MyIndexCards Flashcards

1
Q

Cognito Process

User authenticates with WebID Provider
Receives token
Token received for temp aws creds
Assume IAM Role

A

Cognito Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Route 53

Lookup domain for host

A

DNS Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Route 53

Translates host name into an IP address

A

DNS Host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Local Secondary Index

Same partition key as

A

Base Index

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cognito

User directory for applications

A

Cognito User Pool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cognito

With federated id you obtain temporary, limited privileges to AWS credentials and services

A

Cognito Federated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cognito

Maps a user from identity provider to an IAM role

A

Identity Pool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SQS

Not guaranteed - messages can be delivered more than once

A

Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SQS

Order is strictly maintained and messages may be delivered more than once.

A

FIFO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cognito

Identity broker that handles interaction between apps and web Id provider

A

Cognito

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Simple Notification Service (SNS)

Instant push of data that is flexible and inexpensive

A

SNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

S3 Security

Server side encryption with customer provided keys.

A

SSE-C

You give amazon your own keys that you manage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

S3 Security

AWS Key Management Service: You and Amazon manage keys together

A

SSE-KMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

S3 Security

S3 managed keys: Amazon manages keys for you

A

SSE - MKS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

S3

Eventual consistency for overwrite of PUTS and Deletes (can take some time to propagate)

A

You might see older object or deleted file until S3 catches up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

S3

Read after Write consistency for PUTS of new objects

A

As soon as you create an object it is available to read - immediately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

S3

Name of the object

A

Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

S3

Data made up in bytes

A

Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

S3

This is important for versioning

A

Version ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

S3

Data about data

A

Metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

S3

Capability that can be used to provide an additional layer of security.

A

MFA Delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

S3

Integrates with lifecycle rules

A

Versioning control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

S3

Versioning is a great backup tool
Once it is enabled it cannot be disabled

A

Only suspended

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

S3

Stores all versions of an object (including all writes and even if you delete an object)

A

Version Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Authentication

Helps to protect credentials needed to access databases, applications, services and IT resources. It enables users to easily, rotate, manage and retrieve database credentials, API keys and other secrets throughout their lifecycle.

A

Secrets Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Sample Question

A developer is designing a web app that allows users to post comments and receive near real-time feedback.

What architecture meets this requirement?

A

AppSync: Create flexible APIs to securely access, manipulate and combine data from one or more sources. Users get extracted data with real time updates
–AND–
DynamoDb table as data store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Sample Question

What combination of actions would allow a developer to add sign-up and sign-in to an app?

*The app is required to make a call to a custom analytics solution to log user events.

A

AWS Cognito: adds user sign-up and user sign-in

–AND–

Execute a Lambda function to make an API call triggered by a post-authentication event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Sample Question

What combination of services would allow users from ANOTHER AWS account to access REST APIs in an account.

A

Create a resource policy to allow access to the APIs from users in another account using
Signature Version 4 Protocols (SigV4)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Sample Question

A developer builds an app that transforms text files to .pdf files. The text files are written to a source S3 bucket by a separate app. The dev wants to read the files, as they arrive, in S3 and convert them to .pdf using Lambda. The dev wrote a policy to allow access to S3 and CloudWatch logs.

  • What needs to be done so that the Lambda function has correct permissions?
A

Create a Lambda execution role with IAM and attach an IAM policy to the role. Then assign the Lambda execution role to the Lambda function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Sample Questions

A company has AWS workloads in multiple regions. A dev created an Aurora DB in us-west-1. The database is encrypted using customer-managed keys. Now the dev wants to duplicate the db in us-east-1.

  • How can this be accomplished
A

Create a snapshot of db in us-west-1

Copy the snapshot to us-east-1 and specify KMS

Restore the database from the copied snapshot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Sample Question

Delays loading a record until it is needed. It first checks the cache and if the record is not present, the record is retrieved from the database and stored in the cache.

  • What does this describe?
A

Lazy Loading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Sample Question

A developer is adding ElastiCache for Memcached to a company’s existing record storage app to reduce the load on the db and to increase performance. The developer has decided to use lazy loading based on analysis of common record handling patterns.

  • What pseudonym code implements lazy loading?
A

record_value = cache.get (record_key)
if (record_value == NULL)
record_value = db.query(“SELECT Detail FROM Records WHERE ID == {0}, record_key)
cache.set (record_key, record_value)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Sample Questions

A developer wants to track performance of an app that runs on a fleet of EC2 instances. The developer wants to view and track stats across the fleet such as average and maximum request latency. The dev wants immediate notification if average response time exceeds a threshold.

How can the developer accomplish this?

A

Configure the app to write response times to a log file.

Install and configure CloudWatch agent on the instance to stream to stream app logs to CloudWatch.

Create a metric filter of response times from the log.

View graphs in CloudWatch console.

Create an alarm to send to SNS notification when the average of response time metric exceeds threshold.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Sample Question

A developer is testing an app locally and has deployed it to Lambda. To remain under the package size limit, the dependencies were NOT included in the deployment file. When testing the app remotely, the function does not execute due to missing dependencies.

  • What would resolve this?
A

Attach a layer to the Lambda function that contains the missing dependencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Sample Questions

A dev is building a web app that uses the API Gateway and he wants to maintain different envs for dev and prod workloads. The API is backed by a Lambda function with two aliases: one for dev and one for prod.

  • How can this be achieved with LEAST amount of configuration?
A

Create one REST API and integrate it with Lambda using STAGE VARIABLES in place of alias.

Then deploy the API to two different stages - dev and prod.

Create stage variables in each stage with different aliases as values.

Access API using different stage URLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Assessment

You have an app running on EC2 that needs read-only access to several AWS services. What is the best way to grant that app permission only to a specific set of resources in your account?

A

Launch EC2 instances into IAM Role with custom IAM policies for the permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Assessment

You have deployed a new app in us-west (Oregon) Region. However, you accidentally deployed an Amazon Polly lexicon need for your app to EU (London). How can you use your lexicon to synthesize speech while minimizing the changes to your app code and reducing cost?

A

Upload a copy of the lexicon to us west (Oregon)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Assessment

When your placing subnets for a specific VPC you can place subnets

A

In any AZ within the region for the VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Assessment

You identified two EC2 instances in your account that appear to have the SAME IP address. How/Why?

A

These instances are in different VPCs

40
Q

Assessment

You have a workload that requires 15,000 consistent IOPS for data that must be durable. What would you need for this scenario?

A

EBS Optimized Instance
–AND–
Provisioned IOPS SSD Volume

41
Q

Assessment

Your company stores critical documents in S3 but it wants to minimize cost. Most docs are used for about a month and then used much less frequently. However, all data needs to be available within minutes when requested. How?

A

Migrate the data to S3 Standard-IA after 30 days - using a lifecycle policy.

42
Q

Assessment
AWS

Your migrating your company’s apps and data from on premises to the AWS cloud. You have performed a data inventory and discovered that you will need to transfer about 2 PB of data to AWS. Which migration option will be the best choice for your company with minimal cost and shortest time?

A

Snowball

43
Q

Assessment

This is meant to be used for datasets of 10 PB or more

A

Snowmobile.

44
Q

Assessment

You are changing your app to take advantage of elasticity and cost benefits provided by auto scaling. To do this, you must move session state information from the EC2 instances. What AWS service is best suited as an alternative to storing session data.

A

DynamoDB

45
Q

Assessment

Your company’s senior management wants to query several data stores to obtain a “big picture” view of the business. The amount of data contained within the data stores is at least 2 TB in size. What service is the best option?

A

Amazon Redshift

46
Q

Assessment

What are the characteristics of Redshift

A

Data warehousing that span multiple data repositories and are at least 2 TB in size.

47
Q

Assessment

Your e-commerce application provides daily ad hoc reporting to various business units on customer purchases. These ops result in high level read traffic to your MySQL RDS instance. What can you do to scale up read traffic without impacting db performance?

A

Create a read replicas that provide enhanced performance and durability for RDS instances.

48
Q

Assessment

Your company has refactored their app to use NoSQL instead of SQL and they would like to use a managed service for running the new NoSQL db - which one would your recommend.

A

DynamoDB

49
Q

Assessment

A company is currently running RDS however, they are retiring a db that is currently running and they have automatic backups enabled on it. They want to ensure they retain the last backup before deleting the db. As the lead dev on the project what should you do?

A

Create a manual snapshot before deleting the db.

50
Q

Assessment

Used to migrate databases from one source to another

A

AWS Database Migration Service.

51
Q

Assessment

Can you SSH into an RDS database?

A

NO because it is a managed service.

52
Q

Assessment

When using Redshift on what node do you run your SQL queries

A

Leader Node

53
Q

Assessment

Acts as SQL endpoint and receives queries from client applications, parses the queries, and develops query execution plans.

A

Leader Node

54
Q

Assessment

Executes query execution plan set up by the leader node.

A

Compute Node

55
Q

Assessment

The node where you submit the actual query

A

Leader Node

56
Q

Assessment

Your company is building a recommendation feature for their app and they want to use a managed graph database - which would you recommend?

A

Neptune is a managed graph database

57
Q

Assessment

You have a DynamoDB table that has a partition key and a sort key. However, a business analyst on your team wants to be able to query the DynamoDB table with a different partition key. How?

A

Create a global secondary index

58
Q

Assessment

Enables you to use a different partition key or primary key in addition to a different sort key

A

Global Secondary Index

59
Q

Assessment

These secondary indexes can only have a different sort key.

A

Local Secondary Index

60
Q

Assessment

An app is using DynamoDB and a developer on your team noticed that occasionally the app does not return the most up-to-date data after a read from the database. How can this be solved.

A

Configure the app to run a strongly consistent read.

61
Q

Assessment

A developer on your team would like to test a new idea and requires a NoSQL database. Your current apps are using DynamoDB. What should be recommended?

A

Use DynamoDB Local

62
Q

Assessment

Downloadable version of DynamoDB that enables you to write and test apps without accessing the web service.

A

DynamoDB local.

63
Q

Assessment

The AWS Encryption SDK provides an encryption library that integrates with AWS KMS as a master key provider. What does the AWS Encryption SDK perform to build on the AWS SDK?

A

SDK is a client-side library designed to streamline data security operations so that customers can follow encryption best practices.

64
Q

Assessment

What cryptographic algorithm does AWS Encryption SDK support

A

AES - 256

65
Q

Assessment

Amazon EBS volumes are encrypted by default

A

FALSE

Because encryption is optional

66
Q

Assessment

What cannot be retained when deleting an AWS Elastic Beanstalk environment

A

ELB automatically deletes your RDS instance when your environment is deleted and does not automatically retain the data.

67
Q

Assessment

Since ELB automatically deletes your RDS instance upon deletion, how do you retain the data?

A

Make a snapshot BEFORE you delete the Beanstalk

68
Q

Assessment

What can Elastic Beanstalk do with language runtime platform changes.

A

Notify account users.

69
Q

Assessment

What can Elastic Beanstalk do with events

A

Display them per environment

70
Q

Assessment

What can Elastic Beanstalk do with instance statuses per environment

A

Show them

71
Q

Assessment

Something Elastic Beanstalk CANNOT do

A

Perform automatic changes to IAM policies.

72
Q

Assessment

What happens to AWS CodePipeline revisions, that upon reaching a manual approval gate, are rejected?

A

It is treated as a failed revision.

73
Q

Assessment

What strategy is invalid for migrating data to CodeCommit

A

Syncing files for S3 using CLI command

74
Q

Assessment

You have a CodeBuild task in your pipeline that requires large binary files that do not frequently change. What would be the best way to include these files in your build?

A

Create a custom build container that includes the files.

75
Q

Assessment

When you update AWS::S3:Bucket resource, what is the expected property if the Name property is updated?

A

Bucket names are globally unique and cannot be changed after a bucket is created. So you must create a replacement bucket when changing this property in CloudFormation

76
Q

Assessment

The preferred method of updating resources created by AWS CloudFormation?

A

Submit an updated template to CloudFormation to modify the stack.

77
Q

Assessment

When does the OpsWorks Stacks configure lifecycle event run?

A

On ALL instances in a stack when a single instance comes online or goes offline

78
Q

Assessment

What EC2 resources can OpsWorks Stacks manage?

A
Elastic IP Address
--
EBS Volumes
--
RDS db instances
79
Q

Assessment

What cloud service can Simple Active Directory (SimpleAD) use to authenticate users?

A

AWS WorkDocs

80
Q

Assessment

Identity Provider (IdP) and you cannot use Simple AD to authenticate users of EC2 or S3

A

Cognito

81
Q

Assessment

An implementation of Cognito - the best

A

Provide authentication to third-party web applications.

82
Q

Assessment

You manage a sales tracking system in which point-of-sale devices send transactions of this form:

{“date”:”2017-01-30”, “amount”:100.20, “product_id”:”1012”, “region”: “WA”, “customer_id”: “3382”}

You need to generate two real-time reports. The first reports on total sales per day for each customer. The second reports on the total sales per day for each product. What offering and service can you use to generate these real time reports?

A

Ingest data through Kinesis data streams.

Use Kinesis data analytics to query for sales per day for each product and sales per day for each customer using SQL queries.

Feed the results into two NEW streams in Kinesis Data Firehose

83
Q

Assessment

You design an application for selling toys online. Every time a customer orders a toy, you want to add an item into the orders table in DynamoDB and send an email to the customer acknowledging their order. The solution should be cost-effective and performant.

A

Use DynamoDB streams to publish a message every time there is a change in the table.

84
Q

Assessment

A company would like to use DynamoDB and they want to set up a NoSQL-style trigger. Can this be accomplished?

A

Yes.

You can use DynamoDB Streams and poll them with Lambda.

85
Q

Assessment

A company wants to access the infrastructure on which AWS Lambda runs. Is this possible?

A

No/Nay/Never

Lambda is a managed service and runs the necessary infrastructure on your behalf.

86
Q

Assessment

Using the smallest amount of memory possible for an AWS Lambda function, currently 128 MB, will result in the lowest bill. T or F

A

FALSE

Lambda uses 3 cost factors:
Amount of memory allocated
Amount of time spent on function (100-ms increments)
Number of times you execute or trigger a function

87
Q

Assessment

Two Amazon services used for caching

A

CloudFront
–and–
ElastiCache

88
Q

Assessment

Which API Gateway feature enables you to create a separate path that can be helpful in creating a dev endpoint and a prod endpoint?

A

Stages

89
Q

Assessment

What methods does API Gateway support?

A
GET
POST
PUT
PATCH
DELETE
HEAD
OPTIONS
90
Q

Assessment

What authorization mechanism does API Gateway support?

A

IAM Policies
Lambda customer authorizers
Cognito user pools

91
Q

Assessment

What tool can you use to develop and test AWS Lambda functions locally?

A

AWS SAM CLI

92
Q

Assessment

Which serverless AWS service can you use to store user session state?

A

DynamoDB

93
Q

Assessment

Which AWS service can you use to store user profile info?

A

Cognito

94
Q

Assessment

What are good candidates to store in cache?

A
Session State
--
Shopping Cart
--
Product Catalog
95
Q

Assessment

What cache engines does ElastiCache support

A

Memcached