***NOT READY FOR STUDY*** AWS DEV-A Practice Exam 3

Question 1

Time to Live (TTL) for Amazon DynamoDB lets you ________ when items in a table ________ so that they can be automatically deleted from the database.

Answer 1

define ; expire

Question 2

When Time to Live (TTL) is enabled on a table in Amazon DynamoDB, a background job _____ __ _______ attribute of items to determine whether they are expired.

Answer 2

checks the TTL

Question 3

CodeBuild ________ your source code, ____ unit tests, and ________ artifacts that are ready to deploy.

Answer 3

compiles ; runs ; produces

Question 4

CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services

Answer 4

CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services

Question 5

A Developer needs to create an instance profile for an Amazon EC2 instance using the AWS CLI. How can this be achieved? (Select THREE.)

Answer 5

aws iam create-instance-profile –instance-profile-name EXAMPLEPROFILENAME

aws iam add-role-to-instance-profile –instance-profile-name EXAMPLEPROFILENAME –role-name EXAMPLEROLENAME

aws ec2 associate-iam-instance-profile –iam-instance-profile Name=EXAMPLEPROFILENAME –instance-id i-012345678910abcde

Question 6

Lambda: In synchronous invocations, the caller

Answer 6

waits for the function to complete execution and the function can return a value.

Question 7

Lambda: In asynchronous operation, the caller

Answer 7

places the event on an internal queue, which is then processed by the Lambda function.

Question 8

A Lambda authorizer (formerly known as a custom authorizer) is an API Gateway feature that uses a Lambda function to control access to your API.

Answer 8

A Lambda authorizer (formerly known as a custom authorizer) is an API Gateway feature that uses a Lambda function to control access to your API.

Question 9

A Lambda authorizer is useful if you want to implement a custom authorization scheme that uses a bearer token authentication or that uses request parameters to determine the caller’s identity.

Answer 9

A Lambda authorizer is useful if you want to implement a custom authorization scheme that uses a bearer token authentication or that uses request parameters to determine the caller’s identity.

Question 10

Data key caching can improve performance, reduce cost, and help you stay within service limits as your application scales.

Answer 10

Data key caching can improve performance, reduce cost, and help you stay within service limits as your application scales.

Question 11

How does Data key caching keep you from exceeding KMS service limits?

When you encrypt or decrypt data, the AWS Encryption SDK looks for a

Answer 11

matching data key in the cache. If it finds a match, it uses the cached data key rather than generating a new one.

Question 12

Which is more secure, an AWS or Customer Managed IAM policy?

Answer 12

The customer-managed policy is more secure since it can be locked down with more granularity down to the

AWS-managed policy always provides more privileges than required.

Question 13

You should initialize SDK clients and database connections outside of the function handler, and cache static assets locally in the /tmp directory.

Answer 13

You should initialize SDK clients and database connections outside of the function handler, and cache static assets locally in the /tmp directory.

Question 14

You can point an alias to multiple versions of your function code and then assign a weighting to direct certain amounts of traffic to each version.

Answer 14

You can point an alias to multiple versions of your function code and then assign a weighting to direct certain amounts of traffic to each version.

Question 15

The write-through strategy adds data or updates data in the cache whenever data is written to the database.

Answer 15

The write-through strategy adds data or updates data in the cache whenever data is written to the database.

Question 16

The advantages of write-through as a writing policy are:

Answer 16

Data in the cache is never stale. Because the data in the cache is updated every time it’s written to the database.

Write penalty vs. read penalty.

Question 17

Lazy loading is a caching strategy that loads data into the cache only when necessary.

Answer 17

Lazy loading is a caching strategy that loads data into the cache only when necessary.

Question 18

Concurrency is the number of requests that your function is serving at any given time

Answer 18

Concurrency is the number of requests that your function is serving at any given time

Question 19

If the function is invoked again while a request is still being processed, another instance is allocated, which increases the function’s concurrency.

Answer 19

If the function is invoked again while a request is still being processed, another instance is allocated, which increases the function’s concurrency.

Question 20

When requests come in faster than your function can scale, or when your function is at maximum concurrency, additional requests fail with a throttling error (429 status code).

Answer 20

When requests come in faster than your function can scale, or when your function is at maximum concurrency, additional requests fail with a throttling error (429 status code).

Question 21

Concurrency is subject to a Regional limit that is shared by all functions in a Region. What is the concurrency limit in

US West (Oregon), US East (N. Virginia), Europe (Ireland)

Answer 21

3000

Question 22

To calculate the concurrency requirements, multiply the invocation ___________ per second (50) with the average ___________ ______ in seconds.

Answer 22

To calculate the concurrency requirements, multiply the invocation requests per second (50) with the average execution time in seconds.

Question 23

A Developer needs to add in-transit encryption to data by configuring end-to-end SSL between the CloudFront Origin and the end users. What two things need to happen to accomplish this?

Answer 23

• Configure the Viewer Protocol Policy
• Configure the Origin Protocol Policy

Question 24

DynamoDB is not a destination form________ ______ _____________

Answer 24

Kinesis Data Firehose

Question 25

A namespace is a container for CloudWatch metrics. Metrics in different namespaces are isolated from each other, so that metrics from different applications are not mistakenly grouped into the same statistics.

Answer 25

A namespace is a container for CloudWatch metrics. Metrics in different namespaces are isolated from each other, so that metrics from different applications are not mistakenly grouped into the same statistics.

Question 26

What is the difference between a public and elastic IP Address ?

Answer 26

Public – assigned automatically to instances in public subnets and reassigned if instance is stopped/started.

Elastic IP – public address that is static.

Question 27

When you create a user pool in Amazon Cognito and configure a domain for it, Amazon Cognito automatically provisions a hosted web UI to let you add sign-up and sign-in pages to your app.

Answer 27

When you create a user pool in Amazon Cognito and configure a domain for it, Amazon Cognito automatically provisions a hosted web UI to let you add sign-up and sign-in pages to your app.

Question 28

The company has a policy that states that all data written to the S3 bucket must be encrypted.

How can a Developer ensure compliance with this policy?

Answer 28

Create an S3 bucket policy that denies any S3 Put request that does not include the x-amz-server-side-encryption

Question 29

S3 POLICY

There are two possible values for the x-amz-server-side-encryption header: AES256, which tells S3 to use S3-managed keys, and aws:kms, which tells S3 to use AWS KMS–managed keys.

Answer 29

There are two possible values for the x-amz-server-side-encryption header: AES256, which tells S3 to use S3-managed keys, and aws:kms, which tells S3 to use AWS KMS–managed keys.

Question 30

Cognito user pool = Authentication

With a Cognito user pool you can add sign-up and sign-in to mobile and web apps and it also offers a user directory so user accounts can be created within the user pool.

Answer 30

With a Cognito user pool you can add sign-up and sign-in to mobile and web apps and it also offers a user directory so user accounts can be created within the user pool.

Question 31

With a Cognito user pool Users also have the ability to reset their passwords.

Answer 31

With a Cognito user pool Users also have the ability to reset their passwords.

Question 32

Cognito Identity Pool = Authoriazation

To access AWS services you need a Cognito Identity Pool.

Answer 32

To access AWS services you need a Cognito Identity Pool.

Question 33

A Cognito Identity pool can be used with a user pool and enables a user to obtain temporary limited-privilege credentials to access AWS services

Answer 33

A Cognito Identity pool can be used with a user pool and enables a user to obtain temporary limited-privilege credentials to access AWS services

Question 34

AWS Secrets Manager encrypts secrets at rest using encryption keys that you own and store in AWS Key Management Service (KMS).

Answer 34

AWS Secrets Manager encrypts secrets at rest using encryption keys that you own and store in AWS Key Management Service (KMS).

Question 35

When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment.

Answer 35

When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment.

Question 36

AWS Secrets Manager, you can rotate secrets on a schedule or on demand by using the Secrets Manager console, AWS SDK, or AWS CLI.

Answer 36

AWS Secrets Manager, you can rotate secrets on a schedule or on demand by using the Secrets Manager console, AWS SDK, or AWS CLI.

Question 37

The DynamoDB Session Handler is a custom session handler for PHP that allows developers to use Amazon DynamoDB as a session store

Answer 37

The DynamoDB Session Handler is a custom session handler for PHP that allows developers to use Amazon DynamoDB as a session store

Question 38

serverless application is more than just a Lambda function—it can include additional resources such as APIs, databases, and event source mappings.

Answer 38

serverless application is more than just a Lambda function—it can include additional resources such as APIs, databases, and event source mappings.

Question 39

AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications

Answer 39

AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications

Question 40

To create a Lambda function using an AWS SAM template use the AWS::Serverless::Function resource type.

Answer 40

To create a Lambda function using an AWS SAM template use the AWS::Serverless::Function resource type.

Question 41

The AWS::Serverless::Function resource type can be used to Create a Lambda function, IAM execution role, and **event source **mappings that trigger the function.

Answer 41

The AWS::Serverless::Function resource type can be used to Create a Lambda function, IAM execution role, and **event source **mappings that trigger the function.

Question 42

VPC Flow logs can help you with a number of tasks, such as: (3)

Answer 42

1. Diagnosing overly restrictive security group rules
2. Monitoring the traffic that is reaching your instance
3. Determining the direction of the traffic to and from the network interfaces

Question 43

If you create a flow log for a subnet or VPC, each network interface in that subnet or VPC is monitored.

Answer 43

If you create a flow log for a subnet or VPC, each network interface in that subnet or VPC is monitored.

Question 44

A Network ACL is a subnet-level firewall.

Answer 44

A Network ACL is a subnet-level firewall.

Question 45

To use an HTTPS listener, on a Load Balancer you must deploy at least one SSL/TLS server certificate on your load balancer.

Answer 45

To use an HTTPS listener, on a Load Balancer you must deploy at least one SSL/TLS server certificate on your load balancer.

Question 46

Elastic Load Balancer with SSL passthrough is used to forward encrypted packets directly to the EC2 instance for termination.

Answer 46

Elastic Load Balancer with SSL passthrough is used to forward encrypted packets directly to the EC2 instance for termination.

Question 47

AWS CodeDeploy

The ‘resources’ section of the AppSpec file for an AWS Lambda deployment contains the name, alias, current version, and target version of a Lambda function.

Answer 47

The ‘resources’ section of the AppSpec file for an AWS Lambda deployment contains the name, alias, current version, and target version of a Lambda function.

Question 48

CodeDeploy

In CodeDeploy There are three ways traffic can shift during a blue/green deployment:

Answer 48

Linear
Canary
All-At-Once

Question 49

AWS CodeDeploy

Linear — Traffic is shifted in equal increments with an equal number of minutes between each increment.

Answer 49

Linear — Traffic is shifted in equal increments with an equal number of minutes between each increment.

Question 50

AWS CodeDeploy

Canary — Traffic is shifted in two increments. Specify the percentage of traffic shifted to your updated task set in the first increment and the interval, in minutes, before the remaining traffic is shifted in the second increment.

Answer 50

Canary — Traffic is shifted in two increments. Specify the percentage of traffic shifted to your updated task set in the first increment and the interval, in minutes, before the remaining traffic is shifted in the second increment.

Question 51

The ReceiveMessage API retrieves one or more messages (up to 10), from the specified queue

Answer 51

The ReceiveMessage API retrieves one or more messages (up to 10), from the specified queue

Question 52

A developer can inistantiate a CodeCommit client using the AWS SDK. This provides the ability to programmatically work with the AWS CodeCommit repository.

Answer 52

The developer can instantiate a CodeCommit client using the AWS SDK. This provides the ability to programmatically work with the AWS CodeCommit repository.

Question 53

You can use Amazon Kinesis Data Streams to collect and process large streams of data records in real time

Answer 53

You can use Amazon Kinesis Data Streams to collect and process large streams of data records in real time

Question 54

CodeDeploy Deployment Types

Canary: Traffic is shifted in two increments. You can choose from predefined canary options that specify the percentage of traffic shifted to your updated Lambda function or ECS task set in the first increment and the interval, in minutes, before the remaining traffic is shifted in the second increment.

Question 55

CodeDeploy Deployment Types

Linear: Traffic is shifted in equal increments with an equal number of minutes between each increment. You can choose from predefined linear options that specify the percentage of traffic shifted in each increment and the number of minutes between each increment.

Question 56

CodeDeploy Deployment Types

All-at-once: All traffic is shifted from the original Lambda function or ECS task set to the updated function or task set all at once.