Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified Developer 2022-05 Exam Prep > Practice Questions (ACG) > Flashcards

Practice Questions (ACG) Flashcards

1
Q

Your application needs to process large numbers of job requests and you need to ensure that they are processed in order, and that each request is processed only once. How would you deploy SQS to achieve this end?

A

Use an SQS FIFO queue to process the jobs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are working on a Lambda function which needs to access data in RDS. Which of the below is the current best AWS service to use to securely provide rotated database credentials to Lambda functions?

A

AWS Secrets Manager

AWS Secrets Manager is the current AWS recommended way of securely provide database credentials to Lambda functions. AWS Secrets Manager aids in the managing and rotating the RDS database passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Systems Manager Parameter Store

A

Parameter Store provides secure storage for configuration data, connection strings, passwords, and secrets management, so it is viable option from a storage standpoint, but can NOT rotate passwords like AWS Secrets Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have developed a Lambda function which is not running as performantly as expected. Which of the following approaches can improve the performance of your function?

A

Establish your database connections from within the Lambda execution environment to enable connection reuse.

Only include the libraries you need to minimize the size of your deployment package.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have software on an EC2 instance that needs to access both the private and public IP address of that instance. What’s the best way for the software to get that information?

A

Have the software use cURL or GET to access the instance metadata.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A recent increase in the amount of users of an application hosted on an EC2 instance that you manage has caused the instance’s OS to run out of CPU resources and crash. The crash caused several users’ unsaved data to be lost and your supervisor wants to know how this problem can be avoided in the future. Which of the following would you NOT recommend?

A

Take frequent snapshots of the EBS volume during business hours to ensure users’ data is backed up.

Frequent snapshots are not recommended, as they can result in performance degradation. Additionally, these snapshots will not capture users’ unsaved data that lives in the instance’s memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS recommends that you use multipart upload for files larger than _____.

A

100MB

AWS recommends that you use multipart upload for any files that are greater than 100 MB in size, instead of uploading the object in a single operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following are considered to be serverless?

  • SNS
  • DynamoDB
  • API Gateway
  • Elastic Beanstalk
A

SNS
DynamoDB
API Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If your table item’s size is 3 KB and you want to have 90 eventually consistent reads per second, how many read capacity units will you need to provision on the table?

A

45

3 / 4 = 0.75 round up to 1
90 / 2 = 45
45 * 1 = 45

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your application needs 100 strongly consistent reads on items that are 9 KB in size every second. How many units of read capacity units should you provision?

A

300

9 / 4 = 2.25 rounds up to 3
3 * 100 = 300

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

One of your junior developers has never had AWS access before and needs access to an Elastic Load Balancer in your custom VPC. This is the first and only time she will need access. Which of the following choices is the most secure way to grant this access?

  • None of these.
  • Add that developer to a group with the requisite access (although that group may have more permissions than are needed for the dev to do her job).
  • Let her log in with admin credentials and change the admin password when she is finished.
  • Create a new IAM user with only the required permissions and delete that IAM user after the developer has finished her work.
A

Create a new IAM user with only the required permissions and delete that IAM user after the developer has finished her work.

It’s always best practice to grant users access via IAM roles and groups. In this case, we would not assign the junior dev to an existing group, as most dev groups will have more access than is required for this dev to perform the single task she has been asked to accomplish. Remember, always grant the fewest privileges possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your main application currently stores its credentials as a text file on an EC2 server. Your manager has informed you that this is an insecure practice and has told you to store these credentials in an AWS-managed service instead. AWS Systems Manager Parameter Store and AWS Secrets Manager can be used for the secure storage of credentials. Of the below features, which apply to both Secrets Manager and Parameter Store?

  • Can store credentials in hierarchical form
  • Manages rotation and lifecycle of credentials
  • Integrated with Identity and Access Management
  • Supports encryption at rest using customer-owned KMS keys
A

Can store credentials in hierarchical form

Integrated with Identity and Access Management

Supports encryption at rest using customer-owned KMS keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are developing an online banking website which will be accessed by a global customer base. You are planning to use CloudFront to ensure users experience good performance regardless of their location. The security architect working on the project asks you to ensure that all requests to CloudFront are encrypted using HTTPS. How can you configure this? (choose one)

  • Set the request protocol policy to redirect HTTP to HTTPS
  • Set the session protocol policy to redirect HTTP to HTTPS
  • Set the viewer protocol policy to redirect HTTP to HTTPS
  • Set the user protocol policy to redirect HTTP to HTTPS
A

Set the viewer protocol policy to redirect HTTP to HTTPS

Viewer protocol policy defines the protocols which can be used to access CloudFront content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have developed a Lambda function which is not running as performantly as expected. Which of the following approaches can improve the performance of your function? (choose 2)

  • Only include the libraries you need to minimize the size of your deployment package.
  • Store environment variables outside the function.
  • Establish your database connections from within the Lambda execution environment to enable connection reuse.
  • Package all dependencies with your deployment package.
A

Only include the libraries you need to minimize the size of your deployment package.

Establish your database connections from within the Lambda execution environment to enable connection reuse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Using the AWS console, you are trying to scale DynamoDB past its pre-configured maximums. Which service can you increase by raising a ticket to AWS support?

A

Provisioned throughput limits

Global secondary indexes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your application is trying to upload a 6 TB file to S3, and you receive an error message telling you that your proposed upload exceeds the maximum allowed object size. What is the best way to accomplish this file upload?

A

You cannot fix this, as the maximum size of an S3 object is 5 TB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You created a CloudFormation template that launched a web application running on EC2 instances in us-west-1. However, you are experiencing a problem creating a development stack in us-east-1 to serve clients in another geographical location. What should you do to solve the problem?

A

Copy the AMI in the template from us-west-1 to us-east-1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You have an application running on a number of Docker containers running on AWS Elastic Container Service. You have noticed significant performance degradation after you made a number of changes to the application and would like to troubleshoot the application end to end to find out where the problem lies. What should you do?

A

Deploy the AWS X-Ray daemon as a new container alongside your application.

19
Q

You are using CloudFormation to automate the build of several application servers in your test environment. Which of the following are valid sections that can be used in your CloudFormation template?

  • Outputs
  • Transformations
  • Resources
  • Parameters
  • Inputs
A
  • Outputs
  • Resources
  • Parameters
20
Q

Which of the following services enables you to automatically build, test, and release new software whenever a developer makes an update to their code?

CodePipeline

CodePipeline automates the build and test, and can be used to deploy phases of your release process every time there is a code change, based on the release model you define.

  • CodePipeline
  • CodeBuild
  • CodeDeploy
  • CodeCommit
  • CloudFormation
A

CodePipeline

CodePipeline automates the build and test, and can be used to deploy phases of your release process every time there is a code change, based on the release model you define.

(CodeBuild only builds your code; it won’t deploy it to your environment.)

21
Q

You are developing a test application which consists of a fault-tolerant and flexible web frontend, with persistent data stored in S3 and a database hosted on Amazon RDS. The application is required to run for at least one year, and occasional downtime is acceptable. Which of the following instance pricing models should you choose to make running this application as cost-effective as possible?

  • Use reserved instances for the web servers
  • Use reserved instances for the database.
  • Use Spot instances for the database.
  • Use Spot instances for the web servers.
  • Use dedicated instances for the database servers.
  • Use dedicated instances for the web servers.
A

Use Spot instances for the web servers.
Use reserved instances for the database.

The web servers are fault tolerant and flexible, and constantly save data to persistent storage. Spot instances are a suitable and cost-effective option in this case.

Reserved instances provide a significant discount (up to 72%) compared to running instances On-Demand. Since the application needs to run for at least one year, this is a cost-effective solution for the database instance.

22
Q

You have been asked to use Elastic Beanstalk to build a number of web servers to use in your development environment. Which of the following services could you use? Choose 4.

  • EC2
  • S3
  • Auto Scaling group
  • Lambda
  • Elastic Load Balancer
A
  • EC2
  • S3
  • Auto Scaling group
  • Elastic Load Balancer

(AWS Lambda automatically runs your code without requiring you to provision or manage servers. Lambda is generally used for stateless, short-running tasks and is not suitable for long-running tasks like running a web server. Elastic Beanstalk is not used to provision Lambda.)

23
Q

You are working on a web application which handles confidential financial data. The application runs on a few EC2 instances which are behind an Elastic Load Balancer. How can you ensure the data is encrypted end to end in transit between your ELB and EC2 instances? Choose 3.

  • Perform SSL termination using Lambda.
  • Configure the instances in your environment to listen on the secure port.
  • Configure a secure listener on your load balancer.
  • Terminate HTTPS connections on your EC2 instances.
  • Perform SSL termination on the load balancer.
A
  • Configure the instances in your environment to listen on the secure port.
  • Configure a secure listener on your load balancer.
  • Terminate HTTPS connections on your EC2 instances.

Terminating secure connections at the load balancer and using HTTP on the backend might be sufficient for your application. However, if you are developing an application that needs to comply with strict external regulations, you might be required to secure all network connections. First, add a secure listener to your load balancer, then configure the instances in your environment to listen on the secure port and terminate HTTPS connections.

24
Q

Your application uses the STS API call AssumeRoleWithWebIdentity to enable access for users who have authenticated using a Web ID provider. Which of the following best describes what a successful call to AssumeRoleWithWebIdentity returns?

  • AssumeRoleWithWebIdentity returns a set of temporary credentials (access key ID, secret access key, and security token) which give temporary access to AWS services.
  • AssumeRoleWithWebIdentity returns an ARN of the IAM role that the user is allowed to assume temporarily.
  • AssumeRoleWithWebIdentity returns an ARN of the IAM user that the user is allowed to assume temporarily.
  • AssumeRoleWithWebIdentity returns an assumed role ID which the user is allowed to assume temporarily.
A

AssumeRoleWithWebIdentity returns a set of temporary credentials (access key ID, secret access key, and security token) which give temporary access to AWS services.

25
Q

Which of the following does Cognito use to manage sign-up and sign-in functionality for mobile and web applications?

  • Identity pools
  • IAM users
  • IAM groups
  • User pools
A

User pools

Cognito user pools are like a directory, allowing users to sign up and sign in.

26
Q

You are supporting a legacy application which handles confidential healthcare data. The application runs on two EC2 instances behind an Application Load Balancer. Because of the age of the application, you cannot perform TLS encryption on the EC2 instances themselves. What is the least complex way you can ensure data is encrypted in transit between your VPC and the customer who will be accessing it?

  • Perform TLS termination on the ALB.
  • Perform TLS termination using Lambda.
  • Upgrade the application to support TLS on the EC2 instances.
  • Require customers to connect through a VPN to a virtual private gateway
A

Perform TLS termination on the ALB.

Handling the TLS termination process within each EC2 instance adds to the computational load on the instance as well as the operational overhead of installing an X.509 certificate on each instance. You can easily arrange for the entire HTTPS encryption and decryption process, generally known as TLS termination, to be handled by an Elastic Load Balancer. Your users can benefit from encrypted communication with very little operational overhead or administrative complexity.

27
Q

Your Lambda function requires a few libraries which are not available as standard in the Lambda runtime environment. Which of the following steps can be used as part of the process to make the libraries available to your function? Choose 4.

  • Create a deployment package containing your function code and libraries.
  • Store the deployment package in an S3 bucket and then upload it to Lambda.
  • Create a custom runtime which includes the libraries you need.
  • Create a handler function to download the libraries you need.
  • Add the dependencies to S3 and create an environment variable to reference them.
  • Upload the deployment package to Lambda.
A
  • Create a deployment package containing your function code and libraries.
  • Store the deployment package in an S3 bucket and then upload it to Lambda.
  • Create a custom runtime which includes the libraries you need.
  • Upload the deployment package to Lambda.
28
Q

You want users to receive an email notification whenever they push code to their AWS CodeCommit repositories. How can you configure this?

  • Configure notifications in the console. This will create a CloudWatch Events rule to send a notification to an SNS topic, which will trigger an email to be sent to the user.
  • Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository
  • Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository
  • Create a new SNS topic and configure it to poll for CodeCommit events. Ask all of your users to subscribe to the topic to receive notifications.
A

Configure notifications in the console. This will create a CloudWatch Events rule to send a notification to an SNS topic, which will trigger an email to be sent to the user.

29
Q

You have developed a web application running on a number of EC2 instances running ASP.NET. You are using an S3 bucket to store product data, with customer transaction data held in an RDS database. You anticipate that the number of connections into your website will grow considerably over the next year, and you want to configure a scalable place to store session state data so that multiple web servers can share the session state. Which of the following are suitable options for this application? Choose 2.

  • Store the data in the same RDS database used for customer transactions
  • Lambda can store the session state
  • Store the session state data in a DynamoDB table
  • Use ElastiCache to store session state
  • Store session state locally on each EC2 instance
A
  • Store the session state data in a DynamoDB table- Store the session state data in a DynamoDB table
  • Use ElastiCache to store session state
30
Q

You work for a company which facilitates and organizes technical conferences. You ran a large number of events this year with many high profile speakers and would like to enable your customers to access videos of the most popular presentations. You have stored all your content in a publicly accessible S3 bucket, but you would like to restrict access so that people can only access the videos after logging into your website. How should you configure this? Choose 2.

  • Use web identity federation with temporary credentials allowing access to the videos.
  • Share the videos by providing a presigned URL only for users logged into your website.
  • Remove public read access from the S3 bucket where the videos are stored.
  • Use SSE-S3 to generate a signed URL.
  • Use CloudFront with HTTPS to enable secure access to the videos.
A
  • Share the videos by providing a presigned URL only for users logged into your website.
  • Remove public read access from the S3 bucket where the videos are stored.
31
Q

You are working on updates to your .NET application, which has been deployed using Elastic Beanstalk. Your environment consists of four EC2 instances, as well as a number of different Lambda functions and DynamoDB tables. The application requires at least two instances to cope with the average workload and a minimum of three instances to cope with peak-time traffic. The project manager has asked you to roll out the updates as quickly as possible with no downtime and minimal impact to users. Which of the following deployment strategies do you recommend?

A

Rolling.

Rolling is suitable if you can’t accept any period of completely lost service. With this method, your application is deployed to your environment one batch of instances at a time.

(Immutable is a slower deployment method, that ensures your new application version is always deployed to new instances, instead of updating existing instances.)

32
Q

Which of the following is NOT a supported event source for Lambda?

  • DynamoDB
  • CloudWatch Events
  • S3
  • RDS
A

RDS

Supported event sources which can trigger Lambda functions include: CloudWatch, DynamoDB, S3, Kinesis, CodeCommit, IoT buttons, CloudFront, Cognito, SNS, SQS, SES, etc. RDS cannot trigger a function directly but you could configure RDS to send notifications to SNS and then use SNS to trigger a Lambda function.

33
Q

You are developing a serverless application and you need somewhere to persist user state data. Which of the following would you recommend?

  • Lambda
  • DynamoDB
  • Serverless Application Model
  • API Gateway
A

DynamoDB

Out of the possible answers, DynamoDB is the only solution that can be used to save state.

34
Q

You have a distributed application which is made up of a number of different Lambda functions as well as API gateway endpoints and DynamoDB tables. You have noticed that the application is running unusually slowly today. Which of the following tools would be the best choice to help identify what is going on?

  • VPC Flow Logs
  • X-Ray
  • CloudTrail
  • CloudWatch
A

X-Ray

AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a micro-service architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

(CloudWatch cannot be used to identify performance issues in distributed serverless applications.)

35
Q

You are troubleshooting a major incident which has resulted in data loss in your application. Your manager asks if you can provide a time-ordered sequence of any modifications which happened to the items in your DynamoDB table over the past 24 hours so that you can work out what happened. Which service could you use to most effectively provide this?

  • CloudWatch
  • DynamoDB Streams
  • CloudTrail
  • Kinesis Streams
A

DynamoDB Streams

DynamoDB Streams captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores the information for up to 24 hours.

36
Q

You work in the security industry for a large consultancy. One of your customers uses Lambda extensively in their production environment, and they require a log of all API calls made to and from their Lambda functions. How can you achieve this?

  • Enable CloudWatch for Lambda
  • Enable detailed monitoring on the Lambda function
  • Enable CloudTrail for Lambda
  • Enable access logs for Lambda
A

Enable CloudTrail for Lambda

Enabling CloudTrail for Lambda will allow you to log all API calls to an S3 bucket.

(CloudWatch cannot be used to log all API calls made to and from the Lambda functions.)

37
Q

You work for an electric car company that has its frontend website on EC2. Company policy dictates that you must retain a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes. Which AWS service should you use to do this?

  • CloudHSM
  • CloudTrail
  • CloudWatch
  • CloudFront
A

CloudTrail

CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service.

(CloudWatch will not provide you with a history of all of the EC2 API calls made in your account.)

38
Q

You are developing an application using multiple AWS services. You need to find a solution to decouple the application components, so that they can fail independently of one another. Which AWS service will enable this?

A

SQS

SQS is an AWS-managed message queuing service that allows you to decouple and scale microservices, distributed systems, and serverless applications.

39
Q

What is the maximum execution duration for a Lambda request?

A

900 seconds

40
Q

Your application uses the STS API call AssumeRoleWithWebIdentity to enable access for users who have authenticated using a Web ID provider. Which does a successful call to AssumeRoleWithWebIdentity return?

A

AssumeRoleWithWebIdentity returns a set of temporary credentials (access key ID, secret access key, and security token) which give temporary access to AWS services.

41
Q

You are developing a serverless application written in Node.js, which will run on Lambda. During performance testing, you notice that the application is not running as quickly as you would like, and you suspect that your Lambda function does not have enough CPU capacity. What will improve the overall performance of your function?

A

Configure more memory for your function.

When configuring a Lambda function, you can choose the amount of memory you want for your function. Lambda allocates CPU power linearly in proportion to the amount of memory configured. For instance, choosing 256 MB of memory allocates approximately twice as much CPU power to your Lambda function as requesting 128 MB of memory. If your function needs more CPU power to operate successfully, then you will need to allocate more memory.

42
Q

Your Lambda function requires a few libraries which are not available as standard in the Lambda runtime environment. Which of the following steps can be used as part of the process to make the libraries available to your function?

A

Create a custom runtime which includes the libraries you need.

Create a deployment package containing your function code and libraries.

Upload the deployment package to Lambda.

Store the deployment package in an S3 bucket and then upload it to Lambda.

43
Q

You need to collect your application metrics every 10 seconds. How can you configure this?

A

Publish a high-resolution custom metric in CloudWatch.

You need to publish a custom metric to handle application-specific events. If you want to collect metrics at 10-second intervals, you need to use high-resolution metrics.

(With detailed monitoring, data is available in 1-minute periods for an additional charge.)

44
Q

Your application is using SQS to send and receive messages. On average, it takes your application between 20 and 40 seconds to process a message, and you have noticed that quite frequently, multiple application servers are attempting to process the same message, which is causing issues within the application. What can you do to help prevent this from happening?

A

Increase the message visibility timeout

Default message visibility timeout is 30 seconds. Your application is not always able to process a message within that time which means that after 30 seconds, the message is becomes visible on the queue again and is available for other consumers. Increasing the visibility timeout will give your application servers more time to process and delete the message from the queue.

AWS Certified Developer 2022-05 Exam Prep (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions