***NOT READY FOR STUDY*** AWS DEV-A Practice Exam 3 Flashcards
Time to Live (TTL) for Amazon DynamoDB lets you ________ when items in a table ________ so that they can be automatically deleted from the database.
define ; expire
When Time to Live (TTL) is enabled on a table in Amazon DynamoDB, a background job _____ __ _______ attribute of items to determine whether they are expired.
checks the TTL
CodeBuild ________ your source code, ____ unit tests, and ________ artifacts that are ready to deploy.
compiles ; runs ; produces
CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services
CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services
A Developer needs to create an instance profile for an Amazon EC2 instance using the AWS CLI. How can this be achieved? (Select THREE.)
aws iam create-instance-profile –instance-profile-name EXAMPLEPROFILENAME
aws iam add-role-to-instance-profile –instance-profile-name EXAMPLEPROFILENAME –role-name EXAMPLEROLENAME
aws ec2 associate-iam-instance-profile –iam-instance-profile Name=EXAMPLEPROFILENAME –instance-id i-012345678910abcde
Lambda: In synchronous invocations, the caller
waits for the function to complete execution and the function can return a value.
Lambda: In asynchronous operation, the caller
places the event on an internal queue, which is then processed by the Lambda function.
A Lambda authorizer (formerly known as a custom authorizer) is an API Gateway feature that uses a Lambda function to control access to your API.
A Lambda authorizer (formerly known as a custom authorizer) is an API Gateway feature that uses a Lambda function to control access to your API.
A Lambda authorizer is useful if you want to implement a custom authorization scheme that uses a bearer token authentication or that uses request parameters to determine the caller’s identity.
A Lambda authorizer is useful if you want to implement a custom authorization scheme that uses a bearer token authentication or that uses request parameters to determine the caller’s identity.
Data key caching can improve performance, reduce cost, and help you stay within service limits as your application scales.
Data key caching can improve performance, reduce cost, and help you stay within service limits as your application scales.
How does Data key caching keep you from exceeding KMS service limits?
When you encrypt or decrypt data, the AWS Encryption SDK looks for a
matching data key in the cache. If it finds a match, it uses the cached data key rather than generating a new one.
Which is more secure, an AWS or Customer Managed IAM policy?
The customer-managed policy is more secure since it can be locked down with more granularity down to the
AWS-managed policy always provides more privileges than required.
You should initialize SDK clients and database connections outside of the function handler, and cache static assets locally in the /tmp directory.
You should initialize SDK clients and database connections outside of the function handler, and cache static assets locally in the /tmp directory.
You can point an alias to multiple versions of your function code and then assign a weighting to direct certain amounts of traffic to each version.
You can point an alias to multiple versions of your function code and then assign a weighting to direct certain amounts of traffic to each version.
The write-through strategy adds data or updates data in the cache whenever data is written to the database.
The write-through strategy adds data or updates data in the cache whenever data is written to the database.
The advantages of write-through as a writing policy are:
Data in the cache is never stale. Because the data in the cache is updated every time it’s written to the database.
Write penalty vs. read penalty.
Lazy loading is a caching strategy that loads data into the cache only when necessary.
Lazy loading is a caching strategy that loads data into the cache only when necessary.
Concurrency is the number of requests that your function is serving at any given time
Concurrency is the number of requests that your function is serving at any given time
If the function is invoked again while a request is still being processed, another instance is allocated, which increases the function’s concurrency.
If the function is invoked again while a request is still being processed, another instance is allocated, which increases the function’s concurrency.
When requests come in faster than your function can scale, or when your function is at maximum concurrency, additional requests fail with a throttling error (429 status code).
When requests come in faster than your function can scale, or when your function is at maximum concurrency, additional requests fail with a throttling error (429 status code).
Concurrency is subject to a Regional limit that is shared by all functions in a Region. What is the concurrency limit in
US West (Oregon), US East (N. Virginia), Europe (Ireland)
3000
To calculate the concurrency requirements, multiply the invocation ___________ per second (50) with the average ___________ ______ in seconds.
To calculate the concurrency requirements, multiply the invocation requests per second (50) with the average execution time in seconds.
A Developer needs to add in-transit encryption to data by configuring end-to-end SSL between the CloudFront Origin and the end users. What two things need to happen to accomplish this?
- Configure the Viewer Protocol Policy
- Configure the Origin Protocol Policy
DynamoDB is not a destination form________ ______ _____________
Kinesis Data Firehose
A namespace is a container for CloudWatch metrics. Metrics in different namespaces are isolated from each other, so that metrics from different applications are not mistakenly grouped into the same statistics.
A namespace is a container for CloudWatch metrics. Metrics in different namespaces are isolated from each other, so that metrics from different applications are not mistakenly grouped into the same statistics.
What is the difference between a public and elastic IP Address ?
Public – assigned automatically to instances in public subnets and reassigned if instance is stopped/started.
Elastic IP – public address that is static.
When you create a user pool in Amazon Cognito and configure a domain for it, Amazon Cognito automatically provisions a hosted web UI to let you add sign-up and sign-in pages to your app.
When you create a user pool in Amazon Cognito and configure a domain for it, Amazon Cognito automatically provisions a hosted web UI to let you add sign-up and sign-in pages to your app.
The company has a policy that states that all data written to the S3 bucket must be encrypted.
How can a Developer ensure compliance with this policy?
Create an S3 bucket policy that denies any S3 Put request that does not include the x-amz-server-side-encryption
S3 POLICY
There are two possible values for the x-amz-server-side-encryption header: AES256, which tells S3 to use S3-managed keys, and aws:kms, which tells S3 to use AWS KMS–managed keys.
There are two possible values for the x-amz-server-side-encryption header: AES256, which tells S3 to use S3-managed keys, and aws:kms, which tells S3 to use AWS KMS–managed keys.
Cognito user pool = Authentication
With a Cognito user pool you can add sign-up and sign-in to mobile and web apps and it also offers a user directory so user accounts can be created within the user pool.
With a Cognito user pool you can add sign-up and sign-in to mobile and web apps and it also offers a user directory so user accounts can be created within the user pool.
With a Cognito user pool Users also have the ability to reset their passwords.
With a Cognito user pool Users also have the ability to reset their passwords.
Cognito Identity Pool = Authoriazation
To access AWS services you need a Cognito Identity Pool.
To access AWS services you need a Cognito Identity Pool.
A Cognito Identity pool can be used with a user pool and enables a user to obtain temporary limited-privilege credentials to access AWS services
A Cognito Identity pool can be used with a user pool and enables a user to obtain temporary limited-privilege credentials to access AWS services
AWS Secrets Manager encrypts secrets at rest using encryption keys that you own and store in AWS Key Management Service (KMS).
AWS Secrets Manager encrypts secrets at rest using encryption keys that you own and store in AWS Key Management Service (KMS).
When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment.
When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment.
AWS Secrets Manager, you can rotate secrets on a schedule or on demand by using the Secrets Manager console, AWS SDK, or AWS CLI.
AWS Secrets Manager, you can rotate secrets on a schedule or on demand by using the Secrets Manager console, AWS SDK, or AWS CLI.
The DynamoDB Session Handler is a custom session handler for PHP that allows developers to use Amazon DynamoDB as a session store
The DynamoDB Session Handler is a custom session handler for PHP that allows developers to use Amazon DynamoDB as a session store
serverless application is more than just a Lambda function—it can include additional resources such as APIs, databases, and event source mappings.
serverless application is more than just a Lambda function—it can include additional resources such as APIs, databases, and event source mappings.
AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications
AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications
To create a Lambda function using an AWS SAM template use the AWS::Serverless::Function resource type.
To create a Lambda function using an AWS SAM template use the AWS::Serverless::Function resource type.
The AWS::Serverless::Function resource type can be used to Create a Lambda function, IAM execution role, and **event source **mappings that trigger the function.
The AWS::Serverless::Function resource type can be used to Create a Lambda function, IAM execution role, and **event source **mappings that trigger the function.
VPC Flow logs can help you with a number of tasks, such as: (3)
- Diagnosing overly restrictive security group rules
- Monitoring the traffic that is reaching your instance
- Determining the direction of the traffic to and from the network interfaces
If you create a flow log for a subnet or VPC, each network interface in that subnet or VPC is monitored.
If you create a flow log for a subnet or VPC, each network interface in that subnet or VPC is monitored.
A Network ACL is a subnet-level firewall.
A Network ACL is a subnet-level firewall.
To use an HTTPS listener, on a Load Balancer you must deploy at least one SSL/TLS server certificate on your load balancer.
To use an HTTPS listener, on a Load Balancer you must deploy at least one SSL/TLS server certificate on your load balancer.
Elastic Load Balancer with SSL passthrough is used to forward encrypted packets directly to the EC2 instance for termination.
Elastic Load Balancer with SSL passthrough is used to forward encrypted packets directly to the EC2 instance for termination.
AWS CodeDeploy
The ‘resources’ section of the AppSpec file for an AWS Lambda deployment contains the name, alias, current version, and target version of a Lambda function.
The ‘resources’ section of the AppSpec file for an AWS Lambda deployment contains the name, alias, current version, and target version of a Lambda function.
CodeDeploy
In CodeDeploy There are three ways traffic can shift during a blue/green deployment:
Linear
Canary
All-At-Once
AWS CodeDeploy
Linear — Traffic is shifted in equal increments with an equal number of minutes between each increment.
Linear — Traffic is shifted in equal increments with an equal number of minutes between each increment.
AWS CodeDeploy
Canary — Traffic is shifted in two increments. Specify the percentage of traffic shifted to your updated task set in the first increment and the interval, in minutes, before the remaining traffic is shifted in the second increment.
Canary — Traffic is shifted in two increments. Specify the percentage of traffic shifted to your updated task set in the first increment and the interval, in minutes, before the remaining traffic is shifted in the second increment.
The ReceiveMessage API retrieves one or more messages (up to 10), from the specified queue
The ReceiveMessage API retrieves one or more messages (up to 10), from the specified queue
A developer can inistantiate a CodeCommit client using the AWS SDK. This provides the ability to programmatically work with the AWS CodeCommit repository.
The developer can instantiate a CodeCommit client using the AWS SDK. This provides the ability to programmatically work with the AWS CodeCommit repository.
You can use Amazon Kinesis Data Streams to collect and process large streams of data records in real time
You can use Amazon Kinesis Data Streams to collect and process large streams of data records in real time
CodeDeploy Deployment Types
Canary: Traffic is shifted in two increments. You can choose from predefined canary options that specify the percentage of traffic shifted to your updated Lambda function or ECS task set in the first increment and the interval, in minutes, before the remaining traffic is shifted in the second increment.
CodeDeploy Deployment Types
Linear: Traffic is shifted in equal increments with an equal number of minutes between each increment. You can choose from predefined linear options that specify the percentage of traffic shifted in each increment and the number of minutes between each increment.
CodeDeploy Deployment Types
All-at-once: All traffic is shifted from the original Lambda function or ECS task set to the updated function or task set all at once.
