AWS Dev Linux Aca Flashcards
Which of the following AWS X-Ray filters would be most likely to return useful data on HTTP request failures to an API on a /courses resource which appears on the domain of api.linuxacademy.com/courses?
ok = false AND http.url CONTAINS “/courses”
the ok = false part will look for HTTP failures and the http.url CONTAINS will search for a URL path that contains the string of “/courses”
You define the following S3 bucket policy to grant users access to your bucket, but the S3 bucket policy editor will not allow you to submit it. Why is this policy not working?
``` { “Id”: “Policy1441839160967”, “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “Stmt1441839157568”, “Action”: [ “s3:ListBucket” ], “Effect”: “Allow”, “Resource”: “arn:aws:s3::: linuxacademy.testbucket.2 “ } ] }
The Resource name is incorrect - S3 bucket names cannot contain periods
While working with the S3 API you receive the error message: 404 Not Found. What is the most likely cause of this error?
NoSuchBucket
The following code snippet is the parameters section of a CloudFormation template that you have written.
“Parameters” : {
“KeyName”: {
“Description” : “answer to the question”,
“Type”: “AWS::EC2::KeyPair::KeyName”,
…
}
}
It will ask you to provide the name of an existing EC2 KeyPair to use.
Before launching the creation of our CloudFormation template, CloudFormation will ask us to choose an existing keypair name to associate with our EC2 instance(s). This Parameters section allows us to do that.
Lambda Functions can be deployed using AWS CodeDeploy. Which of the following is NOT an option for Lambda Deployments?
Correct! All Lambda deployments are actually Blue/Green which means that none of them are “In-Place deployments”.
Describe the process of registering a mobile device with SNS push notification service using GCM.
When you first register an app and mobile device with a notification service, such as Apple Push Notification Service (APNS) and Google Cloud Messaging for Android (GCM), device tokens or registration IDs are returned from the notification service. When you add the device tokens or registration IDs to Amazon SNS, they are used with the PlatformApplicationArn API to create an endpoint for the app and device. When Amazon SNS creates the endpoint, an EndpointArn is returned. The EndpointArn is how Amazon SNS knows which app and mobile device to send the notification message to.
https://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-devicetoken.html
You are writing an AWS CloudFormation Template to create a static S3 website configuration. The resources section of this template will be used for access control of the bucket and is defined in the below code snippet. What should the value of “AccessControl” be so that the owner of the bucket gets full control and all users get READ access only.
PublicRead
There are separate permissions for the use of an envelope key (that is, a key that protects your data’s encryption key) that provides added protection against unauthorized access of your objects in S3 and also provides you with an audit trail of when your key was used and by whom.
You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disk, and decryption, when you access your objects.
Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) uses strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it rotates regularly.
Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
One of your requirements is to setup an S3 bucket to store your files like documents and images. However, those objects should not be directly accessible via the S3 URL, they should ONLY be accessible from pages on your website so that only your paying customers can see them. How could you implement this?
You can use a bucket policy and check for the aws:Referer key in a condition, where that key matches your domain
You could use a bucket policy like this: { “Version”: “2012-10-17”, “Id”: “example”, “Statement”: [ { “Sid”: “Allow get requests referred by www.example.com and example.com.”, “Effect”: “Allow”, “Principal”: “”, “Action”: “s3:GetObject”, “Resource”: “arn:aws:s3:::examplebucket/”, “Condition”: { “StringLike”: {“aws:Referer”: [“http://www.example.com/”,”http://example.com/”]} } }, { “Sid”: “
Explicit deny to ensure requests are allowed only from specific referer. Remember that explicit denies override all other permissions.”,
“Effect”: “Deny”, “Principal”: “”, “Action”: “s3:”, “Resource”: “arn:aws:s3:::examplebucket/”, “Condition”: { “StringNotLike”: {“aws:Referer”: [“http://www.example.com/”,”http://example.com/*”]} } } ] }
Which of the following are supported platforms in Elastic Beanstalk?
Apache, MS IIS
The default timeout for visibility queue is __ seconds.
30s
Which API call would you use to attach an EBS volume to an EC2 instance?
AttachVolume
At what size file should you use multi-part upload?
100mb
Objects 5GB or larger require multi-part upload API to be uploaded to AWS. However, it is best practice to use the multi-part upload api for objects 100MB or larger.
AWS Step Functions allows you to create “state machine” workflows via:
State machines are defined by the JSON-based Amazon States Language.
You’re creating a forum DynamoDB database for hosting forums. Your “thread” table contains the forum name and each “forum name” can have one or more “subjects”.
What primary key type would you give the thread table in order to allow more than one subject to be tied to the forum primary key name?
Hash and Range
Each forum name can have one or more subjects. In this case, ForumName is the hash attribute and Subject is the range attribute.
