AWS Dev Practice Questions
You are creating a Cloud Formation template to deploy your CMS application running on an EC2 instance within your AWS account. Since the application will be deployed across multiple regions, you need to create a map of all the possible values for the base AMI. How will you invoke the !FindInMap function to fulfill this use case?
!FindInMap [ MapName, TopLevelKey, SecondLevelKey ]
The Technical Lead of your team has reviewed a CloudFormation YAML template written by a new recruit and specified that an invalid section has been added to the template. Which of the following represents an invalid section of the CloudFormation template? - 'Dependencies' section of the template - 'Resources' section of the template - 'Parameters' section of the template - 'Conditions' section of the template
'Dependencies' section of the template
A development team lead is configuring policies for his team at an IT company. Which of the following policy types only limit permissions but cannot grant permissions (Select two)? - AWS Organizations Service Control Policy (SCP) - Resource-based policy - Permissions boundary - Identity-based policy - Access control list (ACL)
- AWS Organizations Service Control Policy (SCP) - Permissions boundary
An IT company is configuring Auto Scaling for its Amazon EC2 instances spread across different AZs and Regions. Which of the following scenarios are NOT correct about EC2 Auto Scaling? ( Select two) - Auto Saling groups that span across multiple Regions need to be enabled for all the Regions specified - Amazon EC2 Auto Scaling attempts to distribute instances evenly between the AZs that are enabled for your Auto Scaling group - An Auto Scaling group can contain EC2 instances in one or more AZs within the same Region - ForAuto Scaling groups in a VPC, the EC2 instances are launched in subnets - An Auto Scaling group can contain instances in only on AZ zone of a region
- Auto Saling groups that span across multiple Regions need to be enabled for all the Regions specified - An Auto Scaling group can contain instances in only on AZ zone of a region
A firm runs its technology operations on a fleet of Amazon EC2 instances. The firm needs a certain software to be available on the instances to support their daily workflows. The developer team has been told to use the user data feature of EC2 instances. Which of the following are true about the user data EC2 configuration? ( Select two) - By default, user data is executed every time an EC2 instance is re-started - By default, user data runs only during the boot cycle when you first launch the instance - By default, scripts entered as user data are executed with root user privileges - By default, scripts entered as user data do not have root user privileges for executing - When an instance is running, you can update user data by using root user credentials
- By default, user data runs only during the boot cycle when you first launch the instance - By default, scripts entered as user data are executed with root user privileges
An e-commerce company has a fleet of EC2 based web servers running into very high CPU utilization issues. The development team has determined that serving secure traffic via HTTPS is a major contributor to the high CPU load. What are two steps that can take the high CPU load off the web servers?
- Create an HTTPS listener on the Application Load Balancer with SSL termination - Configure an SSL/TLS certificate on an Application Load Balancer via AWS Certificate Manager (ACM)
You have created a Java application that uses RDS for its main data storage and ElastiCache for user session storage. The application needs to be deployed using Elastic Beanstalk and every new deployment should allow the application servers to reuse the RDS database. On the other hand, user session data stored in ElastiCache can be re-created for every deployment. Which of the following configurations will allow you to achieve this? (Select two) - ElastiCache database defined externally and referenced through environment variables - RDS database defined in .ebextentions/ - ElastiCache defined in .ebextentions/ - ElastiCache bundled with the application source code - RDS database defined externally and referenced through environment variables
- ElastiCache defined in .ebextentions/ - RDS database defined externally and referenced through environment variables
To enable HTTPS connections for his web application deployed on the AWS Cloud, a developer is in the process of creating server certificate. Which AWS entities can be used to deploy SSL/TLS server certificates? (Select two) - IAM - AWS Certificate Manager - AWS Systems Manager - AWS CloudFormation - AWS Secrets Manager
- IAM - AWS Certificate Manager
An E-commerce business, has its applications built on a fleet of Amazon EC2 instances, spread across various Regions and AZs. The technical team has suggested using Elastic Load Balancer for better architectural design. What characteristics of an Elastic Load Balancer make it a winning choice? (Select two) - Separate public traffic from private traffic - Deploy EC2 instances across multiple AWS Regions - Build a highly available system - The Load Balancer communicates with the underlying EC2 instances using their public IPs - Improve vertical scalability of the system.
- Separate public traffic from private traffic - Build a highly available system
A media company has created a video streaming application and it would like their Brazilian users to be served by the company's Brazilian servers. Other users around the globe should not be able to access the servers through DNS queries. Which Route 53 routing policy meets this requirement?
Geolocation
You have created an Elastic Load Balancer that has marked all the EC2 instances in the target group as unhealthy. Surprisingly, when you enter the IP address of the EC2 instances in your web browser, you can access your website. What could be the reason your instances are being marked as unhealthy? (Select two) - You need to attach Elastic IP to the EC2 instances - The EBS volumes have been improperly mounted - Your web-app has a runtime that is not supported by the Application Load Balancer - The security group of the EC2 instance does not allow for traffic from the security group of the Application Load Balancer - The route for the health check is misconfigured
- The security group of the EC2 instance does not allow for traffic from the security group of the Application Load Balancer - The route for the health check is misconfigured
A video encoding application running on an EC2 instance takes about 20 seconds on average to process each raw footage file. The application picks the new job messages from an SQS queue. The development team needs to account for the use-case when the video encoding process takes longer than usual so that the same raw footage is not processed by multiple consumers. As a Developer Associate, which of the following solutions would you recommend to address this use-case? - Use WaitTimeSeconds action to long poll and extend a message's visibility timeout - Use WaitTimeSeconds action to short poll and extend a message's visibility timeout - Use DelaySeconds action to delay a message's visibility timeout - Use ChangeMessageVisibility action to extend a message's visibility timeout
- Use ChangeMessageVisibility action to extend a message's visibility timeout
You have chosen AWS Elastic Beanstalk to upload your application code and allow it to handle details such as provisioning resources and monitoring. When creating configuration files for AWS Elastic Beanstalk which naming convention should you follow?
.ebextensions/<mysettings>.config
A startup with newly created AWS account is testing different EC2 instances. They have used Burstable performance instance - T2.micro - for 35 seconds and stopped the instance. At the end of the month, what is the instance usage duration that the company is charged for?
0 seconds
An organization has hosted its EC2 instances in two AZs. AZ1 has two instances and AZ2 has 8 instances. The Elastic Load Balancer managing the instances in the two AZs has cross-zone load balancing enabled in its configuration. What percentage traffic will each of the instances in AZ1 receive?
10%
As an AWS Certified Developer Associate, you are given a document written in YAML that represents the architecture of a serverless application. The first line of the document contains Transform: 'AWS::Serverless-2016-10-31'. What does the Transform section in the document represent?
Presence of Transform section indicates it is a Serverless Application Model (SAM) template
An organization has offices across multiple locations and the technology team has configured an Application Load Balancer across targets in multiple Availability Zones. The team wants to analyze the incoming requests for latencies and the client's IP address patterns. Which feature of the Load Balancer will help collect the required information?
ALB Access Logs
A data analytics company wants to use clickstream data for Machine Learning tasks, develop algorithms, and create visualizations and dashboards to support the business stakeholders. Each of these business units works independently and would need real-time access to this clickstream data for their applications. As a Developer Associate, which of the following AWS services would you recommend such that it provides a highly available and fault-tolerant solution to capture the clickstream events from the source and then provide a simultaneous feed of the data stream to the consumer applications? - AWS Kinesis Data Streams - AWS Kinesis Data Firehouse - AWS Kinesis Data Analytics - Amazon SQS
AWS Kinesis Data Streams
A multi-national company has just moved to AWS Cloud and it has configured forecast-based AWS Budgets alerts for cost management. However, no alerts have been received even though the account and the budgets have been created almost three weeks ago. What could be the issue with the AWS Budgets configuration?
AWS requires approximately 5 weeks of usage data to generate budget forecasts
Your company has configured AWS Organizations to manage multiple AWS accounts. Within each AWS account, there are many CloudFormation scripts running. Your manager has requested that each script output the account number of the account the script was executed in. Which Pseudo parameter will you use to get this information?
AWS::AccountId
You are a developer in a manufacturing company that has several servers on-site. The company decides to move new development to the cloud using serverless technology. You decide to use the AWS Serverless Application Model (AWS SAM) and work with an AWS SAM template file to represent your serverless architecture. Which of the following is NOT a valid serverless resource type? - AWS::Serverless::UserPool - AWS::Serverless::Api - AWS::Serverless::Function - AWS::Serverless:SimpleTable
AWS::Serverless::UserPool
A development team lead is responsible for managing access for her IAM principals. At the start of the cycle, she has granted excess privileges to users to keep them motivated for trying new things. She now wants to ensure that the team has only the minimum permissions required to finish their work. What can help her identify unused IAM roles and remove them without disrupting any service?
Access Advisor feature on IAM console
The development team at an e-commerce company wants to run a serverless data store service on two docker containers using shared memory. What ECS configuration can be used to facilitate this use-case?
Put the two containers into a single task definition using a Fargate Launch Type
A developer has just completed configuring the Application Load Balancer for the EC2 instances. Just as he started testing his configuration, he realized that he has missed assigning target groups to his ALB. Which error code should he expect in his debug logs? - HTTP 403 - HTTP 500 - HTTP 503 - HTTP 504
HTTP 503 -- indicates 'Service unavailable' error. This error in ALB is an indicator of the target groups for the load balancer having no registered targets.
A company is looking at optimizing their Amazon EC2 instance costs. Few instances are sure to run for a few years, but the instance type might change based on business requirements. Which EC2 instance purchasing option should they opt to meet the reduced cost criteria?
Convertible Reserved Instances
An application is hosted by a 3rd party and exposed at yourapp.3rdparty.com. You would like to have your users access your application using www.mydomain.com, which you own and manage under Route 53. What Route 53 record should you create?
Create a CNAME record
You're a developer doing contract work for the media sector. Since you work alone, you opt for technologies that require little maintenance, which allows you to focus more on your coding. You have chosen AWS Elastic Beanstalk to assist with the deployment of your applications. While reading online documentation you find that Elastic Beanstalk relies on another AWS service to provision your resources. What AWS service is represented here?
CloudFormation
Which of the following security credentials can only be created by the AWS Account root user? - IAM User Passwords - CloudFront Key Pairs - EC2 Instance Key Pairs - IAM User Access Keys
CloudFront Key pairs
A financial services company is undergoing a compliance audit by the regulator. The company has hundreds of IAM users that make API calls but specifically it needs to be determined who is making KMS API calls. Which of the following services should the audit team use? - CloudTrail - CloudWatch Metrics - Config - X-Ray
CloudTrail
A developer has been asked to create an application that can be deployed across a fleet of EC2 instances. The configuration must allow for full control over the deployment steps using the blue-green deployment. Which service will help you achieve that?
CodeDeploy
You are a developer for a web application written in .NET which uses the AWS SDK. You need to implement an authentication mechanism that returns a JWT (JSON Web Token). Which AWS service will help you with token handling and management?
Cognito User Pools
The development team at an IT company uses CloudFormation to manage its AWS infrastructure. The team has created a network stack containing a VPC with subnets and a web application stack with EC2 instances and an RDS instance. The team wants to reference the VPC created in the network stack into its web application stack. As a Developer Associate, solution would you recommend for the given use-case?
Create a cross-stack reference and use the Export output field to flag the value of the VPC from the network stack. Then use Fn::ImportValue instrinsic function to import the value of the VPC into the web application stack
The development team at a retail organization wants to allow a Lambda function in its AWS Account A to access a DynamoDB table in another AWS Account B. As a Developer Associate, what solution would you recommend for the given use-case?
Create an IAM role in Account B with access to DynamoDB. Modify the trust policy of the role in Account B to allow the execution role of Lambda to assume this role. Update the Lambda function code to add the AssumeRole API call.
A developer has been asked to create a web application to be deployed on EC2 instances. The developer just wants to focus on writing application code without worrying about server provisioning, configuration and deployment. As a Developer Associate, which AWS service would you recommend for the given use-case? - CodeDeploy - CloudFormation - Serverless Application Model - Elastic Beanstalk
Elastic Beanstalk
A cybersecurity firm wants to run their applications on single-tenant hardware to meet security guidelines. Which of the following is the MOST cost-effective way of isolating their Amazon EC2 instances to a single tenant?
Dedicated Instances
A retail company manages its IT infrastructure on AWS Cloud via Elastic Beanstalk. The development team at the company is planning to deploy the next version with MINIMUM application downtime and the ability to rollback quickly in case deployment goes wrong. As a Developer Associate, What would you recommend to the development team?
Deploy the new version to a separate environment via Blue/Green Deployment, and then swap Route 53 records to the two environments to redirect traffic to the new version
As an AWS Certified Developer Associate, you been asked to create an AWS Elastic Beanstalk environment to handle deployment for an application that has high traffic and high availability needs. You need to deploy the new version using Beanstalk while making sure that performance and availability are not affected. Which of the following is the MOST optimal way to do this while keeping the solution cost-effective?
Deploy using "Rolling with additional batch" deployment policy
The development team at an IT company would like to provision their own Docker images that can be used as input sources for CodeBuild. These images will contain cached dependencies as well as special tooling for builds that are proprietary to the company. Which of the following services can be used to store and deploy these Docker images? - ECR - ECS - EBS - S3
ECR (Elastic Container Registry)
The development team at an IT company wants to make changes to a current application written in Node.js and deployed on a Linux server. The team lead would like to decouple the application into microservices, package the application to a Docker container which is then run on the AWS infrastructure. Which AWS service is best suited for this change?
ECS
You're a developer working on a large scale order processing application. After developing the features, you commit your code to AWS CodeCommit and begin building the project with AWS CodeBuild before it gets deployed to the server. The build is taking too long and the error points to an issue resolving dependencies from a third-party. You would like to prevent a build running this long in the future for similar underlying reasons. Which of the following options represents the best solution to address this use-case? - Use AWS CloudWatch Events - Use VPC Flow Logs - Use AWS Lambda - Enable CodeBuild timeouts
Enable CodeBuild Timeouts
Your global organization has an IT infrastructure that is deployed using CloudFormation on AWS Cloud. One employee, in us-east-1 Region, has created a stack 'Application1' and made an exported output with the name 'ELBDNSName'. Another employee has created a stack for a different application 'Application2' in us-east-2 Region and also exported an output with the name 'ELBDNSName'. The first employee wanted to deploy the CloudFormation stack 'Application1' in us-east-2, but it got an error. What is the cause of the error?
Exported output Values in CloudFormation must have unique names within a single Region
A Developer has been entrusted with the job of securing certain S3 buckets that are shared by a large team of users. Last time, a bucket policy was changed, the bucket was erroneously available for everyone, outside the organization too. Which feature/service will help the developer identify similar security issues with minimum effort?
IAM Access Analyzer
The manager at an IT company wants to set up member access to user-specific folders in an Amazon S3 bucket - bucket-a. So, user x can only access files in his folder - bucket-a/user/user-x/ and user y can only access files in her folder - bucket-a/user/user-y/ and so on. As a Developer Associate, which of the following IAM constructs would you recommend so that the policy snippet can be made generic for all team members and the manager does not need to create separate IAM policy for each team member?
IAM Policy Variables
CodeCommit is a managed version control service that hosts private Git repositories in the AWS cloud. Which of the following credential types is NOT supported by IAM for CodeCommit? - IAM username and password - SSH Keys - Git credentials - AWS Access Keys
IAM username and password
How does KMS Encryption work?
KMS Stores the CMK, and receives data from the clients, which it encrypts and sends back.
A developer at a company is trying to create a digital signature for SSH'ing into the Amazon EC2 instances. Which of the following entities can be used to facilitate this use-case? - Access Keys - Key pairs - Multi-Factor Authentication (MFA) - Root user credentials
Key pairs
The development team at a company creates serverless solutions using AWS Lambda. Functions are invoked by clients via AWS API Gateway which anyone can access. The team lead would like to control access using a 3rd party authorization mechanism. As a Developer Associate, what would you recommend for the given use-case?
Lambda Authorizer
A Developer at a company is working on a CloudFormation template to set up resources. Resources will be defined using code and provisioned based on certain conditions. Which section of a CloudFormation template does not allow for conditions?
Parameters
A company uses Elastic Beanstalk to manage its IT infrastructure on AWS Cloud and it would like to deploy the new application version to the EC2 instances. When the deployment is executed, some instances should serve requests with the old application version, while other instances should serve requests using the new application version until the deployment is completed. Which deployment meets this requirement without incurring additional costs?
Rolling -- With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.
A developer in your company has configured a build using AWS CodeBuild. The build fails and the developer needs to quickly troubleshoot the issue to see which commands or settings located in the BuildSpec file are causing an issue. Which approach will help them accomplish this?
Run AWS CodeBuild locally
In addition to regular sign-in credentials, AWS supports Multi-Factor Authentication (MFA) for accounts with privileged access. Which of the following MFA mechanisms is NOT for root user authentication? - U2F security Key - Virtual MFA Devices - Hardware MFA devices - SMS text message-based MFA
SMS text message-based MFA
You are running workloads on AWS and have embedded RDS database connection strings within each web server hosting your applications. After failing a security audit, you are looking at a different approach to store your secrets securely and automatically rotate the database credentials. Which AWS service can you use to address this use-case?
Secrets Manager
An IT company has a HealthCare application with data security requirements such that the encryption key must be stored in a custom application running on-premises. The company wants to offload the data storage as well as the encryption process to Amazon S3 but continue to use the existing encryption keys. Which of the following S3 encryption options allows the company to leverage Amazon S3 for storing data with given constraints?
Server-Side Encryption with Customer-Provided Keys (SSE-C)
The development team at an IT company has configured an Application Load Balancer (ALB) with a Lambda function A as the target but the Lambda function A is not able to process any request from the ALB. Upon investigation, the team finds that there is another Lambda function B in the AWS account that is exceeding the concurrency limits. How can the development team address this issue?
Set up reserved concurrency for the Lambda function B so that it throttles if it goes above a certain concurrency limit
A development team at a social media company uses AWS Lambda for its serverless stack on AWS Cloud. For a new deployment, the Team Lead wants to send only a certain portion of the traffic to the new Lambda version. In case the deployment goes wrong, the solution should also support the ability to roll back to a previous version of the Lambda function, with MIMINUM downtime for the application. As a Developer Associate, which of the following options would you recommend to address this use-case?
Set up the application to use an alias that points to the current version. Deploy the new version of the code and configure the alias to send 10% of the users to the new version. If the deployment goes wrong, reset the alias to point all traffic to the current version.
As part of his development work, an AWS Certified Developer Associate is creating policies and attaching them to IAM identities. After creating necessary Identity-based policies, he is now creating Resource-based policies. Which is the only resource-based policy that the IAM service supports?
Trust policy
You are a developer working on AWS Lambda functions that are invoked via REST API's using Amazon API Gateway. Currently, when a GET request is invoked by the consumer, the entire data-set returned by the Lambda function is visible. Your team lead asked you to format the data response. Which feature of the API Gateway can be used to solve this issue?
Use API Gateway Mapping Templates
A SaaS company runs a HealthCare web application that is used worldwide by users. There have been requests by mobile developers to expose public APIs for the application-specific functionality. You decide to make the APIs available to mobile developers as product offerings. Which of the following options will allow you to do that? - Use AWS Lambda Custom Authorizers - Use API Gateway Usage Plans - Use CloudFront Usage Plans - Use AWS Billing Usage Plans
Use API Gateway Usage Plans
Your company has stored all application secrets in SSM Parameter Store. The audit team has requested to get a report to better understand when and who has issued API calls against SSM Parameter Store. Which of the following options can be used to produce your report? - Use SSM Parameter Store Access Logs in S3 to get a record of actions taken by a user - Use SSM Parameter Store Access Logs in CloudWatch Logs to get a record of actions taken by a user - Use AWS CloudTrail to get a record of actions taken by a user - Use SSM Parameter Store List feature to get a record of actions taken by a user
Use AWS CloudTrail to get a record of actions taken by a user
A photo-sharing application manages its EC2 server fleet running behind an Application Load Balancer and the traffic is fronted by a CloudFront distribution. The development team wants to decouple the user authentication process for the application so that the application servers can just focus on the business logic. As a Developer Associate, what solution would you recommend to address this use-case?
Use Cognito Authentication via Cognito User Pools for your Application Load Balancer
A company has hired you as an AWS Certified Developer Associate to help with redesigning a real-time data processor. The company wants to build custom applications that process and analyze the streaming data for its specialized needs. What solution will you recommend to address this use-case?
Use Kinesis Data Streams to process the data streams as well as decouple the producers and consumers for the real-time data processor
As an AWS Certified Developer Associate, you have configured the AWS CLI on your workstation. Your default region is us-east-1 and your IAM user has permissions to operate commands on services such as EC2, S3 and RDS in any region. You would like to execute a command to stop an EC2 instance in the us-east-2 region. What of the following is the MOST optimal solution to address this use-case? - Use the --region parameter - Use boto3 dependency injection - You should reate a new IAM user just for that other region - You need to override the default region by using AWS configure
Use the --region parameter
A multi-national company has multiple business units with each unit having its own AWS account. The development team at the company would like to debug and trace data across accounts and visualize it in a centralized account. As a Developer Associate, which of the following solutions would you suggest for the given use-case? - VPC Flow Logs - X-Ray CloudWatch Events - CloudTrail
X-Ray
You have deployed a Java application to an EC2 instance where it uses the X-Ray SDK. When testing from your personal computer, the application sends data to X-Ray but when the application runs from within EC2, the application fails to send data to X-Ray. Which of the following does NOT help with debugging the issue? - X-ray sampling - EC2 X-Ray Daemon - CloudTrail - EC2 Instance Role
X-Ray sampling
The development team has just configured and attached the IAM policy needed to access AWS Billing and Cost Management for all users under the Finance department. But, the users are unable to see AWS Billing and Cost Management service in the AWS console. What could be the reason for this issue?
You need to activate IAM user access to the Billing and Cost management console for all users who need access