AWS Dev Associate Flashcards

Question 1

Q

You plan on running an open-source MongoDB database year-round on EC2. Which instance launch mode should you choose?

on-demand
reserved instances
spot instances

Answer

A

Reserved Instances

Question 2

Q

You are launching an EC2 instance in us-east-1 using this Python script snippet:

> ec2.create_instances(ImageId=’ami-b23a5e7’, MinCount=1, MaxCount=1)

It works well, so you decide to deploy your script in us-west-1 as well. There, the script does not work and fails with “ami not found” error. What’s the problem?

AMI is region locked and the same ID cannot be used across regions
The AMI needs to first be shared to another region. The same ID can then be used

Answer

A

AMI is region locked and the same ID cannot be used across regions

Question 3

Q

You would like to deploy a database technology and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 launch modes allow you to get visibility into them?

spot ins
dedicated hosts
on-demand

Answer

A

Dedicated Hosts

Question 4

Q

You are running a critical workload of three hours per week, on Monday. As a solutions architect, which EC2 Instance Launch Type should you choose to maximize the cost savings while ensuring the application stability?

on-demand ins
reserved ins
spot ins
scheduled reserved ins

Answer

A

Scheduled Reserved Instances

Question 5

Q

Scalability vs High Availability

Answer

A

S: app can handle greater load by adapting (v & h: elasticity)
HA: running app in 2+ data centers, can survive data center loss

Question 6

Q

Load Balancers provide a

static IPv4 we can use in our application
static DNS name we can use in our app
static IPv6 we can use in our app

Answer

A

static DNS name we can use in our app - ELB chapter

Question 7

Q

You are running a website with a load balancer and 10 EC2 instances. Your users are complaining about the fact that your website always asks them to re-authenticate when they switch pages. You are puzzled, because it’s working just fine on your machine and in the dev environment with 1 server. What could be the reason?

the app must have a bug
the load balancer does not have stickiness enabled
the EC2 Instances log out users b/c they don’t see their true IPs

Answer

A

the load balancer does not have stickiness enabled

Question 8

Q

Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer’s. What should you do to find the true IP of the clients connected to your website?

Modify the frontend of the website so that users send their IP in the requests
Look into the X-Forwarded-For header in the backend
Look into the X-Forwarded-Proto header in the backend

Answer

A

Look into the X-Forwarded-For header in the backend

Question 9

Q

You quickly created an ELB and it turns out your users are complaining about the fact that sometimes, the servers just don’t work. You realise that indeed, your servers do crash from time to time. How to protect your users from seeing these crashes?

enable Stickiness
enable Health Checks
enable SSL Termination

Answer

A

enable Health Checks - CLB hands on

Question 10

Q

You are designing a high performance application that will require millions of connections to be handled, as well as low latency. The best Load Balancer for this is

ALB
CLB
NLB

Answer

A

network load balancer

Question 11

Q

Application Load Balancers handle all these protocols except

HTTP
HTTPS
Websocket
TCP

Answer

A

TCP - ELB overview

Question 12

Q

The application load balancer can redirect to different target groups based on all these except…

Hostname
Request Path
Client IP

Answer

A

Client IP

Question 13

Q

You are running at desired capacity of 3 and the maximum capacity of 3. You have alarms set at 60% CPU to scale out your application. Your application is now running at 80% capacity. What will happen?

Nothing
The desired capacity will go up to 4 and max will stay at 3
The desired capacity will go up to 4 and max will stay at 4

Answer

A

nothing - auto scaling groups hands on

Question 14

Q

I have an ASG and an ALB, and I setup my ASG to get health status of instances thanks to my ALB. One instance has just been reported unhealthy. What will happen?

the ASG will keep the instance running & restart the app
the ASG will detach the EC2 instance from the group
the ASG will terminate the EC2 instance

Answer

A

the ASG will terminate the EC2 instance

Question 15

Q

Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database.

it’s impossible
create a CloudWatch custom metric & build alarm on this to scale your ASG
enable detailed monitoring & use that to scale your ASG

Answer

A

create a CloudWatch custom metric & build alarm on this to scale your ASG

Question 16

Q

Scaling an instance from an r4.large to an r4.4xlarge is called

horizontal
vertical

scalability?

Answer

A

vertical scalability

Question 17

Q

Running an application on an auto scaling group that scales the number of instances in and out is called

horizontal
vertical

scalability?

Answer

A

horizontal scalability

Question 18

Q

You would like to expose a fixed static IP to your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators. Which Load Balancer should you use?

ALB with Elastic IP attached to it
NLB
CLB

Answer

A

network load balancer

Network Load Balancers expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)

Question 19

Q

A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALB is deployed on the VPC with the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALB can access the port 80?

open up the EC2 security group on port 80 to 0.0.0.0/0
open up the EC2 security group on port 80 to 192.168.0.0/18
open up the EC2 security group on port 80 to the ALB’s security group

Answer

A

open up the EC2 security group on port 80 to the ALB’s security group

This is the most secure way of ensuring only the ALB can access the EC2 instances. Referencing by security groups in rules is an extremely powerful rule and many questions at the exam rely on it.

Question 20

Q

Your application load balancer is hosting 3 target groups with hostnames being users.example.com, api.external.example.com, and checkout.example.com. You would like to expose HTTPS traffic for each of these hostnames. How do you configure your ALB SSL certificates to make this work?

use SNI
use a wildcard SSL certificate
use an HTTP to HTTPS redirect rule
use a security group SSL certificate

Answer

A

use SNI

SNI (Server Name Indication) is a feature allowing you to expose multiple SSL certs if the client supports it. Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

Question 21

Q

The Application Load Balancers target groups can be all of these EXCEPT…

EC2 Instances
IP Addresses
Lambda functions
NLBs

Answer

A

network load balancer

Question 22

Q

You are running an application in 3 AZ, with an Auto Scaling Group and a Classic Load Balancer. It seems that the traffic is not evenly distributed amongst all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances?

stickiness
cross zone load balancing
target group routing rules
HTTPS termination

Answer

A

cross zone load balancing - video #40

Question 23

Q

Your Application Load Balancer (ALB) currently is routing to two target groups, each of them is routed to based on hostname rules. You have been tasked with enabling HTTPS traffic for each hostname and have loaded the certificates onto the ALB. Which ALB feature will help it choose the right certificate for your clients?

TLS Termination
Server Name Indication (SNI)
SSL Security Policies
Host Header

Answer

A

Server Name Indication (SNI)

Question 24

Q

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?

simple scaling policy
step scaling policy
target tracking
scheduled scaling

Answer

A

target tracking

Question 25

Q

Your instance in us-east-1a just got terminated, and the attached EBS volume is now available. Your colleague tells you he can’t seem to attach it to your instance in us-east-1b.

Missing IAM permissions
EBS volumes are region locked
EBS volumes are AZ locked

Answer

A

EBS volumes are AZ locked

EBS Volumes are created for a specific AZ. It is possible to migrate them between different AZ through backup and restore

Question 26

Q

You would like to have the same data being accessible as an NFS drive cross AZ on all your EC2 instances. What do you recommend?

Mount an…

EFS
EBS
Instance Store

Answer

A

EFS

EFS is a network file system (NFS) and allows to mount the same file system on EC2 instances that are in different AZ

Question 27

Q

You would like to have a high-performance cache for your application that mustn’t be shared. You don’t mind losing the cache upon termination of your instance. Which storage mechanism do you recommend as a Solution Architect?

Instance Store
EBS
EFS

Answer

A

Instance Store

Instance Store provide the best disk performance

Question 28

Q

You are running a high-performance database that requires an IOPS of 210,000 for its underlying filesystem. What do you recommend?

EBS gp2 drive
EBS io1 drive
EC2 Instance Store
EFS

Answer

A

EC2 Instance Store

Is running a DB on EC2 instance store possible? It is possible to run a database on EC2. It is also possible to use instance store, but there are some considerations to have. The data will be lost if the instance is stopped, but it can be restarted without problems. One can also set up a replication mechanism on another EC2 instance with instance store to have a standby copy. One can also have back-up mechanisms. It’s all up to how you want to set up your architecture to validate your requirements. In this case, it’s around IOPS, and we build an architecture of replication and back up around it

Question 29

Q

My company would like to have a MySQL database that is going to be available even in case of a disaster in the AWS Cloud. I should setup

Read Replicas
Encryption
Multi AZ

Question 30

Q

Our RDS database struggles to keep up with the demand of the users from our website. Our million users mostly read news, and we don’t post news very often. Which solution will NOT help fix this problem?

ElastiCache cluster
RDS Read Replicas
RDS Multi AZ

Answer

A

RDS Multi AZ - video #54 RDS overview

Question 31

Q

We have setup read replicas on our RDS database, but our users are complaining that upon updating their social media posts, they do not see the update right away

must be a bug in our app
read replicas have async replication & therefore it’s likely users will only observe eventual consistency
we should have setup multi-az instead

Answer

A

Read Replicas have async replication & therefore it’s likely users will only observe eventual consistency

Question 32

Q

Which RDS Classic (not Aurora) feature does not require us to change our SQL connection string?

Read Replicas
Multi AZ

Answer

A

Multi AZ

NOT read replicas: Read Replicas add new endpoints for databases to read from and therefore we must change our application to have the list of these endpoints in order to balance the read load and connect to the databases

Question 33

Q

You want to ensure your Redis cluster will always be available, enable…

Read Replicas
Multi AZ

Question 34

Q

Your application functions on an ASG behind an ALB. Users have to constantly log back in and you’d rather not enable stickiness on your ALB as you fear it will overload some servers. What should you do?

create your own load balancer & deploy that on EC2 instances
store session data in RDS
store session data in ElastiCache
store session data in a shared EBS volume

Answer

A

store session data in ElastiCache

personal note: seems quickest :P

Question 35

Q

One analytics application is currently performing its queries against your main production database. These queries slow down the database which impacts the main user experience. What should you do to improve the situation?

set up a Read Replica
set up Multi AZ
run the analytics queries at night
increase the RDS instance size

Answer

A

Set up a Read Replica

Read Replicas will help as our analytics application can now perform queries against it, and these queries won’t impact the main production database.

Question 36

Q

You have a requirement to use TDE (Transparent Data Encryption) on top of KMS. Which database technology does NOT support TDE on RDS?
PostgreSQL
Oracle
MS SQL Server

Answer

A

PostgreSQL

Question 37

Q

Which RDS database technology does NOT support IAM authentication?

Oracle
PostgreSQL
MySQL

Answer

A

PostgreSQL

Question 38

Q

You would like to ensure you have a database available in another region if a disaster happens to your main region. Which database do you recommend?

RDS w/ Read Replicas in another AZ
RDS w/ multi AZ
Aurora Read Replicas in another AZ
Aurora Global DB

Answer

A

Aurora Global Database

Global Databases allow you to have cross region replication

Question 39

Q

You are managing a PostgreSQL database and for security reasons, you would like to ensure users are authenticated using short-lived credentials. What do you suggest doing?

Install PostgreSQL on EC2 and install the pg_iam module. Authenticate using IAM username and password
Use PostgreSQL for RDS and install the pg_iam module. Authenticate using IAM username and password
Use PostgreSQL for RDS and authenticate using a token obtained through the RDS service
Use PostgreSQL for RDS and force SSL connections. Authenticate using SSL certificates that you regularly rotate

Answer

A

Use PostgreSQL for RDS and authenticate using a token obtained through the RDS service

In this case, IAM is leveraged to obtain the RDS service token, so this is the IAM authentication use case.

Question 40

Q

Your organisation wants to enforce SSL connections on your MySQL database

Change your security group rules to only allow SSL traffic
Download certificates and change your application to connect using SSL
Apply a ‘REQUIRE SSL’ statement to all your users in your SQL DB
Enable RDS encryption

Answer

A

Apply a ‘REQUIRE SSL’ statement to all your users in your SQL DB - video #54 RDS overview

Question 41

Q

You are implementing a caching strategy with ElastiCache and would like to ensure that only the data that is often requested will be loaded in ElastiCache, as your cache size is small. Which caching strategy should you implement?

lazy loading
write through
TTL

Answer

A

lazy loading

Lazy Loading would only cache data that is actively requested from the database

Question 42

Q

You are serving web pages for a very dynamic website and you have a requirement to keep latency to a minimum for every single user when they do a read request. Writes can take longer to happen. Which caching strategy do you recommend?

cache aside
write-through
TTL

Answer

A

write-through

this has longer writes, but the reads are quick and the data is always updated in the cache

Question 43

Q

Tell what each record (for Route53) does:

A
AAAA
CNAME
Alias

Answer

A

A: hostname to IPv4
AAAA: hostname to IPv6
CNAME: hostname to hostname
Alias: hostname to AWS resource

Question 44

Q

You have purchased “mycoolcompany.com” on the AWS registrar and would like for it to point to [lb1-1234.us-east-2.elb.amazonaws.com]. What sort of Route 53 record is NOT POSSIBLE to set up for this?

CNAME
Alias

Answer

A

CNAME

The DNS protocol does not allow you to create a CNAME record for the top node of a DNS namespace (mycoolcompany.com), also known as the zone apex

Question 45

Q

Route53 - Simple vs Weighted vs Latency vs Failover ?

Answer

A

(look up answer)

Question 46

Q

You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment, in order to monitor for CloudWatch metrics and ensuring no bugs exist. What type of Route 53 records allows you to do so?

Simple
Weighted
Latency
Failover

Answer

A

Weighted

Weighted allows you to redirect a part of the traffic based on a weight (hence a percentage). It’s common to use to send a part of a traffic to a new application you’re deploying

Question 47

Q

After updating a Route 53 record to point “myapp.mydomain.com” from an old Load Balancer to a new load balancer, it looks like the users are still not redirected to your new load balancer. You are wondering why…

it’s b/c of the alias record
it’s b/c of the CNAME record
it’s b/c of the TTL (time to live)
it’s b/c of the health checks

Answer

A

TTL

DNS records have a TTL (Time to Live) in order for clients to know for how long to caches these values and not overload the DNS with DNS requests. TTL should be set to strike a balance between how long the value should be cached vs how much pressure should go on the DNS.

Question 48

Q

You want your users to get the best possible user experience and that means minimizing the response time from your servers to your users. Which routing policy will help?

Multi Value
Weighted
Latency
Geo location

Answer

A

Latency

Latency will evaluate the latency results and help your users get a DNS response that will minimize their latency (e.g. response time)

Question 49

Q

You have a legal requirement that people in any country but France should not be able to access your website. Which Route 53 record helps you in achieving this?

Latency
Simple
Geo location
Multi Value

Answer

A

Geo location

Question 50

Q

Direct Connect

Answer

A

Direct Connect: connection between on-prem data center to AWS (private)

Question 51

Q

VPC

Answer

A

VPC: virtual private cloud, used default when creating EC2 instances

Question 52

Q

Subnets

Answer

A

Subnets: tied to specific AZ, where we launch EC2 instances from

Question 53

Q

Internet Gateway

Answer

A

Internet Gateway: provides internet access to public subnets & instances

Question 54

Q

NAT Gateway / Instances

Answer

A

NAT Gateway / Instances: provides internet access to public subnets & instances

Question 55

Q

NACL

Answer

A

NACL: firewall for inbound/outbound, stateless, for subnet rules

Question 56

Q

Security Groups

Answer

A

Security Groups: stateful, operate on EC2 instance level or ENI, can reference other security groups

Question 57

Q

VPC Peering

Answer

A

VPC Peering: connects 2 VPC (non overlapping IP addresses)

Question 58

Q

VPC Endpoints

Answer

A

VPC Endpoints: private access to AWS Services within

Question 59

Q

VPC Flow Logs

Answer

A

VPC Flow Logs: network traffic logs

Question 60

Q

Site to Site VPN

Answer

A

Site to Site VPN: connection between on-prem data center to AWS (public)

Question 61

Q

You have set up an internet gateway in your VPC, but your EC2 instances still don’t have access to the internet.

Which of the following is NOT a possible issue?

Route Tables are missing entries
The security group does not allow network in
The NACL does not allow network traffic out

Answer

A

The security group does not allow network in

security groups are stateful and if traffic can go out, then it can go back in

Question 62

Q

You would like to provide internet access to your instances in private subnets with IPv4, while making sure this solution requires the least amount of administration and scales seamlessly. What should you use?

NAT Instances with Source / Destination Check flag off
NAT Gateway

Answer

A

NAT Gateway

Question 63

Q

Your EC2 instance in a private subnet must access the AWS APIs privately. You must keep all traffic within the AWS network. What do you recommend?

NAT Gateway in public subnet & Internet Gateway
VPC Endpoints
Direct Connect

Answer

A

VPC Endpoints

Question 64

Q

I tried creating an S3 bucket named “dev” but it didn’t work. This is a new AWS Account and I have no buckets at all. What is the cause?

I’m missing IAM permissions to create a bucket
Bucket names must be globally unique and “dev” is already taken

Answer

A

Bucket names must be globally unique and “dev” is already taken - video #83

Answer 63

A

null

Any file that is not versioned prior to enabling versioning will have version “null”

Answer 64

A

SSE-C - video #87

Answer 65

A

encryption keys entirely handled & managed by AWS

Answer 66

A

encryption keys handled & managed by AWS’s Key Management Service

gives user control (who has control)
provides audit trail (who did what)

Answer 67

A

encryption keys handled & managed by you outside of AWS

S3 does not store any keys
keys get used then discarded
must use HTTPS (encryption in transit)
keys are provided in HTTP headers
more management on your end since you created the keys

Answer 68

A

when you (client) encrypt the object before uploading to S3

S3 Encryption Client helps with encryption
You must encrypt/decrypt data yourself before sending/when retrieving to/from S3
Customer fully manages keys & encryption cycle
Encryption all happens outside of S3

Answer 69

A

free to use endpoints you want, but HTTPS is recommended
use HTTPS endpoint by default
HTTPS is mandatory for SSE-C

Answer 70

A

Client Side Encryption

Answer 71

A

the IAM user has an explicit DENY in the attached IAM policy

Explicit DENY in an IAM policy will take precedence over a bucket policy permission

Answer 72

A

CORS is not enabled

Answer 73

A

I should run aws configure and put my credentials there. Invalidate them when I’m done

Answer 74

A

I should ask an administrator to attach a Policy to the IAM role on my EC2 Instance that authorizes it to do the API call

Answer 75

A

Compare his IAM policy and my IAM policy in the policy simulator to understand the differences

Answer 76

A

Query the meta data at http://169.254.169.254/latest/meta-data

Answer 77

A

Python - scripting language(?)

Answer 78

A

create an IAM user for the application and put the credentials into environment variables. Here, it’s about creating a dedicated user for that application, as using your own personal credentials would blur the lines between actual users and applications.

or you could run aws configure on the machine

Answer 79

A

meta data | temporary

Answer 80

A

Use the IAM Policy Simulator OR the dry run CLI option - video #105

Answer 81

A

No

you can retrieve the role name attached to your EC2 instance using the metadata service but not the policy itself

Answer 82

A

Use the STS decode-authorization-message API - video #106 STS

Answer 83

A

using an exponential backoff strategy - video #110 SDK overview

Answer 84

A

STS GetSessionToken

Answer 85

A

Command Line Options > Environment Variables > EC2 Instance Profile

https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#config-settings-and-precedence

Answer 86

A

Enable MFA Delete

MFA Delete forces users to use MFA tokens before deleting objects. It’s an extra level of security to prevent accidental deletes

Answer 87

A

Enable “Default Encryption” on S3

Answer 88

A

Enable S3 Access Logs and analyze them using Athena

S3 Access Logs log all the requests made to buckets, and Athena can then be used to run serverless analytics on top of the logs files

Answer 89

A

S3 Cross-Region Replication

S3 CRR is used to replicate data from an S3 bucket to another one in a different region

Answer 90

A

S3 Pre-Signed URL

Pre-Signed URL are temporary and grant time-limited access to some actions in your S3 bucket.

Answer 91

A

Instant (10 sec)

Answer 92

A

S3 Select

Answer 93

A

you should use Multi Part upload when your file is bigger than 5GB

Answer 94

A

Do a Multi Part upload

Answer 95

A

CloudFront: utilizes edge locations to distribute your static & dynamic web content faster > lower latency for users around the world

CloudWatch: think logs and alarms, for monitoring on AWS in real time. You can also use this data to stop under-used instances to save money.

CloudFormation: stacks, easy way to model a collection of related AWS & 3rd-party resrcs, Infrastructure as Code!

Answer 96

A

CloudFront Signed URL

CloudFront Signed URL are commonly used to distribute paid content through dynamic CloudFront Signed URL generation.

Answer 97

A

S3 Cross Region Replication

S3 CRR allows you to replicate the data from one bucket in a region to another bucket in another region

Answer 98

A

Use CloudFront Geo Restriction

Answer 99

A

Invalidate the distribution

forces CloudFront edge location to invalidate the cached data and use new data (fetched from S3)

Answer 100

A

ECS - video #139 what is Docker

Answer 101

A

ECS_ENABLE_TASK_IAM_ROLE - video #140 ECS Clusters

Although this wasn’t discussed during the hands on, you need to know about that important setting in the ecs.config file

Answer 102

A

Double check your IAM permissions for CodeBuild service - video #144

Any permissions issues against ECR is most likely due to IAM policies

Answer 103

A

ALB & ECS

Uses the dynamic port feature

Answer 104

A

The host port is defined in the task definition

To enable random host port, set host port = 0 (or empty), which allows multiple containers of the same type to launch on the same instance

Answer 105

A

The security groups on the EC2 instance are misconfigured

security groups do not matter when an instance registers with the ECS service

Answer 106

A

> $(aws ecr get-login –no-include-email)

> docker pull $ECR_IMAGE_URL

Answer 107

A

Create 4 ECS task roles and attach them to the relevant ECS task definition

Answer 108

A

bindpack

runs all tasks in one EC2 Instance so in the end, it saves money on having to pay for less instances

Answer 109

A

Single Instance Mode

Answer 110

A

many environments

Answer 111

A

Provide a custom platform - video #165

Answer 112

A

can be named freely - video #155

Answer 113

A

Immutable

to roll back quickly, this deployment mode terminates the temporary ASG that has the new version, while the current one is untouched and already running at capacity

Answer 114

A

Rolling - video #156

Answer 115

A

Rolling with additional batches - video #156

Answer 116

A

Create an elasticache.config file in the .ebextensions folder which is at the root of the code zip file and provide appropriate configuration

Answer 117

A

Resolve the dependencies beforehand and package them in the zip file uploaded to Elastic Beanstalk - video #165

Answer 118

A

AWS CloudFormation

Answer 119

A

Create an .ebextension/elb.config file to configure the Load Balancer

Answer 120

A

Use a Lifecycle Policy

Answer 121

A

Set up a Worker env and a cron.yaml file

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features-managing-env-tiers.html

Answer 122

A

Make a snapshot of the database before it gets deleted

Answer 123

A

all at once

Answer 124

A

Continuous Integration and Continuous Delivery

Answer 125

A

CodeBuild

Answer 126

A

Setup AWS SNS / Lambda integration in CodeCommit

Answer 127

A

AWS CloudWatch Events

Answer 128

A

HTTP public access

Answer 129

A

Setup an IAM Role in your account and tell him to use STS cross-account access to assume that role

Answer 130

A

Your CodeBuild stage probably failed some tests

Answer 131

A

Setup an AWS CloudWatch Event Rule

Answer 132

A

AWS CloudTrail

Answer 133

A

at the root of your code

Answer 134

A

SSH into the CodeBuild container to debug from there

CodeBuild containers are deleted at the end of their execution (success or failed). You can’t SSH into them, even while they’re running

Answer 135

A

Change buildspec.yml to enable dependencies caching in Amazon S3

Answer 136

A

CodePipeline + CodeBuild

CodeBuild can run any commands, so you can use it to run commands including generating a static website and copy your static web files to Amazon S3.

CodeCommit + CodePipeline won’t work as the static website needs to be generated
CodeDeploy only supports deployment to EC2 Instances

Answer 137

A

Stop Application, Before Install, After Install, Start Application

Answer 138

A

ValidateService

Answer 139

A

You’ve probably forgotten to install and start the CodeDeploy agent

Answer 140

A

Upload a new version of a CloudFormation template with the modified code and apply it in the

Answer 141

A

in Amazon S3

CloudFormation references a template from Amazon S3, no matter what. If you upload the template from the AWS console, it gets uploaded in Amazon S3 behind the scenes, and CloudFormation references that template from there.

Answer 142

A

false - video #184

Answer 143

A

Resources

Answer 144

A

Fn::GetAtt - video #193

Answer 145

A

conditions

Answer 146

A

IPAddress=10.0.0.1

Answer 147

A

Delete the other stacks referencing the exported outputs first - video #191

Answer 148

A

Exported output names must be unique within your region

Answer 149

A

Enable Detailed Monitoring - video #198

Answer 150

A

1 second - video #198

Answer 151

A

PutMetricData - video #198

Answer 152

A

The alarm will remain in “ALARM” state but never decrease the number of instances in my ASG - video #199

Answer 153

A

10 seconds - video #199

Answer 154

A

false

They never expire by default

Answer 155

A

Log Groups - video #200

Answer 156

A

A config file is missing in . ebextensions/ folder of your code

Answer 157

A

The X-Ray daemon is not running on the EC2 instance - video #206

Answer 158

A

Your IAM role for your EC2 instance doesn’t have the required permissions to send data to X-Ray

Answer 159

A

Look in CloudTrail for a “delete” event in Elastic Beanstalk

Answer 160

A

Create a role on another account, and allow a role in your account to assume that role.

This is best practice

Answer 161

A

Annotations

Answer 162

A

AWS X-Ray

Answer 163

A

BatchGetTraces

Answer 164

A

Do nothing, SQS scales automatically

Answer 165

A

Increase the DelaySeconds parameters

Answer 166

A

Increase the Visibility Timout

(?) make it visible for a longer time so people don’t need to process it twice

Answer 167

A

Implement a DLQ with a redrive policy

Answer 168

A

Enable Long Polling

Answer 169

A

SQS FIFO Queue

Answer 170

A

use the SQS Extended Client library

Answer 171

A

use SNS & SQS Fan Out pattern

Answer 172

A

add more shards

Kinesis replication does not exist

Answer 173

A

You should a partition key that represents the identity of the users

Answer 174

A

use exponential backoff on retries

Answer 175

A

Kinesis Streams & Kinesis Firehose

Answer 176

A

MessageGroupId

Answer 177

A

MessageDeduplicationId

Answer 178

A

10

In KCL, you can have a maximum of EC2 instances running in parallel equal to the number of shards in your Kinesis Stream.

Answer 179

A

10

you can have as many consumers as GroupID for your FIFO queues

AWS Dev Associate Flashcards

Pass aws cert exam!