MyIndexCards Flashcards
Cognito Process
User authenticates with WebID Provider
Receives token
Token received for temp aws creds
Assume IAM Role
Cognito Process
Route 53
Lookup domain for host
DNS Domain
Route 53
Translates host name into an IP address
DNS Host
Local Secondary Index
Same partition key as
Base Index
Cognito
User directory for applications
Cognito User Pool
Cognito
With federated id you obtain temporary, limited privileges to AWS credentials and services
Cognito Federated
Cognito
Maps a user from identity provider to an IAM role
Identity Pool
SQS
Not guaranteed - messages can be delivered more than once
Standard
SQS
Order is strictly maintained and messages may be delivered more than once.
FIFO
Cognito
Identity broker that handles interaction between apps and web Id provider
Cognito
Simple Notification Service (SNS)
Instant push of data that is flexible and inexpensive
SNS
S3 Security
Server side encryption with customer provided keys.
SSE-C
You give amazon your own keys that you manage.
S3 Security
AWS Key Management Service: You and Amazon manage keys together
SSE-KMS
S3 Security
S3 managed keys: Amazon manages keys for you
SSE - MKS
S3
Eventual consistency for overwrite of PUTS and Deletes (can take some time to propagate)
You might see older object or deleted file until S3 catches up
S3
Read after Write consistency for PUTS of new objects
As soon as you create an object it is available to read - immediately
S3
Name of the object
Key
S3
Data made up in bytes
Value
S3
This is important for versioning
Version ID
S3
Data about data
Metadata
S3
Capability that can be used to provide an additional layer of security.
MFA Delete
S3
Integrates with lifecycle rules
Versioning control
S3
Versioning is a great backup tool
Once it is enabled it cannot be disabled
Only suspended
S3
Stores all versions of an object (including all writes and even if you delete an object)
Version Control
Authentication
Helps to protect credentials needed to access databases, applications, services and IT resources. It enables users to easily, rotate, manage and retrieve database credentials, API keys and other secrets throughout their lifecycle.
Secrets Manager
Sample Question
A developer is designing a web app that allows users to post comments and receive near real-time feedback.
What architecture meets this requirement?
AppSync: Create flexible APIs to securely access, manipulate and combine data from one or more sources. Users get extracted data with real time updates
–AND–
DynamoDb table as data store
Sample Question
What combination of actions would allow a developer to add sign-up and sign-in to an app?
*The app is required to make a call to a custom analytics solution to log user events.
AWS Cognito: adds user sign-up and user sign-in
–AND–
Execute a Lambda function to make an API call triggered by a post-authentication event.
Sample Question
What combination of services would allow users from ANOTHER AWS account to access REST APIs in an account.
Create a resource policy to allow access to the APIs from users in another account using
Signature Version 4 Protocols (SigV4)
Sample Question
A developer builds an app that transforms text files to .pdf files. The text files are written to a source S3 bucket by a separate app. The dev wants to read the files, as they arrive, in S3 and convert them to .pdf using Lambda. The dev wrote a policy to allow access to S3 and CloudWatch logs.
- What needs to be done so that the Lambda function has correct permissions?
Create a Lambda execution role with IAM and attach an IAM policy to the role. Then assign the Lambda execution role to the Lambda function.
Sample Questions
A company has AWS workloads in multiple regions. A dev created an Aurora DB in us-west-1. The database is encrypted using customer-managed keys. Now the dev wants to duplicate the db in us-east-1.
- How can this be accomplished
Create a snapshot of db in us-west-1
Copy the snapshot to us-east-1 and specify KMS
Restore the database from the copied snapshot
Sample Question
Delays loading a record until it is needed. It first checks the cache and if the record is not present, the record is retrieved from the database and stored in the cache.
- What does this describe?
Lazy Loading
Sample Question
A developer is adding ElastiCache for Memcached to a company’s existing record storage app to reduce the load on the db and to increase performance. The developer has decided to use lazy loading based on analysis of common record handling patterns.
- What pseudonym code implements lazy loading?
record_value = cache.get (record_key)
if (record_value == NULL)
record_value = db.query(“SELECT Detail FROM Records WHERE ID == {0}, record_key)
cache.set (record_key, record_value)
Sample Questions
A developer wants to track performance of an app that runs on a fleet of EC2 instances. The developer wants to view and track stats across the fleet such as average and maximum request latency. The dev wants immediate notification if average response time exceeds a threshold.
How can the developer accomplish this?
Configure the app to write response times to a log file.
Install and configure CloudWatch agent on the instance to stream to stream app logs to CloudWatch.
Create a metric filter of response times from the log.
View graphs in CloudWatch console.
Create an alarm to send to SNS notification when the average of response time metric exceeds threshold.
Sample Question
A developer is testing an app locally and has deployed it to Lambda. To remain under the package size limit, the dependencies were NOT included in the deployment file. When testing the app remotely, the function does not execute due to missing dependencies.
- What would resolve this?
Attach a layer to the Lambda function that contains the missing dependencies.
Sample Questions
A dev is building a web app that uses the API Gateway and he wants to maintain different envs for dev and prod workloads. The API is backed by a Lambda function with two aliases: one for dev and one for prod.
- How can this be achieved with LEAST amount of configuration?
Create one REST API and integrate it with Lambda using STAGE VARIABLES in place of alias.
Then deploy the API to two different stages - dev and prod.
Create stage variables in each stage with different aliases as values.
Access API using different stage URLs
Assessment
You have an app running on EC2 that needs read-only access to several AWS services. What is the best way to grant that app permission only to a specific set of resources in your account?
Launch EC2 instances into IAM Role with custom IAM policies for the permissions.
Assessment
You have deployed a new app in us-west (Oregon) Region. However, you accidentally deployed an Amazon Polly lexicon need for your app to EU (London). How can you use your lexicon to synthesize speech while minimizing the changes to your app code and reducing cost?
Upload a copy of the lexicon to us west (Oregon)
Assessment
When your placing subnets for a specific VPC you can place subnets
In any AZ within the region for the VPC.
Assessment
You identified two EC2 instances in your account that appear to have the SAME IP address. How/Why?
These instances are in different VPCs
Assessment
You have a workload that requires 15,000 consistent IOPS for data that must be durable. What would you need for this scenario?
EBS Optimized Instance
–AND–
Provisioned IOPS SSD Volume
Assessment
Your company stores critical documents in S3 but it wants to minimize cost. Most docs are used for about a month and then used much less frequently. However, all data needs to be available within minutes when requested. How?
Migrate the data to S3 Standard-IA after 30 days - using a lifecycle policy.
Assessment
AWS
Your migrating your company’s apps and data from on premises to the AWS cloud. You have performed a data inventory and discovered that you will need to transfer about 2 PB of data to AWS. Which migration option will be the best choice for your company with minimal cost and shortest time?
Snowball
Assessment
This is meant to be used for datasets of 10 PB or more
Snowmobile.
Assessment
You are changing your app to take advantage of elasticity and cost benefits provided by auto scaling. To do this, you must move session state information from the EC2 instances. What AWS service is best suited as an alternative to storing session data.
DynamoDB
Assessment
Your company’s senior management wants to query several data stores to obtain a “big picture” view of the business. The amount of data contained within the data stores is at least 2 TB in size. What service is the best option?
Amazon Redshift
Assessment
What are the characteristics of Redshift
Data warehousing that span multiple data repositories and are at least 2 TB in size.
Assessment
Your e-commerce application provides daily ad hoc reporting to various business units on customer purchases. These ops result in high level read traffic to your MySQL RDS instance. What can you do to scale up read traffic without impacting db performance?
Create a read replicas that provide enhanced performance and durability for RDS instances.
Assessment
Your company has refactored their app to use NoSQL instead of SQL and they would like to use a managed service for running the new NoSQL db - which one would your recommend.
DynamoDB
Assessment
A company is currently running RDS however, they are retiring a db that is currently running and they have automatic backups enabled on it. They want to ensure they retain the last backup before deleting the db. As the lead dev on the project what should you do?
Create a manual snapshot before deleting the db.
Assessment
Used to migrate databases from one source to another
AWS Database Migration Service.
Assessment
Can you SSH into an RDS database?
NO because it is a managed service.
Assessment
When using Redshift on what node do you run your SQL queries
Leader Node
Assessment
Acts as SQL endpoint and receives queries from client applications, parses the queries, and develops query execution plans.
Leader Node
Assessment
Executes query execution plan set up by the leader node.
Compute Node
Assessment
The node where you submit the actual query
Leader Node
Assessment
Your company is building a recommendation feature for their app and they want to use a managed graph database - which would you recommend?
Neptune is a managed graph database
Assessment
You have a DynamoDB table that has a partition key and a sort key. However, a business analyst on your team wants to be able to query the DynamoDB table with a different partition key. How?
Create a global secondary index
Assessment
Enables you to use a different partition key or primary key in addition to a different sort key
Global Secondary Index
Assessment
These secondary indexes can only have a different sort key.
Local Secondary Index
Assessment
An app is using DynamoDB and a developer on your team noticed that occasionally the app does not return the most up-to-date data after a read from the database. How can this be solved.
Configure the app to run a strongly consistent read.
Assessment
A developer on your team would like to test a new idea and requires a NoSQL database. Your current apps are using DynamoDB. What should be recommended?
Use DynamoDB Local
Assessment
Downloadable version of DynamoDB that enables you to write and test apps without accessing the web service.
DynamoDB local.
Assessment
The AWS Encryption SDK provides an encryption library that integrates with AWS KMS as a master key provider. What does the AWS Encryption SDK perform to build on the AWS SDK?
SDK is a client-side library designed to streamline data security operations so that customers can follow encryption best practices.
Assessment
What cryptographic algorithm does AWS Encryption SDK support
AES - 256
Assessment
Amazon EBS volumes are encrypted by default
FALSE
Because encryption is optional
Assessment
What cannot be retained when deleting an AWS Elastic Beanstalk environment
ELB automatically deletes your RDS instance when your environment is deleted and does not automatically retain the data.
Assessment
Since ELB automatically deletes your RDS instance upon deletion, how do you retain the data?
Make a snapshot BEFORE you delete the Beanstalk
Assessment
What can Elastic Beanstalk do with language runtime platform changes.
Notify account users.
Assessment
What can Elastic Beanstalk do with events
Display them per environment
Assessment
What can Elastic Beanstalk do with instance statuses per environment
Show them
Assessment
Something Elastic Beanstalk CANNOT do
Perform automatic changes to IAM policies.
Assessment
What happens to AWS CodePipeline revisions, that upon reaching a manual approval gate, are rejected?
It is treated as a failed revision.
Assessment
What strategy is invalid for migrating data to CodeCommit
Syncing files for S3 using CLI command
Assessment
You have a CodeBuild task in your pipeline that requires large binary files that do not frequently change. What would be the best way to include these files in your build?
Create a custom build container that includes the files.
Assessment
When you update AWS::S3:Bucket resource, what is the expected property if the Name property is updated?
Bucket names are globally unique and cannot be changed after a bucket is created. So you must create a replacement bucket when changing this property in CloudFormation
Assessment
The preferred method of updating resources created by AWS CloudFormation?
Submit an updated template to CloudFormation to modify the stack.
Assessment
When does the OpsWorks Stacks configure lifecycle event run?
On ALL instances in a stack when a single instance comes online or goes offline
Assessment
What EC2 resources can OpsWorks Stacks manage?
Elastic IP Address -- EBS Volumes -- RDS db instances
Assessment
What cloud service can Simple Active Directory (SimpleAD) use to authenticate users?
AWS WorkDocs
Assessment
Identity Provider (IdP) and you cannot use Simple AD to authenticate users of EC2 or S3
Cognito
Assessment
An implementation of Cognito - the best
Provide authentication to third-party web applications.
Assessment
You manage a sales tracking system in which point-of-sale devices send transactions of this form:
{“date”:”2017-01-30”, “amount”:100.20, “product_id”:”1012”, “region”: “WA”, “customer_id”: “3382”}
You need to generate two real-time reports. The first reports on total sales per day for each customer. The second reports on the total sales per day for each product. What offering and service can you use to generate these real time reports?
Ingest data through Kinesis data streams.
Use Kinesis data analytics to query for sales per day for each product and sales per day for each customer using SQL queries.
Feed the results into two NEW streams in Kinesis Data Firehose
Assessment
You design an application for selling toys online. Every time a customer orders a toy, you want to add an item into the orders table in DynamoDB and send an email to the customer acknowledging their order. The solution should be cost-effective and performant.
Use DynamoDB streams to publish a message every time there is a change in the table.
Assessment
A company would like to use DynamoDB and they want to set up a NoSQL-style trigger. Can this be accomplished?
Yes.
You can use DynamoDB Streams and poll them with Lambda.
Assessment
A company wants to access the infrastructure on which AWS Lambda runs. Is this possible?
No/Nay/Never
Lambda is a managed service and runs the necessary infrastructure on your behalf.
Assessment
Using the smallest amount of memory possible for an AWS Lambda function, currently 128 MB, will result in the lowest bill. T or F
FALSE
Lambda uses 3 cost factors:
Amount of memory allocated
Amount of time spent on function (100-ms increments)
Number of times you execute or trigger a function
Assessment
Two Amazon services used for caching
CloudFront
–and–
ElastiCache
Assessment
Which API Gateway feature enables you to create a separate path that can be helpful in creating a dev endpoint and a prod endpoint?
Stages
Assessment
What methods does API Gateway support?
GET POST PUT PATCH DELETE HEAD OPTIONS
Assessment
What authorization mechanism does API Gateway support?
IAM Policies
Lambda customer authorizers
Cognito user pools
Assessment
What tool can you use to develop and test AWS Lambda functions locally?
AWS SAM CLI
Assessment
Which serverless AWS service can you use to store user session state?
DynamoDB
Assessment
Which AWS service can you use to store user profile info?
Cognito
Assessment
What are good candidates to store in cache?
Session State -- Shopping Cart -- Product Catalog
Assessment
What cache engines does ElastiCache support
Memcached