AWS Developer Associate - C02 (Set 1)

Question 1

The ALB does not show the application servers the IP of the client directly. How can the application servers see the IP of the client?

Answer 1

By looking at the X-Forwarded-For Header

Question 2

Which ELB has Cross-Zone Load Balancing enabled by default?

Answer 2

ALB

Question 3

ALB uses what protocols?

Answer 3

HTTP & HTTPS

Question 4

What is the order of hierarchy with an ASG, ELB, and EC2 instances

Answer 4

Users access ELB, which points to the ASG, which points to EC2 instances

Question 5

NLB uses what protocols?

Answer 5

TCP & UDP

Question 6

What is an example target if you use ASG Target Tracking Scaling?

Answer 6

To keep the CPU Utilization below 70%

Question 7

Which is higher performing in latency and requests/second, NLB or ALB?

Answer 7

NLB

Question 8

What is ASG Simple / Step Scaling?

Answer 8

Adding X units after a CloudWatch Alarm is triggered.
ie: When a CloudWatch Alarm is triggered (CPU > 70%), then add 2 units

Question 9

What are the target groups for NLB?

Answer 9

EC2 Instances, IP Addresses, ALB, Health Checks

Question 10

ASG Scheduled Actions

Answer 10

Anticipates scaling based on known usage patterns

Question 11

What is ASG Predictive Scaling?

Answer 11

Continuously forecasting load and scheduling scaling ahead of expected high usage periods.

Question 12

Metrics to scale on for ASG:

Answer 12

CPUUtilization, RequestCountPerTarget, Average Network in / out, Any other custom metric

Question 13

What is scaling cooldown, and what is the default time for it?

Answer 13

After a scaling activity happens, you are in the cooldown period, with a default of 300 seconds

Question 14

What are the target groups for ALB?

Answer 14

EC2 Instances, ECS tasks, Lambda Functions, IP Addresses

Question 15

What types of Databases can you have within RDS?

Answer 15

Postgres, MySQL, MariaDB, Oracle, Microsoft SQL Server, Aurora

Question 16

RDS Read Replicas use what type of reads?

Answer 16

RDS Read Replicas are asynchronous, so they use eventually consistent reads.

Question 17

Aurora grows in increments of ___ GB up to ___TB

Answer 17

10 GB … 128 TB

Question 18

Does RDS & Aurora support at-rest or in-flight encryption?

Answer 18

Both, KMS for at rest and TLS-ready by default

Question 19

What types of ElastiCache are there?

Answer 19

Redis and Memcached

Question 20

Which Elasticache is highly available?

Answer 20

Redis

Question 21

Which Elasticache is non persistent?

Answer 21

Memcached

Question 22

Which Elasticache supports backup and restore features?

Answer 22

Redis

Question 23

Which Elasticache supports sharding and multi-threaded architecture?

Answer 23

Memcached

Question 24

Which cache of ElastiCache is simpler in terms of setup and use?

Answer 24

Memcached

Question 25

Each Route53 record contains (5):

Answer 25

Domain/subdomain Name, Record Type (A/AAAA), Value, Routing Policy, TTL

Question 26

What types of DNS record types does Route53 support?

Answer 26

A, AAAA, CNAME, NS

Question 27

What is Record Type A?

Answer 27

Maps a hostname to IPv4

Question 28

What is Record Type AAAA?

Answer 28

Maps a hostname to IPv6

Question 29

What is Record Type CNAME?

Answer 29

Maps a hostname to another hostname

Question 30

What is Record Type NS?

Answer 30

Name Servers for the Hosted Zone

Question 31

What is the subdomain in the following example: http://www.tinydancinghorse.com ?

Answer 31

www

Question 32

What is the Top level domain in: http://www.tinydancinghorse.com ?

Answer 32

com

Question 33

What is the Domain Name in the following example: http://www.tinydancinghorse.com ?

Answer 33

tinydancingHorse

Question 34

What is the Root domain in: http://www.tinydancinghorse.com?

Answer 34

Tinydancinghorse.com

Question 35

What does a CNAME do in Route53?

Answer 35

Points a hostname to any other hostname (app.mydomain.com -> bla.anything.com)

Question 36

What does an Alias do in Route53?

Answer 36

Points a hostname to an AWS Resource (app.mydomain.com -> bla.amazonaws.com) AND Works for ROOT domain and NON ROOT domain

Question 37

What Record type is an Alias Record in Route53

Answer 37

A or AAAA

Question 38

How do you set the TTL for an Alias Record in Route53?

Answer 38

You can’t

Question 39

What types of Routing Policies does Route53 support? (7)

Answer 39

Simple, Weighted, Failover, Latency Based, Geolocation, Multi-Value answer, Geoproximity

Question 40

What does simple routing policy do?

Answer 40

Routes traffic to a single resource. If multiple values are returned, random one is chosen by the client.

Question 41

What does the weighted routing policy do?

Answer 41

Control the % of the requests that go to each specific resource

Question 42

What does the latency-based routing policy do?

Answer 42

Redirects to the resource that has the least latency close to us - Latency is based on traffic between users and AWS Regions

Question 43

Where do Route53 health checks if an EC2 instance is within an ASG within an ALB?

Answer 43

The ALB

Question 44

Are Route53 health checkers inside or outside of the VPC?

Answer 44

Outside

Question 45

What does the Geolocation Routing Policy do?

Answer 45

Routes based on user location, specific to continent, country, or state

Question 46

What does the Geoproximity routing policy do?

Answer 46

Routes traffic to resources based on the geographic location of users and resources

Question 47

What do Internet Gateways do for VPCs?

Answer 47

Helps our VPC instance connect with the external internet

Question 48

What do NAT Gateways do?

Answer 48

Allows our VPC to access the internet through the Internet Gateway (IGW) while staying private

Question 49

What is a NACL?

Answer 49

A Network ACL is a firewall which controls traffic to and from a subnet, which can have ALLOW or DENY rules, only including IP addresses

Question 50

What is a security group?

Answer 50

A firewall that controls traffic to and from an ENI/EC2 Instance. It can only have ALLOW rules, which include IP addresses and other security groups

Question 51

What AWS services access a VPC through a VPC Endpoint?

Answer 51

S3 and DynamoDB

Question 52

What AWS services access a VPC through a VPC Endpoint Interface?

Answer 52

Anything other than S3 and DynamoDB

Question 53

What is the URL for EC2 Instance Metadata?

Answer 53

http://169.254.169.254/latest/meta-data

Question 54

Can you retrieve the IAM Role name or the IAM policy from the metadata?

Answer 54

Just the IAM Role name

Question 55

What API call do you need to use for MFA?

Answer 55

STS GetSessionToken; $> sts get-session-token

Question 56

What S3 encryption type requires HTTPS over HTTP?

Answer 56

SSE-C

Question 57

What is the default encryption in S3?

Answer 57

SSE-S3

Question 58

Why can’t you generate a pre-signed S3 URL and paste it in the browser if you use SSE-C?

Answer 58

For non-SSE-C objects, you can generate a presigned URL and directly paste that URL into a browser to access the data. However, you cannot do this for SSE-C objects, because in addition to the presigned URL, you also must include HTTP headers that are specific to SSE-C objects. Therefore, you can use presigned URLs for SSE-C objects only programmatically.

Question 59

What must be enabled to use MFA delete in S3?

Answer 59

Versioning must be enabled.

Question 60

What is the purpose of CloudFront?

Answer 60

It is a CDN (Content Delivery Network) that gives developers an easy and cost effective way to distribute content with low latency and high data transfer speeds.

Question 61

What is the API in CloudFront that invalidates part of the cache?

Answer 61

CreateInvalidation API

Question 62

Where are Docker images stored in AWS?

Answer 62

Amazon ECR (Elastic Container Registry)

Question 63

What is AWS Fargate and which AWS Services does it support?

Answer 63

It is Amazon’s own Serverless container platform, which works with ECS and EKS

Question 64

What are the two launch types for ECS?

Answer 64

EC2 & Fargate

Question 65

What is the difference between Fargate and EC2 launch types for ECS?

Answer 65

Fargate is serverless with no infrastructure to manage, while EC2 Launch type requires you to provision & maintain the EC2 Instances

Question 66

What is a Task Role?

Answer 66

It allows the containers in your task to assume an IAM role without having to use AWS credentials inside the containers.

Question 67

Which Load Balancer is not compatible with ECS Fargate?

Answer 67

CLB - Classic Load Balancer

Question 68

Which ECS Launch type(s) does EFS work with?

Answer 68

Both EC2 and Fargate

Question 69

Is EFS serverless or not?

Answer 69

Serverless

Question 70

What is Target Tracking ECS Autoscaling?

Answer 70

Scales based on a target value for a specific CloudWatch metric

Question 71

What is Step Scaling ECS Autoscaling?

Answer 71

Scales by adding X tasks based on a specific CloudWatch alarm

Question 72

What is Scheduled Scaling ECS Autoscaling?

Answer 72

Scales the number of ECS tasks based on the time or day.

Question 73

What is the problem with autoscaling for EC2 ECS?

Answer 73

ECS Service autoscaling only scales at the task level, it does not scale the EC2 instances

Question 74

What are the 7 crucial bits of information in an ECS Task Definition?

Answer 74

Image Name, Port binding for container & host, Memory & CPU, Environment Variables, Networking Information, IAM Role, Logging Config

Question 75

For which ECS Launch type can you define a Task Placement Strategy or Task Placement Constraints?

Answer 75

ECS EC2

Question 76

Is EFS Multi-AZ by default?

Answer 76

Yes

Question 77

What is the Login command for Amazon ECR?

Answer 77

Aws ecr get-login-password

Question 78

What is the managed Node Group in EKS?

Answer 78

It creates and manages EC2 instance nodes for you, which are a part of an ASG managed by EKS

Question 79

What are Self-managed nodes in EKS?

Answer 79

Nodes created by you and managed by an ASG

Question 80

What maintenance is required for Fargate with EKS?

Answer 80

None required as there are no nodes to be managed.

Question 81

What are the 3 Elastic Beanstalk components?

Answer 81

Application, application version, and Environment

Question 82

What is the directory for Elastic Beanstalk Extensions?

Answer 82

.ebextensions/

Question 83

What is the suffix for Elastic Beanstalk extension files?

Answer 83

.config

Question 84

What does Elastic Beanstalk rely on under the hood?

Answer 84

CloudFormation

Question 85

What are the 6 components of a CloudFormation template?

Answer 85

Resources (mandatory), Parameters, Mappings, Outputs, Conditionals, Metadata

Question 86

What is in the resources component of CloudFormation?

Answer 86

The aws resources declared in the template

Question 87

What is in the parameters component of CloudFormation?

Answer 87

The dynamic inputs for your template so you can input custom values each time you create or update a stack

Question 88

What is in the mappings component of CloudFormation?

Answer 88

Maps, their keys, and values which can be referenced in your CloudFormation template.

Question 89

What is in the outputs component of CloudFormation?

Answer 89

Outputs from the current stack, which can be referenced by other stacks.

Question 90

How do you reference a parameter in cloudFormation?

Answer 90

Fn::Ref or !Ref

Question 91

When to use parameters instead of mappings in CloudFormation?

Answer 91

When the values are really user specific

Question 92

How do you access values in a map?

Answer 92

Fn::FindInMap or !FindInMap

Question 93

What are the three parameters passed into the !FIndInMap function?

Answer 93

MapName, TopLevelKey, SecondLevelKey

Question 94

Can you delete a stack if one of its outputs is referenced by another CloudFormation stack?

Answer 94

No, you must delete the stacks that reference the base stack before deleting the base stack.

Question 95

How do you use an output value in a different stack?

Answer 95

Fn::ImportValue or !ImportValue

Question 96

What is the function to reference parameters or resources?

Answer 96

Fn::Ref or !Ref

Question 97

What is the function to get attributes?

Answer 97

Fn::GetAtt or !GetAtt

Question 98

What is the function used to access a map value?

Answer 98

Fn::FindInMap or !FindInMap

Question 99

What is the function used to import values exported in other templates?

Answer 99

Fn::ImportValue or !ImportValue

Question 100

What happens in a CloudFormation rollback when stack creation fails?

Answer 100

Everything gets deleted

Question 101

What happens in a CloudFormation rollback when the Stack Update fails?

Answer 101

The stack automatically rolls back to the previous known working state.

Question 102

What is CloudWatch mainly used for?

Answer 102

Providing metrics, logs, events and alarm

Question 103

What is X-Ray for?

Answer 103

Troubleshooting app performance and errors

Question 104

What is CloudTrail for?

Answer 104

Internal monitoring of API calls and auditing changes to Resources by users

Question 105

By default, how often do EC2 instances share instance metrics?

Answer 105

Every 5 minutes

Question 106

Is AWS CloudTrail enabled by default?

Answer 106

Yes

Question 107

What does CloudTrail provide?

Answer 107

Governance, compliance, and audit for your AWS Account

Question 108

How long are events stored in CloudTrail?

Answer 108

90 days

Question 109

What is the max message size in SQS - Standard?

Answer 109

256 KB

Question 110

Does SQS have in flight encryption?

Answer 110

Yes, it uses HTTPS

Question 111

Does SQS have at-rest encryption?

Answer 111

Yes, it uses KMS

Question 112

What is Message Visibility Timeout in SQS?

Answer 112

It is the length of time which the message will become invisible to other consumers after the message is polled.

Question 113

What is SQS Delay Queue?

Answer 113

Delays a message so that consumers won’t see it immediately for up to 15 minutes

Question 114

What is SQS Long Polling?

Answer 114

When a consumer requests messages from the queue, it can “wait” for messages to arrive if there are none in the queue

Question 115

What does the SQS API CreateQueue do?

Answer 115

Creates an SQS queue

Question 116

What does the SQS API PurgeQueue do?

Answer 116

Deletes all of the messages in the queue

Question 117

What does the SQS API SendMessage do?

Answer 117

Sends a message onto SQS

Question 118

What is the SQS MaxNumberOfMessages default and max?

Answer 118

Default of 1, max of 10

Question 119

What is the SQS API ReceiveMessageWaitTimeSeconds for?

Answer 119

It is used for Long Polling.

Question 120

How many consumers can you have per SQS FIFO Group?

Answer 120

Just one

Question 121

What does the SQS + SNS Fan Out architecture look like?

Answer 121

Producer sends a message to SNS with a specific topic, then SNS sends the message to a different SQS Queue depending on the topic.

Question 122

What can you do if you need the messages to be in order by topic?

Answer 122

Use SNS FIFO

Question 123

What can you do if your SQS Queue only wants to hear certain messages from an SNS topic?

Answer 123

Use SNS Message filtering

Question 124

What does Kinesis Data Streams do?

Answer 124

It captures, processes, and stores data streams

Question 125

What does Kinesis Data Firehose do?

Answer 125

It captures, transforms, and delivers streaming data to data lakes, data stores, and analytics services.

Question 126

What does Kinesis Data Analytics do?

Answer 126

Analyze data streams with SQL or Apache Flink

Question 127

What does Kinesis Video Streams do?

Answer 127

Capture, process and store video streams

Question 128

Do Kinesis Data Streams have security in flight and at rest?

Answer 128

Yes, via HTTPS in flight and using KMS at rest

Question 129

What should you use in SQS FIFO to group messages together, but in order by group?

Answer 129

Group ID

Question 130

Do NoSQL Databases scale vertically or horizontally?

Answer 130

Horizontally

Question 131

What is the maximum size of an item in DynamoDB?

Answer 131

400KB

Question 132

What are the datatypes supported in DynamoDB?

Answer 132

Scalar, String, Binary, Boolean, Document (List/Map), Set (String set, Number set…)

Question 133

What are the two options for primary keys in DynamoDB?

Answer 133

Partition key OR partition key + sort key

Question 134

How large of a write is one WCU?

Answer 134

1KB

Question 135

How many Strongly consistent reads does one RCU represent?

Answer 135

1

Question 136

How many eventually consistent reads does one RCU represent?

Answer 136

2

Question 137

How large of a read is one RCU?

Answer 137

4KB

Question 138

If there is an RCU issue in DynamoDB, what can we use to help?

Answer 138

DynamoDB Accelerator (DAX)

Question 139

What kind of read is GetItem on DynamoDB?

Answer 139

Eventually Consistent read

Question 140

How can you only retrieve certain attributes of an item from DynamoDB through GetItem?

Answer 140

By using ProjectionExpression

Question 141

Can you use BatchWriteItem to update items in DynamoDB?

Answer 141

No, only to create them.

Question 142

What is the max data written in one BatchWriteItem call?

Answer 142

16 MB

Question 143

For Read queries on DynamoDB, would you use Filter Expression filters, or would you use Condition Expressions?

Answer 143

Filter Expression filters are for reads, Condition Expressions are for writes

Question 144

When can you define a Local Secondary Index?

Answer 144

ONLY AT TABLE CREATION

Question 145

What is the purpose of a Local Secondary Index?

Answer 145

An alternative sort key for your table

Question 146

What is the purpose of a Global Secondary Index?

Answer 146

An alternative primary key/partition key from the base table (Like looking at the same table organized in a different manner with a different primary key)

Question 147

When can you add a Global Secondary Index?

Answer 147

Any time after table creation

Question 148

What happens if the writes are throttled on the Global Secondary Index of a DynamoDB table?

Answer 148

The writes will be throttled on the main table

Question 149

What is a DynamoDB Stream?

Answer 149

An ordered stream of item-level modifications in a table

Question 150

How long is data retained in a DynamoDB stream?

Answer 150

Up to 24 hours

Question 151

What is a DynamoDB Transaction?

Answer 151

An operation coordinated to add one or more items across one or more tables. The operation only happens if all of the operations are successful.

Question 152

How much more expensive are transactions in DynamoDB?

Answer 152

Reads and Writes are both twice as expensive using DynamoDB Transactions

Question 153

What are the 3 endpoint types for API Gateway?

Answer 153

Edge-Optimized, Regional, and Private

Question 154

Who can access Private API Gateway Endpoints?

Answer 154

Can be accessed from the VPC

Question 155

If you make changes in API Gateway and aren’t seeing the changes take place, what is likely the issue??

Answer 155

For API Gateway, you need to make a “deployment” for changes to be in effect

Question 156

How can you have dev, test and prod environments in API Gateway?

Answer 156

By having multiple stages, one for each, as they can all have their own Stage variables

Question 157

How does API Gateway Canary deployment work?

Answer 157

It points a small percentage of the traffic (5%) to the new service, and if nothing fails, it will switch over 100% of the traffic

Question 158

What is the API Gateway MOCK Integration type for?

Answer 158

It returns a response without sending the request to the backend

Question 159

What is the API Gateway HTTP/AWS Integration type for?

Answer 159

So you can configure both the integration request and response, and setup data mapping using mapping templates for the request & response

Question 160

What is the API Gateway AWS_PROXY Integration type for?

Answer 160

Sending the incoming request directly through to the Lambda function, which will handle the request and forward an HTTP response

Question 161

Which API use XML/JSON between SOAP and REST?

Answer 161

SOAP uses XML, REST uses JSON

Question 162

How can you reduce the number of calls to the backend using API Gateway?

Answer 162

API Gateway Caching API responses

Question 163

What is the default TTL for APIGW caching?

Answer 163

300 seconds

Question 164

What do the CacheHitCount & CacheMissCount metrics help you define using API Gateway?

Answer 164

The efficiency of the API Gateway cache

Question 165

What does the IntegrationLatency metric tell you about API Gateway?

Answer 165

The time between when API Gateway relays a request to the backend and when it receives a response from the backend

Question 166

What should you ensure is enabled when API calls to API Gateway are failing from another domain?

Answer 166

Ensure CORS is enabled

Question 167

What mode of security should you use for API gateway if you want to authorize using 3rd party tokens?

Answer 167

Custom Lambda Authorizer

Question 168

What is API Gateway’s Websocket API good for?

Answer 168

It is a two-way interactive communication between a user’s browser and the server, it is good for multiplayer games, collaboration and chat platforms

Question 169

What is AWS CodeCommit for?

Answer 169

Storing our code, similar to Git

Question 170

What is AWS CodePipeline for?

Answer 170

It’s used to model, visualize, and automate the steps required to release your software.

Question 171

What is AWS CodeBuild for?

Answer 171

Building and testing our code

Question 172

What is AWS CodeDeploy for?

Answer 172

Deploying the code to any instance, including EC2

Question 173

What is AWS CodeStar for?

Answer 173

It provides the tools you need to quickly develop, build, and deploy applications on AWS. You can set up your entire CICD pipeline in minutes.

Question 174

What is AWS CodeArtifact for?

Answer 174

It stores, publishes, and shares software packages

Question 175

What is AWS CodeGuru for?

Answer 175

Automated code reviews using Machine Learning

Question 176

How do AWS CodeCommit, CodeBuild, and CodeDeploy pass information between themselves?

Answer 176

They create artifacts stored in S3, which the next stage can reference

Question 177

What file contains the build instructions for AWS CodeBuild?

Answer 177

Buildspec.yml

Question 178

What is in the env section of the AWS CodeBuild buildspec.yml?

Answer 178

Defines environment variables

Question 179

What is in the phases section of the AWS CodeBuild buildspec.yml?

Answer 179

Specific commands to run

Question 180

What is in the artifacts section of the AWS CodeBuild buildspec.yml?

Answer 180

What to upload to S3

Question 181

What is in the cache section of the AWS CodeBuild buildspec.yml?

Answer 181

Files to cache to S3 for future build speedup

Question 182

What file contains instructions for deployment when using CodeDeploy?

Answer 182

Appspec.yml

Question 183

When using SAM, where is the application actually built?

Answer 183

The application is built locally, before the package is zipped and uploaded to S3.

Question 184

After building the application, what happens when using SAM?

Answer 184

The CloudFormation template is zipped and uploaded to S3

Question 185

What does SAM framework rely upon to update Lambda function?

Answer 185

AWS CodeDeploy

Question 186

What is AutoPublishAlias in SAM?

Answer 186

Detects when new code is being deployed, creates and publishes an updated version of that function with the latest code.

Question 187

What is DeploymentPreference for in SAM?

Answer 187

Lets you choose Canary, Linear, or AllAtOnce deployment types for your application

Question 188

What are hooks in SAM?

Answer 188

Pre and post traffic shifting Lambda functions to test your deployment

Question 189

What is SAM built on?

Answer 189

CloudFormation

Question 190

What sections does SAM require? (2)

Answer 190

Transform and Resources sections

Question 191

What command for SAM fetches dependencies and creates local deployment artifacts?

Answer 191

Sam build

Question 192

What command for SAM packages and uploads to AmazonS3?

Answer 192

Sam package

Question 193

What command for SAM deploys to CloudFormation?

Answer 193

Sam deploy

Question 194

What is AWS CDK?

Answer 194

The AWS Cloud Development Kit allows you to define your cloud infrastructure in a familiar language like JS or Python

Question 195

What AWS service does AWS CDK leverage?

Answer 195

AWS CloudFormation

Question 196

What is Cognito User Pools for?

Answer 196

Creates a serverless database of users for sign in functionality for app users. It provides access to AWS, not individual AWS resources.

Question 197

What is special about Cognito User Pools Hosted Authentication UI?

Answer 197

You can add it to your app as a sign in form and customize the CSS

Question 198

What does Cognito User Pools Adaptive Authentication do?

Answer 198

Examines each sign-in attempt risk and requires MFA for high-risk sign-in attempts

Question 199

What must the ALB use to set authentication rules for oidc or cognito?

Answer 199

An HTTPS listener

Question 200

What does Cognito Identity Pools do?

Answer 200

Get identities for “users” so they obtain temporary AWS credentials. It can provide access to specific individual AWS resources.

Question 201

What is the Step function state Choice State?

Answer 201

Test for a condition to send to a branch

Question 202

What is the Fail or succeed state in a step function?

Answer 202

Stop execution with failure or success

Question 203

What is the Pass state in a step function?

Answer 203

Simply pass its input to its output or inject fixed data, but do no work

Question 204

What is the Wait state in a step function?

Answer 204

Provide a delay for a certain amount of time or until a specified time/date

Question 205

What is the Map State in a Step Function?

Answer 205

It runs a set of workflow steps for each item in a dataset

Question 206

What is the Parallel State in a Step Function?

Answer 206

It begins parallel branches of execution

Question 207

What performs the tasks in a Step Function Activity Task?

Answer 207

Activity Workers

Question 208

What is it that AppSync relies on?

Answer 208

GraphQL

Question 209

What is AppSync for?

Answer 209

Allows your applications to access exactly the data they need. It is a flexible API to securely access, manipulate, and combine data from multiple sources

Question 210

What does AWS Amplify do?

Answer 210

It lets frontend web and mobile developers easily build, ship, and host full-stack apps on AWS

Question 211

What does AWS Amplify support language-wise?

Answer 211

Angular, React, flutter…

Question 212

What does AWS Amplify use for authentication?

Answer 212

Amazon Cognito

Question 213

What does AWS Amplify use for a datastore?

Answer 213

It leverages Amazon AppSync and Amazon DynamoDB

Question 214

What is AWS Direct Connect?

Answer 214

A network service that provides an alternative to using the internet to utilize AWS Cloud Services

Question 215

Are Lambda Environmental variables secure by default?

Answer 215

Yes, they are encrypted by default

Question 216

How can you use AWS CodeDeploy for an on-premises server?

Answer 216

Use AWS SSM to install the CodeDeploy agent and register your on-premises servers as a deployment group

Question 217

What does AWS SSM do?

Answer 217

Updates, manages, and configures resources on instances or on-premises servers.

Question 218

How can you effectively monitor Elastic Beanstalk resources and receive performance notifications?

Answer 218

Enable enhanced health reporting for the Elastic Beanstalk environment

Question 219

When should you use AWS::Serverless::SimpleTable vs AWS::DynamoDB::SimpleTable?

Answer 219

Use AWS::DynamoDB::SimpleTable when you need advanced functionalities for DynamoDB; Use AWS::Serverless::SimpleTable when you only need basic functionalities

Question 220

What is the AWS::Serverless::Application resource type used for in SAM?

Answer 220

It embeds a serverless application from the SAR (Serverless Application Registry) or from an Amazon S3 bucket as a nested application

Question 221

What is the AWS::Serverless::Function SAM resource used to create?

Answer 221

It creates a Lambda function

Question 222

Replace this card

Answer 222

Replace

Question 223

What happens when you use the DynamoDB DELETE action on an empty set?

Answer 223

It causes an error

Question 224

What happens when you try to perform multiple actions in a single expression for DynamoDB?

Answer 224

It performs the multiple actions specified. This does not cause an error.

Question 225

How can you change a Lambda function’s behavior without updating the code itself?

Answer 225

Use the environment variables, which is a pair of strings stored in the function’s configuration

Question 226

What is ChangeMessageVisibility used to reduce?

Answer 226

It reduces message reprocessing

Question 227

When does the data get written to the cache in a write-through caching?

Answer 227

At the same time as the database

Question 228

At what point can you create Local Secondary Indexes?

Answer 228

ONLY at table creation

Question 229

Are Local Secondary Indexes Strongly or Eventually Consistent reads?

Answer 229

You can use either with a local secondary index

Question 230

Are Global Secondary Indexes Strongly or Eventually Consistent reads?

Answer 230

Eventually Consistent Reads only

Question 231

Which is simpler, Memcached or Redis?

Answer 231

Memcached

Question 232

What does Amazon Connect do?

Answer 232

It helps you integrate with other enterprise applications, such as Salesforce

Question 233

How often are KMS keys rotated when you enable automatic key rotation?

Answer 233

About once a year

Question 234

What application can Amazon Macie be used for?

Answer 234

S3 only

Question 235

What does Amazon Macie do?

Answer 235

Identifies sensitive data in S3 buckets

Question 236

What is SAR (Serverless Application Repository)?

Answer 236

It’s a managed repository for serverless applications, enabling developers to store and share reusable applications.

Question 237

What should you do if your asynchronously triggered lambda function fails and you need it to run?

Answer 237

Wait for it to auto retry, asynchronously triggered lambda functions will auto retry twice after an error

Question 238

How can you get close monitoring of SWF (Simple Workflow Service) processes?

Answer 238

Use the AWS Management Console & Visibility APIs

Question 239

What are Visibility APIs within the SWF (Simple Workflow Service)?

Answer 239

It helps you get run-time information to monitor all executions and get detailed data.

Question 240

Should you use Cognito User pools or Identity pools if you want to give access to just one AWS resource?

Answer 240

Identity pools, it can give access to sole resources

Question 241

What can you use to ensure your DynamoDB data is encrypted in transit and at rest?

Answer 241

DynamoDB Encryption Client

Question 242

What is DynamoDB Encryption Client?

Answer 242

A software library that enables you to protect your DynamoDB data in transit and at rest

Question 243

What is the beginning of the AWS CLI command to create an Amazon Cognito Identity pool?

Answer 243

Aws cognito-identity…

Question 244

What does a developer NEED to do to convert a legacy java app Jar file after uploading the jar to turn it into a lambda function?

Answer 244

Define a handler function

Question 245

What is the Elastic Beanstalk proxy server?

Answer 245

It helps you serve static files from elastic beanstalk from directories within your web app.

Question 246

Can X-Ray be used for REST APIs, SOAP APIs, or both?

Answer 246

REST APIs only

Question 247

What section of a CloudFormation template lets you deploy variable sized instances based on the environment (dev, test, prod…)?

Answer 247

Conditions

Question 248

Can a VPN help give applications programmatic access to resources?

Answer 248

No. Only IAM roles or other AWS credentials can give programmatic access to resources.

Question 249

What type of keys do AWS services integrated with KMS use, symmetric or asymmetric?

Answer 249

Symmetric

Question 250

What is AWS CloudHSM?

Answer 250

AWS CloudHSM provides hardware security modules that are used to generate, store and manage encryption keys that are symmetric or asymmetric.

Question 251

What AWS service should you use if you want a single tenant, tamper-proof AWS hardware device?

Answer 251

AWS CloudHSM

Question 252

What happens when your Lambda function is throttled from a stream-based event source?

Answer 252

The Lambda tries to process the throttled batch of records until the data expires

Question 253

After uploading several files to an S3 bucket to test it, you are unable to delete it. What is the issue?

Answer 253

S3 buckets must be empty to be deleted.

Question 254

Should you create an access key for your AWS root account?

Answer 254

No, unless you absolutely need to

Question 255

Should you enable MFA for your AWS root account?

Answer 255

Yes

Question 256

Is it good practice to share the root access key with a trusted team member as backup?

Answer 256

No (Not according to Amazon at least)

Question 257

What does AWS recommend for super-fast, zero-downtime deploys, with rollbacks available?

Answer 257

Blue-Green deployments