Final Review

Question 1

The general software development lifecycle model talked about in the ACD materials consists of six general phases. Which of the following is not one of these phases?

• Maintain
• Design
• Deploy
• Plan
• Test
• Develop
• None of the above

Answer 1

Test

Question 2

Which of the following is not generally true for a software development process that is following a strict Waterfall lifecycle model? Select two.

• Each phase has a distinct goal and is completed by performing specific kinds of tasks.
• The output of one phase is the input to the next phase.
• Developers have the flexibility of designing and implementing critical features early in the process.
• The phases are completed in sequential order.
• Customers can and are encourage to provide feedback to the team throughout the development process.

Answer 2

Developers have the flexibility of designing and implementing critical features early in the process.

Customers can and are encourage to provide feedback to the team throughout the development process.

Question 3

With an Agile process, software is developed in short iterations, each being typically 1-4 weeks.
(True/False)

Answer 3

True

Question 4

Only Agile processes support continuous integration and deployment activities.

(True/False)

Answer 4

False

Question 5

When Cloud9 is hosted on an EC2 instance in AWS, is Cloud 9 IaaS, PaaS, or SaaS from the software developers’ perspective? Select the best answer.

IaaS or PaaS or SaaS

Answer 5

Cloud9 doesn’t neatly fall into any of the three categories. It some of the advantages of IaaS, in that starting and stopping of the EC2 is managed, but the developer need to update the OS and runtime. In some cases, the developer have to install of the runtime as well. It also some advantages of SaaS, since AWS installs Cloud9 and configures some features.

Question 6

Cloud 9 supports a variety of build tools and runtime environments that allow you to work with common languages like C++, Java, PHP, and Python.

(True/False)

Answer 6

True

Question 7

An ARN uniquely identifies an AWS resource. So when referring to a resource, it is mandatory that all the ARN subfields be specified.

(True/False)

Answer 7

False

Question 8

An EC2 Service Client, created using an AWS SDK’s, is specific to a region.
(True/False)

Answer 8

True

Question 9

If an EC2 Service Client throws a 500-series exception, the application should try a different operation – there is no sense in retrying the same operation.
(True/False)

Answer 9

False

Question 10

Once a request (made through an SDK) makes it to an AWS service endpoint, it will always complete successfully.
(True/False)

Answer 10

False

Question 11

Which of the following is not a significant benefit of using AWS X-Ray?

• Identify errors and bugs in the integration of the components that form a distributed application
• Build your own analysis and visualization applications
• Write executable unit-test cases for lambda functions
• Identify performance bottlenecks
• None of the above

Answer 11

• Write executable unit-test cases for lambda functions

Question 12

Which of the following is not a feature of CloudWatch directly (i.e., CloudWatch itself instead of an associated service)?

• Automatically scales the number of EC2 in an Auto-Scaling Group.
• Collects and tracks metrics so that you can visualize and review them.
• Monitors your AWS Cloud resources and your cloud-powered applications.
• Lets you set alarms that will fire when a metric goes beyond a limit that you specified.
• Gives you visibility into resource utilization, application performance, and operational health.
• None of the above

Answer 12

Automatically scales the number of EC2 in an Auto-Scaling Group.

Question 13

To take advantage of CloudTrail, you have to first enable it for your account.

(True/False)

Answer 13

False

Question 14

Service clients (created from an AWS SDK) interact with AWS services through a RESTFul API.
(True/False)

Answer 14

True

Question 15

The AWS CLI can be used to perform operations on most kinds of AWS resources as long as the user identified by the credentials in default or specified profile is allowed to perform the operations.
(True/False)

Answer 15

True

Question 16

Which of the following is not a best practice when developing cloud-based applications?

• Consider designing applications that are loosely coupled
• Log metrics and monitor performance
• Implement a strong DevOps model
• Design for failure
• Implement security in every layer
• None of the above

Answer 16

None of the above

Question 17

Which of the following statements is most correct and complete?

• Authentication deals with the user account management; while authorization deals with what resources an authenticated user can access and what operations the user can perform.
• Authentication is the process of verifying usernames and passwords; while authorization deals with what resources an authenticated user can access and what operations the user can perform.
• Authentication deals with correctly identifying the user (which can be another software system) that wants to use resources; while authorization deals with the resources a user can access.
• Authentication deals with the user account management; while authorization deals with the resources a user can access.
• Authentication deals with correctly identifying the user (which can be another software system) that wants to use resources; while authorization deals with what resources the user can access and what operations the user can perform.
• Authentication is the process of verifying usernames and passwords; while authorization deals with the resources a user can access.

Answer 17

Authentication deals with correctly identifying the user (which can be another software system) that wants to use resources; while authorization deals with what resources the user can access and what operations the user can perform.

Question 18

A user on AWS can be assigned to at most one group.

True/False

Answer 18

False

Question 19

Roles can be used to grant transient (temporary) permissions to users or groups.
(True/False)

Answer 19

True

Question 20

In AWS, a role can include at most one policy, but that policy can contain many permissions.
(True/False)

Answer 20

False

Question 21

Which of the following things cannot be specified in a credential profile for programmatic access?

• Session Token
• Region
• Access Key Id
• Username and Password
• Secret Access Key

Answer 21

Username and Password

Question 22

Which of the following are considered poor practices and are to be avoided? You may select zero or more choices.

• Use credentials files to store your credentials
• Use the root credentials of your AWS account for programmatic access
• Hardcode your credentials inside of your applications
• Once you create a key (like an access key for programmatic access), lock it in safe place and never change it
• Put your credentials file under version control and save in a Git repository
• Use IAM roles with temporary credentials for when you need to delegate temporary access to your AWS resources

Answer 22

• Use the root credentials of your AWS account for programmatic access
• Hardcode your credentials inside of your applications
• Once you create a key (like an access key for programmatic access), lock it in safe place and never change it
• Put your credentials file under version control and save in a Git repository

Question 23

Identity-based policies are attached to the IAM user, group, or role and indicate what that identity can do.
(True/False)

Answer 23

True

Question 24

Resource-based policies are attached to a resource and indicate what other resources the principal resource can access.
(True/False)

Answer 24

False

Question 25

An action in a permissions statement can reference multiple operations using a wildcard pattern.
(True/False)

Answer 25

True

Question 26

Managed policies can be associated with multiple users, groups, or roles?
(True/False)

Answer 26

True

Question 27

Resource-based policies can be in-line policies.

True/False

Answer 27

True

Question 28

In-line policies can be managed under version control and rolled back if necessary?
(True/False)

Answer 28

False

Question 29

Briefly explain the principle of least privilege. Be concise, but accurate

Answer 29

Only grant the minimum needed privileges to a user or group. If the user or group needs access to additional privileges only add the privileges that the user needs. Do the same thing for resources, grant minimum needed privileges, and as more access is needed grant only the needed access. If granting temporary access is sufficient, do that first before granting permanent access.`

Question 30

Which of the following is not a use case for S3?

• Backup archive
• Disaster recovery
• Content storage and distribution
• Dynamic website
• Data lake
• None of the above

Answer 30

• Dynamic website

Question 31

Bucket names must be globally unique.

True/False

Answer 31

True

Question 32

Which of the following are not a valid bucket name? Select all invalid bucket names.

• xy
• xyz
• xy_z
• xYz
• x#z
• xy-z

Answer 32

• xy
• xy_z
• xYz
• x#z

Question 33

There are semantic differences between prefixes in object keys and folder paths in hierarchical file systems.
(True/False)

Answer 33

True

Question 34

An S3 object can be accessed using a path-style URL or a URL that specifies the s3 server that holds the object’s bucket.
(True/False)

Answer 34

False

Question 35

Which of the following would be valid object keys? Select all valid keys.

• a/b/c
• a/b/c.json
• a/b-c
• A/B/C.json
• A/B/C*.json
• None of the above

Answer 35

• a/b/c
• a/b/c.json
• a/b-c
• A/B/C.json
• A/B/C*.json

Question 36

Which of the following statements is the most correct?

• With a multipart Put operation, you can upload any data to S3 as long as you do it in chunks <= 100 MB.
• With a multipart Put operation, you can upload data up to 5TB in size.
• With a multipart Put operation, S3 will automatically resume the data transfer in the correct spot if there is a network failure.
• With a multipart Put operation, which automatically partitions large data object into chunks less than <= 100 MB.

Answer 36

With a multipart Put operation, you can upload data up to 5TB in size.

Question 37

Multiple Get operations can be used to retrieve very large objects from S3.
(True/False)

Answer 37

True

Question 38

A Select operation can be used to significantly reduce the amount of data that has be transferred from S3 to the client’s machine.
(True/False)

Answer 38

True

Question 39

If you decide that you no longer need versioning on an S3 bucket that currently has versioning enabled, you can simply disable the versioning and all but the last version of an object will be deleted.
(True/False)

Answer 39

False

Question 40

In a bucket that is versioning-enabled, you can permanently delete an object by invoking a delete request with a delete key and version ID.
(True/False)

Answer 40

True

Question 41

Which of the following statements is not true?

• With server-side encryption, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers.
• With server-side encryption using Amazon S3-Managed Keys (SSE-S3), each object is encrypted with a unique key that employs strong multi-factor encryption.
• With server-side encryption using Customer-Provided Keys (SSE-C), S3 manages the encryption and decryption of objects.
• With client-side encryption, the customer (or the customer’s app) must provide keys to S3 so it can encrypt and decrypt objects.
• All of the above
• None of the above

Answer 41

With client-side encryption, the customer (or the customer’s app) must provide keys to S3 so it can encrypt and decrypt objects.

Question 42

Resource-based policies can be attached to S3 objects or buckets and control who can access those resources and what operations they can perform.
(True/False)

Answer 42

True

Question 43

Object ACLs can grant permissions to users in your account to access specific objects in an S3 bucket.
(True/False)

Answer 43

False

Question 44

Pre-signed URLs are useful if you want your user to be able to upload a specific object to your bucket without needing AWS security credentials or permissions.
(True/False)

Answer 44

True

Question 45

A CORS Configuration can contain as many individual rules as needed to represent the desired constraints.
(True/False)

Answer 45

False

Question 46

Which of the following is not considered a benefit of DynamoDB?

• It has fast, consistent performance
• It is fully managed
• It can perform powerful database operations, such as nested JSON queries
• It can store JSON documents directly into Amazon DynamoDB tables
• It offers fine-grained access control
• None of the above

Answer 46

• None of the above

Question 47

Which of the following is not considered a use case for DynamoDB?

• Global systems that require multistep distributed nested transactions.
• Data store for microservices.
• Content storage for serverless web applications.
• Data store and streaming for IoT.
• Data store for the player state in game applications.
• Data store for mobile apps.

Answer 47

• Global systems that require multistep distributed nested transactions.

Question 48

Which of the following statements are false? Select one or more.

• DynamoDB stores data in tables with fixed schema.
• A table may contain zero or more items and an item may contain one or more attribute values.
• An item is uniquely identifiable among all other items.
• An attribute is an atomic data element from a user’s perspective.
• A table must have a primary key.

Answer 48

• DynamoDB stores data in tables with fixed schema.

- An attribute is an atomic data element from a user’s perspective.

Question 49

Which of the following types are valid types for attributes in DynamoDB? Select all that are valid types by themselves (i.e., without any conversions or use of other data types).

• Number
• Timestamp
• String Set
• XML Document
• Date
• List
• Binary

Answer 49

• Number
• String Set
• List
• Binary

Question 50

A partition is an allocation of storage for a table, backed by solid-state drives (SSDs), and automatically replicated across multiple Availability Zones within an AWS Region.
(True/False)

Answer 50

True

Question 51

A global secondary index is considered “global” because queries on the index can be made from all around the world.
(True/False)

Answer 51

False

Question 52

Secondary indexes can include other attributes besides those in the alternate and primary keys, so queries can be satisfied without having to retrieve the full items from the base table.
(True/False)

Answer 52

True

Question 53

Which of the following statements is true about regular (not global) DynamoDB tables?

• DynamoDB automatically replicates your data across multiple Availability Zones in an AWS Region.
• DynamoDB automatically replicates your data across multiple AWS Region.
• DynamoDB can replicate your data across multiple Availability Zones in an AWS Region, if you configure to do so.
• DynamoDB can replicate your data across multiple AWS Region, if you configure to do so.

Answer 53

• DynamoDB automatically replicates your data across multiple Availability Zones in an AWS Region.

Question 54

A DynamoDB table can be configured to support either “eventual consistency” or “strong consistency”, but not both, and once one of these options is selected, it cannot be changed.
(True/False)

Answer 54

False

Question 55

For which of the following situations would an on-demand read/write capacity be a good option?

• You prefer the ease of paying for only what you use.
• You create new tables with unknown workloads.
• You have unpredictable application traffic.
• All of the above
• None of the above

Answer 55

• All of the above

Question 56

Assume that an application needs to read 30 items from a DynamoDB table every second and that each item is between 21-22 KB in size. Also, assume that the application will only use eventually consistent reads. How many RCU should you provision your table with?

• 21
• 22
• 30
• 75
• 90
• 180
• None of the above

Answer 56

• 90

Question 57

Assume that an application needs to write 10 items to a DynamoDB table every second and each item is 18 KB in size. How many WCUs should you provision your table with?

• 10
• 18
• 50
• 90
• 180
• None of the above

Answer 57

• 180

Question 58

DynamoDB streams are organized into records and each record can contain multiple shards, where each shared corresponds to one change to item a table.
(True/False)

Answer 58

False

Question 59

Global tables provide a fully managed solution for deploying a multi-zone database within a single region, without having to build and maintain your own replication solution.
(True/False)

Answer 59

False

Question 60

Global tables use DynamoDB Streams to propagate changes between replicas.
(True/False)

Answer 60

True

Question 61

Like regular DynamoDB tables, global tables support both eventually consistent and globally consistent reads, regardless of where the operation is being performed.
(True/False)

Answer 61

False

Question 62

An on-demand backup can negatively impact a table’s performance and availability.
(True/False)

Answer 62

False

Question 63

With a DynamoDB PutItem operation, if an existing item in the specified table has the same primary key as the new item, the new item completely replaces the existing item.
(True/False)

Answer 63

True

Question 64

With DynamoDB, you can specific conditional expressions for UpdateItem and DeleteItem operations but not for PutItem operations.
(True/False)

Answer 64

False

Question 65

The Scan operation is similar to a Query operation, but the Scan operation reads all items from the table or index.
(True/False)

Answer 65

True

Question 66

Cached data is always stored in RAM, regardless of the layer or component of the system.
(True/False)

Answer 66

False

Question 67

Which of the following two types of application workloads will benefit from caching the most?

• A read-heavy workload
• A write-heavy workload

Answer 67

• A read-heavy workload

Question 68

Caching can benefit compute-intensive workloads that manipulate datasets.
(True/False)

Answer 68

True

Question 69

In most cases, caching data rapidly changing data still makes sense as long as the data is structured.
(True/False)

Answer 69

False

Question 70

When using Lazy Caching, the cached data should always be considered as stale.
(True/False)

Answer 70

True

Question 71

Which of the following are common features of a CDN? Select all that apply.

• Can accelerate delivery of dynamic content
• Stores copies of commonly requested files close to the requesters.
• Improves the durability of the applications data
• Can improve scalability
• None of the above

Answer 71

• Can accelerate delivery of dynamic content
• Stores copies of commonly requested files close to the requesters.
• Can improve scalability

Question 72

Amazon CloudFront can allow certain kinds of application code to run at the edges of the cloud, closer to the user.
(True/False)

Answer 72

True

Question 73

In Amazon CloudFront, an edge location is a WiFi access point.
(True/False)

Answer 73

False

Question 74

The Points of Presence for Amazon CloudFront include both edge locations and regional edge caches.
(True/False)

Answer 74

True

Question 75

In Amazon CloudFront, a distribution defines, in part, how content is to be tracked.
(True/False)

Answer 75

True

Question 76

With CloudFront, the regional edge caches determine what content needs to be cached at each PoP.
(True/False)

Answer 76

False

Question 77

As long as users keep requesting a given file (like every minute or so), that file will stay in the CloudFront caches indefinitely.
(True/False)

Answer 77

False

Question 78

S3 Transfer Acceleration with CloudFront supports fast, easy, and secure downloading of objects to clients, but not the uploading of object from clients.
(True/False)

Answer 78

False

Question 79

ElastiCache runs on the same EC2 instance as the application that is using it.
(True/False)

Answer 79

False

Question 80

If some requested data is not in its cache, ElastiCache will automatically retrieve it from the source and store it for future requests.
(True/False)

Answer 80

False

Question 81

Which of the following statements is not true about ElastiCache?

• Every node runs either Memcached or Redis.
• A cluster is a logical grouping of one or more nodes.
• An application must access each node in a cluster separately.
• A node has a fixed amount of cache space.
• None of the above

Answer 81

• An application must access each node in a cluster separately.

Question 82

For which of the following situations is Memcached not an acceptable choice?

• You need the simplest model possible
• You need to be able to scale out and in easily
• You must run large nodes with multiple cores or threads
• You need publish/subscribe capabilities
• All of the above
• None of the above

Answer 82

• You need publish/subscribe capabilities

Question 83

Which of the following is a feature that Redis does not offer?

• Pub/sub capability
• Advanced data types
• Sorting/ranking datasets
• Multi-AZ deployment with failover
• Multi-threaded performance
• Simple cache to offload database burden
• Persistence

Answer 83

• Multi-threaded performance

Question 84

What type of caching strategy does the following pseudo-code illustrate?

get an item from the cache using a key, and store the result in r

  if r is null then

        query the database for the record r using key

        save an item to the cache using the key and r

  use the record r

• Lazy Loading
• Write Through

Answer 84

• Lazy Loading

Question 85

Which of the following are advantages of Lazy Loading? Select all that are advantages.

• Smaller miss penalty than other strategies
• The cache only contains data that has been requested
• The data is never stale
• If a node of the cache fails, it is not too serious
• None of the above

Answer 85

• The cache only contains data that has been requested

- If a node of the cache fails, it is not too serious

Question 86

Containers can help ensure that applications deploy quickly, reliably, and consistently.
(True/False)

Answer 86

True

Question 87

Which of the following is not included in a container?

• operating system kernel
• some or all of the application layer of an OS
• system libraries
• system tools
• runtime
• application code
• settings
• None of the above

Answer 87

• operating system kernel

Question 88

A single server can host more than one container as long as there is a dedicated CPU core for each container.
(True/False)

Answer 88

False

Question 89

Containers are highly portable across different environments.
(True/False)

Answer 89

True

Question 90

The OS layer for a Docker container must be the same as the OS for the host.
(True/False)

Answer 90

False

Question 91

Which of the following are not part of Docker?

• A lightweight container virtualization platform
• Tools for creating and storing containers
• Tools for managing containers
• A deployment pipeline
• Tools for running containers

Answer 91

• A deployment pipeline

Question 92

Which of the following are not benefits of Docker?

• Ability to run different application versions with different dependencies simultaneously
• Faster development and deployment cycles
• Application and dependencies can be packaged in a single, immutable artifact
• Better resource utilization and efficiency
• Portable runtime application environment
• None of the above

Answer 92

• None of the above

Question 93

A Dockerfile specifies all the components that need to be included in a container.
(True/False)

Answer 93

True

Question 94

A container registry can manage lots of Dockerfiles.

True/False

Answer 94

False

Question 95

Container registries can be public or private.

True/False

Answer 95

True

Question 96

A container image is a read-only, immutable template.

True/False

Answer 96

True

Question 97

A container image, once built, is not portable.

True/False

Answer 97

False

Question 98

A container is a running instance of an image.

True/False

Answer 98

True

Question 99

Each container has a thin, read/write layer on top of the existing image when it is instantiated.
(True/False)

Answer 99

True

Question 100

Multiple containers can share a container image.

True/False

Answer 100

True

Question 101

Microservices typically share their data layers with other microservices
(True/False)

Answer 101

False

Question 102

A microservice should only communicate with another microservice through its API.
(True/False)

Answer 102

True

Question 103

When designing an application using a microservice architectural style, each container uses the language and technology that is best suited for the functioning of the service.
(True/False)

Answer 103

True

Question 104

When designing an application using a microservice architectural style, the system needs to include an enterprise communication bus that handles all data communications and transformations.
(True/False)

Answer 104

False

Question 105

Containers can make development, testing, and production environments consistent.
(True/False)

Answer 105

True

Question 106

By using a queue, we can turn a synchronous form of communication into an asynchronous form of communication.
(True/False)

Answer 106

True

Question 107

Synchronous communications can be built on top of asynchronous communications by adding a buffer.
(True/False)

Answer 107

False

Question 108

For distributed applications, synchronous communications often results in one process waiting for a reply from another process.
(True/False)

Answer 108

True

Question 109

A queue can help decouple two processes that would otherwise be coupled together in a lock-step sequence of activities.
(True/False)

Answer 109

True

Question 110

Synchronous communications are more scalable than asynchronous communications.
(True/False)

Answer 110

False

Question 111

Which of the following is not a benefit of SQS?

• Can run on any EC2 instance type of your choosing
• Delivers messages reliably
• Scales elastically and cost-effectively
• Keeps sensitive data secure
• None of the above

Answer 111

• Can run on any EC2 instance type of your choosing

Question 112

FIFO queues are the default queue type in SQS because they guarantee message ordering.
(True/False)

Answer 112

False

Question 113

Standard queues support at-least-once message delivery; while FIFO queue support “exactly once” message processing.
(True/False)

Answer 113

True

Question 114

Which of the following can be a parameter in operation that puts a message into an SQS queue? Select all that are required.

• Wait timeout
• Message attributes
• Delay seconds
• Message body
• Visibility Timeout
• Maximum number of messages
• Queue URL
• Message Id

Answer 114

• Message body

- Queue URL

Question 115

If an SQS receive-message operation returns multiple messages, each message will be associated with a unique receipt handle.
(True/False)

Answer 115

True

Question 116

A receipt handle for a message is always the same as the message’s id.
(True/False)

Answer 116

False

Question 117

When a consumer retrieves a message from a queue, it is immediately deleted from the queue so another consumer cannot retrieve the same message.
(True/False)

Answer 117

False

Question 118

If you are using short polling and there are only a few messages in the queue, an SQS receive-message operation may not return any messages.
(True/False)

Answer 118

True

Question 119

Long polling is always more expensive than short polling.

True/False

Answer 119

False

Question 120

SQS can automatically delete messages that have been in the queue for longer than a certain amount of time.
(True/False)

Answer 120

True

Question 121

Messages from multiple queues (FIFO or standard) and that cannot be processed by consumers can be automatically sent to a user-specified FIFO dead-letter queue.
(True/False)

Answer 121

False

Question 122

SNS batches (stores) messages until at least one subscriber pulls the message.
(True/False)

Answer 122

False

Question 123

SQS and SNS can be used together for parallel processing of different kinds on the same messages
(True/False)

Answer 123

True

Question 124

Which of the following is not a valid endpoint for SNS Subscribers?

• Lambda functions
• SQS Queues
• Container ports
• HTTPS
• SMS
• Mobile push notifications
• None of the above

Answer 124

• Container ports

Question 125

Subscribers to an SNS topic can set up a filter using message attribute values set by message publishers.
(True/False)

Answer 125

True

Question 126

Which of the following statements is false?

• With an AWS Lambda function, a developer does not need to select a specific instance type on which the function will run.
• With an AWS Lambda function, a developer does not need to update the VM’s OS.
• With an AWS Lambda function, a developer does not need to specify the runtime environment for the function.
• With an AWS Lambda function, a developer does not worry about the details of scaling and load balancing.
• None of the above
• All of the above

Answer 126

• With an AWS Lambda function, a developer does not need to specify the runtime environment for the function.

Question 127

Which of the following are not viable use cases for AWS Lambda?

• Serverless backends that handle various kinds of web request
• Serverless backends for distributed mobile applications
• Real-time file processing
• Machine learning inference
• Alexa skills
• Infrastructure management
• None of the above
• All of the above

Answer 127

None of the above

Question 128

For AWS Lambda, an event source must be CloudWatch trigger event.
(True/False)

Answer 128

False

Question 129

Which of the following most accurately characterizes the Push model for AWS Lambda?

• With the Push model, an AWS service invokes the Lambda function synchronously or asynchronously.
• With the Push model, a client pushes events to the Lambda asynchronously, which then dispatches the appropriate Lambda function. The client waits for a response.
• With the Push model, an AWS service places events into a stream or queue and Lambda retrieves those events from the stream or queue.
• None of the above

Answer 129

• With the Push model, an AWS service invokes the Lambda function synchronously or asynchronously.

Question 130

Which of the following most accurately characterizes the Pull model for AWS Lambda?

• With the Pull model, Lambda polls the client for its state and then, when the client is in the prerequisite state dispatches the appropriate Lambda function.
• With the Pull model, Lambda polls other services (like S3 and CloudWatch) for certain types of events; if Lambda detects one (or more) events, it invokes the appropriate Lambda function.
• With the Pull model, Lambda polls a stream or queue for an event and invokes the Lambda function when one (or more) events are obtained.
• None of the above

Answer 130

• With the Pull model, Lambda polls a stream or queue for an event and invokes the Lambda function when one (or more) events are obtained.

Question 131

Some services, like S3, automatically retry Lambda function invocations if there is a failure.
(True/False)

Answer 131

True

Question 132

The run or execution permissions for a Lambda function determine which event sources can invoke the function.
(True/False)

Answer 132

False

Question 133

Consider the following policy that determines what or who can invoke a Lambda function. What is the event source in this policy?

{
“Version”: “2012-10-17”,
“Id”: “default”,
“Statement”: [
{
“Sid”: “lambda-allow-s3-my-function”,
“Effect”: “Allow”,
“Principal”: {
“Service”: “s3.amazonaws.com”
},
“Action”: “lambda:InvokeFunction”,
“Resource”: “arn:aws:lambda:us-east-2:123456789012:function:my-function”
“Condition”: {
“StringEquals”: {
“AWS:SourceAccount”: “123456789012”
},
“ArnLike”: {
“AWS:SourceArn”: “arn:aws:s3:::my-bucket”
}
}
}
]
}

• Lambda
• Correct Answer
• S3
• my-function
• Account 123456789012
• my-bucket
• None of the above

Answer 133

S3

Question 134

{
“Version”: “2012-10-17”,
“Id”: “default”,
“Statement”: [
{
“Sid”: “lambda-allow-s3-my-function”,
“Effect”: “Allow”,
“Principal”: {
“Service”: “s3.amazonaws.com”
},
“Action”: “lambda:InvokeFunction”,
“Resource”: “arn:aws:lambda:us-east-2:123456789012:function:my-function”
“Condition”: {
“StringEquals”: {
“AWS:SourceAccount”: “123456789012”
},
“ArnLike”: {
“AWS:SourceArn”: “arn:aws:s3:::my-bucket”
}
}
}
]
}

What kind of policy is shown in?

• Lambda function execution policy
• Resource policy for Lambda function invocation
• Authentication policy
• Run policy
• An IAM identity policy for Lambda function invocation
• None of the above

Answer 134

• Resource policy for Lambda function invocation

Question 135

Which of the following are not included in a .zip or .jar deployment package for a Lambda function? Select all that apply.

• The application code for the function
• Dependencies
• Execution Role
• Invocation policy
• Lambda function configuration parameters

Answer 135

• Execution Role
• Invocation policy
• Lambda function configuration parameters

Question 136

With AWS Lambda, common dependencies can be place in “Layers” to reduce deploy package size.
(True/False)

Answer 136

True

Question 137

The event object that is passed to a Lambda function handler provides information about what triggers the invocation
(True/False)

Answer 137

True

Question 138

The context object that is passed to a Lambda functions contains user-defined data related to the event that triggered the functions invocation.
(True/False)

Answer 138

False

Question 139

If a Lambda writes something to the console, that output will be recorded in CloudWatch logs independent of any configuration setting or policy.
(True/False)

Answer 139

False

Question 140

Which of the following is not considered a best practice for building lambda functions? Select all that apply.

• Write modular functions.
• Store state information in static data structures that are part of the function.
• Separate core business logic out of the main handler function.
• Use recursive function calls to avoid unnecessary loops or iterative statements.
• Return appropriate result information to AWS Lambda.
• Include all anticipated dependencies for future features, so those extensions are easier to make.
• Including logging statement.
• Optimize the size of the function’s memory footprint.
• Use property files embedded in your deployment package for configuration parameters.
• Reuse temporary runtime environment.
• Share common dependencies with layers.

Answer 140

• Store state information in static data structures that are part of the function.
• Use recursive function calls to avoid unnecessary loops or iterative statements.
• Include all anticipated dependencies for future features, so those extensions are easier to make.
• Use property files embedded in your deployment package for configuration parameters.

Question 141

Lambda creates a new version of your function each time that you deploy the function.
(True/False)

Answer 141

False

Question 142

Instead of having Lambda assign a sequential version number automatically, you can assign a new version a unique name called an alias that takes the place of the version number.
(True/False)

Answer 142

False

Question 143

Which of the following statements about APIs, in general, is false? Select all that apply.

• API and SDK are synonyms for the same concept.
• An API is a means by which one layer of software can interact with another.
• A distributed application will only ever involve one API.
• An API is an abstraction.
• None of the above

Answer 143

• API and SDK are synonyms for the same concept.

- A distributed application will only ever involve one API.

Question 144

All RESTful APIs follow a request-reply communication pattern.
(True/False)

Answer 144

True

Question 145

WebSocket APIs are good for real-time communications between a client and a server because they are based on one-way, connectionless message transmissions.
(True/False)

Answer 145

False

Question 146

A RESTful API must implement all of the standard REST-style operations, e.g., GET, POST, PUT, etc.
(True/False)

Answer 146

False

Question 147

Which of the following can an API Gateway not do?

• Start the state machines for AWS Step Functions
• Act as a frontend to DymanoDB
• Make calls to a website running on an EC2 instance
• Make calls to a web services outside of AWS with publicly accessible HTTP endpoints
• Act as a proxy for requests to S3
• Make calls to AWS Elastic Beanstalk
• Act as a proxy to RDS
• None of the above

Answer 147

• None of the above

Question 148

Amazon API Gateway supports both RESTful and websocket APIs.

True/False

Answer 148

True

Question 149

API Gateway lets you run multiple versions of the same API simultaneously.
(True/False)

Answer 149

True

Question 150

Which of the following can be used to control access to an API implement with Amazon API Gateway? Select all that apply.

• Lambda authorizers
• AWS Signer
• IAM resource policies
• Client-side SSL certificates
• CORS
• Amazon Secrets Manager
• Amazon Cognito
• None of the above

Answer 150

• Lambda authorizers
• IAM resource policies
• Client-side SSL certificates
• CORS
• Amazon Cognito

Question 151

Output (written to the console output stream) in a Lambda function automatically appear in the API Gateway logs when testing using the API Gateway Console.
(True/False)

Answer 151

False

Question 152

You can test your API Gateway before creating a stage.

True/False

Answer 152

True

Question 153

A stage can help you optimize a deployment of an API Gateway through by enabling API caching that is specific to the stage, but you have to be using CloudFront in conjunction with the stage in order to use the API caching feature.
(True/False)

Answer 153

False

Question 154

An API Gateway can allow you to establish throttle rules for requests coming into your application.
(True/False)

Answer 154

True

Question 155

Below is a URL for the stage of an API Gateway, with certain parts replaced by A, B, and C.

        https://A.execute-api.B.amazonaws.com/C

Which of the following statements is true?

• A is the stage and B is the region
• A is the region and B is the stage
• B is the stage and C is the region
• B is the region and C is the stage
• A is the stage and C is the region
• A is the region and C is the stage

Answer 155

• B is the region and C is the stage

Question 156

Which of the following metrics does the API Gateway sent to CloudWatch by default?

• Number of client-side and server-side errors
• Total number of API calls
• A client’s IP Address
• Number of requests that were served from the backend in a given period when caching is enabled
• Integration latency
• Time between when API Gateway receives a request from a client and when it returns a response to the client
• The type of browse the client is using
• Number of requests that were served from the API cache in a given period
• None of the above

Answer 156

• Number of client-side and server-side errors
• Total number of API calls
• Number of requests that were served from the backend in a given period when caching is enabled
• Integration latency
• Time between when API Gateway receives a request from a client and when it returns a response to the client
• Time between when API Gateway receives a request from a client and when it returns a response to the client
• Number of requests that were served from the API cache in a given period

Question 157

When using AWS, all microservices need to be implemented using AWS Lambda functions.
(True/False)

Answer 157

False

Question 158

When implementing a distributed application on AWS, you must design your application using a Microservice Architectural style.
(True/False)

Answer 158

False

Question 159

Which of the following is not a benefit of AWS Step Functions?

• You can evolve your applications easily.
• The applications can be responsive to changing workloads.
• The applications can be scalability.
• You have the ability to update applications quickly.
• None of the above

Answer 159

• None of the above

Question 160

When you set up a workflow with Step Functions, you need to make sure that it is configured to run on an EC2 instance that has sufficient capacity to handle the workload.
(True/False)

Answer 160

False

Question 161

Step Functions provides a reliable way to coordinate components of a distributed application.
(True/False)

Answer 161

True

Question 162

The primary reason that Step Functions logs the state of each step is to facilitate diagnosing and debugging problems.
(True/False)

Answer 162

True

Question 163

The primary reason that Step Functions logs the state of each step is to facilitate diagnosing and debugging problems.
(True/False)

Answer 163

True

Question 164

A workflow using Step Functions consists of steps and transmissions.
(True/False)

Answer 164

False

Question 165

Using AWS terminology, the term workflow is synonymous with the term state machine.
(True/False)

Answer 165

True

Question 166

In the context of Step Functions, any step can perform a task.
(True/False)

Answer 166

False

Question 167

Which of the following can the logic of a workflow do?

• Select a next-state based on data-based condition.
• Detect a task that is taking too long and considered it as having failed.
• Catch an exception and execute an appropriate behavior.
• Retry failed tasks.
• Run tasks in parallel.
• Run tasks in sequences.
• None of the above

Answer 167

• Select a next-state based on data-based condition.
• Detect a task that is taking too long and considered it as having failed.
• Catch an exception and execute an appropriate behavior.
• Retry failed tasks.
• Run tasks in parallel.
• Run tasks in sequences.

Question 168

A Pass state can transform the input and pass it new data along as the output or part of the output.
(True/False)

Answer 168

True

Question 169

Which of the following can a Task state do. Select all that apply.

• Call a Lambda Function
• Wait for an activity worker to say that the step is completed.
• Call another service (via its API)
• None of the above

Answer 169

• Call a Lambda Function
• Wait for an activity worker to say that the step is completed.
• Call another service (via its API)

Question 170

With the Step Functions console, you can visualize detailed information about the execution of a workflow in true real-time.
(True/False)

Answer 170

False

Question 171

In the context of Step Functions, an activity is a small piece of logic that will typically execute in less than 5ms.
(True/False)

Answer 171

False

Question 172

A Choice state is analogous to a switch or case statement in many common programming languages.
(True/False)

Answer 172

True

Question 173

A state machine moves to the next state of a parallel state as soon as one branch of the parallel statement is done.
(True/False)

Answer 173

False

Question 174

With a Wait state, you can specify either a relative or an absolute time.
(True/False)

Answer 174

True

Question 175

Step Functions have to be created online using the AWS Steps Functions Console, using the visualization tool.
(True/False)

Answer 175

False

Question 176

Which protocol does AWS use to secure network communications with its API?

• SSL
• HTTPS
• IP
• TLS
• TCP
• None of the above

Answer 176

• TLS

Question 177

Which of the following is not a common challenge associated with managing certificates?

• Discovery
• Rotation and renewals
• Verifying that someone or a server is authorized to approve and issue certificates
• Finding and vulnerabilities caused by misconfigurations
• None of the above

Answer 177

• None of the above

Question 178

AWS ACM is a service that lets you provision public and private SSL certificates, but those certificates can only be deployed using the API Gateway.
(True/False)

Answer 178

False

Question 179

AWS ACM can help you meet compliance requirements.

True/False

Answer 179

True

Question 180

Which of the following is not something that the AWS Secrets Manager can help you do?

• Manage database credentials
• Audit secret rotation
• Provide a scalable way for storing and managing secrets
• Help with encryption/decryption of Gateway API communicates
• Program the logic for accessing a secret in your application
• Rotate secrets in that way that won’t break a distributed application
• Obfuscate passwords embedded in application code
• None of the above

Answer 180

• Help with encryption/decryption of Gateway API communicates
• Program the logic for accessing a secret in your application
• Obfuscate passwords embedded in application code

Question 181

With AWS Secrets Manager, secures can automatically replicated to multiple regions.
(True/False)

Answer 181

True

Question 182

A secret stored by AWS Secret Manager will always contain exactly one key-value pair.
(True/False)

Answer 182

False

Question 183

An AWS Lambda Function can be used to rotate a secret on a periodic schedule.
(True/False)

Answer 183

True

Question 184

Temporary security credentials created with the AWS Security Token Service consist of a one-use access key ID and a password.
(True/False)

Answer 184

False

Question 185

An AWS STS trusted user can be an end user whose identity was authenticated through LDAP.
(True/False)

Answer 185

True

Question 186

An AWS STS trusted user can be an end user whose identity was authenticated through a third-party identity provider.
(True/False)

Answer 186

True

Question 187

An AWS STS trusted user can be an application running on an EC2 instance.
(True/False)

Answer 187

True

Question 188

An IdP manages user permissions, i.e., what a user is allowed to do.
(True/False)

Answer 188

False

Question 189

One of the responsibilities of an Identity Broker is to retrieve temporary credentials from AWS STS.
(True/False)

Answer 189

True

Question 190

SAML is an internal AWS standard for exchanging authorization data between services.
(True/False)

Answer 190

False

Question 191

Consider a distributed application that includes a mobile app. This mobile app allows end-users can use to perform complex tasks involving a variety of AWS services. The only authentication and authorization that needs to be part of this distributed application is a secure way for accurately determining the identity of the end-user prior to accessing any of the AWS services.
(True/False)

Answer 191

False

Question 192

Which of the following can you do with Amazon Cognito?

• Authenticate users with Twitter
• Storage and manage mobile app secrets
• Allow end users to register for an account
• Rotate the credentials for a mobile app’s backend database
• Encrypt communications between a mobile app and an AWS service
• Provide temporary security credentials to a mobile application
• None of the above

Answer 192

• Authenticate users with Twitter
• Allow end users to register for an account
• Provide temporary security credentials to a mobile application

Question 193

Which of the following scenarios would be an appropriate use of Amazon Cognito for a mobile app whose users are most likely already have Facebook, Google, Amazon, or Apple accounts? Select all the apply.

• Use an identity pool to get a token from the third-party IdP and then exchange that token for temporary credentials.
• Setup a user pool that allows for federated sign-ins and an identity pool for exchanging user-pool tokens for temporary credentials.
• Setup a user pool for custom sign-ups and sign-ins and an identity pool that coordinates those activities with a third-party IdP.
• Set up an API Gateway that handles the authentication and an identity pool that handles the authorization.
• None of the above

Answer 193

• Setup a user pool that allows for federated sign-ins and an identity pool for exchanging user-pool tokens for temporary credentials.

Question 194

Which of the following scenarios would be the most appropriate use of Amazon Cognito for a web-based application for a company’s employees whose users all have company accounts managed by an internal SAML-compatiable IdP?

• Setup a user pool that allows for direct sign-ins and an identity pool for exchanging user-pool tokens for temporary credentials.
• Set up an API Gateway that only authenticates IAM users in the company’s AWS account and uses an identity pool to grant permissions.
• Use an identity pool to get token from the company’s IdP and then exchange that token for temporary credentials
• Authenticate with the company’s IdP and exchange the tokens returned from the IdP with an identity pool for temporary credentials.
• None of the above
• Any of the above

Answer 194

• Authenticate with the company’s IdP and exchange the tokens returned from the IdP with an identity pool for temporary credentials.

Question 195

The Amazon Cognito can help synchronize certain kinds of data across a user’s devices (e.g., a phone and a tablet).
(True/False)

Answer 195

True

Question 196

DevOps aims to create appropriate boundaries between development teams and operations teams, so each can work independently and efficiently.
(True/False)

Answer 196

False

Question 197

Which of the following helps with the rapid delivery of secure, reliable, and maintainable distributed applications? Select all that apply.

• Use CI/CD processes and tools
• Limit the usage of compute services to containers and Lambda Functions
• Automate deployment
• Adopting a microservice-style of architecture
• Automate the provisioning of necessary infrastructure for a distributed application
• Limit the use of authentication services to IAM identities
• None of the above

Answer 197

• Use CI/CD processes and tools
• Automate deployment
• Adopting a microservice-style of architecture
• Automate the provisioning of necessary infrastructure for a distributed application

Question 198

Which of the following is an AWS service explicitly for CI/CD? Select all that apply.

• CodeCommit
• X-Ray
• CloudShell
• CodePipeline
• Cloud9
• CodeDeploy
• CodeStar

Answer 198

• CodeCommit
• CodePipeline
• CodeDeploy
• CodeStar

Question 199

Which of the following services help a team treat infrastructure as code? Select all that apply.

• AWS Config
• AWS CloudFormation
• AWS CloudTrail
• AWS OpsWorks
• AWS Systems Manager

Answer 199

• AWS CloudFormation
• AWS OpsWorks
• AWS Systems Manager

Question 200

CI involves verifying each change (e.g., a version committed to a central Git repository by a developer) using an automated build and test process.
(True/False)

Answer 200

True

Question 201

Continuous Delivery involves the automatically transmission of new versions of a software system to the customers.
(True/False)

Answer 201

False

Question 202

AWS CodeStar can help developers set up a new project and the CI/CD toolchain.
(True/False)

Answer 202

True

Question 203

AWS CodeBuild is a tool for compiling your code within your IDE and as such takes the place of Ant, Gradle, Maven, and build tools.
(True/False)

Answer 203

False

Question 204

With canary testing, you must split your end-users into two random groups of approximately the same size.
(True/False)

Answer 204

False

Question 205

Which kind of deployment strategy would you use, if you wanted to first check a new version with a small group of users and then release it to all of your users if it worked well with the first group?

• Rolling
• Canary
• Blue/Green
• In-Place
• None of the above

Answer 205

• Canary

Question 206

Elastic Beanstalk is a fully managed service that can coordinate the use of EC2, CloudWatch, Auto Scaling, and ELB.
(True/False)

Answer 206

True

Question 207

Which of the following can be in Elastic Beanstalk environment? Select all that apply.

• A web server running on an EC2 instance
• Containers managed by Fargate
• An Autoscaling Group with Elastic Load Balancing
• Worker processes running on EC2 instances
• Lambda functions
• An API Gateway

Answer 207

• A web server running on an EC2 instance
• An Autoscaling Group with Elastic Load Balancing
• Worker processes running on EC2 instances

Question 208

Elastic Beanstalk can do a rolling update for the deployment strategy of a new version.
(True/False)

Answer 208

True

Question 209

Which of the following can the CLI for Elastic Beanstalk help developers do? Select all that apply.

• Set default values for an application
• List all the environments for the current application
• Terminate specific EC2 instances in an environment
• Create a new environment
• Check the health of an environment
• Deploy the most recent version of an application
• None of the above

Answer 209

• Set default values for an application
• List all the environments for the current application
• Create a new environment
• Check the health of an environment
• Deploy the most recent version of an application

Question 210

Elastic Beanstalk will assume an instance role so it can use other AWS services on your behalf.
(True/False)

Answer 210

False

Question 211

AWS CloudFormation is a fully managed service that provides a common language for you to describe and provision infrastructure resources for your cloud environment.
(True/False)

Answer 211

True

Question 212

A stack in CloudFormation is the set of resources generated by a template.
(True/False)

Answer 212

True

Question 213

AWS SAM is an extension of AWS CloudFormation.

True/False

Answer 213

True

Question 214

One of the main purposes of the AWS SAM CLI is to provision EC2 instances.
(True/False)

Answer 214

False

Question 215

In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.

• AWS Authentication -
• Logging into the AWS Management Console
• Verifying the identity of an application end user
• Verifying a mobile app that is trying to use an AWS resource
• A lambda function is trying to establish a Postgres connection

Answer 215

• Logging into the AWS Management Console

Question 216

In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.

Application Authentication

• Logging into the AWS Management Console
• Verifying the identity of an application end user
• Verifying a mobile app that is trying to use an AWS resource
• A lambda function is trying to establish a Postgres connection

Answer 216

• Verifying the identity of an application end user

Question 217

In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.

• Resource Authentication -
• Logging into the AWS Management Console
• Verifying the identity of an application end user
• Verifying a mobile app that is trying to use an AWS resource
• A lambda function is trying to establish a Postgres connection

Answer 217

• Verifying a mobile app that is trying to use an AWS resource

Question 218

In the context of developing and running cloud-based applications, there are many places where authentication may be needed. Match the following terms of different types of authentication with examples of where it might be used.

• Database Authentication -
• Logging into the AWS Management Console
• Verifying the identity of an application end user
• Verifying a mobile app that is trying to use an AWS resource
• A lambda function is trying to establish a Postgres connection

Answer 218

• A lambda function is trying to establish a Postgres connection