Final Review Flashcards
The general software development lifecycle model talked about in the ACD materials consists of six general phases. Which of the following is not one of these phases?
- Maintain
- Design
- Deploy
- Plan
- Test
- Develop
- None of the above
Test
Which of the following is not generally true for a software development process that is following a strict Waterfall lifecycle model? Select two.
- Each phase has a distinct goal and is completed by performing specific kinds of tasks.
- The output of one phase is the input to the next phase.
- Developers have the flexibility of designing and implementing critical features early in the process.
- The phases are completed in sequential order.
- Customers can and are encourage to provide feedback to the team throughout the development process.
Developers have the flexibility of designing and implementing critical features early in the process.
Customers can and are encourage to provide feedback to the team throughout the development process.
With an Agile process, software is developed in short iterations, each being typically 1-4 weeks.
(True/False)
True
Only Agile processes support continuous integration and deployment activities.
(True/False)
False
When Cloud9 is hosted on an EC2 instance in AWS, is Cloud 9 IaaS, PaaS, or SaaS from the software developers’ perspective? Select the best answer.
IaaS or PaaS or SaaS
Cloud9 doesn’t neatly fall into any of the three categories. It some of the advantages of IaaS, in that starting and stopping of the EC2 is managed, but the developer need to update the OS and runtime. In some cases, the developer have to install of the runtime as well. It also some advantages of SaaS, since AWS installs Cloud9 and configures some features.
Cloud 9 supports a variety of build tools and runtime environments that allow you to work with common languages like C++, Java, PHP, and Python.
(True/False)
True
An ARN uniquely identifies an AWS resource. So when referring to a resource, it is mandatory that all the ARN subfields be specified.
(True/False)
False
An EC2 Service Client, created using an AWS SDK’s, is specific to a region.
(True/False)
True
If an EC2 Service Client throws a 500-series exception, the application should try a different operation – there is no sense in retrying the same operation.
(True/False)
False
Once a request (made through an SDK) makes it to an AWS service endpoint, it will always complete successfully.
(True/False)
False
Which of the following is not a significant benefit of using AWS X-Ray?
- Identify errors and bugs in the integration of the components that form a distributed application
- Build your own analysis and visualization applications
- Write executable unit-test cases for lambda functions
- Identify performance bottlenecks
- None of the above
- Write executable unit-test cases for lambda functions
Which of the following is not a feature of CloudWatch directly (i.e., CloudWatch itself instead of an associated service)?
- Automatically scales the number of EC2 in an Auto-Scaling Group.
- Collects and tracks metrics so that you can visualize and review them.
- Monitors your AWS Cloud resources and your cloud-powered applications.
- Lets you set alarms that will fire when a metric goes beyond a limit that you specified.
- Gives you visibility into resource utilization, application performance, and operational health.
- None of the above
Automatically scales the number of EC2 in an Auto-Scaling Group.
To take advantage of CloudTrail, you have to first enable it for your account.
(True/False)
False
Service clients (created from an AWS SDK) interact with AWS services through a RESTFul API. (True/False)
True
The AWS CLI can be used to perform operations on most kinds of AWS resources as long as the user identified by the credentials in default or specified profile is allowed to perform the operations.
(True/False)
True
Which of the following is not a best practice when developing cloud-based applications?
- Consider designing applications that are loosely coupled
- Log metrics and monitor performance
- Implement a strong DevOps model
- Design for failure
- Implement security in every layer
- None of the above
None of the above
Which of the following statements is most correct and complete?
- Authentication deals with the user account management; while authorization deals with what resources an authenticated user can access and what operations the user can perform.
- Authentication is the process of verifying usernames and passwords; while authorization deals with what resources an authenticated user can access and what operations the user can perform.
- Authentication deals with correctly identifying the user (which can be another software system) that wants to use resources; while authorization deals with the resources a user can access.
- Authentication deals with the user account management; while authorization deals with the resources a user can access.
- Authentication deals with correctly identifying the user (which can be another software system) that wants to use resources; while authorization deals with what resources the user can access and what operations the user can perform.
- Authentication is the process of verifying usernames and passwords; while authorization deals with the resources a user can access.
Authentication deals with correctly identifying the user (which can be another software system) that wants to use resources; while authorization deals with what resources the user can access and what operations the user can perform.
A user on AWS can be assigned to at most one group.
True/False
False
Roles can be used to grant transient (temporary) permissions to users or groups.
(True/False)
True
In AWS, a role can include at most one policy, but that policy can contain many permissions.
(True/False)
False
Which of the following things cannot be specified in a credential profile for programmatic access?
- Session Token
- Region
- Access Key Id
- Username and Password
- Secret Access Key
Username and Password
Which of the following are considered poor practices and are to be avoided? You may select zero or more choices.
- Use credentials files to store your credentials
- Use the root credentials of your AWS account for programmatic access
- Hardcode your credentials inside of your applications
- Once you create a key (like an access key for programmatic access), lock it in safe place and never change it
- Put your credentials file under version control and save in a Git repository
- Use IAM roles with temporary credentials for when you need to delegate temporary access to your AWS resources
- Use the root credentials of your AWS account for programmatic access
- Hardcode your credentials inside of your applications
- Once you create a key (like an access key for programmatic access), lock it in safe place and never change it
- Put your credentials file under version control and save in a Git repository
Identity-based policies are attached to the IAM user, group, or role and indicate what that identity can do.
(True/False)
True
Resource-based policies are attached to a resource and indicate what other resources the principal resource can access.
(True/False)
False
An action in a permissions statement can reference multiple operations using a wildcard pattern.
(True/False)
True
Managed policies can be associated with multiple users, groups, or roles?
(True/False)
True
Resource-based policies can be in-line policies.
True/False
True
In-line policies can be managed under version control and rolled back if necessary?
(True/False)
False
Briefly explain the principle of least privilege. Be concise, but accurate
Only grant the minimum needed privileges to a user or group. If the user or group needs access to additional privileges only add the privileges that the user needs. Do the same thing for resources, grant minimum needed privileges, and as more access is needed grant only the needed access. If granting temporary access is sufficient, do that first before granting permanent access.`
Which of the following is not a use case for S3?
- Backup archive
- Disaster recovery
- Content storage and distribution
- Dynamic website
- Data lake
- None of the above
- Dynamic website
Bucket names must be globally unique.
True/False
True
Which of the following are not a valid bucket name? Select all invalid bucket names.
- xy
- xyz
- xy_z
- xYz
- x#z
- xy-z
- xy
- xy_z
- xYz
- x#z
There are semantic differences between prefixes in object keys and folder paths in hierarchical file systems.
(True/False)
True
An S3 object can be accessed using a path-style URL or a URL that specifies the s3 server that holds the object’s bucket.
(True/False)
False
Which of the following would be valid object keys? Select all valid keys.
- a/b/c
- a/b/c.json
- a/b-c
- A/B/C.json
- A/B/C*.json
- None of the above
- a/b/c
- a/b/c.json
- a/b-c
- A/B/C.json
- A/B/C*.json
Which of the following statements is the most correct?
- With a multipart Put operation, you can upload any data to S3 as long as you do it in chunks <= 100 MB.
- With a multipart Put operation, you can upload data up to 5TB in size.
- With a multipart Put operation, S3 will automatically resume the data transfer in the correct spot if there is a network failure.
- With a multipart Put operation, which automatically partitions large data object into chunks less than <= 100 MB.
With a multipart Put operation, you can upload data up to 5TB in size.
Multiple Get operations can be used to retrieve very large objects from S3.
(True/False)
True
A Select operation can be used to significantly reduce the amount of data that has be transferred from S3 to the client’s machine.
(True/False)
True
If you decide that you no longer need versioning on an S3 bucket that currently has versioning enabled, you can simply disable the versioning and all but the last version of an object will be deleted.
(True/False)
False
In a bucket that is versioning-enabled, you can permanently delete an object by invoking a delete request with a delete key and version ID.
(True/False)
True
Which of the following statements is not true?
- With server-side encryption, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers.
- With server-side encryption using Amazon S3-Managed Keys (SSE-S3), each object is encrypted with a unique key that employs strong multi-factor encryption.
- With server-side encryption using Customer-Provided Keys (SSE-C), S3 manages the encryption and decryption of objects.
- With client-side encryption, the customer (or the customer’s app) must provide keys to S3 so it can encrypt and decrypt objects.
- All of the above
- None of the above
With client-side encryption, the customer (or the customer’s app) must provide keys to S3 so it can encrypt and decrypt objects.
Resource-based policies can be attached to S3 objects or buckets and control who can access those resources and what operations they can perform.
(True/False)
True
Object ACLs can grant permissions to users in your account to access specific objects in an S3 bucket.
(True/False)
False
Pre-signed URLs are useful if you want your user to be able to upload a specific object to your bucket without needing AWS security credentials or permissions.
(True/False)
True
A CORS Configuration can contain as many individual rules as needed to represent the desired constraints.
(True/False)
False
Which of the following is not considered a benefit of DynamoDB?
- It has fast, consistent performance
- It is fully managed
- It can perform powerful database operations, such as nested JSON queries
- It can store JSON documents directly into Amazon DynamoDB tables
- It offers fine-grained access control
- None of the above
- None of the above
Which of the following is not considered a use case for DynamoDB?
- Global systems that require multistep distributed nested transactions.
- Data store for microservices.
- Content storage for serverless web applications.
- Data store and streaming for IoT.
- Data store for the player state in game applications.
- Data store for mobile apps.
- Global systems that require multistep distributed nested transactions.
Which of the following statements are false? Select one or more.
- DynamoDB stores data in tables with fixed schema.
- A table may contain zero or more items and an item may contain one or more attribute values.
- An item is uniquely identifiable among all other items.
- An attribute is an atomic data element from a user’s perspective.
- A table must have a primary key.
- DynamoDB stores data in tables with fixed schema.
- An attribute is an atomic data element from a user’s perspective.
Which of the following types are valid types for attributes in DynamoDB? Select all that are valid types by themselves (i.e., without any conversions or use of other data types).
- Number
- Timestamp
- String Set
- XML Document
- Date
- List
- Binary
- Number
- String Set
- List
- Binary
A partition is an allocation of storage for a table, backed by solid-state drives (SSDs), and automatically replicated across multiple Availability Zones within an AWS Region.
(True/False)
True
A global secondary index is considered “global” because queries on the index can be made from all around the world.
(True/False)
False
Secondary indexes can include other attributes besides those in the alternate and primary keys, so queries can be satisfied without having to retrieve the full items from the base table.
(True/False)
True
Which of the following statements is true about regular (not global) DynamoDB tables?
- DynamoDB automatically replicates your data across multiple Availability Zones in an AWS Region.
- DynamoDB automatically replicates your data across multiple AWS Region.
- DynamoDB can replicate your data across multiple Availability Zones in an AWS Region, if you configure to do so.
- DynamoDB can replicate your data across multiple AWS Region, if you configure to do so.
- DynamoDB automatically replicates your data across multiple Availability Zones in an AWS Region.
A DynamoDB table can be configured to support either “eventual consistency” or “strong consistency”, but not both, and once one of these options is selected, it cannot be changed.
(True/False)
False
For which of the following situations would an on-demand read/write capacity be a good option?
- You prefer the ease of paying for only what you use.
- You create new tables with unknown workloads.
- You have unpredictable application traffic.
- All of the above
- None of the above
- All of the above
Assume that an application needs to read 30 items from a DynamoDB table every second and that each item is between 21-22 KB in size. Also, assume that the application will only use eventually consistent reads. How many RCU should you provision your table with?
- 21
- 22
- 30
- 75
- 90
- 180
- None of the above
- 90
Assume that an application needs to write 10 items to a DynamoDB table every second and each item is 18 KB in size. How many WCUs should you provision your table with?
- 10
- 18
- 50
- 90
- 180
- None of the above
- 180
DynamoDB streams are organized into records and each record can contain multiple shards, where each shared corresponds to one change to item a table.
(True/False)
False
Global tables provide a fully managed solution for deploying a multi-zone database within a single region, without having to build and maintain your own replication solution.
(True/False)
False
Global tables use DynamoDB Streams to propagate changes between replicas.
(True/False)
True
Like regular DynamoDB tables, global tables support both eventually consistent and globally consistent reads, regardless of where the operation is being performed.
(True/False)
False
An on-demand backup can negatively impact a table’s performance and availability.
(True/False)
False
With a DynamoDB PutItem operation, if an existing item in the specified table has the same primary key as the new item, the new item completely replaces the existing item.
(True/False)
True
With DynamoDB, you can specific conditional expressions for UpdateItem and DeleteItem operations but not for PutItem operations.
(True/False)
False
The Scan operation is similar to a Query operation, but the Scan operation reads all items from the table or index.
(True/False)
True
Cached data is always stored in RAM, regardless of the layer or component of the system.
(True/False)
False
Which of the following two types of application workloads will benefit from caching the most?
- A read-heavy workload
- A write-heavy workload
- A read-heavy workload
Caching can benefit compute-intensive workloads that manipulate datasets.
(True/False)
True
In most cases, caching data rapidly changing data still makes sense as long as the data is structured.
(True/False)
False
When using Lazy Caching, the cached data should always be considered as stale.
(True/False)
True
Which of the following are common features of a CDN? Select all that apply.
- Can accelerate delivery of dynamic content
- Stores copies of commonly requested files close to the requesters.
- Improves the durability of the applications data
- Can improve scalability
- None of the above
- Can accelerate delivery of dynamic content
- Stores copies of commonly requested files close to the requesters.
- Can improve scalability
Amazon CloudFront can allow certain kinds of application code to run at the edges of the cloud, closer to the user.
(True/False)
True
In Amazon CloudFront, an edge location is a WiFi access point.
(True/False)
False
The Points of Presence for Amazon CloudFront include both edge locations and regional edge caches.
(True/False)
True
In Amazon CloudFront, a distribution defines, in part, how content is to be tracked.
(True/False)
True
With CloudFront, the regional edge caches determine what content needs to be cached at each PoP.
(True/False)
False
As long as users keep requesting a given file (like every minute or so), that file will stay in the CloudFront caches indefinitely.
(True/False)
False
S3 Transfer Acceleration with CloudFront supports fast, easy, and secure downloading of objects to clients, but not the uploading of object from clients.
(True/False)
False
ElastiCache runs on the same EC2 instance as the application that is using it.
(True/False)
False
If some requested data is not in its cache, ElastiCache will automatically retrieve it from the source and store it for future requests.
(True/False)
False
Which of the following statements is not true about ElastiCache?
- Every node runs either Memcached or Redis.
- A cluster is a logical grouping of one or more nodes.
- An application must access each node in a cluster separately.
- A node has a fixed amount of cache space.
- None of the above
- An application must access each node in a cluster separately.
For which of the following situations is Memcached not an acceptable choice?
- You need the simplest model possible
- You need to be able to scale out and in easily
- You must run large nodes with multiple cores or threads
- You need publish/subscribe capabilities
- All of the above
- None of the above
- You need publish/subscribe capabilities
Which of the following is a feature that Redis does not offer?
- Pub/sub capability
- Advanced data types
- Sorting/ranking datasets
- Multi-AZ deployment with failover
- Multi-threaded performance
- Simple cache to offload database burden
- Persistence
- Multi-threaded performance
What type of caching strategy does the following pseudo-code illustrate?
get an item from the cache using a key, and store the result in r
if r is null then
query the database for the record r using key
save an item to the cache using the key and r
use the record r
- Lazy Loading
- Write Through
- Lazy Loading
Which of the following are advantages of Lazy Loading? Select all that are advantages.
- Smaller miss penalty than other strategies
- The cache only contains data that has been requested
- The data is never stale
- If a node of the cache fails, it is not too serious
- None of the above
- The cache only contains data that has been requested
- If a node of the cache fails, it is not too serious
Containers can help ensure that applications deploy quickly, reliably, and consistently.
(True/False)
True
Which of the following is not included in a container?
- operating system kernel
- some or all of the application layer of an OS
- system libraries
- system tools
- runtime
- application code
- settings
- None of the above
- operating system kernel
A single server can host more than one container as long as there is a dedicated CPU core for each container.
(True/False)
False
Containers are highly portable across different environments.
(True/False)
True
The OS layer for a Docker container must be the same as the OS for the host.
(True/False)
False
Which of the following are not part of Docker?
- A lightweight container virtualization platform
- Tools for creating and storing containers
- Tools for managing containers
- A deployment pipeline
- Tools for running containers
- A deployment pipeline
Which of the following are not benefits of Docker?
- Ability to run different application versions with different dependencies simultaneously
- Faster development and deployment cycles
- Application and dependencies can be packaged in a single, immutable artifact
- Better resource utilization and efficiency
- Portable runtime application environment
- None of the above
- None of the above
A Dockerfile specifies all the components that need to be included in a container.
(True/False)
True
A container registry can manage lots of Dockerfiles.
True/False
False
Container registries can be public or private.
True/False
True
A container image is a read-only, immutable template.
True/False
True
A container image, once built, is not portable.
True/False
False
A container is a running instance of an image.
True/False
True
Each container has a thin, read/write layer on top of the existing image when it is instantiated.
(True/False)
True
Multiple containers can share a container image.
True/False
True
Microservices typically share their data layers with other microservices
(True/False)
False
A microservice should only communicate with another microservice through its API.
(True/False)
True
When designing an application using a microservice architectural style, each container uses the language and technology that is best suited for the functioning of the service.
(True/False)
True
When designing an application using a microservice architectural style, the system needs to include an enterprise communication bus that handles all data communications and transformations.
(True/False)
False
Containers can make development, testing, and production environments consistent.
(True/False)
True
By using a queue, we can turn a synchronous form of communication into an asynchronous form of communication.
(True/False)
True
Synchronous communications can be built on top of asynchronous communications by adding a buffer.
(True/False)
False
For distributed applications, synchronous communications often results in one process waiting for a reply from another process.
(True/False)
True
A queue can help decouple two processes that would otherwise be coupled together in a lock-step sequence of activities.
(True/False)
True
Synchronous communications are more scalable than asynchronous communications.
(True/False)
False
Which of the following is not a benefit of SQS?
- Can run on any EC2 instance type of your choosing
- Delivers messages reliably
- Scales elastically and cost-effectively
- Keeps sensitive data secure
- None of the above
- Can run on any EC2 instance type of your choosing
FIFO queues are the default queue type in SQS because they guarantee message ordering.
(True/False)
False
Standard queues support at-least-once message delivery; while FIFO queue support “exactly once” message processing.
(True/False)
True
Which of the following can be a parameter in operation that puts a message into an SQS queue? Select all that are required.
- Wait timeout
- Message attributes
- Delay seconds
- Message body
- Visibility Timeout
- Maximum number of messages
- Queue URL
- Message Id
- Message body
- Queue URL
If an SQS receive-message operation returns multiple messages, each message will be associated with a unique receipt handle.
(True/False)
True
A receipt handle for a message is always the same as the message’s id.
(True/False)
False
When a consumer retrieves a message from a queue, it is immediately deleted from the queue so another consumer cannot retrieve the same message.
(True/False)
False
If you are using short polling and there are only a few messages in the queue, an SQS receive-message operation may not return any messages.
(True/False)
True
Long polling is always more expensive than short polling.
True/False
False
SQS can automatically delete messages that have been in the queue for longer than a certain amount of time.
(True/False)
True
Messages from multiple queues (FIFO or standard) and that cannot be processed by consumers can be automatically sent to a user-specified FIFO dead-letter queue.
(True/False)
False
SNS batches (stores) messages until at least one subscriber pulls the message. (True/False)
False
SQS and SNS can be used together for parallel processing of different kinds on the same messages
(True/False)
True
Which of the following is not a valid endpoint for SNS Subscribers?
- Lambda functions
- SQS Queues
- Container ports
- HTTPS
- SMS
- Mobile push notifications
- None of the above
- Container ports
Subscribers to an SNS topic can set up a filter using message attribute values set by message publishers.
(True/False)
True
Which of the following statements is false?
- With an AWS Lambda function, a developer does not need to select a specific instance type on which the function will run.
- With an AWS Lambda function, a developer does not need to update the VM’s OS.
- With an AWS Lambda function, a developer does not need to specify the runtime environment for the function.
- With an AWS Lambda function, a developer does not worry about the details of scaling and load balancing.
- None of the above
- All of the above
- With an AWS Lambda function, a developer does not need to specify the runtime environment for the function.
Which of the following are not viable use cases for AWS Lambda?
- Serverless backends that handle various kinds of web request
- Serverless backends for distributed mobile applications
- Real-time file processing
- Machine learning inference
- Alexa skills
- Infrastructure management
- None of the above
- All of the above
None of the above
For AWS Lambda, an event source must be CloudWatch trigger event.
(True/False)
False
Which of the following most accurately characterizes the Push model for AWS Lambda?
- With the Push model, an AWS service invokes the Lambda function synchronously or asynchronously.
- With the Push model, a client pushes events to the Lambda asynchronously, which then dispatches the appropriate Lambda function. The client waits for a response.
- With the Push model, an AWS service places events into a stream or queue and Lambda retrieves those events from the stream or queue.
- None of the above
- With the Push model, an AWS service invokes the Lambda function synchronously or asynchronously.
Which of the following most accurately characterizes the Pull model for AWS Lambda?
- With the Pull model, Lambda polls the client for its state and then, when the client is in the prerequisite state dispatches the appropriate Lambda function.
- With the Pull model, Lambda polls other services (like S3 and CloudWatch) for certain types of events; if Lambda detects one (or more) events, it invokes the appropriate Lambda function.
- With the Pull model, Lambda polls a stream or queue for an event and invokes the Lambda function when one (or more) events are obtained.
- None of the above
- With the Pull model, Lambda polls a stream or queue for an event and invokes the Lambda function when one (or more) events are obtained.
Some services, like S3, automatically retry Lambda function invocations if there is a failure.
(True/False)
True
The run or execution permissions for a Lambda function determine which event sources can invoke the function.
(True/False)
False
Consider the following policy that determines what or who can invoke a Lambda function. What is the event source in this policy?
{
“Version”: “2012-10-17”,
“Id”: “default”,
“Statement”: [
{
“Sid”: “lambda-allow-s3-my-function”,
“Effect”: “Allow”,
“Principal”: {
“Service”: “s3.amazonaws.com”
},
“Action”: “lambda:InvokeFunction”,
“Resource”: “arn:aws:lambda:us-east-2:123456789012:function:my-function”
“Condition”: {
“StringEquals”: {
“AWS:SourceAccount”: “123456789012”
},
“ArnLike”: {
“AWS:SourceArn”: “arn:aws:s3:::my-bucket”
}
}
}
]
}
- Lambda
- Correct Answer
- S3
- my-function
- Account 123456789012
- my-bucket
- None of the above
S3
{
“Version”: “2012-10-17”,
“Id”: “default”,
“Statement”: [
{
“Sid”: “lambda-allow-s3-my-function”,
“Effect”: “Allow”,
“Principal”: {
“Service”: “s3.amazonaws.com”
},
“Action”: “lambda:InvokeFunction”,
“Resource”: “arn:aws:lambda:us-east-2:123456789012:function:my-function”
“Condition”: {
“StringEquals”: {
“AWS:SourceAccount”: “123456789012”
},
“ArnLike”: {
“AWS:SourceArn”: “arn:aws:s3:::my-bucket”
}
}
}
]
}
What kind of policy is shown in?
- Lambda function execution policy
- Resource policy for Lambda function invocation
- Authentication policy
- Run policy
- An IAM identity policy for Lambda function invocation
- None of the above
- Resource policy for Lambda function invocation
Which of the following are not included in a .zip or .jar deployment package for a Lambda function? Select all that apply.
- The application code for the function
- Dependencies
- Execution Role
- Invocation policy
- Lambda function configuration parameters
- Execution Role
- Invocation policy
- Lambda function configuration parameters
With AWS Lambda, common dependencies can be place in “Layers” to reduce deploy package size.
(True/False)
True
The event object that is passed to a Lambda function handler provides information about what triggers the invocation
(True/False)
True
The context object that is passed to a Lambda functions contains user-defined data related to the event that triggered the functions invocation.
(True/False)
False
If a Lambda writes something to the console, that output will be recorded in CloudWatch logs independent of any configuration setting or policy.
(True/False)
False
Which of the following is not considered a best practice for building lambda functions? Select all that apply.
- Write modular functions.
- Store state information in static data structures that are part of the function.
- Separate core business logic out of the main handler function.
- Use recursive function calls to avoid unnecessary loops or iterative statements.
- Return appropriate result information to AWS Lambda.
- Include all anticipated dependencies for future features, so those extensions are easier to make.
- Including logging statement.
- Optimize the size of the function’s memory footprint.
- Use property files embedded in your deployment package for configuration parameters.
- Reuse temporary runtime environment.
- Share common dependencies with layers.
- Store state information in static data structures that are part of the function.
- Use recursive function calls to avoid unnecessary loops or iterative statements.
- Include all anticipated dependencies for future features, so those extensions are easier to make.
- Use property files embedded in your deployment package for configuration parameters.
Lambda creates a new version of your function each time that you deploy the function.
(True/False)
False
Instead of having Lambda assign a sequential version number automatically, you can assign a new version a unique name called an alias that takes the place of the version number.
(True/False)
False
Which of the following statements about APIs, in general, is false? Select all that apply.
- API and SDK are synonyms for the same concept.
- An API is a means by which one layer of software can interact with another.
- A distributed application will only ever involve one API.
- An API is an abstraction.
- None of the above
- API and SDK are synonyms for the same concept.
- A distributed application will only ever involve one API.
All RESTful APIs follow a request-reply communication pattern.
(True/False)
True
WebSocket APIs are good for real-time communications between a client and a server because they are based on one-way, connectionless message transmissions.
(True/False)
False
A RESTful API must implement all of the standard REST-style operations, e.g., GET, POST, PUT, etc.
(True/False)
False
Which of the following can an API Gateway not do?
- Start the state machines for AWS Step Functions
- Act as a frontend to DymanoDB
- Make calls to a website running on an EC2 instance
- Make calls to a web services outside of AWS with publicly accessible HTTP endpoints
- Act as a proxy for requests to S3
- Make calls to AWS Elastic Beanstalk
- Act as a proxy to RDS
- None of the above
- None of the above
Amazon API Gateway supports both RESTful and websocket APIs.
True/False
True
API Gateway lets you run multiple versions of the same API simultaneously.
(True/False)
True
Which of the following can be used to control access to an API implement with Amazon API Gateway? Select all that apply.
- Lambda authorizers
- AWS Signer
- IAM resource policies
- Client-side SSL certificates
- CORS
- Amazon Secrets Manager
- Amazon Cognito
- None of the above
- Lambda authorizers
- IAM resource policies
- Client-side SSL certificates
- CORS
- Amazon Cognito
Output (written to the console output stream) in a Lambda function automatically appear in the API Gateway logs when testing using the API Gateway Console.
(True/False)
False
You can test your API Gateway before creating a stage.
True/False
True
A stage can help you optimize a deployment of an API Gateway through by enabling API caching that is specific to the stage, but you have to be using CloudFront in conjunction with the stage in order to use the API caching feature.
(True/False)
False
An API Gateway can allow you to establish throttle rules for requests coming into your application.
(True/False)
True
Below is a URL for the stage of an API Gateway, with certain parts replaced by A, B, and C.
https://A.execute-api.B.amazonaws.com/C
Which of the following statements is true?
- A is the stage and B is the region
- A is the region and B is the stage
- B is the stage and C is the region
- B is the region and C is the stage
- A is the stage and C is the region
- A is the region and C is the stage
- B is the region and C is the stage
Which of the following metrics does the API Gateway sent to CloudWatch by default?
- Number of client-side and server-side errors
- Total number of API calls
- A client’s IP Address
- Number of requests that were served from the backend in a given period when caching is enabled
- Integration latency
- Time between when API Gateway receives a request from a client and when it returns a response to the client
- The type of browse the client is using
- Number of requests that were served from the API cache in a given period
- None of the above
- Number of client-side and server-side errors
- Total number of API calls
- Number of requests that were served from the backend in a given period when caching is enabled
- Integration latency
- Time between when API Gateway receives a request from a client and when it returns a response to the client
- Time between when API Gateway receives a request from a client and when it returns a response to the client
- Number of requests that were served from the API cache in a given period
When using AWS, all microservices need to be implemented using AWS Lambda functions.
(True/False)
False
When implementing a distributed application on AWS, you must design your application using a Microservice Architectural style.
(True/False)
False
Which of the following is not a benefit of AWS Step Functions?
- You can evolve your applications easily.
- The applications can be responsive to changing workloads.
- The applications can be scalability.
- You have the ability to update applications quickly.
- None of the above
- None of the above
When you set up a workflow with Step Functions, you need to make sure that it is configured to run on an EC2 instance that has sufficient capacity to handle the workload.
(True/False)
False
Step Functions provides a reliable way to coordinate components of a distributed application.
(True/False)
True
The primary reason that Step Functions logs the state of each step is to facilitate diagnosing and debugging problems.
(True/False)
True
The primary reason that Step Functions logs the state of each step is to facilitate diagnosing and debugging problems.
(True/False)
True
A workflow using Step Functions consists of steps and transmissions.
(True/False)
False
Using AWS terminology, the term workflow is synonymous with the term state machine.
(True/False)
True
In the context of Step Functions, any step can perform a task.
(True/False)
False
Which of the following can the logic of a workflow do?
- Select a next-state based on data-based condition.
- Detect a task that is taking too long and considered it as having failed.
- Catch an exception and execute an appropriate behavior.
- Retry failed tasks.
- Run tasks in parallel.
- Run tasks in sequences.
- None of the above
- Select a next-state based on data-based condition.
- Detect a task that is taking too long and considered it as having failed.
- Catch an exception and execute an appropriate behavior.
- Retry failed tasks.
- Run tasks in parallel.
- Run tasks in sequences.
A Pass state can transform the input and pass it new data along as the output or part of the output.
(True/False)
True
Which of the following can a Task state do. Select all that apply.
- Call a Lambda Function
- Wait for an activity worker to say that the step is completed.
- Call another service (via its API)
- None of the above
- Call a Lambda Function
- Wait for an activity worker to say that the step is completed.
- Call another service (via its API)
With the Step Functions console, you can visualize detailed information about the execution of a workflow in true real-time.
(True/False)
False
In the context of Step Functions, an activity is a small piece of logic that will typically execute in less than 5ms.
(True/False)
False
A Choice state is analogous to a switch or case statement in many common programming languages.
(True/False)
True
A state machine moves to the next state of a parallel state as soon as one branch of the parallel statement is done.
(True/False)
False
With a Wait state, you can specify either a relative or an absolute time.
(True/False)
True
Step Functions have to be created online using the AWS Steps Functions Console, using the visualization tool.
(True/False)
False
Which protocol does AWS use to secure network communications with its API?
- SSL
- HTTPS
- IP
- TLS
- TCP
- None of the above
- TLS
Which of the following is not a common challenge associated with managing certificates?
- Discovery
- Rotation and renewals
- Verifying that someone or a server is authorized to approve and issue certificates
- Finding and vulnerabilities caused by misconfigurations
- None of the above
- None of the above
AWS ACM is a service that lets you provision public and private SSL certificates, but those certificates can only be deployed using the API Gateway.
(True/False)
False
AWS ACM can help you meet compliance requirements.
True/False
True
Which of the following is not something that the AWS Secrets Manager can help you do?
- Manage database credentials
- Audit secret rotation
- Provide a scalable way for storing and managing secrets
- Help with encryption/decryption of Gateway API communicates
- Program the logic for accessing a secret in your application
- Rotate secrets in that way that won’t break a distributed application
- Obfuscate passwords embedded in application code
- None of the above
- Help with encryption/decryption of Gateway API communicates
- Program the logic for accessing a secret in your application
- Obfuscate passwords embedded in application code
With AWS Secrets Manager, secures can automatically replicated to multiple regions.
(True/False)
True
A secret stored by AWS Secret Manager will always contain exactly one key-value pair.
(True/False)
False
An AWS Lambda Function can be used to rotate a secret on a periodic schedule.
(True/False)
True
Temporary security credentials created with the AWS Security Token Service consist of a one-use access key ID and a password.
(True/False)
False
An AWS STS trusted user can be an end user whose identity was authenticated through LDAP.
(True/False)
True
An AWS STS trusted user can be an end user whose identity was authenticated through a third-party identity provider.
(True/False)
True
An AWS STS trusted user can be an application running on an EC2 instance.
(True/False)
True
An IdP manages user permissions, i.e., what a user is allowed to do.
(True/False)
False
One of the responsibilities of an Identity Broker is to retrieve temporary credentials from AWS STS.
(True/False)
True
SAML is an internal AWS standard for exchanging authorization data between services.
(True/False)
False
Consider a distributed application that includes a mobile app. This mobile app allows end-users can use to perform complex tasks involving a variety of AWS services. The only authentication and authorization that needs to be part of this distributed application is a secure way for accurately determining the identity of the end-user prior to accessing any of the AWS services.
(True/False)
False
Which of the following can you do with Amazon Cognito?
- Authenticate users with Twitter
- Storage and manage mobile app secrets
- Allow end users to register for an account
- Rotate the credentials for a mobile app’s backend database
- Encrypt communications between a mobile app and an AWS service
- Provide temporary security credentials to a mobile application
- None of the above
- Authenticate users with Twitter
- Allow end users to register for an account
- Provide temporary security credentials to a mobile application
Which of the following scenarios would be an appropriate use of Amazon Cognito for a mobile app whose users are most likely already have Facebook, Google, Amazon, or Apple accounts? Select all the apply.
- Use an identity pool to get a token from the third-party IdP and then exchange that token for temporary credentials.
- Setup a user pool that allows for federated sign-ins and an identity pool for exchanging user-pool tokens for temporary credentials.
- Setup a user pool for custom sign-ups and sign-ins and an identity pool that coordinates those activities with a third-party IdP.
- Set up an API Gateway that handles the authentication and an identity pool that handles the authorization.
- None of the above
- Setup a user pool that allows for federated sign-ins and an identity pool for exchanging user-pool tokens for temporary credentials.
Which of the following scenarios would be the most appropriate use of Amazon Cognito for a web-based application for a company’s employees whose users all have company accounts managed by an internal SAML-compatiable IdP?
- Setup a user pool that allows for direct sign-ins and an identity pool for exchanging user-pool tokens for temporary credentials.
- Set up an API Gateway that only authenticates IAM users in the company’s AWS account and uses an identity pool to grant permissions.
- Use an identity pool to get token from the company’s IdP and then exchange that token for temporary credentials
- Authenticate with the company’s IdP and exchange the tokens returned from the IdP with an identity pool for temporary credentials.
- None of the above
- Any of the above
- Authenticate with the company’s IdP and exchange the tokens returned from the IdP with an identity pool for temporary credentials.
The Amazon Cognito can help synchronize certain kinds of data across a user’s devices (e.g., a phone and a tablet).
(True/False)
True
DevOps aims to create appropriate boundaries between development teams and operations teams, so each can work independently and efficiently.
(True/False)
False
Which of the following helps with the rapid delivery of secure, reliable, and maintainable distributed applications? Select all that apply.
- Use CI/CD processes and tools
- Limit the usage of compute services to containers and Lambda Functions
- Automate deployment
- Adopting a microservice-style of architecture
- Automate the provisioning of necessary infrastructure for a distributed application
- Limit the use of authentication services to IAM identities
- None of the above
- Use CI/CD processes and tools
- Automate deployment
- Adopting a microservice-style of architecture
- Automate the provisioning of necessary infrastructure for a distributed application
Which of the following is an AWS service explicitly for CI/CD? Select all that apply.
- CodeCommit
- X-Ray
- CloudShell
- CodePipeline
- Cloud9
- CodeDeploy
- CodeStar
- CodeCommit
- CodePipeline
- CodeDeploy
- CodeStar
Which of the following services help a team treat infrastructure as code? Select all that apply.
- AWS Config
- AWS CloudFormation
- AWS CloudTrail
- AWS OpsWorks
- AWS Systems Manager
- AWS CloudFormation
- AWS OpsWorks
- AWS Systems Manager
CI involves verifying each change (e.g., a version committed to a central Git repository by a developer) using an automated build and test process.
(True/False)
True
Continuous Delivery involves the automatically transmission of new versions of a software system to the customers.
(True/False)
False
AWS CodeStar can help developers set up a new project and the CI/CD toolchain.
(True/False)
True
AWS CodeBuild is a tool for compiling your code within your IDE and as such takes the place of Ant, Gradle, Maven, and build tools.
(True/False)
False
With canary testing, you must split your end-users into two random groups of approximately the same size.
(True/False)
False
Which kind of deployment strategy would you use, if you wanted to first check a new version with a small group of users and then release it to all of your users if it worked well with the first group?
- Rolling
- Canary
- Blue/Green
- In-Place
- None of the above
- Canary
Elastic Beanstalk is a fully managed service that can coordinate the use of EC2, CloudWatch, Auto Scaling, and ELB.
(True/False)
True
Which of the following can be in Elastic Beanstalk environment? Select all that apply.
- A web server running on an EC2 instance
- Containers managed by Fargate
- An Autoscaling Group with Elastic Load Balancing
- Worker processes running on EC2 instances
- Lambda functions
- An API Gateway
- A web server running on an EC2 instance
- An Autoscaling Group with Elastic Load Balancing
- Worker processes running on EC2 instances
Elastic Beanstalk can do a rolling update for the deployment strategy of a new version.
(True/False)
True
Which of the following can the CLI for Elastic Beanstalk help developers do? Select all that apply.
- Set default values for an application
- List all the environments for the current application
- Terminate specific EC2 instances in an environment
- Create a new environment
- Check the health of an environment
- Deploy the most recent version of an application
- None of the above
- Set default values for an application
- List all the environments for the current application
- Create a new environment
- Check the health of an environment
- Deploy the most recent version of an application
Elastic Beanstalk will assume an instance role so it can use other AWS services on your behalf.
(True/False)
False
AWS CloudFormation is a fully managed service that provides a common language for you to describe and provision infrastructure resources for your cloud environment.
(True/False)
True
A stack in CloudFormation is the set of resources generated by a template.
(True/False)
True
AWS SAM is an extension of AWS CloudFormation.
True/False
True
One of the main purposes of the AWS SAM CLI is to provision EC2 instances.
(True/False)
False
In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.
- AWS Authentication -
- Logging into the AWS Management Console
- Verifying the identity of an application end user
- Verifying a mobile app that is trying to use an AWS resource
- A lambda function is trying to establish a Postgres connection
- Logging into the AWS Management Console
In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.
Application Authentication
- Logging into the AWS Management Console
- Verifying the identity of an application end user
- Verifying a mobile app that is trying to use an AWS resource
- A lambda function is trying to establish a Postgres connection
- Verifying the identity of an application end user
In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.
- Resource Authentication -
- Logging into the AWS Management Console
- Verifying the identity of an application end user
- Verifying a mobile app that is trying to use an AWS resource
- A lambda function is trying to establish a Postgres connection
- Verifying a mobile app that is trying to use an AWS resource
In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.
- Database Authentication -
- Logging into the AWS Management Console
- Verifying the identity of an application end user
- Verifying a mobile app that is trying to use an AWS resource
- A lambda function is trying to establish a Postgres connection
- A lambda function is trying to establish a Postgres connection
