fromWhizlabs

Question 1

Best services to implement serverless applications

Answer 1

• API Gateway

- Lambda

Question 2

What is the best option to encrypt global secondary indexes at minimum cost?

Answer 2

DynamoDB uses the CMK to generate and encrypt a unique data key for the table, known as Table Key. AWS owned are free while AWS managed are chargeable.

Question 3

What is the best option to monitor the incoming API connections to an elastic load balancer?

Answer 3

Use AWS Cloudtrail with your ELB. It captures all API calls fot the ELB as events.

Question 4

Correct format for stage variables to an HTTP url

Answer 4

Always:
${stageVariables.}
as
a full uri, a full domain, a subdomain, a path, a querystring

Question 5

Which options are required to have Cognito Events push to Kinesis Streams?

Answer 5

You can use an existent or new Kinesis Stream and create an IAM Role which grants permissions to Cognito to publish to the stream

Question 6

How can you improve the performance of an application designed to make scans against a DynamoDB?

Answer 6

• Use parallel scans (if you cannot avoid them)

- Design to use queries

Question 7

What is the best option If you want to move gradually from a version of APIs served by API gateway to newer versions?

Answer 7

Create another Stage in the API Gateway. An API stage is a logical reference to a lifecycle state of your API (for example dev, prod, v2, beta) API stages are identified by API ID and stage name.

Question 8

How Cognito evalues multiple rules for each role which gets assigned to users?

Answer 8

Rules are evaluated in sequential order & IAM role for first matching rule is used, unless a CustomRoleArn is specified to override the order

Question 9

Which is required to deploy a Lambda function using serverless deployment?

Answer 9

• Place the function code at the root level of the working directory along with the yaml file
• Use the cloudformation package command to package the deployment.

Question 10

Which is required to automate CodeDeploy to deploy an application requiring secure parameters stored in ssm?

Answer 10

Use aws ssm get-parameters with the –with-decryption option. This allows CodeDeploy to decrypt the password so it can be used in the application. Also use IAM roles to ensure the CodeDeploy service can access the KMS service.

Question 11

How can be fixed if queries to a DynamoDB table are using attributes which are not the partition key?

Answer 11

Add a global secondary index to the table.
Change all the queries to use the partition key is not an ideal approach, because involves changing the code
Global tables won’t work either because they are used o disaster recovery scenarios.

Question 12

How can you ensure that traffic is shifted slowly from one lambda function to another?

Answer 12

You can create or update an ALIAS with the –routing-config parameter.

Question 13

To enable CORS on a resource using API Gateway, for GET method, which action is required for all types of response except 200 ?

Answer 13

You have to manually configure to return Access-Control-Allow-Origin header with ‘*’ or specific origins to fulfill pre-flight handshakes.
The OPTIONS method is added for 200 responses only

Question 14

What can you use to save strings that exceed 400 kb on DynamoDB tables?

Answer 14

You can use S3. Exceeded items can be saved in buckets while an object identifier is saved in the table which points to an item in S3

Question 15

For applications that requires high-performance reads, what can be used to have consistent data writes and and avoid unpredictable spikes in DynamoDB?

Answer 15

Use Write Through Cache using DAX. As a write-through cache, DAX allows you to issue writes directly, so they are immediately reflected in the item cache. Also manage cache invalidations for you.

Question 16

How can you encrypt at rest a DynamoDB Table?

Answer 16

DynamoDB encryption is mandatory at the time of table creation itself and it is two types:

• Default method: AWS owned CMK
• AWS managed CMK

Question 17

What is the best option to diagnose performance between a backend that calls to a database?

Answer 17

Use the X-Ray service. It can be used to see the call trace and time spend on each layer.

Question 18

If you need to configure common values on different nodes across a redis cluster using elasticache service, which component you would use?

Answer 18

Using Parameters groups, which ensures all the nodes in the cluster are configured in the same way.

Question 19

What do you need to do if you have a program that needs to call different version of lambda functions for testing purposes?

Answer 19

Create one or more ALIAS. An alias is like a pointer to an specific lambda function version.

Question 20

At deploying using Elastic Beanstalk, what you must use to ensure the type of instance to be deployed?

Answer 20

• The Launch Configuration

- The environment manifest file. A yaml formatted file in the root of your application source bundle.

Question 21

A consumer is an application that processes all data from a Kinesis Data Streams. How much throughput receives consumers using Enhanced Fan-out?

Answer 21

They receive records with throughput up to 2MB per second per shard with average message propagation delay of 70 ms for all consumers

Question 22

Whit default Sampling rule, how many request X-Ray can records?

Answer 22

One request per second, and five percent of any additional request per host.

Question 23

Which services you need if you want an application based on Microservices architecture pattern using Docker orchestrated containers?

Answer 23

• ECS
• EC2
• ALB

Question 24

How you ensure better performance when surge an increase of GETs request to an S3?

Answer 24

Place a cloudfront distribution in front of your S3 bucket

Question 25

If you are getting the error ServiceException with your lambda function, what you must use?

Answer 25

Retry code with only “Errorsequals” string

Question 26

How many PUT and GET S3 requests you have per second per prefix?

Answer 26

3500 PUT and 5500 GET requests per prefix. So if you place 3 prefixes you get the triple performance on those requests.

Question 27

What you must to do if you have encryption at Rest in your Redshift cluster?

Answer 27

Just enable encryption for the cluster.

Question 28

What you need to do if you need encrypted traffic between viewer and cloudfront and in between the origin?

Answer 28

• The viewer protocol policy need to be set to HTTPS only or redirect HTTP to HTTPS
• Ensure that the origin protocol policy is set to HTTPS only

Question 29

How can you increase performance and reduce latency on an S3 bucket?

Answer 29

Use Cloudfront. You can use prefixes but it will only increase performance and will not reduce latency

Question 30

What you can do if you receive a message CodeStorageExceededException at uploading a lambda package?

Answer 30

• Reduce the size of your code

- Raise a call with aws support to increase the limit on the storage

Question 31

Which services are required for Monitoring and Troubleshooting of Lambda Functions?

Answer 31

• X-Ray

- Cloudwatch

Question 32

How you can schedule Lambda functions?

Answer 32

Using Cloudwatch events

Question 33

If you need to update an S3 notification configuration to a lambda function which version changed, what must be set?

Answer 33

When using Lambda Alias ARN in the notification configuration of S3, you only need to update the ALIAS ARN to point to the new lambda version. No changes are required in S3.

Question 34

How you ensure CodePipeline picks up code from S3 with all data encrypted at rest and the keys are managed by customer?

Answer 34

• Configure KMS with CMKs and use it for S3 bucket encryption
• Ensure that SSE is enabled on S3 bucket and data is encrypted at-rest on the CodeBuild environment using customer managed CMK

Question 35

How envelope encryption works?

Answer 35

Data is encrypted using plaintext data key and then data key is encrypted using plaintext master key

Question 36

If you want to analyze the information stored in Cognito what you must use?

Answer 36

Cognito streams. These can be pushed in real time into kinesis streams.

Question 37

Which two pair of services can be used to set Restful api service?

Answer 37

• Lambda + API Gateway
• EC2 + ELB
  Don’t think on S3 because is used to serve static content

Question 38

If you need on a messaging system that need to be processed in order as received

Answer 38

Use the SQS FIFO queues.

Note that fifo cannot be enabled on standard queues FIFO is a queue type

Question 39

During automatic CodeDeploy rollback, it will try to retrieve files that where part of the previous versions. If they were deleted or missing, what you need to do?

Answer 39

Manually required files to the instance or create a new application revision.

Question 40

Which are the best practices when it comes to make cost effective use of SQS queues?

Answer 40

• Group the SQS Api operations in batches

- Use long Polling

Question 41

How do you specify a search criteria on a DynamoDB Table?

Answer 41

You have to specify a key condition expression in the query, this is a string that determines the items to be read from the table or index.
And also you must to specify a partition key name and value in the equality condition

Question 42

If you need to delegate to containers the encryption of data using the KMS service, which command you need to invoque?

Answer 42

GenerateDataKey

GenerateDataKey WithoutPlaintext

Question 43

If you need to change the configuration options on a running Elastic BeanStalk environment, what is required?

Answer 43

Change the configuration from the AWS Console

Question 44

How do you perform a Blue/Green deployment for a new version of an application deployed with Elastic BeanStalk?

Answer 44

Create a new environment in the application (clone or launch a new one) with the updated version and perform a swap

Question 45

You need that all the data to a bucket is encrypted at rest and also the keys are managed by you. What is required?

Answer 45

• Client side encryption
• Server side encryption with customer provided keys
• Server side encryption with AWS KMS keys

Avoid any saying aws managed

Question 46

If you expect to have 400 read request on a S3 bucket what you must do to ensure the service will handle the workload?

Answer 46

Nothing. S3 can handle that. Remember S3 can support 5500 GET and 3500 PUT per second