PP ET Flashcards

1
Q

In Elastic Beanstalk, how would you change from using a micro to large instance to handle more requests?

A

create a NEW config file with the instance type set to large

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In Elastic Beanstalk, name the 2 times you can set configuration options?

A
  1. when you create your environment
  2. save the configuration options in a configuration file
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In Elastic Beanstalk, what happens if the same value is set in multiple locations?

A

The value used depends on order of precedence (highest -> lowest)

  1. settings specified during a create/update environment API
  2. settings loaded from a saved configuration.
  3. settings loaded from configuration files in the .ebextensions folder
  4. settings loaded as default value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do we know about Elastic Beanstalk config files?

A

Settings aren’t applied directly to the environment and you need to deploy a new version with updated config to implement changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does resource: AWS::Serverless:Application in the SAM template do?

A

It embeds nested apps from S3 buckets in

It uses nested stacks in Cloud Formation to do this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What would you use if you want to update and persist in one transaction & roll back if update fails

A

Use Transact* operation in DynamoDB that lets you group multiple operations into 1 transaction that rolls back if 1 fails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Users are seeing 5XXX response error codes at irregular intervals when they are using a Java app that makes API requests directly to AWS.

How would you update the app to improve resilliancy?

A

Use the AWS SDK for Java to interact with AWS APIs because:

  • Automatic retries (if 5XXX error)
  • Exponential back off (waits between retries)
  • Abstracts complexities of APIs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company is using Cloud Front distribution to store their data in US region.

How would the company launch an app in the UK that stores data in the UK, without deploying a specific mobile client for the UK?

A
  1. Create a Lambda@Edge function
  2. Associate the Lambda@Edge function with origin request trigger
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Lambda@Edge function?

A

Allows you to run code on Cloud Front edge locations (close to users globally) in response to Cloud Front events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an origin request trigger?

A

An event that happens before Cloud Front sends a request to the origin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A developer is using SAM LOCAL CLI to test a Lambda function.

The app implemented by the lambda function makes several API calls using the SDK.

How would you allow the function to make API calls in a test AWS account from a developers laptop?

A

Add a test profile by using the aws configure command with the –profile option. Run AWS SAM by using the sam local invoke command with the –profile option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name 2 ways to make API requests from an EC2 instance to an S3 bucket secure?

A
  1. Create an IAM role with permissions to the S3 bucket
  2. Add the IAM role to the instance profile and attach the instance profile to an EC2 instance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an instance profile?

A

a container for an IAM role (can use to pass role info)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cloud Front is being configured to encrypt data in transit.

You are running an app in the EU region.

A new ACM is created in the EU region (the same region the app is running)

But these settings are not visible to Cloud Front.

How would you make these settings visible to Cloud Front?

A
  1. ACM must be created in the SAME region as Cloud Front
  2. CNAME in Cloud Front must be the same as the domain name in the certificate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Users login with Facebook to your app that’s using an Application Load Balancer with Cloud Front.

How would you authenticate users?

A

Configure Cognito integration with the Application Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does a function need to do if it wants to determine whether they are running on a GPU instance?

A

Retrieve the instance type from the instance meta data:

curl http://169.254.169.254/latest/meta-data/instance-type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An app uses MFA and cognito user pools.

What is the most efficient way to send a login notification activity every time a user logs in?

A

Use a cognito post-authentication trigger that calls a Lambda function to send an email notification via SES that a user has logged in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does SES stand for?

A

Simple Email Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a post-authentication Lambda trigger?

A

Only invokes lambda after user authorised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A company has a 3 tier web app behind Cloud Front distribution

How would a developer monitor the error rates and anomalies of the Cloud Front distribution with the shortest possible interval?

A
  1. Activate real time logs (Cloud Front distribution)
  2. Create a stream (Kinesis Data Stream)
  3. Configure Kinesis Streams to deliver logs to Open Search Service (Elastic Search Service)
  4. Create a dashboard (OpenSearch in Kibana)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What service would you use to store SNS messages that were not able to be delivered?

A

SQS (dead letter queue)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An app has 1 Docker image that is built and pushed to a public Docker registry.

How would you deploy it on Elastic Beanstalk?

A

Create a docker-compose.yml file and use the Elastic Beanstalk CLI to deploy the app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

In a three tier app, how would you decouple a RDS DB instance from the Elastic Beanstalk environment?

A

Create a new Elastic Beanstalk environment (that connects to the DB instance) and create a new DB instance (from a snapshot of the old DB instance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

An API Gateway endpoint exposes a Lambda function that processes and stores a clothing stores online transactions.

The number of transactions rapidly increases throughout the day and almost no transactions at night.

What is the cheapest way to increase the elasticity of the system>

A

Migrate from RDS to Aurora SQL and use an auto scaling policy to scale read replicas based on the number of database connections

(can have up to 15 read replicas)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the most secure way to configure Lambda function access to DynamoDB table?

A

Create an IAM policy (that allows access to the DynamoDB table (and attach this policy to the Lambda function’s IAM role)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What user authorisation and authentication would you implement for a web app hosted on an EC2 instance to ensure that their credentials are encrypted and secure in transit and at rest?

A

Use Amazon Cognito (to configure a user pool) and the Cognito API (to authenticate and authorise users)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the fastest way to create a custom IAM policy that only provides permissions to the builds and deployment in the last 3 months?

A

Create a new IAM policy based on the services that the build server deployed or updated in the last 3 months

27
Q

What do you need to do to be able to write Cloud Formation template locally and deploy a Cloud Formation Stack to AWS?

A

Install AWS CLI
Configure the CLI using IAM user access key and secret key

28
Q

How do you integrate API Gateway with a Lambda function?

A

Use Lambda Proxy Integration

29
Q

What is the run order of hooking AWS Code Deploy?

A

Application Stop
Before Install
After Install
Application Start
Validate Service

30
Q

There are many different versions of a Lambda function.

How would a developer map the Lambda function to a different S3 version each time?

A

Assign an alias to each version of the Lambda function and link the S3 trigger to the alias

If you want to change the version of Lambda triggered by s3, edit the alias

31
Q

How would you investigate slow response times coming from API calls in API gateway in a company?

A

You would think cloud trail, but XRAY used to identify

32
Q

Ways to reliably serve SESSION DATA reliably across requests?

A

ElastiCache
Sticky Sessions (route site server to particular web server)

33
Q

How would you implement a caching layer in front of the database with content that is encrypted and highly available?

A

Elasticache for Redis in Cluster mode because it encrypts data and has multiple nodes making it highly available

34
Q

How would you prepare a CloudFormation template with a Lambda function so it can be deployed using the CLI command ‘aws cloudformation deploy’?

A

Use a Cloud Formation package to upload the source code to an S3 bucket and produce a modified CloudFormation template

35
Q

How do you update the Elastic Beanstalk Environment with developers changes?

A

Upload .zip file and deploy
Create a new app from the .zip and update the environment

36
Q

How would you capture the client IP addresses in a log file when running an app behind an Application Load Balancer?

A

Add an X-Forwarded-For header to the HTTP server log configuration file because it contains the original IP address of the client who made the request

37
Q

How would you push code to a serverless app and not need update the API Gateway target endpoint each time?

A

Create aliases and versions in Lambda

38
Q

App is running on Fargate using ECS, how would you pass environment variables to the container?

A

In the task definition, define the environment parameter as an array of environment variables

39
Q

What is the write through approach to caching

A

cache and db are written to / updated simultaneously so db is in sync

40
Q

What is the cache-aside / lazy loading approach to caching?

A

cache is updated on cache misses

41
Q

How would you make an on-premises stateful web app more elastic?

A

Store session state data in a DynamoDB table
and
Use an ELB with an auto scaling group

42
Q

How would you use Cloud Watch on a legacy on-premises app?

A

Download the Cloud Watch agent to the on-premises server and use an IAM user with Cloud Watch credentials

43
Q

How would you reduce the size of Lambda deployment packages that use a Python library?

A

Create a Lambda layer (which manages code and data shared across multiple lambda functions) with the Python library,

This Lambda Layer reduces duplication and makes it easy to share Lambda function across libraries

44
Q

Name 3 benefits of Lambda Layers?

A

Reduce deployment package size, reuses code, easier to maintain

45
Q

How would you allow a client app securely upload videos to an S3 bucket?

A

Create a new API endpoint to generate signed URLs that allow objects to be uploaded to an S3 bucket and use this API to generate a presigned URL in the client app and upload videos via the signed URL

46
Q

What is the easiest way to reduce the time taken to read data from a DynamoDB database?

A

Use DynamoDB Accelerator (DAX) to cache the data

47
Q

What is the best API for getting AGGREGATED data from DynamoDB and OpenSearch

A

You might think REST API on API Gateway, but that might need to make multiple requests to get AGGREGATED data

GraphQL API on AWS AppSync is a better option because it can get the AGGREGATED data in one call

48
Q

How would you encrypt lambda function data before sending it downstream?

A

You might think to use KMS GenerateDataKey API to get an encryption key along with the encrypted copy, but here we don’t need plain text key.

So the answer would be pass the data to KMS as part of the Encrypt API for encryption because it encrypts the data only

49
Q

How would you reference the value of a password stored in Secrets Manager in a Cloud Formation template?

A

Use the secrets manager dynamic reference by specifying the appropriate reference-key segment

50
Q

What is strongly consistent read?

A

Most recent version guaranteed

51
Q

How do you calculate the read capacity units (RCU) for a strongly consistent read?

Scenario: size 5kb, 100 items per second

A

RCU is 1 read per second for a size up to 4KB

Round 5kb up to the closest 4kb = 8KB so we have 2 RCUs per item

RCUS * items per second
2 * 100 = 200

52
Q

Why are no logs being generated in Cloud Watch even a few minutes after a Lambda ran?

A

The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs.

53
Q

An IAM user has permission to write to a s3 bucket.

The bucket uses SSE-KMS encryption.

When an app uses the access key and secret key of the IAM user to call the putObject API there is an access denied error. How would you fix it?

A

The access denied error in this case is likely due to the IAM user lacking the necessary permissions for server-side encryption with AWS KMS (SSE-KMS). To resolve this issue, the developer should update the policy of the IAM user to allow the kms:GenerateDataKey action

54
Q

What type of encryption do you use to manage keys on premsise and s3 encrypts it?

A

SSE-C

server side encryption customer provided keys

55
Q

What is the benefit of intialising the SDK outside of the Lambda handler function?

A

It can be reused each time which reduces the overhead of creating a new SDK instance for each time the Lambda is invoked

56
Q

How do you authenticate with AWS services from within an ECS?

A

Configure an IAM role to be assigned to an ECS task

57
Q

How do you increase the number of messages an SQS queue can receive?

A

Call the ReceiveMessage API and set MaxNumberOfMessages

58
Q

How would you enrich data you stream from Kinesis Data Firehose by combining it with data from DynamoDB before storing it in S3?

A

Use a Lambda function to transform the data from Kinesis Data Firehose before storing it in S3

59
Q

Which Amazon Cognito feature will only enforce MFA when suspicious sign-in attempts are detected?

A

Adaptive authentication (sets rules / policies to conduct risk analysis based on user devices, locations and behaviour)

60
Q

What 2 steps should you follow for an app running on an EC2 server that handles AWS activity to allow for more flexibility during peak times while still remaining cost-effective when

A

Implement an Amazon SQS queue to decouple the front-end and backend servers

and

Migrate the backend servers to on-premises and pull from an Amazon SNS queue.

61
Q

What is a global secondary index?

A

An index with a primary key different to the table’s primary key

62
Q

The company’s critical application on AWS, using Amazon API Gateway and AWS Lambda, faces HTTP 500 errors due to “too many connections” in the associated Amazon RDS for MySQL DB instance during unpredictable peak usage. To ensure application resilience with minimal downtime, the company must choose an appropriate solution

A

Use Amazon RDS Proxy to create a proxy that connects to the DB instance. Update the Lambda function to connect to the proxy. Most Voted

63
Q

A company has a web application that is deployed on AWS. The application uses an Amazon API Gateway API and an AWS Lambda function as its backend.

The application recently demonstrated unexpected behavior. A developer examines the Lambda function code, finds an error, and modifies the code to resolve the problem. Before deploying the change to production, the developer needs to run tests to validate that the application operates properly.

The application has only a production environment available. The developer must create a new development environment to test the code changes. The developer must also prevent other developers from overwriting these changes during the test cycle.

Which combination of steps will meet these requirements with the LEAST development effort? (Choose two.)

A

change the lambda function.

update the API gateway to use the updated lambda function & deploy it into another(new) stage. so that developers can use the newly deployed API endpoin

64
Q

How do you determine the region a Cloud Formation template is deployed

A

Use the AWS::Region pseudo parameter