Monitoring and Troubleshooting

Question 1

Your security team have brought in an external auditor to review the security standards across your AWS account. They have identified that your development team have elevated privileges across a number of services, which according to company policy, they should not have access to. You have been asked to help work out which of the IAM policies are granting too much access to the team. Which of the following can you use to find out which policies are granting too many privileges?

Answer 1

IAM Policy Simulator

With the IAM policy simulator, you can test and troubleshoot IAM and resource-based policies attached to IAM users, groups, or roles in your AWS account. You can test which actions are allowed or denied by the selected policies for specific resources

Question 2

You are trying to diagnose a performance problem with your serverless application, which uses Lambda, API Gateway, S3 and DynamoDB. Your DynamoDB table is performing well and you suspect that your Lambda function is taking too long to execute. Which of the following could you use to investigate the source of the issue?

Answer 2

-AWS X-Ray

AWS X-Ray can be used to display a histogram showing the latency of your Lambda function. Latency is the amount of time between when a request starts and when it completes. API Gateway Integration Latency in the time between when API Gateway relays a request to the backend and when it receives a response from the backend. API Gateway Latency is the time between when API Gateway receives a request from a client and when it returns a response to the client. The latency includes the integration latency and other API Gateway overhead. Lambda Invocations Sum measures the number of times a function is invoked in response to an event or invocation API call.

-API Gateway Integration Latency metric in CloudWatch

AWS X-Ray can be used to display a histogram showing the latency of your Lambda function. Latency is the amount of time between when a request starts and when it completes. API Gateway Integration Latency in the time between when API Gateway relays a request to the backend and when it receives a response from the backend. API Gateway Latency is the time between when API Gateway receives a request from a client and when it returns a response to the client. The latency includes the integration latency and other API Gateway overhead. Lambda Invocations Sum measures the number of times a function is invoked in response to an event or invocation API call.

Question 3

You are working on an application for an online training company which stores product data in DynamoDB. This week, the company is running a big promotion on a few courses and this is bringing lots of new traffic to your website, causing an increased number of queries to the database. Database queries are now running much slower than usual and the Operations Team are concerned that the DynamoDB table is being throttled. Which of the following approaches would you recommend to improve read performance?

Answer 3

Configure a DAX cluster and point the DynamoDB API calls at the DAX cluster

Using DAX is the recommended approach to reducing response times for read-intensive applications, applications which read a small number of items frequently and also applications which perform repeated reads against a large set of data. Read Replicas are not a feature of DynamoDB. Configuring the application to use scans instead is not an efficient solution.

Question 4

You are attempting to upload a number of objects to S3, however you keep seeing the following error message: “AmazonS3Exception: Internal Error; Service: Amazon S3;” Which of the following is the best explanation for this kind of error?

Answer 4

This is a 500 type error, which is a server-side error

This is an Internal Error which indicates that Amazon S3 is unable to handle the request at that time. Internal errors or server-side errors have a 5xx status code, whereas client-side errors have a 4xx status code.

Question 5

A company has deployed a new serverless Single Page Application (SPA) on AWS. The application ran smoothly in the first few weeks until it got featured on a popular television show. As it gained popularity, the number of users getting a 503 error also increased. The developer found out that this is due to the throttling of the Lambda function.

What can the developer do to troubleshoot this issue? (Select THREE.)

Answer 5

• Use exponential backoff in your app
• Configure reserved concurrency
• Request a service quota increase.

The following are the recommended solutions to handle throttling issues:

Configure reserved concurrency - you can increase your reserved concurrent limit to meet the demand of your current workload.

Use exponential backoff in your app - a technique that uses progressively longer waits between retries for consecutive error responses. This can be used to handle throttling issues by preventing collision between simultaneous requests.

Use a dead-letter queue - If you’re using Amazon S3 and Amazon Cloudwatch events, configure your function with a dead letter queue to catch any events that are discarded due to constant throttles. This can protect your data if you’re seeing significant throttling.

Request a service quota increase - you can reach AWS support to request for a higher service quota for concurrent executions.