Application Services

Question 1

What configuration is required to be set to avoid errors when communicating between resources with different domain names in API Gateway?

Answer 1

In order for resources with different domain names to communicate you need to enable CORS (Cross Origin Resource Sharing) for the desired methods.

Question 2

What is Amazon SNS?

Answer 2

Amazon DNS (Simple Notification Service) is a web service that makes it easy to set up, operate and send messages from the cloud.

Question 3

What is SQS?

Answer 3

SQS (Simple Queue Service) is a service that enables access to a message queue.

Question 4

Is SQS push based or pull based?

Answer 4

SQS is a pull based service.

Question 5

How big can an SQS message be?

Answer 5

A message can be up to 256KB.

Question 6

How long are messages kept in an SQS queue?

Answer 6

A message can be in the queue from 1 minute to 14 days. The default is 4 days.

Question 7

In SQS what is the Visibility Timeout?

Answer 7

The Visibility Timeout is the amount of time the message is kept invisible in the SQS queue after a reader has picked it up. If the message’s job is processed before the Visibility Timeout expires the message will be removed from the queue, if not it will become visible again and can be processed by another reader.

Question 8

In SQS what is Long Polling?

Answer 8

Long Polling increases the length of a single polling call to SQS. While Short Polling (the default polling configuration) constantly polls the SQS queue even when it is empty, a Long Polling event does not return a response until there is a message to return or the polling timeout is reached. This can save money because it will result in fewer polling events when the queue is empty.

Question 9

What is the main difference between SWF and SQS?

Answer 9

In SWF (Simple Workflow Service) a task is only assigned once and never duplicated. In SQS (Simple Queue Service) a task can be assigned multiple times and if the message visibility timeout is reached on a task that task can be duplicated.

Question 10

What is Amazon SWF?

Answer 10

SWF (Simple Workflow Service) is a web service that makes it easy to coordinate work across distributed application components.

Question 11

What is Elastic Transcoder?

Answer 11

It is a Media Transcoder that allows you to convert media files from their original format to various formats designed to play on different devices.

Question 12

What is API Gateway?

Answer 12

amazon API Gateway is a fully managed service that allows developers to publish, maintain, monitor, and secure APIs at any scale.

Question 13

How can API Gateway increase performance for duplicated requests?

Answer 13

API Gateway has the ability to cache responses in order to increase performance for commonly requested responses.

Question 14

If API Gateway returns an error such as “Origin Policy Cannot Be Read At The Remote Resource” what can fix this issue?

Answer 14

To fix this issue you can enable CORS (Cross Origin Resource Sharing) in API Gateway.

Question 15

What are the core Kinesis services?

Answer 15

Kinesis Streams - used to capture large amounts of data (terabytes per hour) from data producers, and streaming it into custom applications for data processing and analysis. Data is stored in Shards, by default for 24 hours, this can be extended up to 7 days.

Kinesis Firehose - Firehose is Amazon’s data-ingestion product offering for Kinesis. It is used to capture and load streaming data into other Amazon services such as S3 and Redshift. From there, you can load the streams into data processing and analysis tools like Elastic Map Reduce, and Amazon Elasticsearch Service. It is also possible to load the same data into S3 and Redshift at the same time using Firehose.

Kinesis Analytics - Using Data Analytics you can process and analyze streaming data using standard SQL.

Question 16

What are AWS resource groups?

Answer 16

Resource groups are a way to organize AWS resources by their tag name so that you can easily keep track of them.

Question 17

What is VPC peering?

Answer 17

VPC peering is a connection between VPCs that allows you to route traffic between them using a private IP address?

Question 18

Hey w can VPC peering be set up across regions?

Answer 18

It can’t, VPC peering is set up between multiple VPCs in a single region.

Question 19

What benefits does Direct Connect offer over a VPN connection to AWS?

Answer 19

• it allows traffic to go directly into AWS without crossing the internet
• it can reduce network costs when using large volumes of data
• it can increase bandwidth
• it can increase reliability

A site to site VPN should be used if there is an immediate need for a private connection that will use low bandwidth and can tolerate inconsistent network connectivity

Question 20

When calling STS (Security Token Service) from an identity broker what four values are returned?

Answer 20

An access key

A secret access key

A token

A duration for the token

Question 21

What steps are involved for STS to authenticate a user to an AWS service?

Answer 21

1. The user logs into an application
2. The application calls an identity broker (this is an independent piece of software used to communicate with federated user databases)
3. The identity broker calls LDAP (or whichever user database is used), which replies based on whether the user is authenticated or not
4. The identity broker calls STS to get an AWS token which is returned to the application
5. The application makes a call to an AWS service (like S3)
6. The AWS service calls IAM to verify that the user has access to the requested resource

Question 22

What is AWS Workspaces?

Answer 22

AWS Workspaces is a VDI (Virtual Desktop Infrastructure) that operates as a replacement for a traditional desktop. To access Workspaces the user can log in using a free AWS Workspaces client application and credentials set by an administrator or an integrated single sign on solution.

Each user is given administrative access to their workspace (this can be locked down by an administrator if desired) and the data in the workspace is persisted. Data stored on the D drive of each workspace is backed up every 12 hours.

Question 23

Amazon Web Services offer 3 different levels of support, which of the below are valid support levels.

Answer 23

Enterprise, Business, Developer

Question 24

Which of the following services allows you root access (ie you can login using SSH) - Elastic Load Balancer, Elastic Map Reduce, Elasticache, RDS

Answer 24

Elastic Map Reduce

Question 25

Which of the following is NOT a valid SNS subscribers - Lambda, SWF, SQS, Email, HTTPS, SMS

Answer 25

SWF

Question 26

What are the 3 types of load balancers provided by AWS?

Answer 26

Application Load Balancers - best suited for working with HTTP and HTTPS traffic. These operate at layer 7 and are application-aware - specific requests can be sent to specific web servers

Network Load Balancers - best suited for handling TCP traffic where extreme speed is required. Operate at layer 4 and used for extreme performance

Classic Load Balancers - legacy ELB load balancers. These can operate at layer 4 or 7

Question 27

What does a 504 error tell you when using a load balancer?

Answer 27

A 504 means the gateway has timed out - the application you are trying to reach has not responded within the idle timeout and you should troubleshoot the application endpoint

Question 28

How can you find the IPv4 address of your end user when using a load balancer?

Answer 28

This can be found in the X-Forwarded-For header

Question 29

What are the three types of SWF actors?

Answer 29

Workflow Starters - An application that can initiate a workflow. For example - an e-commerce website where orders are placed.

Deciders - Control the flow of activity tasks in a workflow execution. If something has finished in a workflow (or failed) a Decider decides what to do next.

Activity Workers - Carry out activity tasks.

Question 30

What are the valid types of SNS subscribers?

Answer 30

HTTP
HTTPS
Email
Email-JSON
SQS
Application
Lambda