AWS Certified Developer Practice Exam #5
Bigdog is a firm that uses AWS CloudFormation templates to provision their AWS infrastructure for Amazon EC2, Amazon VPC, and Amazon S3 resources. Using cross-stack referencing, a developer creates a stack name called NetworkStack which will export the subnetId that can be used when creating EC2 instances in another stack. To use the exported value in another stack which of the following functions must be used?
!ImportValue
You have a popular web application that accesses data stored in an Amazon Simple Storage Service (S3) bucket. Developers use the SDK to maintain the application and add new features. Security compliance requests that all new objects uploaded to S3 be encrypted using SSE-S3 at the time of upload. Which of the following headers must the developers add to their request?
'x-amz-server-side-encryption': 'AES256'
Your development team uses the AWS SDK for Java on a web application that uploads files to several Amazon Simple Storage Service (S3) buckets using the SSE-KMS encryption mechanism. Developers are reporting that they are receiving permission errors when trying to push their objects over HTTP. Which of the following headers should they include in their request?
'x-amz-server-side-encryption': 'aws:kms'
Your application sends messages to an Amazon Simple Queue Service (SQS) queue frequently, which are then polled by another application that specifies which message to retrieve. Which of the following options describe the maximum number of messages that can be retrieved at one time?
10 Messages
You are a software engineer working for an IT company and are asked to contribute to a growing internal application that includes dashboards for data visualization. You are provisioning your AWS DynamoDB table and need to perform 10 strongly consistent reads per second of 4 KB in size each. How many read capacity units (RCUs) are needed?
10 RCUs
As a Full-stack Web Developer, you are involved with every aspect of a company's platform from development with PHP and JavaScript to the configuration of NoSQL databases with Amazon DynamoDB. You are not concerned about your response receiving stale data from your database and need to perform 16 eventually consistent reads per second of 12 KB in size each. How many read capacity units (RCUs) do you need?
24 RCUs
You are revising options that would be best for monitoring a few EC2 instances you currently manage. Amazon CloudWatch has metrics available to monitor your EC2 instances for CPU load, I/O and network I/O. Your budget does not allow for spending on monitoring so using the default monitoring available is your preferred choice. With default monitoring, at what interval will these metrics be collected?
5 minutes
A startup company was acquired by a technology innovator whose applications run on Docker. You are responsible for packaging the runtime and tools for your AWS CodeBuild build into a Docker image and upload it to the Amazon Elastic Container Registry (ECR). The team lead has requested you add a trigger notification when your build fails or succeeds. Which of the following options can you use to implement the notification?
AWS CloudWatch Events + SNS
You are a manager for a tech company that has just hired a team of developers to work on the company's AWS infrastructure. All the developers are reporting to you that when using the AWS CLI to execute commands it fails with the following exception: You are not authorized to perform this operation. Encoded authorization failure message: 6h34GtpmGjJJUm946eDVBfzWQJk6z5GePbbGDs9Z2T8xZj9EZtEduSnTbmrR7pMqpJrVYJCew2m8YBZQf4HRWEtrpncANrZMsnzk. Which of the following actions will help developers decode the message?
AWS STS decode-authorization-message
You manage a group of developers that are experienced with the AWS SDK for Java. You have given them a requirement to build a state machine workflow where each state executes an AWS Lambda function written in Java. Data payloads of 1KB in size will be passed between states and should allow for two retry attempts it the state fails. Which of the following options will assist your developers with this requirement?
AWS Step Functions
You have moved your on-premise infrastructure to AWS and are in the process of configuring an AWS Elastic Beanstalk deployment environment for production, development, and testing. You have configured your production environment to use a rolling deployment to prevent your application from becoming unavailable to users. For the development and testing environment, you would like to deploy quickly and are not concerned about downtime. Which of the following deployment policies meet your needs?
All at once
Your company leverages Amazon CloudFront to provide content via the internet to customers with low latency. Aside from latency, security is another concern and you are looking for help in enforcing end-to-end connections using HTTPS so that content is protected. Which of the following options is available for HTTPS in AWS CloudFront?
Between clients and CloudFront and CloudFront and backend
You are a cloud security engineer for a popular cyber exposure company that offers vulnerability scanning solutions to government contractors. The scanning solutions are integrated with AWS resources to monitor EC2 and S3 API calls which then display results to users on an analytical dashboard. Which of the following AWS services makes this possible?
CloudTrail
A voting system hosted on-premise was recently migrated to AWS to lower cost, gain scalability and to better serve thousands of concurrent users. When one of the AWS resource state changes, it generates an event and will need to trigger AWS Lambda. The AWS resource whose state changed and AWS Lambda does not have direct integration. Which of the following methods can be used to trigger AWS Lambda?
CloudWatch Event Rules with AWS Lambda
An organization uses Alexa as its intelligent assistant to improve productivity throughout the organization. A group of developers manages custom Alexa Skills written in Node.Js to control conference-room equipment settings and start meetings using voice activation. The manager has made a request to developers that all functions code should be monitored for error rates with the possibility of creating alarms on top of them. Which of the following options should be chosen?
CloudWatch Metrics, CloudWatch Alarms
As a site reliability engineer, you are responsible for improving the company's deployment by scaling and automating applications. As new application versions are ready for production you ensure that the application gets deployed to different sets of EC2 instances at different times allowing for a smooth transition. Using AWS CodeDeploy, which of the following options will allow you to do this?
CodeDeploy Deployment Groups
Your mobile application needs to perform API calls to DynamoDB. You do not want to store AWS secret and access keys onto the mobile devices and need all the calls to DynamoDB made with a different identity per mobile device. Which of the following services allows you to achieve this?
Cognito Identity Pools
You are a system administrator whose company recently moved its production application to AWS and migrated data from MySQL to AWS DynamoDB. You are adding new tables to AWS DynamoDB and need to allow your application to query your data by the primary key and an alternate key. This option must be added when first creating tables otherwise changes cannot be made afterward. Which of the following actions should you take?
Create a LSI
As a site reliability engineer, you work on building and running large-scale, distributed, fault-tolerant systems in the cloud using automation. You currently replaced the company's Jenkins based CI/CD platform with AWS CodeBuild and would like to programmatically define your build steps. Which of the following options should you choose?
Define a buildspec.yml file in the root directory
A .NET developer team works with many ASP.NET web applications that use EC2 instances to host them on IIS. The deployment process needs to be configured so that multiple versions of the application can run in AWS Elastic Beanstalk. One version would be used for development, testing and another version for load testing. Which of the following methods do you recommend?
Define a dev environment with a single instance and a 'load test' environment that has settings close to production
A firm uses AWS DynamoDB to store information about people's favorite sports teams and allow the information to be searchable from their home page. There is a requirement on a daily basis that all 10 million records in the table should be deleted then re-loaded at 2:00 AM each night. Which option is an efficient way to delete with minimal costs?
Delete then re-create the table
A communication platform serves millions of customers and deploys features in production daily to AWS. You are reviewing scripts for the deployment process located in the AppSec file. Which of the following options lists the correct order of lifecycle events?
Download Bundle => BeforeInstall => ApplicationInstall => ValidateService
You are assigned as the new project lead for a web application that processes orders for customers. You want to integrate event-driven processing anytime data is modified or deleted and use a serverless approach using AWS Lambda for processing stream events. Which of the following databases should you choose from?
DynamoDB
A popular mobile app retrieves data from an AWS DynamoDB table that was provisioned with read-capacity units (RCU's) that are evenly shared across four partitions. One of those partitions is receiving more traffic than the other partitions, causing hot partition issues. What technology will allow you to reduce the read traffic on your AWS DynamoDB table with minimal effort?
DynamoDB DAX
You just signed a year contract with a client maintaining a three-tier web application who has steady traffic throughout the day. You need the application instances to be stable and not terminated abruptly as you believe this will impact your users. Which of the following options should you choose?
EC2 Reserved Instances
Your organization is looking into making a change to all virtual machines in the cloud. They would like to take advantage of running a bootstrap script for their Windows Server 2012 Base AMI virtual machines when they first boot. Which of the following options will allow the organization to achieve this?
EC2 User Data
You have a popular three-tier web application that is used by users throughout the entire globe receiving thousands of incoming requests daily. You have AWS Route 53 policies to automatically distribute weighted traffic to the API resources located at URL api.global.com. What is an alternative way of distributing traffic to a web application?
ELB
You are running a public DNS service on an EC2 instance where the DNS name is pointing to the IP address of the instance. You wish to upgrade your DNS service but would like to do it without any downtime. Which of the following options will help you accomplish this?
Elastic IP
You are storing your video files in a separate S3 bucket than your main static website in an S3 bucket. When accessing the video URLs directly the users are able to view the videos on the browser, but it is impossible for them to play the videos while visiting the main website. What is the root cause of this problem?
Enable CORS
A developer new to the cloud is learning to reap the benefits of elasticity, horizontal scalability and high availability. They inherited a web application running in the us-east-1 region with three availability zones (us-east-1a, us-east1-b and us-east-1c) whose incoming web traffic is routed by a load balancer. When one of the EC2 instances hosting the web application crashes, they realize that the load balancer continues to route traffic to that instance causing intermittent issues. Which of the following should the developer do to minimize this problem?
Enable Health Checks
You are working on a project that has over 100 dependencies. Every time your AWS CodeBuild runs a build step it has to resolve Java dependencies from external Ivy repositories which take a long time. Your manager wants to speed this process up in AWS CodeBuild. Which of the following will help you do this with minimal effort?
Enable S3 caching
Your AWS CodeDeploy deployment to T2 instances succeed. The new application revision makes API calls to Amazon S3 however the application is not working as expected due to authorization exceptions and you were assigned to troubleshoot the issue. Which of the following should you do?
Fix the IAM permissions for the EC2 Instance role
You have been hired at a company that needs an experienced developer to help with a continuous integration/continuous delivery (CD/CD) workflow on AWS. You configure the company's workflow to run an AWS CodePipeline pipeline whenever the application's source code changes in a repository hosted in AWS Code Commit and compiles source code with AWS Code Build. You are configuring ProjectArtifacts in your build stage. Which of the following should you do?
Give AWS CodeBuild permission to upload the build output to your Amazon S3 bucket
A company developed an app-based service for citizens to book transportation rides in the local community. The platform is running on AWS EC2 instances and uses Amazon Relational Database Service (RDS) for storing transportation data. A new feature has been requested where receipts would be emailed to customers with PDF attachments retrieved from Amazon Simple Storage Service (S3). Which of the following options will provide EC2 instances with the right permissions to upload files to Amazon S3 and generate S3 Signed URL?
IAM Roles for EC2
You have a Java-based application running on EC2 instances loaded with AWS CodeDeploy agents. You are considering different options for deployment, one is the flexibility that allows for incremental deployment of your new application versions and replaces existing versions in the EC2 instances. The other option is a strategy in which an Auto Scaling group is used to perform a deployment. Which of the following options will allow you to deploy in this manner?
In-place Deployment, Blue/green Deployment
A developer has pushed a Lambda function that pushes data into an RDS MySQL database with the following Python code: def handler(event, context): mysql = mysqlclient.connect() data = event['data'] mysql.execute(f"INSERT INTO foo (bar) VALUES (${data});") mysql.close() return On the first execution, the Lambda functions takes 2 seconds to execute. On the second execution and all the subsequent ones, the Lambda functions take 1.9 seconds to execute. What can be done to improve the execution time of the Lamdba function?
Move the database connection out of the handler
You are designing a high-performance application that requires millions of connections. You have several EC2 instances running Apache2 web servers and the application will require capturing the user's original source IP address and source port without the use of X-Forwarded-For. Which of the following options will meet your needs?
Network Load Balancer
An organization recently began using AWS CodeCommit for its source control service. A compliance security team visiting the organization was auditing the software development process and noticed developers making many git push commands within their development machines. The compliance team requires that encryption be used for this activity. How can the organization ensure source code is encrypted in transit and at rest?
Repositories are automatically encrypted at rest
Your company had a recent data breach where an ex-employee had gained access to your Windows Server using credentials that were never revoked after termination. The perpetrator removed all web.config files from all production web application root directories, leaving web applications down for hours. There were no backups of the secret keys being stored in the configuration files or any EC2 snapshots to recover the information. Using AWS Parameter Store how can you add secret application data and notify the security audit team when changes are made?
SNS
DevOps engineers are developing an order processing system where notifications are sent to a department whenever an order is placed for a product. The system also pushes identical notifications of the new order to a processing module that would allow EC2 instances to handle the fulfillment of the order. In case of processing errors, the messages should be allowed to be re-processed at a later stage and never lost. How can this be achieved?
SNS + SQS
As part of internal regulations, you must ensure that all communications to Amazon S3 are encrypted. For which of the following encryption mechanisms will a request get rejected if the connection is not using HTTPS?
SSE-C
Your company has developers worldwide with access to the company's Amazon Simple Storage Service (S3) buckets. The objects in the buckets are encrypted at the server-side but need more flexibility with access control, auditing, rotation and deletion of keys. You would also like to limit who can use the key. Which encryption mechanism best fits your needs?
SSE-KMS
Your company stores confidential data on an Amazon Simple Storage Service (S3) bucket. New security compliance guidelines require that files be stored with server-side encryption. The encryption used must be Advanced Encryption Standard (AES-256) and the company does not want to manage S3 encryption keys. Which of the following options should you use?
SSE-S3
Which of the following are key differences between an Amazon SQS standard queue and Amazon Simple Workflow Service (SWF)?
SWF ensures the task is assigned only once while SQS may deliver the message multiple times. SWF is task oriented API and SQS is message-oriented API
You are planning to build a fleet of EBS-optimized EC2 instances to handle the load of your new application. Due to security compliance, your organization wants any secret strings used in the application to be encrypted to prevent exposing values as clear text. The solution requires that decryption events be audited and API calls to be simple. How can this be achieved?
Store the secret as SecureString in SSM Parameter Store. Audit with CloudTrail
A company has configured an Auto Scaling group with health checks. The configuration is set to the desired capacity value of 3 and maximum capacity value of 3. The EC2 instances of your Auto Scaling group are configured to scale when CPU utilization is at 60 percent and is now running at 80 percent utilization. Which of the following will take place?
System will keep running as is
Your company has a load balancer in a VPC configured to be internet facing. The public DNS name assigned to the load balancer is myDns-1234567890.us-east-1.elb.amazonaws.com. When your client applications first load they capture the load balancer DNS name and resolve it to the IP address. The DNS name is a value used throughout other actions in the application. At load, client applications work well but unexpectedly stop working after a while. What is the reason for this?
The load balancer is highly available and its public IP may change. The DNS is constant
You have an Amazon Kinesis Data stream with 10 shards, and from the metrics, you are well below the throughput utilization of 10 MB per second to send data. You send 3 MB per second of data and yet you are receiving ProvisionedThroughputExceededException errors frequently. What is the likely cause of this?
The partition key that you have selected isn't distributed enough
You are getting ready for an event to show off your Alexa skill written in JavaScript. As you are testing your voice activation commands you find that some intents are not invoking as they should and you are struggling to figure out what is happening. You included the following code console.log(JSON.stringify(this.event)) in hopes of getting more details about the request to your Alexa skill. You would like the logs stored in an Amazon Simple Storage Service (S3) bucket named MyAlexaLog. How do you achieve this?
Use CloudWatch integration feature with S3
A senior cloud engineer designs and deploys online fraud detection solutions for credit card companies processing millions of transactions daily. The Elastic Beanstalk application sends files to Amazon S3 and then sends a message to an Amazon SQS queue containing the path of the uploaded file in S3. A solution architect recommended that since PUTS of existing objects in S3 deliver eventual consistency and we want to minimize the risk of consumers reading old data, it would be preferable to introduce a per message lag so that consumers won't find a message in SQS until it has been in the queue for at least 10 seconds. Which SQS features should the developer leverage?
Use DelaySeconds parameter
After reviewing your monthly AWS bill you notice that the cost of using Amazon SQS has gone up substantially after creating new queues; however, you know that your queue clients do not have a lot of traffic and are receiving empty responses. Which of the following actions should you take?
Use LongPolling
Your application is deployed automatically using AWS Elastic Beanstalk. Your YAML configuration files are stored in the folder .ebextensions and new files are added or updated often. The DevOps team does not want to re-deploy the application every time there are configuration changes, instead, they would rather manage configuration externally, securely and have it load dynamically into the application at runtime. What option allows you to do this?
Use SSM Parameter Store
Your company manages hundreds of EC2 instances running Linux. The instances are configured in several Availability Zones in the eu-west-3 region. Your manager has requested to collect system memory metrics on all EC2 instances using a script. Which of the following solutions will help you collect this data?
Use a cron job on the instances that push the EC2 RAM metric as a Custom metric
You have a web application hosted on EC2 that makes GET and PUT requests for objects stored in Amazon Simple Storage Service (S3) using the SDK for PHP. As the security team completed the final review of your application for vulnerabilities, they noticed that your application passes uses hardcoded IAM access key and secret access key to gain access to AWS services. They recommend you leverage a more secure setup, which should leverage temporary credentials if possible. How do you accomplish that?
Use an IAM Instance Role
An application that processes orders on a nightly basis runs on an EC2 instance. This EC2 instance needs to access the orders that are stored in S3. How would you recommend the EC2 instance access the orders securely?
Use an IAM role
A development team uses the AWS SDK for Java to maintain an application that stores data in AWS DynamoDB. The application makes use of Scan operations to return several items from a 25 GB table. There is no possibility of creating indexes to retrieve these items in a predictable way. Developers are trying to get these specific rows from DynamoDB as fast as possible. Which of the following options can be used to improve performance of the Scan operation?
Use parallel scans
Lincoln Financial, a company with over 10,000 employees, has added you as the new Sr. Developer. Initially caching was enabled to reduce the number of calls made to all API endpoints and improve the latency of requests to the company's API Gateway. For testing purposes, you would like to invalidate caching for the API clients to get the most recent responses. Which of the following should you do?
Using the Head Cache-Control: max-age=0
Your organization has a single Amazon Simple Storage Service (S3) bucket that contains folders labeled with customer names. Several administrators have IAM access to the S3 bucket and versioning is enabled to easily recover from unintended user actions. Which of the following statements about versioning is NOT true based on this scenario?
Versioning can be enabled only for a specific folder
Your company has been hired to build a resilient mobile voting app for an upcoming music award show that expects to have 5 to 20 million viewers. The mobile voting app will be marketed heavily months in advance so you are expected to handle millions of messages in the system. You are configuring Amazon Simple Queue Service (SQS) queues for your architecture that should receive messages from 20 KB to 200 KB. Is it possible to send these messages to SQS?
Yes, the max message size is 256KB
Your company manages MySQL databases on EC2 instances to have full control. Applications on other EC2 instances managed by an ASG make requests to these databases to get information that displays data on dashboards viewed on mobile phones, tablets, and web browsers. Your manager would like to scale your Auto Scaling group based on the number of requests per minute. How can you achieve this?
You create a CloudWatch custom metric and build an alarm to scale your ASG
You have uploaded a zip file to AWS Lambda that contains code files written in Node.Js. When your function is executed you receive the following output, 'Error: Memory Size: 3008 MB Max Memory Used'. Which of the following explains the problem?
Your Lambda function ran out of RAM
Your company is shifting towards Elastic Container Service (ECS) to deploy applications. The process should be automated using the AWS CLI to create a service where at least ten instances of a task definition are kept running under the default cluster. Which of the following commands should be executed?
aws ecs create-service --service-name ecs-simple-service --task-definition ecs-demo --desired-count 10
Your company is in the process of building a DevOps culture and is moving all of their on-premise resources to the cloud using serverless architectures and automated deployments. You have created a CloudFormation template in YAML that uses an AWS Lambda function to pull html files from GitHub and place them into an Amazon Simple Storage Service (S3) bucket that you specify. Which of the following AWS CLI commands can you use to upload AWS Lambda functions and AWS CloudFormation templates to AWS?
cloudformation package and cloudformation deploy
You are working for a technology startup building web and mobile applications. You would like to pull Docker images from the ECR repository called demo so you can start running local tests against the latest application version. Which of the following commands must you run to pull existing Docker images from ECR?
docker pull 1234567890.dkr.ecr.eu-west-1.amazonaws.com/demo:latest. $(aws erc get-login --no-include-email)
A firm maintains a highly available application that receives HTTPS traffic from mobile devices and web browsers. The main Developer would like to set up the Load Balancer routing to route traffic from web servers to smart.com/api and from mobile devices to smart.com/mobile. A developer advises that the previous recommendation is not needed and that requests should be sent to api.smart.com and mobile.smart.com instead. Which of the following routing options were discussed?
url path, hostname
