for such a short period of time are good for distributing content on-the-fly to a user for a limited purpose, such as distributing movie rentals or music downloads to customers on demand. If your signed URLs will be valid for just a short period, you will probably want to generate them automatically using an application that you develop. When the user starts to download a file or starts to play a media file, CloudFront compares the expiration time in the URL with the current time to determine whether the URL is still valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What technologies can you use to build and deploy a serverless application?

A

You can use CLoudFormation and the AWS SAM CLI to deploy serverless applications. Use the Transform section of the CloudFormation template to specify the serverless resources you would like to deploy.

CodeBuild, Elastic Beanstalk, CodeDeploy and OpsWorks cannot be used to deploy serverless applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does OpsWorks do?

A

OpsWorks provides configuration management using managed instances of Puppet or Chef.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What servers can Elastic Beanstalk deploy to?

A

Elastic Beanstalk is for deploying and scaling web applications on familiar servers such as Apache, Nginx, Passenger and IIS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is CodeBuild and CodeDeploy?

A

CodeBuild is an automated build system, and CodeDeploy deploys your built code to either EC2 or an on-premises server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Fargate?

A

AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You are developing an online gaming application which needs to synchronize user profile data, preferences and game state across multiple mobile devices. Which of the following Cognito features enables you to do this.

A. Cognito User Pools.
B. Cognito Streams.
C. Cognito Sync.
D. Cognito Events

A

C & D. Cognito Sync and Cognito Events.

Cognito Sync is an AWS service and client library that enable cross-device syncing of application-related user data. You can use it to synchronize user profile data across mobile devices and web applications. The client libraries cache data locally so your app can read and write data regardless of device connectivity status. When the device is online, you can synchronize datam and if you set up push sync, notify other devices immediately that an update is available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A content publishing organization runs its own platform, which uses DynamoDB as its data store. A bug report has come in from the content team. They say that when two editors are working on the same content they frequently overwrite each other’s changes. What DynamoDB feature would prevent the most number of overwrite bug reports?

A. Include an acid-expression in the UpdateItem command.
B. Include a condition-expression in the UpdateItem command.
C. Call GetItem immediately before calling UpdateItem to ensure the item has not changed.
D. Apply a time-limited lock to the item while an author is editing it using a DynamoDB TTL.

A

B. Include a condition-expression in the UpdateItem command.

Using a condition-expression, we can perform a conditional update to an item. The condition must evaluate to true; otherwise, the update operation fails. We can use this feature to make sure the content of an article has not changed since it was last read, before we update it. acid-expression is incorrect because there’s no such expression. Calling GetItem immediately before calling UpdateItem would help mitigate the issue, but still leaves a small race condition where condition-expression does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a condition expression in DynamoDB?

A

A condition expression determines if an item should be modified or not. If the condition expression evaluates to true, the operation succeeds; otherwise, the operation fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an ECS Task Execution IAM role?

A

The ECS container agent makes calls to the ECS API on your behalf, so it requires an IAM policy and the role for the service to know that the agent belongs to you. This IAM role is referred to as a task execution IAM role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In addition to choosing the correct EBS volume type for your specific task, what else can be done to increase the performance of your volume?

A

1) Ensure that your EC2 instances are types that can be optimized for use with EBS. 2) Schedule snapshots of HDD based volumes for periods of low use. 3) Stripe volumes together in a RAID 0 configuration.

There are a number of ways you can optimize performance above that of choosing the correct EBS type. One of the easiest options is to provide more I/O throughput than you can provision for a single EBS volume. This can be done by striping using RAID 0. You can join multiple gp2, io1, st1, or sc1 volumes together in a RAID 0 configuration to provide parallel read/write performance. The second option is to choose an EC2 instance type that supports EBS optimization. This ensure that network traffic will not content with traffic between your instance and your EBS volumes. The final correct choice is only related to HDD based EBS volumes. When you create a snapshot of a Throughput Optimized HDD (st1) or Cold HDD (sc1) volume, performance may drop as far as the volume’s baseline value while the snapshot is in progress. This behavior is specific to these volume types. Therefore you should ensure that scheduled snapshots are carried out at times of low usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ABC corp runs a web application that uses API Gateway to provide their developer customers with access to data. To reduce load on their upstream systems, the ABC corp have enabled API Gateway caching. A small number of developer customers still need access to results directly from the integration endpoint. To prevent all developer customers from bypassing the cache, ABC corp has also enabled the requirement for cache invalidation to require authorization. What must a developer customer do to return a result that is not cached from the API Gateway?

A

Sign their request with a user or role that has the required execute-api:InvalidateCache permissions to invalidate the cache. AND include a Cache-Control: max-age=0 HTTP header in their request.

Setting a Cache-Control: max-age=0 HTTP header request as part of the request tells API Gateway that you want a response directly from the integration endpoint, rather than a cache response. This header can be interpreted as the client stating the maximum age a cached result can be is 0 seconds - equivalent to saying it cannot be cached at all. As the cache is configured to require authorization to be invalidated, the request must be signed with a user or role that allows the execute-api:InvalidateCache action to be performed on the API Gateway resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is SES?

A

SES is a scalable and highly available email service designed to help marketing teams and application developers send marketing, notification and transactional emails to their customers using a pay as you go model.

Can also be used to receive emails: incoming emails can be delivered automatically to an S3 bucket. Incoming emails can be used to trigger Lambda functions and SNS notifications.

It’s for email only.

An email address is all that is required to start sending messages to a user - it is not subscription based. (For SNS, consumers must subscribe to a topic to receive the notifications.)

17
Q

You are developing a scalable application which will run in Docker on ECS. You would like to be able to run multiple tasks on the same ECS service. How should you approach this?

A

Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition. Dynamic port mappings with an application load balancer makes it easier to run multiple tasks on the same ECS service on an ECS cluster.

18
Q

You are trying to diagnose a performance problem with your serverless application, which uses Lambda, API Gateway, S3 and DynamoDB. Your DynamoDB table is performing well and you suspect that your Lambda function is taking too long to execute. Which of the following could you use to investigate the source of the issue?

A. AWS X-Ray
B. Lambda Invocations Sum metric in CloudWatch
C. API Gateway Integration Latency metric in CloudWatch
D. API Gateway Latency metric in CloudWatch

A

AWS X-Ray can be used to display a histogram showing the latency of your Lambda function. Latency is the amount of time between when a request starts and when it completes. API Gateway Integration Latency is the time between when API Gateway relays a request to the backend and when it receives a response from the backend. API Gateway Latency is the time between when API Gateway receives a request from a client and when it returns a response to the client. The latency incldues the integration latency and other API Gateway overhead. Lambda Invocations Sum measures the number of times a function is invoked in response to an event or invocation API call.