exam 2 Flashcards
A company is using AWS CloudFormation templates to deploy AWS resources. The company needs to update one of its AWS CloudFormation stacks. What can the company do to find out how the changes will impact the resources that are running?
A. Investigate the change sets.
B. Investigate the stack policies.
C. Investigate the Metadata section.
D. Investigate the Resources section.
A. Investigate the change sets.
A developer is creating a serverless web application and maintains different branches of code. The developer wants to avoid updating the Amazon API Gateway target endpoint each time a new code push is performed. What solution would allow me developer toPerform a code push efficiently, without the need to update the API Gateway?
A. Associate different AWS Lambda functions to an API Gateway target endpoint.
B. Create different stages in API Gateway, then associate API Gateway with aws Lambda.
C. Create aliases and versions In AWS Lambda.
D. Tag the AWS Lambda functions with different names.
B. Create different stages in API Gateway, then associate API Gateway with aws Lambda.
An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit. How can the Developer ensure that all traffic to the S3 bucket is encrypted?
A. Install certificates on the EC2 instances.
B. Create a bucket policy that allows traffic where SecureTransport is true.
C. Create an HTTPS redirect on the EC2 instances.
D. Create a bucket policy that denies traffic where SecureTransport is false.
D. Create a bucket policy that denies traffic where SecureTransport is false.
A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint.http://www.supplierdomain.com/status/customerID Which of the following application designs meet the requirements? (Select two.)
A. Amazon SQS; Amazon SNS.
B. Elastic Load Balancing; Amazon EC2.
C. Amazon ElastiCache; Amazon Elacticsearch Service.
D. Amazon API Gateway; AWS LambdaAmazon S3; Amazon CloudFront.
E. Amazon S3; Amazon CloudFront.
D. Amazon API Gateway; AWS LambdaAmazon S3; Amazon CloudFront.
E. Amazon S3; Amazon CloudFront.
A developer Is designing an AWS Lambda function that create temporary files that are less than 10 MB during execution. The temporary files will be accessed and modified multiple times during execution. The developer has no need to save or retrieve these files in the future. Where should the temporary file be stored?
A. the /tmp directory.
B. Amazon EFS.
C. Amazon EBS.
D. Amazon S3.
A. the /tmp directory.
A website’s page load times are gradually increasing as more users access the system at the same time. Analysis indicates that a user profile is being loaded from a database in all the web pages being visited by each user and this is increasing the database load and the page load latency. To address this issue the Developer decides to cache the user profile data. Which caching strategy will address this situation MOST efficiently?
A. Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data within this database using the write-through caching strategy.
B. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy.
C. Use a dedicated Amazon RDS instance for caching profile data. Use a write-through caching strategy.
D. Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strategy.
B. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy.
An advertising company has a dynamic website with heavy traffic. The company wants to migrate the website infrastructure to AWS to handle everything except website development. Which solution BEST meets these requirements?
A. Use AWS VM Import to migrate a web server image to AWS Launch the image on a compute-optimized Amazon EC2 instanceLaunch.
B. Launch multiple Amazon Lighsall instance behind a load balancer. Set up the website on those instances.
C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instance.
D. Use Amazon S3 to host the website. Use Amazon CloudFornt to deliver the content at scale.
C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instance.
A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation. Which of the following will help the developer accomplish this objective?
A. Obtain the request identifier from the Lambda context object Architect the application to write logs to the console.
B. Obtain the request identifier from the Lambda event object Architect the application to write logs to a file.
C. Obtain the request identifier from the Lambda event object Architect the application to write logs to the console.
D. Obtain the request identifier from the Lambda context object Architect the application to write logs to a file.
A. Obtain the request identifier from the Lambda context object Architect the application to write logs to the console.
You are developing an HTTP API hosted on a Compute Engine virtual machine instance that needs to be invoked by multiple clients within the same Virtual Private Cloud (VPC). You want clients to be able to get the IP address of the service. What should you do?
A. Reserve a static external IP address and assign it to an HTTP(S) load balancing service’s forwarding rule. Clients should use this IP address to connect to the service.
B. Reserve a static external IP address and assign it to an HTTP(S) load balancing service’s forwarding rule. Then, define an A record in Cloud DN.
C. Clients should use the name of the A record to connect to the service.
D. Ensure that clients use Compute Engine internal DNS by connecting to the instance name with the url https://[INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal/.
D. Ensure that clients use Compute Engine internal DNS by connecting to the instance name with the url https://[INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal/.
A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A. An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrators in Account A created an IAM role named AccessPII with privileges to access the PII table, and made account B a trusted entity. Which combination of actional steps should Developers take to access the table? (Select TWO )
A. Ask an Administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role.
B. Ask an Administrator in Account B to allow the EC2 IAM role permission to assume the AccessPll role with = predefined service control policies.
C. Ask an Administrator in Account A to allow the EG2 IAM role permission to assume the AccessPII role with predefined service control policies.
D. Include the AssumeRole API in the application code logic to obtain credentials to access the PlI table.
E. Include the GetSession token API in the application code logic to obtain credentials to access the Pll table.
B. Ask an Administrator in Account B to allow the EC2 IAM role permission to assume the AccessPll role with = predefined service control policies.
D. Include the AssumeRole API in the application code logic to obtain credentials to access the PlI table.
An AWS Lambda function accesses two Amazon DynamoDB tables. A developer wants to improve the performance of the Lambda function by identifying bottlenecks in the function. How can the developer inspect the timing of the DynamoDB API calls?
A. Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics.
B. Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs.
C. Limit Lambda to no more than five concurrent invocations Monitor from the Lambda console.
D. Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service.
A. Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics.
An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users. What can be done to eliminate the performance impact on application users?
A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
A company is developing a serverless ecommerce web application. The application needs to make coordinated, all-or-nothing changes to multiple items in the company’s inventory table in Amazon DynamoDB. Which solution will meet these requirements?
A. Enable transactions for the DynamoDB table Use the Batch Writeltem operation to update the items.
B. Use the Transact Writeitem operation to group the changes Update the items in the table.
C. Set up a FIFO queue using Amazon SQ.
D. Group the changes in the queue. Update the table based on the grouped changesCreate a transaction table in an Amazon Aurora DB cluster to manage the transactions Write a backend process to sync the Aurora DB table and the DynamoDB table.
E. Create a transaction table in an Amazon Aurora DB cluster to manage the transactions Write a backend process to sync the Aurora DB table and the DynamoDB table.
B. Use the Transact Writeitem operation to group the changes Update the items in the table.
An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch. What is the best practice for implementing this requirement?
A. Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to CloudWatch.
B. Publish the metric data to an Amazon Kinesis Stream using a PutRecord API call. Subscribe a Lambda function that publishes data to CloudWatch.
C. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API call.
D. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.
D. Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.
A Developer needs to design an application running on AWS that will be used to consume Amazon SQS messages that range from 1 KB up to 1GB in size. How should the Amazon SQS messages be managed?
A. Use Amazon S3 and the Amazon SQS CL.
B. Use Amazon S3 and the Amazon SQS Extended Client Library for Java.
C. Use Amazon EBS and the Amazon SQS CL.
D. Use Amazon EFS and the Amazon SQS CL.
B. Use Amazon S3 and the Amazon SQS Extended Client Library for Java.
A developer has written a multi-threaded application that is running on a fleet of Amazon EC2 instances. The operations team has requested a graphical method to monitor the number of running threads over time. What is the MOST efficient way to fulfill this request?
A. Periodically send the thread count to AWS X-Ray segments, then generate a service graph on demand.
B. Create a custom Amazon CloudWatch metric and periodically perform a PutMetricData call with the current thread count.
C. Periodically log thread count data to Amazon S3. Use Amazon Kinesis to process the data into a graph.
D. Periodically write the current thread count to a table using Amazon DynarnoDB and use Amazon CloudFront to create a graph.
D. Periodically write the current thread count to a table using Amazon DynarnoDB and use Amazon CloudFront to create a graph.
An organization must store thousands of sensitive audio and video files in an Amazon S3 bucket. Organizational security policies require that all data written to this bucket be encrypted. How can compliance with this policy be ensured?
A. Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket.
B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amzserver-side-encryption header.
C. Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted.
D. Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-server-sideencryption header.
B. Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amzserver-side-encryption header.
A developer uses Amazon S3 buckets for static website hosting. The developer creates one S3 bucket for the code and another S3 bucket for the assets, such as image and video files. Access is denied when a user attempts to access the assets bucket from the code bucket, with the website application showing a 403 error. How should the developer solve this issue?
A. Create an IAM role and apply it to the assets bucket for the code bucket to be granted access.
B. Edit the bucket policy of the assets bucket to open access to all principals.
C. Edit the cross-origin resource sharing (CORS) configuration of the assets bucket to allow any origin to access the assets.
D. Change the code bucket to use AWS Lambda functions instead of static website hosting.
C. Edit the cross-origin resource sharing (CORS) configuration of the assets bucket to allow any origin to access the assets.
A Developer has created an S3 bucket s3://mycoolappand has enabled server across logging that points to the folder s3://mycoolapp/logs.The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder s3://mycoolapp/css, and then stopped work. When the developer came back a few days later, the bucket was 50 GB. What is the MOST likely cause of this situation?
A. The CSS files were not compressed and S3 versioning was enabled.
B. S3 replication was enabled on the bucket.
C. Logging into the same bucket caused exponential log growth.
D. An S3 lifecycle policy has moved the entire CSS file to S3 Infrequent Access.
B. S3 replication was enabled on the bucket.
A Developer created a dashboard for an application using Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS. The Developer needs an authentication mechanism allowing a user to sign in and view the dashboard. It must be accessible from mobile applications, desktops, and tablets, and must remember user preferences across platforms. Which AWS service should the Developer use to support this authentication scenario?
A. AWS KMS.
B. Amazon Cognito.
C. AWS Directory Service.
D. Amazon IAM.
B. Amazon Cognito.
