Cloud Developing Quiz and Answer
Cloud Developing refers to the process of building, deploying, and managing applications and services in a cloud environment.
It involves creating software solutions that leverage cloud computing platforms and services, enabling developers to design applications that are scalable, flexible, and capable of running in distributed environments.
The following are quizzes and answers related to Cloud Developing. They are listed in no particular order.
- The systems development lifecycle (SDLC) has six pahses. The first three phases are plan, define, and design. What are the last three phases of the SDLC?
develop, deploy, and maintain
- Which task is performed during the develop stage of the SDLC?
New components are obtained and installed.
- A systems administrator must grant a new developer permissions that are associated with the developer role. This role is associated with the developer group. Which AWS service should the administrator use to assign the new developer to the developer group?
AWS Identity and Access Management (IAM)
- A developer is setting up their development environment. They need an integrated development environment (IDE) that enables them to code with other people in real time. Which AWS service should they use?
AWS Cloud9
- What are three ways to interact with AWS service application programming interfaces (APIs)? (Select the THREE best options)
(i) AWS Management Console, (ii) AWS Software development kits (SDKs), and (iii) AWS Command Line Interface (AWS CLI)
- Which tools enable users to control their AWS services from the command line and automate service management with scripts? (Select THREE)
(i) AWS Serverless Application model (AWS SAM), (ii) AWS Tools for PowerShell, and (iii) AWS Amplify
- What are the benefits of using Amazon Cloudwhisperer with AWS Cloud9?
(i) enhance application security, and (ii) acceletes coding tasks
- Which statements describe AWS resource application programming interfaces (APIs)? (Select TWO)
(i) They provide a high-level abstraction than the low-level calls made by the service client APIs, and (ii) They provide access to resources through objects and collections.
- A developer is using the AWS software development kit (SDK) for Python (Boto3) and must specify the Region. Which method enables the developer to specify the Region?
By setting the Region when they instantiate the service client
- A developer makes an application programming interface (API) call to access an Amazon Simple Storage Service (Amazon S3) bucket that doesn't exist. Which HTTP response code does the developer receive from the AWS service?
400 series
- A student is learning about Amazon Simple Storage Service (Amazon S3). During an interview, a potemtial employer asks the student to explain how Amazon S3 can be used as a storage solution. Which option is a use case for Amazon S3?
Data lake
- A ___ organized the Amazon S3 namespace at the highest level
Bucket
- A developer wants to store image files in a bucket that is called images-bucket, but receives the error BuckketAlreadyExists. Which action must the developer take to resolve this error?
Bucket names are globally unique. If the requested bucket name is not available, the developer must rename the bucket.
- A developer is using Amazon S3 to host a static website in a bucket that us called frank-martha-cafe. This bucket is in the us-east-1 region. Which URL is the virtual-hosted-style URL for the website
https://frank-martha-cafe.s3-website-us-east-1.amazonaws.com
- True or False: After versioning is enabled on an Amazon Simple Storage Service (Amazon S3) bucket, it can be disabled.
False
- What is the largest size of an object that a user can upload to Amazon Simple Storage Service (Amazon S3) in a single PUT operation?
5 GB
- A developer uses an Amazon Simple Storage Service (Amazon S3) bucket. They want to allow a certain AWS Identity and Access Management (IAM) user to perform any S3 operation on the bucket and its objects. They also want to follow AWS recommendations for granting permissions. Which mechanism should the developer apply to the bucket?
bucket policy
- A developer wants to allow a user to download objects directly from an Amazon Simple Storage Service (Amazon S3) bucket without needing AWS security credentials or permissions. What can the developer share with the user to grant them time-limited access to the objects.
A predesigned URL
- A developer wants to allow a user to download objects directly from an Amazon Simple Storage Service (Amazon S3) bucket without needing AWS security credentials or permissions. What can the developer share with the user to grant them time-limited access to the objects.
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
- A developer hosts a static website in an Amazon Simple Storage Service (Amazon S3) bucket. The website references image objects in another S3 bucket. However, these images do no display on the website. What could be the problem?
Cross-Origin Resource Sharing (CORS) has not been enabled on the bucket where the assets are stored
- Which option is the AWS customer responsible for under the AWS shared responsibility model? Select two.
(i) security group configuration, and (ii) client-side data
- Which AWS IAM resource explicitly grants or denies permissions to a user or group of users?
IAM policies
- What is the correct term for the process of veryfying a user’s identity as a developer?
Authentication
- Which statements about IAM user authentication are true? Select two.
(i) AWS credentials to authenticate with any supported service must be provided, and (ii) a username and password to authenticate to the consolde must be provided.
- Which suggestion is an AWS recommendation for securing AWS credentials for application that run on Amazon Elastic Compute Cloud (Amazon EC2) instances?
create an AWS IAM role and attach it to the EC2 instance.
- What is the format of AWS IAM ploicies that define the allowable API an entity can take?
JavaScript Object Notification (JSON)
- An administrator created an AWS IAM group called managers within an AWS account. A ___ policy is attached to the managers group. It allows managers to read from and write to Amazon S3 bucket in the same AWS account. What is this type of policy?
identity-based
- Which statement reflects the best practices when granting permissions to users, groups, roles, and resources?
create policies that follow the principle of least privilege
- What is the effect of the following policy statement?
denies actions on DynamoDB or Amazon S3 resources except for the resources that are listed in the NotResource element
- Which statements are true about evaluation logic for AWS IAM policies? Select two
(i) by defualt, all requests are denied, and (ii) an explicit deny overrides an explicit allow
- Which statement best describes Amazon DynamoDB?
a key-value and document database that scales horizontally and works well for internet-scale applications
- Which component is part of an Amazon DynamoDB table?
Attributes
- An Amazon DynamoDB table called SensorReadings captures sensor readings. These readings include a sensor ID attribute that acts as the partition key, and a timestamp attribute that is the sort key. Which statement is true?
It is impossible for two items in the SensorReadings table to have the same primary key.
- Which statement about Amazon DynamoDB partitions is true?
If a table has a simple primary key (partition key only), DynamoDB stores and retrieves each item based on its hash attribute.
- Suppose that a developer has a restaurants database table that can be queried by name (the partition key), or by name and location (the sort key). What should the developer do if they also want to query by the type of cuisine and average customer rating?
set up a global secondary index on cuisine and customer rating
- A video game developer who sues Amazon DynamoDB wants to ensure that players' profiles are updated correctly when they make in-game purchases. This process requires multiple updates as part of the single user action. What is the best choice tow rite this developer's application to manage these complex, all-or-nothing changes?
Use DynamoDB transactions
- Which scenarios are example use cases for Amazon DynamoDB Streams? (Select TWO)
(i) An application that automatically sends notifications to the mobile devices of all friends in a group when one friend uploads a new picture, and (ii) An application that must monitor changes to a DynamoDB table and take action on specific changes when a value reaches a certain threshold
- Which statement about global table is true?
When a global table is created, Amazon DynamoDB performs all necessary tasks to create identical tables and propagate ongoing data changes to specified Regions.
- How far in days can an Amazon DynamoDB table be restored by using point-in-time recovery?
the last 35 days
- Which statement describes Amazon DynamoDB application programming interface (API) control operations that can invoked by an application?
Create and manage DynamoDB tables.
- Which phrase best describes a RESTful API?
An API that follows the principle of the Representational State Transfer style
- Which options suggests the use of WebSocket APIs?
a real-time chat application lets customers talk to customer support about their orders.
- Which use case suggests using Amazon API Gateway HTTP APIs?
an application needs an API proxy in frony of an AWS Lamdba function
- Which statement about Amazon API Gateway integration is true?
a developer can use HHTP proxy integrations to direct a route to a resource on the internet
- An application that uses Amazon API Gateway must capture contact information from a third-party client applicaton. The client application sends given name, surname, business phone, and cellphone. The backend application database has only two fields: name and mobile phone. Which option requires the fewest application changes?
use a mapping template to transform the request before it is sent to the database
- Which elements are part of the base URI that AWS generates for an Amazon Gateway API?
Region and stage name
- Which statement about Amzon API Gateway stages is true?
developers can use stage variables to connect different stages to different backends
- A security team wants to know how to prptect APIs in their internet application from common web expoits, like SQL injection or cross-site scripting. Which solution most directly addresses their specific concern?
use AWS WAF with Amazon API Gateway
- What does the Amazon Gateway integration latency metric tell the user?
responsiveness of the backend
- Which statement describes a charateristics of AWS Lambda?
Lambda runs code only when it is activated by an event and uses only the compute resources that are needed.
- Which constraint cannot be modified?
Burst quota
- Which option describes how Amazon API Gateway invokes AWS Lambda?
API Gateway directly invokes a function with a synchronous invocation
- Which actions require permissions that are defined in the AWS Lambda execution role? Select two
(i) A Lambda function writes to an Amazon DynamoDB table, and (ii) Lambda polls an Amazon Simple Queue Service (Amazon SQS) queue for messages that initiate invocation of a Lambda function.
- Which statement about the function handler in an AWS Lambda function is true?
The function handler is the entry point that Lambda calls to start running the Lambda function
- Which issue might be addressed by adding provisioned concurrency to an AWS Lambda function?
An application that uses the Lambda function responds slowly for the first few users who sign in each day. Lambda metrics show higher latency for those initial requests.
- Which AWS Lambda configuration seeting might a developer use to manage function errors when configuring an Amazon Simple Notification Service (Amazon SNS) topic as the event source for a Lambda function? Select two
(i) destinations, and (ii) asynchronous invocations
- A zipped deployment package including code and custom libraries is 75 MB in size. Which AWS Lambda deployment option should be used?
Upload the deployment package to an Amazon Simple Storage Service (Amazon S3) bucket, and specify the bucket name and object key on the Lambda console.
- A function’s Amazon Resource Name (ARN) is as follows: arn:aws:lambda:aws-region:acct-id:function:helloworld:PROD. Which statement about this function is correct, based on its ARN?
This ARN will invoke the version of the function that is currently associated with the PROD alias.
- Users of a serverless application have reported errors that occur when they try to reterieve order information. Assuming that AWS X-Ray is enabled, what is the first step the developer might take in X-Ray to start troubleshooting the reported issues quickly?
use the service map to visually locate errors across the application
- Which option describes a benefit that led the shipping industry and the software industry to use containers?
the abstraction of details of what’s being “shipped” increases the agility system
- Which options are components of a container? Select two
(i) runtime engine, and (ii) application code
- Which statement about Docker containers is true?
a container is runnable instance of an image
- Which Docker CLI command creates a container named my_app_1 from the image named node_app?
docker run –name my_app_1 node_app
- Which statement about a dockerfile is true?
each instruction in a Dockerfile creates a read-only layer in the image
- A developer wants to migrate a monolithic shoppping website to a microservice-based application. Which option reflects a reason to choose containers?
each container can use the language ad technology that are best suited for the service.
- A developer recently built a proof-of-concept application using containers, and the business owner wants to roll it out to production. Which options reflects a primary reason that the developer might use a container orchestration service?
to schedule container starts and stops and determine where to place containers
- Which statement about AWS ECS is true?
Amazon ECS is a highly scalable container orchestration service that supports Docker containers
- What is the name for a logical collection of AW Elastric Beanstalk components, which is conceptually similar to folder?
Application
- A developer wants to do canary testing on a new development. Which AWS Elastic Beanstalk deployment policy should the developer use?
Traffic Splitting
- An architect suggests that the developers implement caching on an existing application to address performance issues. Which option describes factors that the developers should consider when they decide where to add caching?
consider the tolerance for stale data in each context where the data is used.
- A developer has determined that an in-memory key-value store would improve performance of their application’s queries. They want to keep the solution as simple as possible and need to support read replicas. Which option should they choose?
Amazon ElastiCache for Redis
- Amazon ElastiCache is being added to an application to improve response times and alleviate database pressure. The backend database for the application is an Amazon RDS database. Which task would be the responsibility of the application developer?
writing code that looks for the requested data in the cache and, if the data is not found, requests it from the origin
- Which statement about Amazon ElastiCache is true?
Your application connects to an ElastiCache node by using a unique address called an endpoint.
- A developer has been asked whether caching might improve the performance of their online bidding application. How should they answer this question?
Using different types of caching at each application layer might improve both the frontend and backend performance.
- A developer has been asked to address complaints from customers in the London area about the performance of a web-based application that is hosted in New York. Which option might the developer implement?
Set up a CloudFront distribution that can serve static content from the edge locations that are closer to UK users.
- A developer has been asked to increase the cache hit ratio for their Amazon CloudFront distribution. Which option should they try?
Include only the minimum necessary values in the cache key.
- Which statement about Amazon CloudFront cached file expiration is true?
After a file expires, the next time the edge location gets a user request for the file, CloudFront forwards the request to the origin server.
- Which use case suggests the use of Amazon CloudFront Functions?
a function that redirects the viewer to a different URL and adds a custom response header
- Which statement reflects a benefit of lazy loading as a caching strategy?
Lazy loading avoids filling up the cache with data that is not requested.
- Which option describes how a message queue processes messages?
consumer poll the queue for messages
- Which option describes how publish/subscribe (pub/sub) messaging works?
A new topic message is pushed out to all topic subscribers.
- A developer wants to add an Amazon Simple Queue Service (Amazon SQS) queuq to decouple incoming order requests from a backend database. Which Amazon SQS operations might be part of this update?
Use the ReceiveMessage operation with MaxNumberOfMessages set to 5 to retrieve up to 5 messages off the queue at one time.
- A tester reports that Amazon Simple Queue Service (Amazon SQS) messages are being processed more than once. The developer finds that processing servers are not completing as quickly as expected, and messages are made available to other consumers before the prior consumer deletes them. Which option might reduce occurrences of this issue?
increase the visibility timeout
- For an order-processing application that uses an Amazon Simple Queue Service (Amazon SQS) queue, a developer finds that an older version of the client generates order records that fail the backend process. The failures cause a bottleneck on the queue. How might the developer reduce the impact of the failed records?
Add a dead-letter queue and set a low maxRecieveCount.
- Which statement about Amazon Simple Queue Service (Amazon SQS) polling options is true?
When short polling is configured, Amazon SQS samples a subset of its servers
- Which statement about Amazon Simple Notification Service (Amazon SNS) is true?
An SNS topic is a logical access point, which acts as a communication channel.
- An Amazon Simple Notification Service (Aamzon SNS) topic receives messages about orders. An AWS Lambda function that processes canceled orders is subscribed to the topic. How might the developer reduce costs by only invoking the Lambda function for canceled orders?
Set up a filter policy so that the Lambda function subscription only receives cancel order messages.
- A developer needs to build a custom application to put customer application log records onto an Amazon Kinesis data stream. What should they use to build the application?
Use the Kinesis Producer Library (KPL).
- Which statement about Amazon Kinesis Data Streams is true?
The data records in a data stream are distributed into shards.
- Which scenario suggests the need for a task coordination service such as AWS Step Functions?
a serverless application must run a series of AWS Lambda functions that are dependent on each other.
- Which statement describes a benefit of using AWS Step Functions for an application?
developers can use Step Functions to build visual workflows.
- What is the role of the Task state type in AWS Step Functions?
Task states perform a unit of work.
- An application that processes order returns must complete different steps depending on whether the return is within 30 days of purchase. Which AWS Step Functions state could a developer use to implement this logic
Choice
- An application that processes order return must run the same AWS Lambda function for each item in an order. Which AWS Step Function could a developer use to implement this logic?
Map
- Which statement is true for both Succeed states and Fail states?
Succeed states and Fail states do not include the Next field.
- An application that processes order returns must run two independent audits checks. When both checks are successfully completed, the return authorization step is run. Which AWS Step Functions state could a developer use to implement this logic?
Parallel
- How is a taskToken used in an AWS Step Functions use case that includes a manual approval step?
A taskToken is returned as part of a call to the GetActivityTask action and is used when calling the SendTaskSuccess action to associate a result with a task
- Which use case is a good fit for AWS Step Functions Express workflows?
The workflow must support a very high rate of events that come from Internet of Things(IoT) devices
- Which statement about AWS Step Functions is true?
A developer can use Amazon API Gateway to associate their Step Function APIs with methods in an API Gateway API
- Which statement about creating secure connections is true?
both SSL and TSL encrypt network communications between connected resources.
- Which step in the secure connection process is the responsibility of the certificate authority (CA)?
Issue a certificate
- Which statement about AWS Certificate Manager (ACM) is true?
ACM manages certificate renewals for both public and private certificates
- Which statement reflects a best practice for security credentials?
Use AWS Identity and Access Management (IAM) roles to retrieve temporary security credentials
- What is the primary difference between AWS Security Token Service (AWS STS) authentication by federated users and AWS STS authentication by AWS Identity and Access Management (IAM) users?
With federated users, the first authentication is made against an ldP. With IAM users, the first authentication is made against IAM.
- A developer has been asked to investigate how website files have been deleted from an Amazon Simple Storage Service (Amazon S3) bucket. Which approach should they take?
Use AWS CloudTrail to search for information about delete object events on the S3 bucket
- A developer has been asked to add a sign-up and sign-in service to their application. Which Amazon Cognito feature should they use?
Amazon Cognito user pool
- A developer has been asked to reduce the security risk of users who sign in to their application with username and password pairs that they use on other websites.Which Amazon Cognito user pool feature might the developer configure?
Compromised credentials check
- Which statement about Amazon Cognito identity pools is true?
With an identity pool. users can obtain temporary, limited-privilege AWS credentials to access other AWS services.
- A developer plans to use Amazon Cognito user pools with Amazon API Gateway. Which step is part of the user pool authentication flow with API Gateway?
A mobile app user authenticates with a user pool, and the user pool returns JWTs to the app.
- Which option describes the philosophy of DevOps?
DevOps is about removing barriers between development and operations functions to optimize productivity and reliability.
- How are DevOps practices reflected in the software development lifecycle for cloud architectures?
Every phase of the software development lifecycle is automated.
- How might a developer use AWS CodePipeline in their continuous integration continuous deployment (CI/CD) process?
Automate the steps that are required to release software based on a release model that the developer defines.
- Which statement about continuous integration and continuous delivery/deployment (CI/CD) is true?
Continuous integration requires teams to write the automated tests.
- A developer wants to use infrastructure as code for their java-based web application on AWS. Which task might be part of their work?
Create an AWS CloudFormation template with a Resources section that defines the AWS resources for the application.
- A developer wants to use a single AWS CloudFormation template for both the test and production environments. Which section of the template might they use to support this approach?
Use the Conditions section to control whether certain resources are created during stack creation or update.
- Which statement about AWS CloudFormation stacks is true?
A CloudFormation stack is a unit of deployment.
- A developer is building their first serverless application on AWS. What must they think about differently with respect to deploying the application.
They can't replicate the production environment locally in the same way that they might with a server-based deployment
- How does an AWS Serverless Application Model (AWS SAM) template differ from an AWS CloudFormation template?
The Globals section is only found in AWS SAM templates
- The following lines are in the Resources section of an AWS Serverless Application Model (AWS SAM) template. What would these lines create?
Resurces:
Orders:
Type:AWS::Serverless::SimpleTable
An Amazon DynamoDB Table that is called Orders.
- There is a temporary need to share some video files that are stored in a private S3 bucket. The consumers do not have AWS accounts and you need to ensure that only authorized consumers can access the files. What is the best way to enable this access?
Generate a pre-signed URL and distribute it to the consumers
- Your client is looking for a way to use standard templates for describing and provisioning their infrastructure resources on AWS. Which AWS service can be used in this scenario?
CloudFormation
- A Linux instance running in your VPC requires some configuration changes to be implemented locally and you need to run some commands. Which of the following can be used to securely connect to the instance?
Key Pairs
- You need to enable sign in on your mobile app using social identity providers including Amazon, Facebook and Google. How can you enable this capability?
Amazon Cognito
- The security policy of an organization requires an application to encrypt data before writing to the disk. Which solution should the organization use to meet this requirement?
AWS KMS API
- Your CloudFormation template launches a two-tier web application in us-east-1. When you attempt to create a development stack in us-west-1, the process fails. What could be the problem?
The AMIs referenced in the template are not available in us-west-1
- What is used in S3 to enable client web applications that are loaded in one domain to interact with resources of the different domain? Choose the correct answer from the options below.
CORS configuration
- Which of the descriptions below best describes what the following bucket policy does?
{
“Version”:”2012-10-17″,
“Id”:”Statement1”,
“Statement”:[
{
“Sid”:” Statement2″,
“Effect”:”Allow”,
“Principal”:”*”,
“Action”:[
“s3:GetObject”,
“s3:PutObject”
],
“Resource”:”arn:aws:s3:::mybucket/*”,
“Condition”:{
“StringLike”:{
“aws:Referer”:[
“http://www.example.com/*”,
“http://www.demo.com/*”
]
}
}
}
] }
It allows read or write access to the bucket ‘mybucket’ but only if it is accessed from example.com or demo.com
- Is the default visibility timeout for an SQS queue 1 minute?
False
- When a failure occurs during stack creation in Cloudformation, does a rollback occur?
True
- An administrator is getting an error while trying to create a new bucket in S3? You feel that bucket limit has been crossed. What is the bucket limit per account in AWS? Choose the correct answer from the options below
100
- Which of the below functions is used in Cloudformation to retrieve an object from a set of objects? Choose an answer from the options below
Fn::Select
- Which of the below functions is used in Cloudformation to append a set of values into a single value? Choose an answer from the options below
Fn::Join
- What is the max size of an item that corresponds to a single write capacity unit? (While creating an index or table in Amazon DynamoDB, it is required to specify the capacity requirements for the read and write activity)?
1 KB
- What can be used in DynamoDB as a part of the Query API call for the filtration of results based on the primary keys’ values? Choose an answer from the options below
Expressions
- Can a global secondary index create at the same time as the table creation?
True
- A Global Secondary Index can have a different partition key and sort key from those of its base table.
True
- What in AWS can be used to restrict access to SWF?
IAM
- An IT admin has enabled long polling in their SQS queue. What must be done for long polling to be enabled in SQS? Choose the correct answer from the options below.
Set the ReceiveMessageWaitTimeSeconds property of the queue to 20 seconds
- As per the IAM decision logic, what is the first step of access permissions for any resource in AWS? Choose the correct answer from the options below
A default deny
- A developer is building an application that needs access to an S3 bucket. An IAM role is created with the required permissions to access the S3 bucket. Which API call should the Developer use in the application so that the code can access to the S3 bucket?
STS:AssumeRole
- You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With the new Lambda function working as per expectation which of the following will shift traffic from the original Lambda function to the new Lambda function in the shortest time frame?
Canary10Percent5Minutes
- A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently. What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?
Amazon DynamoDB Accelerator
- Your team has just finished developing a new version of an existing application. This is a web-based application hosted on AWS. Currently, Route 53 is being used to point the company’s DNS name to the web site. Your Management has instructed you to deliver the new application to a portion of the users for testing. How can you achieve this?
Use Route 53 weighted Routing policies
- Before deploying an application to production, the developer team needs to test the application latency locally using X-ray daemon. For this testing they want to skip checking Amazon EC2 instance metadata. Which of the configuration settings can be done with daemon?
~/xray-daemon$ ./xray -o
- Your company currently stores its objects in S3. The current request rate is around 11000 GET requests per second. There is now a mandate for objects to be encrypted at rest. So you enable encryption using KMS. There are now performance issues being encountered. What could be the main reason behind this?You need to also enable versioning to ensure optimal performance
You are now exceeding the throttle limits for KMS API calls.
- Your company has asked you to maintain an application using Elastic Beanstalk. They have mentioned that when updates are made to the application, the infrastructure maintains its full capacity. Which of the following deployment methods should you use for this requirement?
(i) Rolling with additional batch, and (ii) Immutable
- How many read request units of the DynamoDB table are required for an item up to 8 KB using one strongly consistent read request?
2
- Your application is developed to pick up metrics from several servers and push them off to CloudWatch. At times, the application gets client 429 errors. Which of the following can be done from the programming side to resolve such errors?
Use exponential backoff in your requests
- When calling an API operation on an EC2 Instance, the following error message was returned.
A client error (UnauthorizedOperation) occurred when calling the RunInstances operation:
You are not authorized to perform this operation. Encoded authorization failure message:
oGsbAaIV7wlfj8zUqebHUANHzFbmkzILlxyj__y9xwhIHk99U_cUq1FIeZnskWDjQ1wSHStVfdCEyZILGoccGpC
iCIhORceWF9rRwFTnEcRJ3N9iTrPAE1WHveC5Z54ALPaWlEjHlLg8wCaB8d8lCKmxQuylCm0r1Bf2fHJRU
jAYopMVmga8olFmKAl9yn_Z5rI120Q9p5ZIMX28zYM4dTu1cJQUQjosgrEejfiIMYDda8l7Ooko9H6VmGJX
S62KfkRa5l7yE6hhh2bIwA6tpyCJy2LWFRTe4bafqAyoqkarhPA4mGiZyWn4gSqbO8oSIvWYPwea
KGkampa0arcFR4gBD7Ph097WYBkzX9hVjGppLMy4jpXRvjeA5o7TembBR-Jvowq6mNim0
Which of the following can be used to get a human-readable error message?
Use the command aws sts decode-authorization-message
- You have created an Amazon DynamoDB table with Global Secondary Index. Which of the following can be used to get the latest results quickly with the least impact on RCU (Read Capacity Unit)?
Query with EventualRead
- All the objects stored in the Amazon S3 bucket need to be encrypted at rest. You are creating a bucket policy for the same. Which header needs to be included in the bucket policy to enforce server-side encryption with SSE-S3 for a specific bucket?
Set “x-amz-server-side-encryption” as AES256 request header
- You are using Amazon DynamoDB for storing all product details for an online Furniture store. Which of the following expression can be used to return the Colour & Size Attribute of the table during query operations?
Projection Expressions
- Which of the following is true with respect to strongly consistent read requests from an application to a DynamoDB with a DAX cluster?
All requests are forwarded to DynamoDB & results are not cached
- You are a developer for your company. You are working on creating Cloudformation templates for different environments. You want to be able to base the creation of the environments on the values passed at runtime to the template. How can you achieve this?
Specify a parameters section
- As an API developer, you have just configured an API with the AWS API gateway service. You are testing out the API and getting the below response whenever an action is made to an undefined API resource.
{ “message”: “Missing Authentication Token” }
You want to customize the error response and make it more user-readable. How can you achieve this?
By setting up the appropriate gateway response in the API gateway
- Your team has currently developed an application using Docker containers. As the development lead, you now need to host this application in AWS. You also need to ensure that the AWS service has orchestration services built-in. Which of the following can be used for this purpose?
Consider using the Elastic Container Service
- You are developing an application that is working with a DynamoDB table. During the development phase, you want to know how much of the Consumed capacity is being used for the queries being fired. How can this be achieved?
Ensure to set the ReturnConsumedCapacity in the query request to TOTAL
- You are part of a development team that is in charge of creating Cloudformation templates. These templates need to be created across multiple accounts with the least amount of effort. Which of the following would assist in accomplishing this?
Creating Cloudformation StackSets
- Your team has started configuring CodeBuild to run builds in AWS. The source code is stored in a bucket. When the build is run, you are getting the below error.
Error: “The bucket you are attempting to access must be addressed using the specified endpoint…” When Running a Build.
Which of the following could be the cause of the error?
The bucket is not in the same region as the Code Build project.
- Your team is deploying a set of applications onto AWS. These applications work with multiple databases. You need to ensure that the database passwords are stored securely. Which of the following is the ideal way to store the database passwords?
Store them as secrets in AWS Secrets Manager
- As an AWS Certified Developer Associate, you are given a document written in YAML that represents the architecture of a serverless application. The first line of the document contains Transform: 'AWS::Serverless-2016-10-31'. What does the Transform section in the document represent?
Presence of Transform section indicates it is a Serverless Application Model (SAM) template
- The development team at a company creates serverless solutions using AWS Lambda. Functions are invoked by clients via AWS API Gateway which anyone can access. The team lead would like to control access using a 3rd party authorization mechanism. As a Developer Associate, which of the following options would you recommend for the given use-case?
Lambda Authorizer
- A developer at a company is trying to create a digital signature for SSH'ing into the Amazon EC2 instances. Which of the following entities can be used to facilitate this use-case?
Key pairs
- You are running workloads on AWS and have embedded RDS database connection strings within each web server hosting your applications. After failing a security audit, you are looking at a different approach to store your secrets securely and automatically rotate the database credentials. Which AWS service can you use to address this use-case?
Secrets Manager
- The development team at an IT company would like to provision their own Docker images that can be used as input sources for CodeBuild. These images will contain cached dependencies as well as special tooling for builds that are proprietary to the company. Which of the following services can be used to store and deploy these Docker images?
ECR
- A developer has been asked to create an application that can be deployed across a fleet of EC2 instances. The configuration must allow for full control over the deployment steps using the blue-green deployment. Which service will help you achieve that?
CodeDeploy
- A development team wants to build an application using serverless architecture. The team plans to use AWS Lambda functions extensively to achieve this goal. The developers of the team work on different programming languages like Python, .NET and Javascript. The team wants to model the cloud infrastructure using any of these programming languages. Which AWS service/tool should the team use for the given use-case?
AWS Cloud Development Kit (CDK)
- A cybersecurity firm wants to run their applications on single-tenant hardware to meet security guidelines. Which of the following is the MOST cost-effective way of isolating their Amazon EC2 instances to a single tenant?
Dedicated Instances
- A firm runs its technology operations on a fleet of Amazon EC2 instances. The firm needs a certain software to be available on the instances to support their daily workflows. The developer team has been told to use the user data feature of EC2 instances. Which of the following are true about the user data EC2 configuration? ( Select two)
(I) By default, scripts entered as user data are executed with root user privileges, and (ii) By default, user data runs only during the boot cycle when you first launch an instance
- An e-commerce company has developed an API that is hosted on Amazon ECS. Variable traffic spikes on the application are causing order processing to take too long. The application processes orders using Amazon SQS queues. The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day which triggers the CloudWatch alarm. Other ECS metrics for the API containers are well within limits. As a Developer Associate, which of the following will you recommend for improving performance while keeping costs low?
Use backlog per instance metric with target tracking scaling policy
- A multi-national company has just moved to AWS Cloud and it has configured forecast-based AWS Budgets alerts for cost management. However, no alerts have been received even though the account and the budgets have been created almost three weeks ago. What could be the issue with the AWS Budgets configuration?
AWS requires approximately 5 weeks of usage data to generate budget forecasts
- As an AWS Certified Developer Associate, you been asked to create an AWS Elastic Beanstalk environment to handle deployment for an application that has high traffic and high availability needs. You need to deploy the new version using Beanstalk while making sure that performance and availability are not affected. Which of the following is the MOST optimal way to do this while keeping the solution cost-effective?
Deploy using 'Rolling with additional batch' deployment policy
- An application is hosted by a 3rd party and exposed at yourapp.3rdparty.com. You would like to have your users access your application using www.mydomain.com, which you own and manage under Route 53. What Route 53 record should you create?
Create a CNAME record
- An organization has hosted its EC2 instances in two AZs. AZ1 has two instances and AZ2 has 8 instances. The Elastic Load Balancer managing the instances in the two AZs has cross-zone load balancing enabled in its configuration. What percentage traffic will each of the instances in AZ1 receive?
10
- A financial services company is undergoing a compliance audit by the regulator. The company has hundreds of IAM users that make API calls but specifically it needs to be determined who is making KMS API calls. Which of the following services should the audit team use?
CloudTrail
- Which of the following security credentials can only be created by the AWS Account root user?
CloudFront Key Pairs
- A company uses Elastic Beanstalk to manage its IT infrastructure on AWS Cloud and it would like to deploy the new application version to the EC2 instances. When the deployment is executed, some instances should serve requests with the old application version, while other instances should serve requests using the new application version until the deployment is completed. Which deployment meets this requirement without incurring additional costs?
Rolling
- A company has hired you as an AWS Certified Developer Associate to help with redesigning a real-time data processor. The company wants to build custom applications that process and analyze the streaming data for its specialized needs. Which solution will you recommend to address this use-case?
Use Kinesis Data Streams to process the data streams as well as decouple the producers and consumers for the real-time data processor
- A company is looking at optimizing their Amazon EC2 instance costs. Few instances are sure to run for a few years, but the instance type might change based on business requirements. Which EC2 instance purchasing option should they opt to meet the reduced cost criteria?
Convertible Reserved instances
- A media company has created a video streaming application and it would like their Brazilian users to be served by the company's Brazilian servers. Other users around the globe should not be able to access the servers through DNS queries. Which Route 53 routing policy meets this requirement?
Geolocation
- To enable HTTPS connections for his web application deployed on the AWS Cloud, a developer is in the process of creating server certificate. Which AWS entities can be used to deploy SSL/TLS server certificates? (Select two)
(i) IAM, and (ii) AWS Certificate Manager
- A development team is building a game where players can buy items with virtual coins. For every virtual coin bought by a user, both the players table as well as the items table in DynamodDB need to be updated simultaneously using an all-or-nothing operation. As a developer associate, how will you implement this functionality?
Use TransactWriteItems API of DynamoDB Transactions
- A company has a cloud system in AWS with components that send and receive messages using SQS queues. While reviewing the system you see that it processes a lot of information and would like to be aware of any limits of the system. Which of the following represents the maximum number of messages that can be stored in an SQS queue?
no limit
- A developer with access to the AWS Management Console terminated an instance in the us-east-1a availability zone. The attached EBS volume remained and is now available for attachment to other instances. Your colleague launches a new Linux EC2 instance in the us-east-1e availability zone and is attempting to attach the EBS volume. Your colleague informs you that it is not possible and need your help. Which of the following explanations would you provide to them?
EBS volumes are AZ locked
- You create an Auto Scaling group to work with an Application Load Balancer. The scaling group is configured with a minimum size value of 5, a maximum value of 20, and the desired capacity value of 10. One of the 10 EC2 instances has been reported as unhealthy. Which of the following actions will take place?
The ASG will terminate the EC2 Instance
- A developer is looking at establishing access control for an API that connects to a Lambda function downstream. Which of the following represents a mechanism that CANNOT be used for authenticating with the API Gateway?
AWS Security Token Service (STS)
- A company uses AWS CodeDeploy to deploy applications from GitHub to EC2 instances running Amazon Linux. The deployment process uses a file called appspec.yml for specifying deployment hooks. A final lifecycle event should be specified to verify the deployment success. Which of the following hook events should be used to verify the success of the deployment?
ValidateService
- An application running on EC2 instances processes messages from an SQS queue. However, sometimes the messages are not processed and they end up in errors. These messages need to be isolated for further processing and troubleshooting. Which of the following options will help achieve this?
Implement a Dead-Letter Queue
- As a Senior Developer, you are tasked with creating several API Gateway powered APIs along with your team of developers. The developers are working on the API in the development environment, but they find the changes made to the APIs are not reflected when the API is called. As a Developer Associate, which of the following solutions would you recommend for this use-case?
Redeploy the API to an existing stage or to a new stage
- An Auto Scaling group has a maximum capacity of 3, a current capacity of 2, and a scaling policy that adds 3 instances. When executing this scaling policy, what is the expected outcome?
Amazon EC2 Auto Scaling adds only 1 instance to the group
- A company is using a Border Gateway Protocol (BGP) based AWS VPN connection to connect from its on-premises data center to Amazon EC2 instances in the company’s account. The development team can access an EC2 instance in subnet A but is unable to access an EC2 instance in subnet B in the same VPC. Which logs can be used to verify whether the traffic is reaching subnet B?
VPC Flow Logs
- The app development team at a social gaming mobile app wants to simplify the user sign up process for the app. The team is looking for a fully managed scalable solution for user management in anticipation of the rapid growth that the app foresees. As a Developer Associate, which of the following solutions would you suggest so that it requires the LEAST amount of development effort?
Use Cognito User pools to facilitate sign up and user management for the mobile app
- A company has created an Amazon S3 bucket that holds customer data. The team lead has just enabled access logging to this bucket. The bucket size has grown substantially after starting access logging. Since no new files have been added to the bucket, the perplexed team lead is looking for an answer. Which of the following reasons explains this behavior?
S3 access logging is pointing to the same bucket and is responsible for the substantial growth of bucket size
- A startup has been experimenting with DynamoDB in its new test environment. The development team has discovered that some of the write operations have been overwriting existing items that have the specified primary key. This has messed up their data, leading to data discrepancies. Which DynamoDB write option should be selected to prevent this kind of overwriting?
Conditional writes
- A company needs a version control system for their fast development lifecycle with incremental changes, version control, and support to existing Git tools. Which AWS service will meet these requirements?
AWS CodeCommit
- A developer needs to automate software package deployment to both Amazon EC2 instances and virtual servers running on-premises, as part of continuous integration and delivery that the business has adopted. Which AWS service should he use to accomplish this task?
AWS CodeDeploy
- A business has purchased one m4.xlarge Reserved Instance but it has used three m4.xlarge instances concurrently for an hour. As a Developer, explain how the instances are charged?
One instance is charged at one hour of Reserved Instance usage and the other two instances are charged at two hours of On-Demand usage
- A university has created a student portal that is accessible through a smartphone app and web application. The smartphone app is available in both Android and IOS and the web application works on most major browsers. Students will be able to do group study online and create forum questions. All changes made via smartphone devices should be available even when offline and should synchronize with other devices. Which of the following AWS services will meet these requirements?
Cognito Sync
- As a senior architect, you are responsible for the development, support, maintenance, and implementation of all database applications written using NoSQL technology. A new project demands a throughput requirement of 10 strongly consistent reads per second of 6KB in size each. How many read capacity units will you need when configuring your DynamoDB table?
20
- An IT company has a web application running on Amazon EC2 instances that needs read-only access to an Amazon DynamoDB table. As a Developer Associate, what is the best-practice solution you would recommend to accomplish this task?
Create an IAM role with an AmazonDynamoDBReadOnlyAccess policy and apply it to the EC2 instance profile
- Your development team uses the AWS SDK for Java on a web application that uploads files to several Amazon Simple Storage Service (S3) buckets using the SSE-KMS encryption mechanism. Developers are reporting that they are receiving permission errors when trying to push their objects over HTTP. Which of the following headers should they include in their request?
'x-amz-server-side-encryption': 'aws:kms'
- A media company is building an application that needs to store video files in Amazon S3. Management requires that the files be encrypted before they are sent to Amazon S3 for storage. The encryption keys need to be managed by an in-house security team but the key itself is stored on AWS. Which solution should the company use to meet these requirements?
Use client-side encryption with an AWS KMS managed customer master key (CMK)
- Your company manages hundreds of EC2 instances running on Linux OS. The instances are configured in several Availability Zones in the eu-west-3 region. Your manager has requested to collect system memory metrics on all EC2 instances using a script. Which of the following solutions will help you collect this data?
Use a cron job on the instances that pushes the EC2 RAM statistics as a Custom metric into CloudWatch
- You are assigned as the new project lead for a web application that processes orders for customers. You want to integrate event-driven processing anytime data is modified or deleted and use a serverless approach using AWS Lambda for processing stream events. Which of the following databases should you choose from?
DynamoDB
- You are designing a high-performance application that requires millions of connections. You have several EC2 instances running Apache2 web servers and the application will require capturing the user’s source IP address and source port without the use of X-Forwarded-For. Which of the following options will meet your needs?
Network Load Balancer
- You are a system administrator whose company recently moved its production application to AWS and migrated data from MySQL to AWS DynamoDB. You are adding new tables to AWS DynamoDB and need to allow your application to query your data by the primary key and an alternate key. This option must be added when first creating tables otherwise changes cannot be made afterward. Which of the following actions should you take?
Create a LSI
- You have an Amazon Kinesis Data Stream with 10 shards, and from the metrics, you are well below the throughput utilization of 10 MB per second to send data. You send 3 MB per second of data and yet you are receiving ProvisionedThroughputExceededException errors frequently. What is the likely cause of this?
The partition key that you have selected isn't distributed enough
- Your company stores confidential data on an Amazon Simple Storage Service (S3) bucket. New security compliance guidelines require that files be stored with server-side encryption. The encryption used must be Advanced Encryption Standard (AES-256) and the company does not want to manage S3 encryption keys. Which of the following options should you use?
SSE-S3
- A development team had enabled and configured CloudTrail for all the Amazon S3 buckets used in a project. The project manager owns all the S3 buckets used in the project. However, the manager noticed that he did not receive any object-level API access logs when the data was read by another AWS account. What could be the reason for this behavior/error?
The bucket owner also needs to be object owner to get the object access logs
- A senior cloud engineer designs and deploys online fraud detection solutions for credit card companies processing millions of transactions daily. The Elastic Beanstalk application sends files to Amazon S3 and then sends a message to an Amazon SQS queue containing the path of the uploaded file in S3. The engineer wants to postpone the delivery of any new messages to the queue for at least 10 seconds. Which SQS feature should the engineer leverage?
Use DelaySeconds parameter
- You have moved your on-premise infrastructure to AWS and are in the process of configuring an AWS Elastic Beanstalk deployment environment for production, development, and testing. You have configured your production environment to use a rolling deployment to prevent your application from becoming unavailable to users. For the development and testing environment, you would like to deploy quickly and are not concerned about downtime. Which of the following deployment policies meet your needs?
All at once
- You have uploaded a zip file to AWS Lambda that contains code files written in Node.Js. When your function is executed you receive the following output, 'Error: Memory Size: 10,240 MB Max Memory Used'. Which of the following explains the problem?
Your Lambda function ran out of RAM
- A development team is storing sensitive customer data in S3 that will require encryption at rest. The encryption keys must be rotated at least annually. What is the easiest way to implement a solution for this requirement?
Use AWS KMS with automatic key rotation
- After reviewing your monthly AWS bill you notice that the cost of using Amazon SQS has gone up substantially after creating new queues; however, you know that your queue clients do not have a lot of traffic and are receiving empty responses. Which of the following actions should you take?
Use LongPolling
- The development team at a company wants to insert vendor records into an Amazon DynamoDB table as soon as the vendor uploads a new file into an Amazon S3 bucket. As a Developer Associate, which set of steps would you recommend to achieve this?
Create an S3 event to invoke a Lambda function that inserts records into DynamoDB
- An order management system uses a cron job to poll for any new orders. Every time a new order is created, the cron job sends this order data as a message to the message queues to facilitate downstream order processing in a reliable way. To reduce costs and improve performance, the company wants to move this functionality to AWS cloud. Which of the following is the most optimal solution to meet this requirement?
Use Amazon Simple Notification Service (SNS) to push notifications when an order is created. Configure different Amazon Simple Queue Service (SQS) queues to receive these messages for downstream processing
- An IT company is using AWS CloudFormation to manage its IT infrastructure. It has created a template to provision a stack with a VPC and a subnet. The output value of this subnet has to be used in another stack. As a Developer Associate, which of the following options would you suggest to provide this information to another stack?
Use 'Export' field in the Output section of the stack's template
- You have a Java-based application running on EC2 instances loaded with AWS CodeDeploy agents. You are considering different options for deployment, one is the flexibility that allows for incremental deployment of your new application versions and replaces existing versions in the EC2 instances. The other option is a strategy in which an Auto Scaling group is used to perform a deployment. Which of the following options will allow you to deploy in this manner? (Select two)
(i) Blue/green Deployment, and (ii) in-place Deployment
- You are revising options that would be best for monitoring a few EC2 instances you currently manage. Amazon CloudWatch has metrics available to monitor your EC2 instances for CPU load, I/O, and network I/O. Your budget does not allow for spending on monitoring so using the default monitoring available is your preferred choice. With default monitoring, at what interval will these metrics be collected?
5 minutes
- A developer is creating a web application that is hosted on an EC2 instance that requires disk level encryption for all data stored. Which AWS service offers this feature?
Amazon Elastic Block Store (Amazon EBS)
- A developer has an architecture that consists of multiple AWS accounts. They wat to find a way to reduce the overall costs and better manage and control which service and resources can be provisioned in an account. Which AWS service can help do this?
AWS Organizations
A development team is using AWS CloudFormation to lunch the infrastructure for an application. Security for the application needs to be upgraded, but the team is concerned that the update might impact the performance of the application. What can be done to preview how these updates will impact the infrastructure?
Change sets