A Cloud Guru Practice Exam Flashcards
To what AWS service can Access Logs from an Application Load Balancer be delivered?
S3. S3 is the only service supported by AWS for receiving ALB access logs.
A developer deployed a serverless application consisting of an API Gateway and Lambda function using CloudFormation. Testing of the application resulted in a 500 status code and ‘Execution failed due to configuration’ error. What is a possible cause of the error?
POST method was not used when invoking the Lambda function from API Gateway. The POST method must be used when invoking a Lambda function via REST API. This should not be confused with the methods used to access the APIs on the API Gateway. When deploying AWS Lambda and API Gateway resources via CloudFormation, you must ensure that the POST method is used when integrating API Gateway with an AWS Lambda function.
You have been asked to run your in-house application code using Lambda. Which of the following services could you use to deploy your code?
CodeDeploy CodeCommit CloudFormation AWS Serverless Application Model CodeBuild
CodeDeploy, CloudFormation and AWS Serverless Application Model.
CodeCommit and CodeBuild cannot be used to deploy code.
You are developing a website that allows fee-paying users to access video rentals on demand and for a limited time. How would you design this application?
A. Store the videos in EBS.
B. Enable users to access the content using CloudFront with signed URLs.
C. Store the videos in CloudFront.
D. Store the videos in S3.
E. Use IAM to give each registered user permission to access the content.
F. Enable users to access the content using signed URLs
B & D: Enable users to access the content using CloudFront with signed URLs and store the videos in S3.
Using CloudFront, you can distribute private content using a signed URL that is valid for a limited time. Signed URLs that are valid for such a short period of time are good for distributing content on-the-fly to a user for a limited purpose, such as distributing movie rentals or music downloads to customers on demand. If your signed URLs will be valid for just a short period, you will probably want to generate them automatically using an application that you develop. When the user starts to download a file or starts to play a media file, CloudFront compares the expiration time in the URL with the current time to determine whether the URL is still valid.
What technologies can you use to build and deploy a serverless application?
You can use CLoudFormation and the AWS SAM CLI to deploy serverless applications. Use the Transform section of the CloudFormation template to specify the serverless resources you would like to deploy.
CodeBuild, Elastic Beanstalk, CodeDeploy and OpsWorks cannot be used to deploy serverless applications.
What does OpsWorks do?
OpsWorks provides configuration management using managed instances of Puppet or Chef.
What servers can Elastic Beanstalk deploy to?
Elastic Beanstalk is for deploying and scaling web applications on familiar servers such as Apache, Nginx, Passenger and IIS.
What is CodeBuild and CodeDeploy?
CodeBuild is an automated build system, and CodeDeploy deploys your built code to either EC2 or an on-premises server.
What is Fargate?
AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters.
You are developing an online gaming application which needs to synchronize user profile data, preferences and game state across multiple mobile devices. Which of the following Cognito features enables you to do this.
A. Cognito User Pools.
B. Cognito Streams.
C. Cognito Sync.
D. Cognito Events
C & D. Cognito Sync and Cognito Events.
Cognito Sync is an AWS service and client library that enable cross-device syncing of application-related user data. You can use it to synchronize user profile data across mobile devices and web applications. The client libraries cache data locally so your app can read and write data regardless of device connectivity status. When the device is online, you can synchronize datam and if you set up push sync, notify other devices immediately that an update is available.
A content publishing organization runs its own platform, which uses DynamoDB as its data store. A bug report has come in from the content team. They say that when two editors are working on the same content they frequently overwrite each other’s changes. What DynamoDB feature would prevent the most number of overwrite bug reports?
A. Include an acid-expression in the UpdateItem command.
B. Include a condition-expression in the UpdateItem command.
C. Call GetItem immediately before calling UpdateItem to ensure the item has not changed.
D. Apply a time-limited lock to the item while an author is editing it using a DynamoDB TTL.
B. Include a condition-expression in the UpdateItem command.
Using a condition-expression, we can perform a conditional update to an item. The condition must evaluate to true; otherwise, the update operation fails. We can use this feature to make sure the content of an article has not changed since it was last read, before we update it. acid-expression is incorrect because there’s no such expression. Calling GetItem immediately before calling UpdateItem would help mitigate the issue, but still leaves a small race condition where condition-expression does not.
What is a condition expression in DynamoDB?
A condition expression determines if an item should be modified or not. If the condition expression evaluates to true, the operation succeeds; otherwise, the operation fails.
What is an ECS Task Execution IAM role?
The ECS container agent makes calls to the ECS API on your behalf, so it requires an IAM policy and the role for the service to know that the agent belongs to you. This IAM role is referred to as a task execution IAM role.
In addition to choosing the correct EBS volume type for your specific task, what else can be done to increase the performance of your volume?
1) Ensure that your EC2 instances are types that can be optimized for use with EBS. 2) Schedule snapshots of HDD based volumes for periods of low use. 3) Stripe volumes together in a RAID 0 configuration.
There are a number of ways you can optimize performance above that of choosing the correct EBS type. One of the easiest options is to provide more I/O throughput than you can provision for a single EBS volume. This can be done by striping using RAID 0. You can join multiple gp2, io1, st1, or sc1 volumes together in a RAID 0 configuration to provide parallel read/write performance. The second option is to choose an EC2 instance type that supports EBS optimization. This ensure that network traffic will not content with traffic between your instance and your EBS volumes. The final correct choice is only related to HDD based EBS volumes. When you create a snapshot of a Throughput Optimized HDD (st1) or Cold HDD (sc1) volume, performance may drop as far as the volume’s baseline value while the snapshot is in progress. This behavior is specific to these volume types. Therefore you should ensure that scheduled snapshots are carried out at times of low usage.
ABC corp runs a web application that uses API Gateway to provide their developer customers with access to data. To reduce load on their upstream systems, the ABC corp have enabled API Gateway caching. A small number of developer customers still need access to results directly from the integration endpoint. To prevent all developer customers from bypassing the cache, ABC corp has also enabled the requirement for cache invalidation to require authorization. What must a developer customer do to return a result that is not cached from the API Gateway?
Sign their request with a user or role that has the required execute-api:InvalidateCache permissions to invalidate the cache. AND include a Cache-Control: max-age=0 HTTP header in their request.
Setting a Cache-Control: max-age=0 HTTP header request as part of the request tells API Gateway that you want a response directly from the integration endpoint, rather than a cache response. This header can be interpreted as the client stating the maximum age a cached result can be is 0 seconds - equivalent to saying it cannot be cached at all. As the cache is configured to require authorization to be invalidated, the request must be signed with a user or role that allows the execute-api:InvalidateCache action to be performed on the API Gateway resource.
