AWS Developer study Flashcards
Your application’s document NoSQL database is growing as more customers are discovering your service. You need a type of version control to manage data points as they may change to define trends in your customers’ use cases. Which AWS service will track time-based versions of your data as it goes through changes?
DynamoDB can provide record of data changes over time. This can be done by either time-stamp or sequential numbering.
You are an account representative for an AWS SaaS partner organization that works with healthcare providers. You want to provide a new potential client assurance that your software meets HIPAA compliance. Which of the below statements are NOT true?
AWS is one of the few HIPAA cloud service providers.
You’ve set up an AWS CodePipeline to streamline the CI/CD stages. You want to know when there is a failure in the pipeline’s state. Which of the below code samples will create a CloudWatch alarm to trigger a SNS Topic event should the state change to fail?
{
“source”: [
“aws.codepipeline”
],
“detail-type”: [
“CodePipeline Pipeline Execution State Change”
],
“detail”: {
“state”: [
“FAILED”
]
}
}
In traditional on-premise data centers, best practices suggest maximizing key security by using Hardware Security Module (HSM). What are two ways that a customer can ensure proper data encryption?
AWS CloudHSM
Answer explanation: AWS CloudHSM gives customers the ability to manage their HSMs. Both the AWS KMS and AWS CloudHSM can protect plaintext master keys on behalf of the client. The client is still ultimately responsible for managing the access controls to determine who can cause which encryption keys to be used under which conditions.
Use AWS KMS (Key Management Service)
Answer explanation: AWS KMS is a service provided by AWS that manages a fleet of HSMs. This service can protect plaintext master keys on the customer’s behalf.
To stay aligned with a project, your team has released a web application prior to testing being completed. You do not anticipate a high amount of traffic on the application yet and some pages will probably have no traffic until another project milestone is completed. What AWS service would you use to help preempt any UX issues with page load speeds and errors even though it is not collected activity data yet?
CloudWatch Synthetics
Answer explanation: CloudWatch Synthetics is a service with AWS X-Ray. It can provide insights and suggestions based on connections to endpoints even without user activity taking place yet.
You have recently uploaded 50 new buckets into your account. These buckets contain confidential objects. You need to ensure that access is limited to select internal users and no external entities. What IAM service can help identify your account’s resources that are shared with external entities?
Access Analyzer
Answer explanation: Access Analyzer helps identify the resources in your account to identify unintended access to resources and data. Findings from Access Analyzer can include information about the access and external entity granted access.
Your team is using CodeStar to build a new software project on AWS. To collect data about requests and gain some insights, your team has requested that X-Ray be installed. Which code snippet below accurately shows how to add X-Ray tracing to the resources for our EcommerceWorld application?
Resources:
EcommerceWorld
Type: AWS::Serverless::Function
Properties:
Handler: index.get
Runtime: nodejs4.3
Tracing: Active
Role:
Fn:: ImportValue:
!Join [’-‘, [!Ref ‘ProjectId’, !Ref ‘AWS::Region’, ‘LambdaTrustRole’]]
Your organization is deploying a new application using the AWS Cloud Development Kit (CDK). What CLI cmd will read the file and perform its instructions?
cdk deploy
Answer explanation: cdk deploy will the deploy the stack of files. It will read and perform the instructions in the files.cdk deploy
Your web application has files exceeding 10MB in size. You are using CI/CD with CodePipeline to stage changes in the application. Which of the following AWS services would be most appropriate to use?
S3
Answer explanation: S3 can manage files up to 5 terabytes in size, which is more than sufficient for the application files. CodePipeline works with git sources and non-git sources like S3. Enabling versioning in the S3 bucket will allow updates to the objects as needed
While deploying a new application, the development team originally planned on hosting EC2 instances. Due to some updates in the application, you have decided to switch from EC2 to Lambda. The CloudFormation template you deployed is shown below. What steps do you need to take to change it from EC2 to Lambda?
{
“Type”: “AWS::CodeDeploy::Application”,
“Properties”: {
“ApplicationName” : ShoppingTodayApp,
“ComputePlatform”: “Lambda”
}
}
You cannot make changes to the computer platform properties via an update in CloudFormation. To make the change, the template would need to be replaced.
A developer team is working on a new web application and wants to build it using AWS resources. They have decided that CloudFormation service is the best and most efficient way to begin. What is NOT a best practice when using CloudFormation?
Using large formation templates to create a customized infrastructure instead of microservices
Using one template to define every part of the deployment would create a large and difficult project when there comes a need to troubleshoot. One of the advantages of AWS is the modular options it provides, such as microservices. Troubleshooting and iterating are simpler when a template is used for each of the components. For example, a child template could be created for a database, the application, the web layer, and a parent template that manages the deployment of child templates in sequence.
Your team uses CodePipeline to monitor CI/CD as updates are made on your code. Your DevOps team members want to monitor the CodePipeline events and receive notifications when an event is triggered. What are two AWS services that you can enable to achieve this? Select all that apply.
Enabling CloudWatch event rules
CloudWatch does provide a way to manage events in CodePipeline. EventBridge is preferred as it provides more features.
Enabling SNS topics
SNS topics can be created and have developers subscribe to receive notifications via a push notification. For example, developers can receive SMS messages on their mobile devices without polling events searching for a trigger.
A cooking school has launched an application that can be used to connect users (potential and current clients) with opportunities to participate in cooking classes and large demonstration events. They have asked their development team to research how they can offer the functionality of daily instructional videos so that they can package this feature as an easy-to-use service that does not require travel to the cooking school or an event. Leadership at the cooking school has communicated that it is a high priority to ensure that the User Interface (UI) design of this potential video service is intuitive because they are aware of other similar services offered by competitors that have failed because users have become frustrated with the navigation required and responsiveness of the mobile application. Which Amazon service should the development team use to demonstrate to leadership that functional requirements can be met in an application?
AWS Amplify
AWS Amplify offers Admin UI. Admin UI provides ease of managing the Amplify framework, including UI components, libraries, and CLI toolchains.
A development team is using Amazon CloudWatch and Amazon EventBridge to monitor failures of EC2 to launch throughout the company’s AWS Organization. The team wants to monitor this type of cross-account event to troubleshoot the cause and implement solutions if warranted. The team has decided to create an event bus in the centralized account to generate the event logs in Amazon Cloudwatch. Given this scenario, what/who should be authorized to put events into the event bus?
All accounts
All accounts will be authorized. The scenario takes place in an AWS Organizations account.
Which one of the following code samples will use AWS SAM to deploy a serverless application to the cloud and will allow CloudFormation to create an IAM role?
sam deploy \
–template-file packaged.yaml \
–stack-name sam-app \
–capabilities CAPABILITY_IAM \
–region us-east-1
This code snippet shows the command for SAM to deploy the appropriate template-file, stack-name, capabilities, and region. This code will direct AWS CloudFormation to create the AWS resources that are defined in the template.
What does IAM stand for and is is a global service
Identity Access management and yes
What is the least privalege principle?
don’t give
more permissions than a user
needs
What is a IAM role?
Its sets up permissions for a user or service
What is the shared responsibility model?
It is the responsibility of what AWS and what you’re responsible for. You are responsible for policies, management, monitoring, rotating keys, IAM and permissions
What are IAM Policies?
A set of permissions for making requests to AWs services and can be used by IAM users, groups and IAM roles
A statement in an IAM Policy consists of?
Side Effect, Principal, Action, Resource, and Condition.
What is EC2?
Elastic Compute Cloud: It consists of virtual machines, virtual drives, load balancers and scaling services
What are some EC2 sizing on config options?
How much CPU, RAM, Storage (EBS, EFS), Network card, firewall rules and bootstap script.
What is bootstrapping?
Launching commands when a machine starts
What is bootstrapping used for?
Installing updates, software, downloading common files and automating tasks
What are some EC2 instance Types
General Purpose Instances
Compute Optimized Instances
Memory-Optimized Instances
Storage Optimized Instances
Accelerated Computing Instances
What EC2 type would you use for storage intensive tasks that require high read/write access?
Storage Optimized Instances
What does a security group do?
They control how traffic is allowed in or out of EC2 instances.
What does attributes does a security group contain?
Type (http), protocol (tcp), port range, source, description
What are the security ports and their purpose?
22 - ssh (secure shell)
21 - FTP
22 - SFTP
80 - un-secure websites
443 - HTTPs secure websites
3389 - RDP (remote desktop protocol)
What is a PEM file and where do you get it?
Its a secure key to ensure better security. After creating a ECC2 instance, you go to create key pair under network and secutiry and download the pem file. Then you login using ssh with the pem. ssh -i filename.pem username@101.1.1.1
What is another (easiest) way to ssh into your instance?
Use EC2 Instance Connect
What are some E2C purchase options?
On-Demand Instances – short workload, predictable pricing, pay by second
* Reserved (1 & 3 years)
* Reserved Instances – long workloads
* Convertible Reserved Instances – long workloads with flexible instances
* Savings Plans (1 & 3 years) –commitment to an amount of usage, long workload
* Spot Instances – short workloads, cheap, can lose instances (less reliable)
* Dedicated Hosts – book an entire physical server, control instance placement
* Dedicated Instances – no other customers will share your hardware
* Capacity Reservations – reserve capacity in a specific AZ for any duration
What is EC2 on demand?
- Pay for what you use:
- Linux or Windows - billing per second, after the first minute
- All other operating systems - billing per hour
- Has the highest cost but no upfront payment
- No long-term commitment
- Recommended for short-term and un-interrupted workloads, where
you can’t predict how the application will behave
What is EC2 reserved instances?
Up to 72% discount compared to On-demand
* You reserve a specific instance attributes (Instance Type, Region, Tenancy, OS)
* Reservation Period – 1 year (+discount) or 3 years (+++discount)
* Payment Options – No Upfront (+), Partial Upfront (++), All Upfront (+++)
* Reserved Instance’s Scope – Regional or Zonal (reserve capacity in an AZ)
* Recommended for steady-state usage applications (think database)
* You can buy and sell in the Reserved Instance Marketplace
What is EC2 Savings Plans?
Get a discount based on long-term usage (up to 72% - same as RIs)
* Commit to a certain type of usage ($10/hour for 1 or 3 years)
* Usage beyond EC2 Savings Plans is billed at the On-Demand price
* Locked to a specific instance family & AWS region (e.g., M5 in us-east-1)
* Flexible across:
* Instance Size (e.g., m5.xlarge, m5.2xlarge)
* OS (e.g., Linux, Windows)
* Tenancy (Host, Dedicated, Default)
What is EC2 Spot Instance?
Can get a discount of up to 90% compared to On-demand
* Instances that you can “lose” at any point of time if your max price is less than the
current spot price
* The MOST cost-efficient instances in AWS
* Useful for workloads that are resilient to failure
* Batch jobs
* Data analysis
* Image processing
* Any distributed workloads
* Workloads with a flexible start and end time
* Not suitable for critical jobs or databases
What’s an EBS Volume?
An EBS (Elastic Block Store) Volume is a network drive you can attach
to your instances while they run. (like a network usb stick)
What does IOPS stand for?
Input/Output Operations per Second, and is a unit of measurement used to evaluate disk performance in AWS.
