Udemy Tests

Question 1

Unsupported cloudfront protocol

Answer 1

UDP

Question 2

Your Elastic Beanstalk application must encrypt payloads of up to 10MB. Which method will help you achieve that?

Answer 2

Use the encryption SDK

Question 3

Default visibility timeout for SQS

Answer 3

30 seconds

Question 4

You have configured the AWS CLI on your workstation. Your default region is us-east-1 and your IAM user has permissions to operate commands on services such as EC2, S3, and RDS in any region. You would like to execute a command to stop an EC2 instance in the us-east-2 region. What must you do to achieve this?

Answer 4

use the –region parameter

Question 5

Is STS supported with API Gateway?

Answer 5

No

Question 6

You are a Developer working with AWS CloudFormation templates. Your templates provision a VPC with one subnet and would like other stacks to use the output value of the subnet created. What must you do to provide this information to another stack?

Answer 6

1. Export
2. Output

Correct answer - “Export” & “Output” : To export a stack’s output value, use the Export field in the Output section of the stack’s template.

Question 7

What is the maximum data size supported by AWS KMS?

Answer 7

4KB

Question 8

One of your deployments failed and was rolled back by AWS CodeDeploy to the last known good application revision. During rollback which of the following instances did AWS CodeDeploy deploy first to?

Answer 8

To the failed instances

Question 9

A team lead has asked you to create an AWS CloudFormation template that creates EC2 instances and RDS databases. The template should be reusable by allowing the user to input a parameter value for an Amazon EC2 AMI ID.

Which of the following intrinsic function should you choose to reference the parameter?

Answer 9

!Ref

Correct answer - !Ref : The intrinsic function Ref returns the value of the specified parameter or resource. When you specify a parameter’s logical name, it returns the value of the parameter, when you specify a resource’s logical name, it returns a value that you can typically use to refer to that resource such as a physical ID.

Incorrect:

!GetAtt - A function returns the value of an attribute from a resource in the template

!Param - Not a valid function name

!Join - A function that appends a set of values into a single value, separated by the specified delimite

Question 10

Of the following values, which is not a valid CF section?

1. MetaData
2. Parameters
3. Mappings
4. Groups

Answer 10

Groups

Question 11

You have created an AWS CodePipeline pipeline through the AWS Management Console. You would like to view a list of API calls performed by your pipeline because many changes have been made by you and other administrators. Which AWS service will provide this information?

Answer 11

Cloudtrail (not Cloudwatch Logs)

Explanation: When activity occurs in AWS CodePipeline, that activity is recorded in a CloudTrail event along with other AWS service events in Event history. CloudTrail can be used as an auditing tool which provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Question 12

On the AWS Management Console, you created a dev group where new developers will be added to and on your workstation you configured a developer profile. You would like to test that this user cannot terminate instances. Which of the following options would you execute?

Answer 12

AWS CLI –dry-run option

Question 13

Many companies in the city have mobile apps that capture and send data to Amazon Kinesis Data Streams. They have been getting a ProvisionedThroughputExceededException exception. You have been contacted to help and upon careful analysis, you are seeing that messages are being sent one by one, while being sent at a high rate. Which of the following options will help with the exception while keeping costs at a minimum?

Answer 13

Batch messages

Question 14

You’re in charge of code deployment using AWS CodeCommit and AWS CodeDeploy. New requirements have been given to control deployment details by changing file permissions when applications are deployed and verifying the deployment success. Which of the following actions should the new Developer take?

Answer 14

define appspec.yml at root directory

Question 15

Does the order in which resources are created in CF need to be specified?

Answer 15

no

Question 16

Which of the following sink types is not supported by Kinesis Firehose?

1. ElasticSearch
2. S3
3. Redshift
4. ElasticCache

Answer 16

ElasticCache

Question 17

You are a Developer working with Amazon ECS container instances and would like to isolate credentials so that a container never has access to credentials intended for another container belonging to another task. What action must you take to achieve that?

Answer 17

Create an IAM Role for ECS and assign it to the tasks.

Not ‘Use Paramter Store to pass in AWS credentials’ b/c A container can only retrieve credentials for the IAM role that is defined in the task definition to which it belongs

Question 18

You are producing data to AWS Kinesis using AWS Lambda which sits behind an API Gateway. Data represents a clickstream from the users navigating your website. What in case you want to make sure your Kinesis stream can scale over time due to increased volume, what would you need to do?

Answer 18

1. Add shards

2. Partition key must take a greater number of different values

Question 19

You have launched several AWS Lambda functions written in Java. A new requirement was given that over 1MB of data should be passed to the functions and should be encrypted and decrypted at runtime. Which of the following methods is suitable for encrypting the data?

Answer 19

Envelope Encryption and store as file within the code (vis Encryption SDK)

Not KMS w/ environment variable b/c KMS limit is 4kb and environment variable limit is 4kb.

Question 20

When resolving a lot of dependencies to many Beanstalk EC2 instances via CodePipeline, how do you improve deployment time?

Answer 20

Bundle dependencies into your source code bundle as last stage of CodeBuild.

Question 21

You would like to be able to retrieve the CodeBuild logs for failed builds and analyze them in Athena. Which steps should you take to extract the logs out of CodeBuild?

Answer 21

Enable S3 and CloudWatch Logs integration

Question 22

Difference b/t X-ray and CloudWatch Logs for serverless?

Answer 22

X-Ray for debugging, CloudWatcch Logs for logging/metrics

X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components.

CloudWatch Logs” - AWS Lambda leverages Amazon CloudWatch to automatically emit metrics and logs for all invocations of your function

Question 23

T:F EBS volumes are AZ locked

Answer 23

true

Question 24

SQS limit?

Answer 24

no limit

Question 25

You use AWS Lambda functions and AWS Gateway API. Your first version was successful and you began developing new features for the second version. You would like to gradually introduce the second version by routing 10% of the incoming traffic to the new AWS Lambda function version. What should you do?

Answer 25

Use Lambda aliases (not Route 53!)

Question 26

You have deployed a traditional 3-tier web application architecture with a Classic Load Balancer, an Auto Scaling group, and an Amazon Relational Database Service (RDS) database. Users are reporting daily that they have to re-authenticate into the website often. The session information is stored in memory for each application instance. What should you do to make the application tier stateless and outsource the session information?

Answer 26

Add ElasticCache cluster

Question 27

An Amazon Simple Storage Service (S3) bucket holds images uploaded from a website. When new objects are created in the bucket an AWS Lambda function is invoked based on the function ARN configured. When new function versions are promoted changes should not have to be made in the configuration to point to the new function ARN. How can you accomplish this?

Answer 27

Use lambda aliases

Question 28

way to allow larger size messages over 1 MB. What can be done to achieve this in SQS?

Answer 28

Use SQS Extended client

Question 29

You manage 10 EC2 instances that make read-heavy database requests to the Amazon RDS for PostgreSQL. You would like to be prepared for disasters and would like to start ensuring you have a strategy in place. Which of the following features will help you prepare for database disaster recovery? (select two)

Answer 29

1. RDS multi A-Z
2. Enable RDS backups and use built in feature

Note: not “add read replicas” b/c that is optimization for scaling but doesn’t help with disaster recovery.

Question 30

Does encryption affect EBS performance?

Answer 30

no, it has the same IOPs as before

Question 31

you are looking to reduce the number of calls made to your endpoint and improve latency to your API Gateway. What can you do to improve performance?

Answer 31

Enable API Gateway caching

Question 32

A Developer has been tasked to create a custom notification system that notifies management when code pushes have been made to production branches in AWS CodeCommit repositories. Management is not concerned about dev and testing branches. This trigger should send notifications with the use of an external HTTP endpoint located at corporate headquarters. Which of the following solutions will help implement this?

Answer 32

Cloudwatch Event Rules + SNS

Question 33

Cloudwatch Alarms resolution values?

Answer 33

High Resolution: 30 and 10 seconds

Normal Resolution: 60 seconds

THIS IS FOR ALARMS…CLOUDWATCH METRICS ALLOWS FOR 1 SECOND GRANULARITY

Question 34

The team lead would like email notifications every time someone comments on a pull request for AWS CodeCommit. How can this be accomplished efficiently?

Answer 34

CloudWatch event rules

Question 35

You have migrated an on-premise SQL Server database to an Amazon Relational Database Service (RDS) database attached to a VPC inside a private subnet. Also, you upgraded your Java application hosted on-premise to an Amazon Lambda function that will process code written in Java that will need to retrieve data from your RDS instance. Which of the following should you do to create a network connection between your AWS Lambda function to your RDS instance?

Answer 35

Deploy in a VPC and assign a Security Group

not ‘use environmental variables to pass in RDS connection string’

Question 36

T:F CodeBuild scales automatically

Answer 36

True

Question 37

SQS default retention period

Answer 37

4 days

custom min: 60 seconds

custom max: 14 days

Question 38

SQS in message ordering can be accomplished by using

Answer 38

SQS FIFO

Question 39

T:F SQS scales automaticaly

Answer 39

true

Question 40

consistency issues in S3 caused by what operations?

Answer 40

update and delete

Question 41

T:F EBS supports in flight encryption and encryption at rest

Answer 41

TRUE

Question 42

How many times must Lambda fail before sending message to DLQ?

Answer 42

twice

Question 43

total set size limit of Lambda variable?

Answer 43

4kb

Question 44

Cloudwatch metrics default time interval

Answer 44

every 5 minutes, sends data which is timestamped at 1 minute intervals