BPE5
A developer plans to use AWS Elastic Beanstalk to deploy a microservice application. The application will be implemented in a multi-container Docker environment. How should the developer configure the container definitions in the environment?
Configure the container definitions in the Dockerrun.aws.json file.
A Software Engineer is developing a Node.js application that will be deployed using Elastic Beanstalk. The application source code is currently inside a folder called MyApp. He wants to add a configuration file named tutorialsdojo.config to the application. Where should the file be placed?
Inside the .ebextensions folder
An application that runs on a local Linux server is migrated to a Lambda function to save costs. The Lambda function shows an Unable to import module error when invoked. As the developer, how can you fix the error?
Install the missing modules locally to your application's folder. Package the folder into a ZIP file and upload it to AWS Lambda.
A developer plans to launch an EC2 instance, with Amazon Linux 2 as its AMI, using the AWS Console. A security group with port 80 that is open to public access will be associated with the instance. He wants to quickly build and test an Apache webserver with an index.html displaying a hello world message. Which of the following should the developer do?
Configure the user data at the creation of the EC2 instance to run a script that will install and create the Apache webserver after the instance starts.
A developer is building a ReactJS application that will be hosted on Amazon S3. Amazon Cognito handles the registration and signing of users using the AWS Software Development Kit (SDK) for JavaScript. The JSON Web Token (JWT) received upon authentication will be stored on the browser's local storage. After signing in, the application will use the JWT as an authorizer to access an API Gateway endpoint. What are the steps needed to implement the scenario above? (Select THREE.) Create an Amazon Cognito User Pool. (Correct) Create an Amazon Cognito Identity Pool. Set the name of the header that will be used from the request to the Cognito Identity Pool as a token source for authorization. Choose and set the authentication provider for your website. On the API Gateway Console, create an authorizer using the Cognito User Pool ID. (Correct) Set the name of the header that will be used from the request to the Cognito User Pool as a token source for authorization. (Correct)
--- Create an Amazon Cognito User Pool. On the API Gateway Console, create an authorizer using the Cognito User Pool ID. Set the name of the header that will be used from the request to the Cognito User Pool as a token source for authorization. ---
Some static assets stored in an S3 bucket need to be accessed by a user on the development account. The S3 bucket is in the production account. According to the company policy, the sharing of full credentials between accounts is prohibited. What steps should be done to delegate access across the two accounts? (Select THREE.)
--- On the production account, create an IAM role and specify the development account as a trusted entity. Log in to the development account and create a policy that will use STS to assume the IAM role in the production account. Attach the policy to the IAM users. Set the policy that will grant access to S3 for the IAM role created in the production account. ---
A company is looking to run a distributed application across hundreds of containers using Amazon Elastic Container Service. Due to the nature and size of the application, the Chief Technology Officer (CTO) is worried about how the developers can analyze and debug the application conveniently and efficiently. The developers need to have an end-to-end view of how the application runs and performs across the resources and services so they can make adjustments if needed. Which AWS service should the CTO use?
AWS X-Ray
A developer has an EC2 instance deployed in a test environment. He will be using the aws iam create-role command to create a role that will allow the instance to list the S3 buckets in a particular region. What should be done first before the EC2 instance can assume the role?
Add the EC2 service under the Principal field of the Trust policy
A company is providing various IoT services for a large number of consumers. The Data Analytics team revealed that an average consumer connects to two or more services. This leads to a complicated architecture that does not scale well and is difficult to manage. The development team is looking to efficiently manage these services to consumers using a single interface. Which of the following AWS services should be used to redesign the current architecture?
Amazon API Gateway
A developer is writing a web application that will allow users to save and retrieve images in an Amazon S3 bucket. The users are required to register and log in to access the application. Which combination of AWS Services should the Developer utilize for implementing the user authentication module of the application?
Amazon Cognito Identity Pools and User Pools.
A company uses a Linux, Apache, MySQL, and PHP (LAMP) web service stack to host an on-premises application for its car rental business. The manager wants to move its operation into the Cloud using Amazon Web Services. Which combination of services could be used to run the application that will require the least amount of configuration?
Amazon EC2 and Amazon Aurora
A university is gradually migrating some of its physical documents to the AWS cloud. They will start by moving their alumnus' historical records to Amazon S3. The storage solution should provide a secure and durable object storage with the lowest cost. Which of the following types of S3 storage should you recommend?
Amazon S3 Glacier Deep Archive
An application executes GET operations to various AWS services. The development team is using AWS X-Ray to trace all the calls made to AWS. As one of the developers, you are responsible for maintaining a particular block of code on the application. To save time, you only want to record data associated with the code to group the traces in the AWS console. Which of the following X-Ray features should you use?
Annotations
A developer uses AWS Serverless Application Model (SAM) in a local machine to create a serverless Python application. After defining the required dependencies in the requirements.txt file, the developer is now ready to test and deploy. What are the steps to successfully deploy the application?
Build the SAM template in the local machine and call the sam deploy command to package and deploy the SAM template from an S3 bucket.
A developer is building a serverless application that will send out a newsletter to customers using AWS Lambda. The Lambda function will be invoked at a 7-day interval. Which method will provide an automated and serverless approach to trigger the function?
Configure an Amazon CloudWatch Events rule that triggers every week to invoke the Lambda function.
A development team has migrated an existing Git repository to a CodeCommit repository. One of the developers was given an HTTPS clone URL of their new repository. The developer must be able to clone the repository using his access key credentials. What must the developer do before he can proceed?
Configure the Git credential helper with the AWS credential profile.
A developer has enabled the lifecycle policy of an application deployed in Elastic Beanstalk. The lifecycle is set to limit the application version to 15 versions. The developer wants to keep the source code in an S3 bucket, yet, it gets deleted. What change should the developer do?
Configure the Retention setting to retain the source bundle in the S3 bucket.
An AWS Site-to-Site VPN connection that uses Border Gateway Protocol (BGP) is used to establish a connection between an on-premises server and multiple EC2 instances in a VPC. A Developer cannot connect to an instance in subnet A but can access an instance in subnet B. Which action should the developer do as the first step in troubleshooting?
Check the VPC Flow Logs if the traffic is reaching subnet A.
A San Francisco-based tech startup is building a cross-platform mobile app that can notify the user of upcoming astronomical events. Your mobile app authenticates with the Identity Provider (IdP) using the provider's SDK and Amazon Cognito. Once the end-user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito. Which of the following is returned for the user to provide a set of temporary, limited-privilege AWS credentials?
Cognito ID
An application is hosted in the us-east-1 region. The app needs to be recreated on the us-east-2, ap-northeast-1, and ap-southeast-1 region using the same Amazon Machine Image (AMI). As the developer, you have to use AWS CloudFormation to rebuild the application using a template. Which of the following actions is the most suitable way to configure the CloudFormation template for the scenario?
Copy the AMI of the instance from the us-east-1 region to the us-east-2, ap-northeast-1, and ap-southeast-1 region. Then, add a Mappings section wherein you will define the different Image Id for the three regions. Use the region name as the key in mapping to its correct Image Id. Lastly, use the Fn::FindInMap function to retrieve the desired Image Id from the region key.
A Ruby developer is looking to offload some of the processing on his application to the AWS cloud without managing any servers. The submodules must be written in Ruby, which mainly invokes API calls to an external web service. The response from the API call is parsed and stored in a MongoDB database. What should he do to develop the Lambda function in his preferred programming language?
Create a Lambda function with a supported runtime version for Ruby.
Several development teams worldwide will be collaboratively working on a project hosted on an AWS Elastic Beanstalk environment. The developers need to be able to deploy incremental code updates without re-uploading the entire project. Which of the following actions will reduce the upload and deployment time with the LEAST amount of effort?
Create an AWS CodeCommit repository and allow access to all developers. Deploy the code to Elastic Beanstalk.
A team of developers needs permission to launch EC2 instances with an instance role that will allow them to update items in a DynamoDB table. Each developer has access to IAM users that belongs in the same IAM group. Which of the following steps must be done to implement the solution?
Create an IAM role with an IAM policy that will allow access to the DynamoDB table. Add the EC2 service to the trust policy of the role. Create a custom policy with the iam:PassRole permission. Attach the policy to the IAM group.
A developer needs to view the percentage of used memory and the number of TCP connections of instances inside an Auto Scaling Group. To achieve this, the developer must send the metrics to Amazon CloudWatch. Which approach provides the MOST secure way of authenticating a CloudWatch PUT request?
Create an IAM role with cloudwatch:PutMetricData permission for the new Auto Scaling launch configuration from which you launch instances.
A development team needs to deploy an application revision into three environments: Test, Staging, and Production. The application should be deployed into the Test environment first, then Staging, and then Production. Which approach will conveniently allow the team to deploy the application into different environments?
Create multiple deployment groups for each environment using AWS CodeDeploy.
A company is running an Artificial Intelligence (AI) software for its automotive clients using the AWS Cloud. The software is used for identifying road obstructions for autonomous driving and predicting failure on vehicle components. The company wants to extend its usage and access based on different levels (students, professionals, and hobbyist developers) by exposing an API through API Gateway. The company should regulate access to the API and monetize it by charging based on usage. What should the company do?
Create three Usage Plans. Specify a quota and throttle requests according to the level of access.
A developer has an application that stores sensitive data to an Amazon DynamoDB table. AWS KMS must be used to encrypt the data before sending it to the table and to manage the encryption keys. Which of the following features are supported when using AWS KMS? (Select TWO.)
Creation of symmetric and asymmetric keys Re-enabling disabled keys
A developer is using the AWS CLI to interact with different AWS services. An UnauthorizedOperation error, as shown below, is received after running the stop-instance command: (image of a error message in the CLI) Along with the response is an additional failure message displayed in ciphertext format. How can the developer decode the message?
Decode the message by calling the AWS STS decode-authorization-message command.
A startup has recently opened an AWS account to develop a cloud-native web application. The CEO wants to improve the security of the account by implementing the best practices in managing access keys in AWS. Which actions follow the security best practices in IAM? (Select TWO.)
Delete any access keys to your AWS account root user. Use IAM roles for applications that need access to AWS services.
A 5 KB log file is sent every evening to an Amazon S3 bucket, which triggers a Lambda function. The function uses the context manager in Python to handle the transformation of the data received from the PUT event. The log data must be downloaded first so the code can extract and manipulate it before sending it to another S3 bucket. Which solution can the developer implement that requires the LEAST effort and cost?
Download the file to the /tmp directory. From there, consume and process the data before sending it to the S3 bucket.
A developer is building an AWS Lambda-based Java application that optimizes pictures uploaded to an S3 bucket. Upon running several tests, the Lambda function shows a cold start of about 5 seconds. Which of the following could the developer do to reduce the cold start time? (Select TWO.)
Increase the memory allocation setting for the Lambda function. Reduce the deployment package's size by including only the needed modules from the AWS SDK for Java.
The Customer and Payment service components of a microservices application have two separate DynamoDB tables. New items inserted into the Customer service table must be dynamically updated in the Payment service table. How can the Payment service get near real-time updates?
Enable DynamoDB Streams to stream all the changes from the Customer service table and trigger a Lambda function to update the Payment service table.
A developer is managing an Application Load Balancer that targets a Lambda function. The developer needs to obtain all values of identical query parameters key that is supplied in a request. How can the developer implement this?
Enable the multi-value headers on the Application Load Balancer.
A developer is building a serverless NodeJs application consisting of an API Gateway and AWS Lambda. The developer wants to log certain events tagged with a unique identifier of the Lambda functions' invocation request. Which approach should the developer take?
Get the awsRequestId from the context object and log it to a file.
A company is running an e-commerce application on an Amazon EC2 instance. A newly hired developer has been tasked to monitor and handle the necessary updates on the EC2 instance every Saturday. The developer is working from home and needs remote access to the webserver. As the system administrator, you're looking to use the AWS STS API to give the developer temporary credentials and enforce Multi-factor Authentication (MFA) to protect specific programmatic calls against the instance that could adversely affect the server. Which of the following STS API should you use?
GetSessionToken
An update was made on an AWS Lambda-based application. It is invoked by an API Gateway endpoint with caching enabled to improve latency requests. The developer expected to get the latest data as a response when he tested the application. However, he kept getting stale data upon trying many times. What should the developer do that will require the LEAST amount of effort to resolve the issue? (Select TWO.)
Grant permission to the client to invalidate caching when there's a request using the IAM execution role. Include Cache-Control: max-age=0 HTTP header on the API request.
A company plans to conduct an online survey to distinguish the users who bought its product from those who didn't. The survey will be processed by Step Functions which comprises four states that will manage the application logic and error handling of the state machine. It is required to aggregate all the data that passes through the nodes if the process fails. What should the company do to meet the requirements?
Include a Catch field in the state machine definition to capture the error. Then, use ResultPath to include each node's input data with its output.
An application uploads images to an Amazon S3 bucket. The event triggers a Lambda function that calls a third-party application that compresses images. Upon testing, you noticed that the time it takes for the function to process the image is slower than expected. Which of the following is the MOST cost-effective solution to run the function faster?
Increase the CPU and memory allocation of the function in the Memory setting.
A developer is managing several microservices built using API Gateway and AWS Lambda. The Developer wants to deploy new updates to one of the APIs. He wants to ensure a smooth transition between the versions by giving users enough time to migrate to the new version before retiring the previous one. Which solution should the developer implement?
Implement the updates and publish a new version of the Lambda function. Specify the new version in the API Gateway target resource then redeploy it to a new stage.
A developer is hosting a static website from an S3 bucket. The website makes requests to an API Gateway endpoint integrated with a Lambda function (non-proxy). The developer noticed that the requests are failing. Upon debugging, he found a: "No 'Access-Control-Allow-Origin' header is present on the requested resource" error message. What should the developer do to resolve this issue?
In the API Gateway Console, enable cross-origin resource sharing (CORS) for the method in the specified resource.
A mobile game developer is using DynamoDB as a data store and a Web Identity Federation for authorization and authentication. Each item in the DynamoDB table contains the attributes for individual user's game data such as user ID, game scores, and top score where the user ID is the partition key. The developer must control user access to specific data items based on their IDs. In doing so, users will only be able to obtain items that they own. Which of the following solutions must be implemented by the developer?
Modify the IAM Policy associated with the Identity provider's role by setting the value of the dynamodb:LeadingKeys condition key to the user IDs.
A development team is building a website that displays an analytics dashboard. The team uses AWS CodeBuild to compile the website from a source code residing on Github. A member was instructed to configure CodeBuild to run with a proxy server for privacy and security reasons. A RequestError timeout error appears on CloudWatch whenever CodeBuild is accessed. Which is a possible solution to resolve the issue?
Modify the proxy element of the buildspec.yml file on the source code root directory.
A developer wants to cut down the execution time of the scan operation to a DynamoDB table during periods of low demand without interfering with typical workloads. The operation consumes half of the strongly consistent read capacity units within regular operating hours. How can the developer improve this scan operation?
Perform a rate-limited parallel scan operation.
A development team wants to move its continuous integration (CI) system into AWS. The system is built using Github as the code repository. Each code push triggers a webhook that causes the CI software to compile the source code and runs a test to check if the changes broke anything before deploying. What AWS services can the development team use?
Replace Github, webhook, and the CI software with AWS CodeCommit, AWS Lambda, and AWS CodeBuild respectively.
A developer needs to use IAM roles to list all EC2 instances that belong to the development environment in an AWS account. He will use AWS CLI to perform this action. Which methods could be done to verify IAM access to describe instances? (Select TWO.)
Run the describe-instances command with the --dry-run parameter. Use the IAM Policy Simulator to validate the permission for the IAM role.
A developer uses Amazon ECS to orchestrate two Docker containers. He needs to configure ECS to allow the two containers to share log data. Which configuration should the developer do?
Specify the containers in a single task definition and configure EFS as its volume type.
A serverless application is created to process numerous files. Each invocation takes 5 minutes to complete. The Lambda function's execution time is too slow for the application. Considering that the Lambda function does not return any important data, which method will accelerate data processing the most?
Use asynchronous Event Lambda invocations. Configure the function to process the files in parallel.
A cross-platform online game application has thousands of users. The developer needs to identify each user by designating them a unique identifier. The identifier must be kept consistent across devices and platforms. How can the developer achieve this?
Use developer-authenticated identities in Amazon Cognito to generate unique identifiers for the users.
A Lamba function has multiple sub-functions that are chained together to process large data synchronously. When invoked, the function tends to exceed its maximum timeout limit. This has prompted the developer to break the Lambda function into manageable coordinated states using Step Functions, enabling each sub-function to run in separate processes. Which of the following type of states should the developer use to run processes?
Task State
An application uses the PutObject operation in parallel to upload hundreds of thousands of objects per second to an S3 bucket. To meet security compliance, the developer uses the server-side encryption in AWS KMS (SSE-KMS) to encrypt objects as they get stored in the S3 bucket. There is a noticeable performance degradation after making the change. Which of the following is the most likely cause of the problem?
The API request rate has exceeded the quota for AWS KMS API operations.
A developer has been instructed to automate the creation of the snapshot of an existing Amazon EC2 instance. The engineer created a script that uses the AWS Command Line Interface (CLI) to run the necessary API call. He is getting an InvalidInstanceID.NotFound error whenever the script is run. What is the most likely cause of the error?
The AWS Region name used to configure the AWS CLI does not match the region where the instance lives.
A developer is building a new feature for an application deployed on an EC2 instance in the N. Virginia region. A co-developer suggests to upload the code on Amazon S3 and use CodeDeploy to deploy the new version of the application. The deployment fails during the DownloadBundle deployment lifecycle event with the UnknownError: not opened for reading error. What is the possible cause of this?
The EC2 instance's IAM profile does not have the permissions to access the application code in Amazon S3.
An EC2 instance has an IAM role that explicitly denies all S3 API Write operations. Moreover, the instance has access key credentials configured to gain full access to S3 operations. Which statement is correct for this scenario?
The instance can perform all S3 operations on any S3 bucket.
A developer is building an application with Amazon DynamoDB as its database. The application needs to group the PUT, UPDATE, and DELETE actions into a single all-or-nothing operation to make changes against multiple items in the DynamoDB table. Which DynamoDB operation should the developer use?
TransactWriteItems
A developer is building an application that uses Amazon CloudFront to distribute thousands of images stored in an S3 bucket. The developer needs a fast and cost-efficient solution that will allow him to update the images immediately without waiting for the object's expiration date. Which solution meets the requirements?
Update the images by using versioned file names.
A startup plans to use Amazon Cognito User Pools to easily manage their users' sign-up and sign-in workflows to an application. To save time from designing the User Interface (UI) for the login page, the development team has decided to use Cognito's built-in UI. However, the product manager finds the UI bland and instructed the developer to include the product logo on the web page. How should the developer meet the above requirements?
Upload the logo to the Amazon Cognito app settings and use that logo on the custom login page.
A developer wants to expose a legacy web service that uses an XML-based Simple Object Access Protocol (SOAP) interface through API Gateway. However, there is a compatibility issue since most modern applications communicate data in JSON format. Which is the most cost-effective method that will overcome this issue?
Use API Gateway to create a RESTful API. Transform the incoming JSON into XML using mapping templates. Forward the request into the SOAP interface by using a Lambda function and parse the response (XML) into JSON before sending back to API Gateway.
A developer is building a serverless URL shortener using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. The application code as well as the stack that defines the cloud resources should be written in Python. The code should also be reusable in case an update must be done to the stack. Which of the following actions must be done by the developer to meet the requirements above?
Use AWS CDK to build the stack. Then, use Python as the runtime environment in writing the application logic on Lambda.
A developer needs to build a queueing mechanism for an application that will run on AWS. The application is expected to consume SQS messages that are larger than 256 KB and up to 1 GB in size. How should the developer manage the SQS messages?
Use Amazon S3 and the Amazon SQS Extended Client Library for Java
A developer is building a serverless workflow using Step Functions. The developer has to implement a solution that will help the State Machine handle and recover from State exception errors. Which of the following actions should the developer do?
Use Catch and Retry fields in the state machine definition.
Private documents have to be securely stored in an S3 Standard-IA bucket. These documents must be encrypted at rest, and the encryption keys should be rotated every 365 days. Which of the following method is the easiest to implement to solve the problem?
Use a Customer Master Key (CMK) in AWS KMS and enable automatic annual key rotation.
A Development team is building a fault-tolerant solution for a web application hosted on Amazon EC2. The session data is stored globally but it is cached in the instance's memory for better performance. The solution aims to ensure that no user requests are lost during a session in case an EC2 instance is terminated or has failed a health check. Which solution best fits the requirement with the least effort?
Use an Elastic Load Balancer and configure sticky sessions.
A developer is writing an application that will download hundreds of media files. Each file must be encrypted with a unique encryption key within the application before storing it in an S3 bucket. The developer needs a cost-effective solution with low management overhead. Which of the following is the most suitable solution?
Use the GenerateDataKey API command to generate a data key for each file to encrypt them. Store the encrypted data key and the file.
An application has a feature that displays GIFs based on keyword inputs. The code streams random GIF links from an external API to your local machine. When run, the application's process takes longer than expected. You are suspecting that the new function sendRequest() you added is the culprit. Which of the following actions should you do to determine the latency of the function?
Using AWS X-Ray, define an arbitrary subsegment inside the code to instrument the function.
A company wants to know how its monolithic application will perform on a microservice architecture. The Lead Developer has deployed the application on Amazon ECS using the EC2 launch type. He terminated the container instance after testing; however, the container instance still appears as a resource in the ECS cluster. What is the possible cause of this?
When a container instance is terminated in the stopped state, the container instance is not automatically deregistered from the cluster.
