BPE4
A developer has recently deployed an application, which is hosted in an Auto Scaling group of EC2 instances and processes data from an Amazon Kinesis Data Stream. Each of the EC2 instances has exactly one KCL worker processing one Kinesis data stream which has 10 shards. Due to performance issues, the systems operations team has resharded the data stream to increase the number of open shards to 20. What is the maximum number of running EC2 instances that should ideally be kept to maintain application performance?
20
A leading insurance firm is hosting its customer portal in Elastic Beanstalk which has an RDS database in AWS. The support team in your company discovered a lot of SQL injection attempts and cross-site scripting attacks to the portal, which is starting to affect the production environment. Which of the following services should you implement to mitigate this attack?
AWS WAF
A web application hosted in Elastic Beanstalk has a configuration file named .ebextensions/debugging.config which has the following content: option_settings: aws:elasticbeanstalk:xray: XRayEnabled: true For its database tier, it uses RDS with Multi-AZ deployments configuration and Read Replicas. There is a new requirement to record calls that your application makes to RDS and other internal or external HTTP web APIs. The tracing information should also include the actual SQL database queries sent by the application, which can be searched using the filter expressions in the X-Ray Console. Which of the following should you do to satisfy the above task?
Add annotations in the subsegment section of the segment document.
A startup has recently launched their new mobile game and is gaining a lot of new users everyday. The founders plan to add a new feature which will enable cross-device syncing of user profile data across mobile devices to improve the user experience. Which of the following services should they use to meet this requirement?
Cognito Sync
You are working for a software development company that uses AWS CodePipeline as their CI/CD platform to build, test, and push their deployments to their production environment. You have created a Lambda function that will push the build details on a separate DynamoDB table. You want to trigger this function after the successful build stage on your Pipeline. Which of the following services will help you achieve this?
CloudWatch Events
You have two users concurrently accessing a DynamoDB table and submitting updates. If a user will modify a specific item in the table, she needs to make sure that the operation will not affect another user's attempt to modify the same item. You have to ensure that your update operations will only succeed if the item attributes meet one or more expected conditions. Which of the following DynamoDB features should you use in this scenario?
Conditional writes
A developer is launching a Lambda function which requires access to a MySQL RDS instance that is in a private subnet. Which of the following is the MOST secure way to achieve this?
Configure the Lambda function to connect to your VPC.
A startup has recently launched a high-quality photo sharing portal using Amazon Lightsail and S3. They noticed that there are other external websites which are linking and using their photos without permission. This has caused an increase on their data transfer cost and potential revenue loss. Which of the following is the MOST effective method to solve this issue?
Configure the S3 bucket to remove public read access and use pre-signed URLs with expiry dates.
The infrastructure of your application is designed where a producer sends data to a consumer via HTTPS. The consumer can sometimes take a while to process the messages, which causes the newer messages to not be acknowledged immediately and therefore, results in unexpected timeouts. You decided to introduce an Amazon SQS standard queue into the system but the duplicate messages are still not being handled properly. What should you do in order for the messages to be durably delivered and prevent having duplicate messages? (Select TWO.)
Configure the producer to set deduplication IDs for the messages. Create a FIFO queue as a replacement for the standard queue.
A company is currently in the process of integrating their on-premises data center to their cloud infrastructure in AWS. One of the requirements is to integrate the on-premises Lightweight Directory Access Protocol (LDAP) directory service to their AWS VPC using IAM. Which of the following provides the MOST suitable solution to implement if the identity store that they are using is not compatible with SAML?
Create a custom identity broker application in your on-premises data center and use STS to issue short-lived AWS credentials.
You were recently hired by a media company that is planning to build a news portal using Elastic Beanstalk and DynamoDB database, which already contains a few data. There is already an existing DynamoDB Table that has an attribute of ArticleName which acts as the partition key and a Category attribute as its sort key. You are instructed to develop a feature that will query the ArticleName attribute but will use a different sort key other than the existing one. The feature also requires strong read consistency to fetch the most up-to-date data. Which of the following solutions should you implement?
Create a new DynamoDB table with a Local Secondary Index that uses the ArticleName attribute with a different sort key. Migrate the data from the existing table to the new table.
You currently have an IAM user for working in the development environment using shell scripts that call the AWS CLI. The EC2 instance that you are using already contains the access key credential set and an IAM role, which are used to run the CLI and access the development environment. You were given a new set of access key credentials with another IAM role that allows you to access and manage the production environment. Which of the following is the EASIEST way to switch from one role to another?
Create a new profile for the role in the AWS CLI configuration file then append the --profile parameter, along with the new profile name, whenever you run the CLI command.
A developer wants to perform additional processing on newly inserted items in Amazon DynamoDB using AWS Lambda. In order to implement this requirement, the developer will have to use DynamoDB Streams to automatically send the new items in the table to a Lambda function for processing. Given the scenario, what steps should be performed by the developer to integrate his/her DynamoDB to his/her Lambda functions? (Select TWO.)
Create an event source mapping in Lambda to send records from your stream to a Lambda function. Select AWSLambdaDynamoDBExecutionRole managed policy as the function's execution role.
A developer is building an AI-based traffic monitoring application using Lambda in AWS. Due to the complexity of the application, the developer must do certain modifications such as the way Lambda runs the function's setup code and how the invocation events are read from the Lambda runtime API. In this scenario, which feature of Lambda should you take advantage of to meet the above requirement?
Custom Runtime
You have an Auto Scaling group of on-demand EC2 instances behind a Classic Load Balancer. Even if the scale-up threshold hasn't been met, your manager requested you to manually increase the current number of instances to 20 to prepare for a temporary influx of requests. Which of the following options will you modify to manually place 20 running instances in your Auto Scaling group?
Desired capacity
Your new web app is running on several on-demand EC2 instances behind a Classic Load Balancer. One of your EC2 instances has failed the health check and is no longer receiving traffic. After manually rebooting the instance, the application check becomes healthy again. Which of the following steps will you do next?
Do nothing, the ELB will direct traffic to it after the health check threshold is passed.
A web application is currently using an on-premises Microsoft SQL Server 2017 Enterprise Edition database. Your manager instructed you to migrate the application to Elastic Beanstalk and the database to RDS. For additional security, you must configure your database to automatically encrypt data before it is written to storage, and automatically decrypt data when the data is read from storage. Which of the following services will you use to achieve this?
Enable Transparent Data Encryption (TDE).
A developer has a Node.js function running in AWS Lambda. Currently, the code initializes a database connection to an Amazon RDS database every time the Lambda function is executed, and closes the connection before the function ends. What feature in AWS Lambda will allow the developer to reuse the already existing database connection instead of initializing it each time the function is run?
Execution context
Your application is hosted on an Auto Scaling group of EC2 instances with a DynamoDB database. There were a lot of data discrepancy issues where the changes made by one user were always overwritten by another user. You noticed that this usually happens whenever there are a lot of people updating the same data. What should you do to solve this problem?
Implement an optimistic locking strategy in your application source code by designating one property to store the version number in the mapping class for your table.
You are developing an online game where the app preferences and game state of the player must be synchronized across devices. It should also allow multiple users to synchronize and collaborate shared data in real time. Which of the following is the MOST appropriate solution that you should implement in this scenario?
Integrate AWS AppSync to your mobile app.
A software engineer is building a serverless application in AWS consisting of Lambda, API Gateway, and DynamoDB. She needs to implement a custom authorization scheme that uses a bearer token authentication strategy such as OAuth or SAML to determine the caller's identity. Which of the features of API Gateway is the MOST suitable one that she should use to build this feature?
Lambda Authorizers
An application running in an EC2 instance is regularly fetching and processing a lot of data from an S3 bucket which resulted in a significant increase in your operating costs. You want to lower the latency of retrieving data from S3 and bring the operating costs down. To improve the system, you need to use simple structured query language (SQL) statements to filter the contents of Amazon S3 objects and retrieve just the subset of data that you need. Which is the MOST suitable service that will help you accomplish this requirement?
S3 Select
An e-commerce application, which is hosted in an ECS Cluster, contains the connection string of an external database and other sensitive configuration files. Since the application accepts credit card payments, the company has to meet strict security compliance which requires that the database credentials are encrypted and periodically rotated. Which of the following should you do to comply to the requirements?
Store the database credentials in AWS Secrets Manager and enable rotation.
Your Lambda function initializes a lot of external dependencies such as database connections and HTTP endpoints, which are required for data processing. It also fetches static data with a size of 20 MB from a third-party provider over the Internet every time the function is invoked. This adds significant time in the total processing, which greatly affects the performance of their serverless application. Which of the following should you do to improve the performance of your function?
Store the external files in the /tmp directory of the execution context which you can reuse for succeeding invocations.
The company that you are working for recently decided to migrate and transform their monolithic application on-premises to a Lambda application. It is your responsibility to ensure that application works effectively in AWS. Which of the following are the best practices in developing Lambda functions? (Select TWO.)
Use AWS Lambda Environment Variables to pass operational parameters to your function. Take advantage of Execution Context reuse to improve the performance of your function.
A developer is using AWS X-Ray to create a visualization scheme to monitor the requests that go through their enterprise web application. There are different services that communicate with the application and all these requests should be traced in X-Ray, including all the downstream calls made by the application to AWS resources. Which of the following actions should the developer implement for this scenario?
Use X-Ray SDK to generate segment documents with subsegments and send them to the X-Ray daemon, which will buffer them and upload to the X-Ray API in batches.
You are configuring the task definitions of your ECS Cluster in AWS to make sure that the tasks are scheduled on instances with enough resources to run them. It should also follow the constraints that you specified both implicitly or explicitly. Which of the following options should you implement to satisfy the requirement which requires the LEAST amount of configuration?
Use a random task placement strategy.
In the next financial year, your company decided to develop a totally new version of their legacy application which will be using Node.js and GraphQL. The new architecture should provide them an end-to-end view of requests as they travel through their application, and shows a map of the application's underlying components. The application will be hosted in an Auto Scaling group of Linux EC2 instances and it must be instrumented so it can send the trace data to the AWS X-Ray service. Which of the following options is the MOST suitable way to satisfy this requirement?
Use a user data script to install the X-Ray daemon.
A developer is planning to build a serverless Rust application in AWS using AWS Lambda and Amazon DynamoDB. Much to his disappointment, AWS Lambda does not natively support the Rust programming language. Can the developer still proceed with creating serverless Rust applications in AWS given the situation above?
Yes. The developer can create a custom runtime for hist Rust applications and bootstrap it to an AWS Lambda function.
You are designing the DynamoDB table that will be used by your Node.js application. It will have to handle 10 writes per second and then 20 eventually consistent reads per second where all the items have a size of 2 KB for both operations. Which of the following are the most optimal WCU and RCU that you should provision to the table?
10 RCU and 20 WCU
An application is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer. You want to automatically monitor the CPU Utilization of each and every instances of your application stack throughout the day using Amazon CloudWatch. In this scenario, what is the time period of data that CloudWatch receives and aggregates from EC2 by default?
5 minutes
A leading financial company has recently deployed their application to AWS using Lambda and API Gateway. However, they noticed that all metrics are being populated in their CloudWatch dashboard except for CacheHitCount and CacheMissCount. What could be the MOST likely cause of this issue?
API Caching is not enabled in API Gateway.
A company is transitioning their systems to AWS due to the limitations of their on-premises data center. As part of this project, a developer was assigned to build a brand new serverless architecture in AWS, which will be composed of AWS Lambda, API Gateway, and DynamoDB in a single stack. She needs a simple and reliable framework that will allow her to share configuration such as memory and timeouts between resources and deploy all related resources together as a single, versioned entity. Which of the following is the MOST appropriate service that the developer should use in this scenario?
AWS SAM
A company has assigned a developer to automate the patch management, data synchronization, and other recurring tasks in their department. The developer needs to have a service which can coordinate multiple AWS services into serverless workflows. Which of the following is the MOST cost-effective service that the developer should implement in this scenario?
AWS Step Functions
A developer is planning to use the AWS Elastic Beanstalk console to run the AWS X-Ray daemon on the EC2 instances in her application environment. She will use X-Ray to construct a service map to help identify issues with her application and to provide insight on which application component to optimize. The environment is using a default Elastic Beanstalk instance profile. Which IAM managed policy does Elastic Beanstalk use for the X-Ray daemon to upload data to X-Ray?
AWSXRayDaemonWriteAccess
A company is developing a serverless website that consists of images, videos, HTML pages and JavaScript files. There is also a requirement to serve the files with lowest possible latency to its global users. Which combination of services should be used in this scenario? (Select TWO.)
Amazon CloudFront Amazon S3
You work for a software development company where the teams are divided into distinct projects. The management wants to have separation on their AWS resources, which will have a detailed report on the costs of each project. Which of the following options is the recommended way to implement this?
Create separate AWS accounts for each project and use consolidated billing.
Whenever you are deploying a new version of your application that is hosted in Elastic Beanstalk, it becomes unavailable to your users for a short period of time. Upon checking, you found out that your environment is configured to perform an in-place update whenever you deploy the latest version. You are instructed to solve this issue to improve the availability of your application. Which of the following methods has the LEAST impact on your application's availability in the event that the deployment fails?
Blue/Green
A company has recently developed a containerized application that uses a multicontainer Docker platform which supports multiple containers per instance. They need a service that automatically handles tasks such as provisioning of the resources, load balancing, auto-scaling, monitoring, and placing the containers across the cluster. Which of the following services provides the EASIEST way to accomplish the above requirement?
Elastic Beanstalk
A developer is creating a new global secondary index on a provisioned mode DynamoDB table. Since the application will store large quantities of data, the write capacity units must be specified for the expected workload on both the base table and its secondary index. Which of the following should the developer do to avoid any potential request throttling?
Ensure that the global secondary index's provisioned WCU is equal or greater than the WCU of the base table.
You are a software developer for a multinational investment bank which has a hybrid cloud architecture with AWS. To improve the security of their applications, they decided to use AWS Key Management Service (KMS) to create and manage their encryption keys across a wide range of AWS services. You were given the responsibility to integrate AWS KMS with the financial applications of the company. Which of the following are the recommended steps to locally encrypt data using AWS KMS that you should follow? (Select TWO.)
Erase the plaintext data key from memory and store the encrypted data key alongside the locally encrypted data. Use the GenerateDataKey operation to get a data encryption key then use the plaintext data key in the response to encrypt data locally.
A developer uses AWS X-Ray to create a trace on an instrumented web application and gain insights on how to better optimize its performance. The segment documents being sent by the application contain annotations which the developer wants to utilize in order to identify and filter out specific data from the trace. Which of the following should the developer do in order to satisfy this requirement with minimal configuration? (Select TWO.)
Fetch the trace IDs and annotations using the GetTraceSummaries API. Use filter expressions via the X-Ray console.
A company has an application hosted in an On-Demand EC2 instance in your VPC. The developer has been instructed to create a shell script that fetches the instance's associated public and private IP addresses. What should the developer do to complete this task?
Get the public and private IP addresses from the instance metadata service using the .../latest/meta-data/ endpoint.
A serverless application, which uses a DynamoDB database, is experiencing throttling issues during peak times. To troubleshoot the problem, you were instructed to get the total number of write capacity units consumed for the table and any secondary indexes whenever the UpdateItem operation is sent. In this scenario, what is the MOST appropriate value for the ReturnConsumedCapacity parameter that you should set in the update request?
INDEXES
A developer is managing an application hosted in EC2, which stores data in an S3 bucket. To comply with the new security policy, the developer must ensure that the data is encrypted at rest using an encryption key that is provided and managed by the company. The change should also provide AES-256 encryption to their data. Which of the following actions could the developer take to achieve this? (Select TWO.)
Implement Amazon S3 server-side encryption with customer-provided keys (SSE-C). Encrypt the data on the client-side before sending to Amazon S3 using their own master key.
A company is using a combination of CodeCommit, CodeBuild, CodePipeline and CodeDeploy services for its continuous integration and continuous delivery (CI/CD) pipeline on AWS. They want someone to perform a code review before a revision is allowed into the next stage of a pipeline. If the action is approved, the pipeline execution resumes but if it is not then the pipeline execution will not proceed. Which of the following is the MOST suitable solution to implement in this scenario?
Implement a manual approval actions configuration in CodePipeline using an SNS Topic.
A financial mobile application has a serverless backend API which consists of DynamoDB, Lambda, and Cognito. Due to the confidential financial transactions handled by the mobile application, there is a new requirement provided by the company to add a second authentication method that doesn't rely solely on user name and password. Which of the following is the MOST suitable solution that the developer should implement?
Integrate multi-factor authentication (MFA) to a user pool in Cognito to protect the identity of your users.
You are working as a software developer for an online training company, which is currently developing a learning portal that will use a DynamoDB table. One of the acceptance criteria requires you to ensure that there will be no hot partitions in the table which will result in throttling and inefficient use of your provisioned I/O capacity. The portal contains hundreds of thousands of online courses including the ones from their 3rd-party educational partners, which may or may not have the same Course ID. The table is structured as shown below: +--------------------+--------+---------------------------------------------------+ | Attribute Name | Type | Description | +--------------------+--------+---------------------------------------------------+ | Course ID | Number | ID of the online course | | Item ID | Number | Automatically generated GUID of the online course | | Course Name | String | Name of the online course | | Course Description | String | Description of the online course | | Course Price | Number | Price of the online course | +--------------------+--------+---------------------------------------------------+ Which of the following is the MOST suitable partition key to use in this scenario?
Item ID
You are planning to launch a Lambda function integrated with API Gateway. It is required to specify how the incoming request data is mapped to the integration request and how the resulting integration response data is mapped to the method response. Which of the following options is the MOST appropriate method use to meet this requirement?
Lambda custom integration
You have created an SWF workflow to coordinate the tasks of your media processing cluster, which processes the videos, and a separate media publishing cluster, which publishes the processed videos. Since the media processing cluster converts a single video multiple times, you need to record how many times a video is converted before another action is executed. Which of the following SWF options can be used to record such events?
Markers
You are managing a real-time fraud detection application which ingests a stream of data using Amazon Kinesis. The systems works well with millisecond end-to-end latency but the allocated shards are way underutilized based on the performance data in CloudWatch. Which of the following is the MOST suitable solution to reduce the cost and capacity of your stream?
Merge cold shards
A developer is planning to add a global secondary index in a DynamoDB table. This will allow the application to query a specific index that can span all of the data in the base table, across all partitions. Which of the following should the developer consider when using this type of index? (Select TWO.)
Queries on this index support eventual consistency only. Queries or scans on this index consume capacity units from the index, not from the base table.
A developer has recently launched a new API Gateway service which is integrated with AWS Lambda. He enabled API caching and per-key cache invalidation features in the API Gateway to comply with the requirement of the front-end development team which will use the API. The front-end team will have to invalidate an existing cache entry in some scenarios and fetch the latest data from the integration endpoint. Which of the following should the consumers of the API do to invalidate the cache in API Gateway?
Send a request with the Cache-Control: max-age=0 header.
The operating cost of a serverless application is quite high and you are instructed to look for ways to lower the costs. As part of its processing, a Lambda function sends 320 strongly consistent read requests per second to a DynamoDB table which has a provisioned RCU of 5440. The average size of items stored in the database is 17 KB. Which of the following is the MOST suitable action that should you do to make the application more cost-effective while maintaining its performance?
Set the provisioned RCU to 1600.
You are a newly hired developer in a leading investment bank which uses AWS as its cloud infrastructure. One of your tasks is to develop an application that will store financial data to an already existing S3 bucket, which has the following bucket policy: { "Version": "2012-10-17", "Id": "PutObjPolicy", "Statement": [ { "Sid": "AllowUploadCheck", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::tutorialsdojo/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } }, { "Sid": "AllowNullCheck", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::tutorialsdojo/*", "Condition": { "Null": { "s3:x-amz-server-side-encryption": "true" } } } ] } Which of the following statements is true about uploading data to this S3 bucket?
The bucket will deny object uploads unless the request includes the x-amz-server-side-encryption header with a value of AES256.
You are a developer for a global technology company, which heavily uses AWS with regional offices in San Francisco, Manila, and Bangalore. Most of the clients of your company are using serverless computing in which you are responsible for ensuring that their applications are working efficiently. Which of the following options are valid considerations in improving the performance of your Lambda function? (Select TWO.)
The concurrent execution limit is enforced against the sum of the concurrent executions of all function. An increase in memory size triggers an equivalent increase in CPU available to your function.
A developer recently deployed a serverless application, which consists of a Lambda function, API Gateway and DynamoDB using the sam deploy CLI command. The Lambda function is invoked through the API Gateway then processes and stores the data to a DynamoDB table with an average time of 20 minutes. However, the IT Support team noticed that there are several terminated Lambda invocations that happen every day which is causing data discrepancy. Which of the following options is the MOST likely root cause of this problem?
The failed Lambda invocations have been running for over 15 minutes and reached the maximum execution time.
A company has a suite of web applications that is heavily using RDS database in Multi-AZ Deployments configuration with several Read Replicas. For improved security, you were instructed to ensure that all of their database credentials, API keys, and other secrets are encrypted and rotated on a regular basis. You should also configure your applications to use the latest version of the encrypted credentials when connecting to the RDS database. Which of the following is the MOST appropriate solution to secure the credentials?
Use AWS Secrets Manager to store and encrypt the credentials and enable automatic rotation.
A company has an application hosted in an ECS Cluster which is heavily using an RDS database. A developer needs to closely monitor how the different processes on a DB instance use the CPU such as the percentage of the CPU bandwidth or the total memory consumed by each process to ensure application performance. Which of the following is the MOST suitable solution that the developer should implement?
Use Enhanced Monitoring in RDS.
You are working as an IT Consultant for a top investment bank in Europe which uses several serverless applications in their AWS account. They just launched a new API Gateway service with a Lambda proxy integration and you were instructed to test out the new API. However, you are getting a Connection refused error whenever you use this Invoke URL http://779protaw8.execute-api.us-east-1.amazonaws.com/tutorialsdojo/ of the API Gateway. Which of the following is the MOST likely cause of this issue?
You are not using HTTPS in invoking the API.
Your request to increase your account's concurrent execution limit to 2000 has been recently approved by AWS. There are 10 Lambda functions running in your account and you already specified a concurrency execution limit on one function at 400 and on another function at 200. Which of the following statements are TRUE in this scenario? (Select TWO.)
You can still set a concurrency execution limit of 1300 to a third Lambda function. The remaining 1400 concurrent executions will be shared among the other 8 functions.
A developer is writing a CloudFormation template which will be used to deploy a simple Lambda function to AWS. The function to be deployed is made in Python with just 3 lines of codes which can be written inline in the template. Which parameter of the AWS::Lambda::Function resource should the developer use to place the Python code in the template?
ZipFile
An aerospace engineering company has recently migrated to AWS for their cloud architecture. They are using CloudFormation and AWS SAM as deployment services for both of their monolithic and serverless applications. There is a new requirement where you have to dynamically install packages, create files, and start services on your EC2 instances upon the deployment of the application stack using CloudFormation. Which of the following helper scripts should you use in this scenario?
cfn-init
A development team has recently completed building their serverless application and they are now ready to deploy it to AWS. They need to zip their code artifacts, upload them to Amazon S3, and produce the package template file for deployment. Which combination of commands is the MOST suitable for automating the deployment steps? (Select TWO.)
sam deploy sam package