DECK 3 Flashcards
A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds.
How should a Developer instrument the code so that the requirement can be met?
A. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
C. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
D. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day. Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?
A. Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances
B. Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift
C. Use AWS Data Pipeline to automate the movement and transformation of data
D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages
D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages
A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:
The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?
A. codecommit:CreateBranch codecommit:DeleteBranch
B. codecommit:Put*
C. codecommit:Update*
D. codecommit:*
A. codecommit:CreateBranch codecommit:DeleteBranch
A Developer has been asked to create an AWS Lambda function that is triggered any time updates are made to items in an Amazon DynamoDB table. The function has been created, and appropriate permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled for the table, but the function is still not being triggered.
Which option would enable DynamoDB table updates to trigger the Lambda function?
A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table
B. Configure event source mapping for the Lambda function
C. Map an Amazon SNS topic to the DynamoDB streams
D. Increase the maximum execution time (timeout) setting of the Lambda function
B. Configure event source mapping for the Lambda function
An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?
A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
B. Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
C. Deploy an application in each audited account with its own role. Have Account A authenticate with the application
D. Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys
A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
A Developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?
A. Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database instance for session data storage
B. Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application level to leverage the shared file system for session data storage
C. Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for session data storage
D. Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage
C. Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for session data storage
An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed.
Why is the table being throttled?
A. The GSI write capacity units are underprovisioned
B. There are not enough read capacity units on the primary table
C. Amazon DynamoDB Streams is not enabled on the table
D. A large write operation is being performed against another table
A. The GSI write capacity units are underprovisioned
A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor’s changes to be overwritten without a proper review process.
Which DynamoDB write option should be selected to prevent this overwriting?
A. Concurrent writes
B. Conditional writes
C. Atomic writes
D. Batch writes
B. Conditional writes
A company needs a version control system for collaborative software development. Features of the system must include the following:
✑ Support for batches of changes across multiple files
✑ Parallel branching
✑ Version tracking
Which AWS service will meet these requirements?
A. AWS CodePipeline
B. Amazon S3
C. AWS CodeBuild
D. AWS CodeCommit
D. AWS CodeCommit
A company is using continuous integration and continuous delivery systems. A Developer now needs to automate a software package deployment to both Amazon EC2 instances and virtual servers running on-premises.
Which AWS service should be used to accomplish this?
A. AWS CodePipeline
B. AWS CodeBuild
C. AWS Elastic Beanstalk
D. AWS CodeDeploy
D. AWS CodeDeploy
A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
✑ Average execution time of 100 seconds
✑ 50 requests per second
Which step must be taken prior to deployment to prevent errors?
A. Implement dead-letter queues to capture invocation errors
B. Add an event source from Amazon API Gateway to the Lambda function
C. Implement error handling within the application code
D. Contact AWS Support to increase the concurrent execution limits
D. Contact AWS Support to increase the concurrent execution limits
A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?
A. Add annotations to the segment document and the code
B. Add metadata to the segment document and the code
C. Configure the necessary X-Ray environment variables
D. Install required plugins for the appropriate AWS SDK
A. Add annotations to the segment document and the code
A team of Developers must migrate an application running inside an AWS Elastic Beanstalk environment from a Classic Load Balancer to an Application Load
Balancer.
Which steps should be taken to accomplish the task using the AWS Management Console?
A. 1. Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the new version of the application code to the environment.
B. 1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
C. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
D. 1. Edit the environment definitions in the existing deployment. 2. Change the associated load balancer type according to the requirements. 3. Rebuild the environment with the new load balancer type.
B. 1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?
A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
C. Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
D. Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data
C. Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit.
What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?
A. A GitHub secure authentication token
B. A public and private SSH key file
C. A set of Git credentials generated from IAM
D. An Amazon EC2 IAM role with CodeCommit permissions
C. A set of Git credentials generated from IAM
A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are sent as query string parameters in the method request.
How should the Developer convert the query string parameters to arguments for the Lambda function?
A. Enable request validation
B. Include the Amazon Resource Name (ARN) of the Lambda function
C. Change the integration type
D. Create a mapping template
D. Create a mapping template
When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data.
How should the Developer write the function to send processed data to the Administrators?
A. Separate the Lambda handler from the core logic
B. Use Amazon CloudWatch Events to send the processed data
C. Publish the processed data to an Amazon SNS topic
D. Push the processed data to Amazon SQS
C. Publish the processed data to an Amazon SNS topic
A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?
A. Encrypt the data before sending it to Amazon S3
B. Import a custom key into AWS KMS with annual rotation enabled
C. Use AWS KMS with automatic key rotation
D. Export a key from AWS KMS to encrypt the data
C. Use AWS KMS with automatic key rotation
A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes.
What would be the BEST way to accomplish this?
A. Use an X-Version header to denote which version is being called and pass that header to the Lambda function(s)
B. Create an API Gateway Lambda authorizer to route API clients to the correct API version
C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)
D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context
D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context
A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?
A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
B. Create a model that requires the credentials, then grant API Gateway access to the authentication table
C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table
A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?
A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
A Developer is trying to make API calls using SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls.
Which method the Developer use to access the multi-factor authentication protected API?
A. GetFederationToken
B. GetCallerIdentity
C. GetSessionToken
D. DecodeAuthorizationMessage
C. GetSessionToken
An application is running on a cluster of Amazon EC2 instances. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error:
Which combination of steps should be taken to prevent this failure? (Choose two.)
A. Contact AWS Support to request an AWS KMS rate limit increase.
B. Perform error retries with exponential backoff in the application code.
C. Contact AWS Support to request a S3 rate limit increase.
D. Import a customer master key (CMK) with a larger key size.
E. Use more than one customer master key (CMK) to encrypt S3 data.
A. Contact AWS Support to request an AWS KMS rate limit increase.
B. Perform error retries with exponential backoff in the application code.
A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the application is causing order processing to take too long. The application processes Amazon SQS queues. The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day, which causes Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within limits.
What can the Developer implement to improve performance while keeping costs low?
A. Target tracking scaling policy
B. Docker Swarm
C. Service scheduler
D. Step scaling policy
D. Step scaling policy