Exam 3 Flashcards

1
Q

How would you test a new version of your API Gateway endpoints?

A

Use a Canary Deployment which allows you to split traffic into separate versions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If you want to make a Cloudformation stack subnet info available to other stacks, what would you do?

A

Use the Export field in the Output section of the stack’s template

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What ECS configuration setting do you need to change to authorize IAM roles?

A

ECS_ENABLE_TASK_IAM_ROLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the maximum data size supported by AWS KMS?

A

4KB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do you reference a parameter in a Cloudformation template?

A

!Ref

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you add authentication to API requests to AWS API Gateway?

A

IAM permissions with sigv4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When using AWS CodeCommit and AWS CodeDeploy, what file contains the settings for a successful deployment?

A

.appspec file at the root of the directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A new project demands a throughput requirement of 10 strongly consistent reads per second of 6KB in size each. How many read capacity units will you need when configuring your DynamoDB table?

A

20:
6KB / 4 KB = 1.5 or 2 read capacity units.
2 x 10 = 20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can you make sure that a Lambda will send data to X-Ray?

A

Enable Lambda X-Ray active tracing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can you isolate credentials so that a container never has access to credentials intended for another container?

A

Create an IAM role for ECS and assign it to tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can you secure Kinesis Data Streams service that won’t require code changes on your end?

A
  • Encryption in flight with HTTPS endpoint

- KMS encryption for data at rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What 2 things do you need to do to ensure AWS Kinesis can scale?

A
  • The partition key must take a great number of different values
  • You need to add shards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can you encrypt/decrypt 1MB of data coming through a Lambda?

A

Envelope encryption and store as file in code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What CodeDeploy hook event should you use to verify a deployment?

A

ValidateService

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What would you enable to aid in debugging a failed Codedeploy build?

A

S3 and Cloudwatch Integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Are EBS volumes region locked or AZ locked?

A

AZ locked