Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Developer Associate > CloudFront > Flashcards

CloudFront Flashcards

1
Q

You have a lambda function which you need to deliver globally. Latency is an issue and needs to be minimised. What would a solution be and where and how would processing occurr?

A

Lambda@edge would be a solution. You can create your function in python or node.js in lambda and configure it respond to a cloudwatch event. When a request is made, the function is propagated to cloudfront. Processing then occurs at the edge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have an S3 bucket with content being served from Cloudfront. When a batch of new content is added you need to ensure that the CF cache is updated. What is the AWS recommended way of achieving this?

A

Enabling version in CloudFront by specifically versioning filenames or directory names. CF will pick up on the changes and serve the new objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the default TTL for cloudfront cached objects (in hours)?

A

24hrs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

For CloudFront custom origin what protocol is used to expose the end point?

A

HTTP is used to expose an custom origin endpoint to CloudFront

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the two origin types that can be used for CloudFront?

A

S3 and Custom Origin (HTTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Can you use an ALB or EC2 instance as a custom origin for CloudFront?

A

Yes, via HTTP endpoints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

I am building a web application which has content stored on S3 and a global user base. The content is static and consists mainly of style sheets, corporate logos and the like. I need to ensure that when a user accesses the site, these resources (some of which are large) are served from a location closest to the user. Would I be best to use S3 cross region replication or CloudFront to achieve this and Why?

A

If the content is static and must be available globally, then CloudFront is the best choice. CloudFront has a TTL of 24 hours by default for cached objects and makes use of the global edge network for content delivery. S3 cross region replication is best when we only need to serve content to a few regions and that content is highly dynamic as content is updated in near real time and is available at low latency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

I am intending to use an EC2 instance as a custom origin for CloudFront. To allow the edge location in CloudFront to access this instance should the instance be public or private and what would the security group look like?

A

The instance needs to be public for the edge location to access it (i.e from the web). The security group however will restrict inbound access to IP’s associated with the Edge Locations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

While CloudFront provides CDN capability, what two security capabilities does it also provide?

A

CloudFront also provides DDOS protection and Web Application Firewall (WAF) capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

I have a group of EC2 instances deployed behind an application load balancer that I want to use as a custom origin for CloudFront. Will the ALB need to be exposed publicly, what will its security group look like AND will the EC2 instances be public or private and what will their security group look like?

A

The ALB will need to be public. Its security group will restrict inbound traffic to the AWS Edge locations. The EC2 instances will be private with inbound traffic restricted to the ALB security group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can CloudFront be used to restrict content based on a users geographic location?

A

Yes. CloudFront supports whitelisting and blacklisting of countries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have created a CloudFront Distribution against an S3 bucket. The S3 bucket is secured using an Object Access Identity. When you try to retrieve content using the CloudFront URL, you see a redirect to an S3 url followed by an access denied. Why?

A

It can take time for CloudFront distribution domain name to propagate through DNS- it can take 3 -4 hours for DNS to propagate fully.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

We want to use an S3 bucket as an Origin for a CloudFront distribution, but we don’t want to allow public access to the content stored on that bucket. Is there a way to limit access to the bucket to CloudFront only?

A

Yes. An Origin Access Identity will limit access to the S3 bucket to CloudFront only and allow only s3:GetObject requests by that Identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the Following can CloudFront base its Caching On (3)?:

Query String
Host Name
Session Cookie
Source IP
Request Header
A

Query String
Request Header
Session Cookie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

We have a CloudFront distribution set up, but we want to limit access to it to only Premium users who have signed up to it. There are two ways of doing this - what are they

A

Either a signed CloudFront URL or a signed CloudFront Cookie will acheive this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

We have a CloudFront distribution hosting hundreds high resolution satellite image files which we want to limit access to only premium users. The users pay a flat fee for access to all the files. What method could you use in CloudFront to limit access to these files to only the premium users?

A

As we have multiple files that a user wants to access, a CloudFront signed Cookie would be optimal. If we use a signed URL we would need to generate one URL for every file.

17
Q

We have a site that serves both static (CSS, Images) and dynamic content. Can CloudFront cache dynamic content?

A

Yes. Dynamic content can be cached in CloudFront with rules set up to cache on query strings, and cookie information and request header data.

18
Q

When we create a CloudFront signed URL or signed Cookie, we need to attach a policy to it which defines 3 things - what are they?

A
  1. IP Ranges to allow access from (if Known)
  2. Expiration for the Cookie/URL access
  3. Trusted Signers - A list of AWS accounts that can create a signed URL/Cookie
19
Q

Which feature allows us to distribute paid content from S3 securely, globally, if the S3 bucket is secured to only exchange data with CloudFront?

A

CloudFront signed URL or Cookie

20
Q

CloudFront is deployed in front of an HTTP origin. After updating your HTTP app, the users still see the old website. What should you do?

A

Invalidate the CloudFront distribution

21
Q

You are hosting highly dynamic content in Amazon S3 in us-east-1. Recently, there has been a need to make that data available with low latency in Singapore. What do you recommend using?

A

S3 Cross region replication as we are only needed to go to 1 region, and the content needs to be served with low latency and is highly dynamic.

22
Q

We have an application that is a mix of dynamic content and static content. In terms of CloudFront, how many distributions would you set up and why?

A

Two. One distribution would serve static content from CloudFront (images, css etc), while the other would serve dynamic content based on headers, query strings or cookie data

AWS Developer Associate (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions