AWS Developer Associate

Ace your homework & exams now with Quizwiz!

An application needs a middleware solution with the following requirements: adapts to sudden spikes of traffic operates asynchronously persists data for up to one year requires no capacity provisioning Which solution meets these requirements? A) Simple Queue Service (SQS) B) Simple Notification Service (SNS) C) Kinesis Data Streams D) Kinesis Firehose

A

An application runs on an EC2 instance and processes orders on a nightly basis. This EC2 instance needs to access the orders that are stored in S3. How would you recommend the EC2 instance access the orders securely? A) Use an IAM role B) Use EC2 User Data C) Create an IAM programmatic user and store the access key and secret access key on the EC2 ~/.aws/credentials file. D) Create an S3 bucket policy that authorizes public access

A

What are some use cases for Amazon Kinesis Data Streams? a) Real-time dashboards, real-time anomaly detection, dynamic pricing b) Automated workflows c) Loading streaming data into data stores and analytics tools d) Discovering, preparing, and combining data for analytics

A

What are the benefits of using TTL in DynamoDB? a) To reduce the cost of storing irrelevant data b) To increase storage usage c) To improve the performance of the underlying DynamoDB table d) To store relevant data in the database

A

What are the three different modes of server-side encryption for data at rest in Amazon S3? a) SSE-S3, SSE-C, SSE-KMS b) SSE-AES, SSE-RSA, SSE-KMS c) SSE-S3, SSE-RSA, SSE-KMS d) SSE-AES, SSE-C, SSE-KMS

A

What can developers do with the AWS CLI? A. Control multiple AWS services from the command line B. Automate AWS services through scripts C. Access AWS services from JavaScript code D. All of the above

A

What change can you make to the application to ensure it uses the SQS queue effectively and reduces the number of empty responses? A. Use long polling B. Set a custom visibility timeout C. Use short polling D. Implement exponential backoff

A

What does DynamoDB Accelerator (DAX) offer that can reduce response times for read workloads? A. An in-memory cache that reduces response times of eventually-consistent read workloads to microseconds. B. A service for replicating tables in different regions. C. A way to increase the throughput for tables. D. A method for handling throttling errors for tables.

A

What does a 500 series error indicate? A. An internal server error B. A bad gateway error C. An error that needs to be handled in the developer's application D. A successful response

A

What does the "AllObjectActions" statement in an Amazon S3 policy allow? A) GetObject, DeleteObject, PutObject and any other Amazon S3 action that ends with the word "Object" B) ListObjectsInBucket and any other Amazon S3 action that ends with the word "Bucket" C) GetBucket, DeleteBucket, PutBucket and any other Amazon S3 action that ends with the word "Bucket" D) None of the above

A

What does the "ListObjectsInBucket" statement allow for in Amazon S3? a) Listing bucket objects b) Putting objects c) Deleting objects d) None of the above

A

What does the AWS SDK help simplify? A. Coding for AWS services B. Managing AWS services from the command line C. Local development and testing of serverless applications D. Collaboration in the cloud

A

What does the s3:*Object statement refer to in Amazon S3? a) All actions ending with the word "Object" b) All Amazon S3 actions c) Only GetObject, DeleteObject, and PutObject actions d) None of the above

A

What event type sends notifications when an object is created using any API operation? A) Object Create (All) B) Object Create (PUT) C) Object Create (POST) D) Object Create (COPY)

A

What happens if the primary instance fails in a Multi-AZ deployment? a. The secondary instance is promoted to become the new primary instance automatically. b. The secondary instance becomes unavailable until the primary instance is restored. c. The database is automatically backed up to S3 and restored when the primary instance is restored.

A

What information can you obtain by setting the ReturnConsumedCapacity parameter in a Query request to TOTAL? a. The aggregate number of read capacity units consumed b. The consumed capacity for each table and index that was accessed c. No consumed capacity data is returned d. No information can be obtained

A

What is AWS Data Pipeline? A. A web service for automating data movement and transformation B. A service for automating data storage C. A service for automating data analysis D. A service for automating data backup

A

What is AWS Lambda used for? A. Running code without provisioning or managing servers B. Hosting containers C. Streaming real-time data D. None of the above

A

What is AWS SAM Local? A. An AWS service for local development and testing B. A unified tool for managing AWS services C. A JavaScript library for accessing AWS services D. A cloud-based IDE

A

What is AWS Step Functions used for? A) Coordinating the components of distributed applications and microservices using visual workflows B) Running batch computing jobs on the AWS Cloud C) Preparing and loading data for analytics D) Associating code with specific tasks in a state machine

A

What is AWS Systems Manager Parameter Store used for? a) To store configuration data b) To store images c) To store videos d) To store audio files

A

What is Amazon Aurora? a. A database engine that is fully managed by AWS and compatible with PostgreSQL and MySQL. b. A database engine that is fully managed by AWS and compatible with SQL Server and Oracle. c. A database engine that is fully managed by AWS and compatible with MySQL and MariaDB. d. A database engine that is fully managed by AWS and compatible with MongoDB and Cassandra.

A

What is Amazon DynamoDB? A) A fully managed NoSQL database service B) A serverless computing platform C) A cloud-based object storage service D) A service for real-time processing of streaming data at scale

A

What is Amazon ECS? A) A fully managed container orchestration service B) A fully managed Docker image registry C) A fully managed service for deploying, managing, and scaling containerized applications using Kubernetes on AWS D) A fully managed message queuing service

A

What is Amazon ElastiCache? A) A web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud B) A feature that enables fast, easy, and secure transfers of files over long distances between a client and an S3 bucket C) A service that gives businesses and web application developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds D) A Memcached-compatible in-memory key-value store service that can be used as a cache or a data store

A

What is Amazon ElastiCache? A) An in-memory data store B) A Big Data as a Service cloud facility C) A Data Warehousing service

A

What is Amazon SNS? A) A fully managed pub/sub messaging service B) A service used to implement data streams C) A service used to implement message queues D) A service used to coordinate work across distributed components

A

What is Amazon SQS used for? A) Implementing message queues B) Building RESTful APIs C) Running code in response to events D) Coordinating components and step through the functions of an application

A

What is Amazon Simple Storage Service (Amazon S3)? A) An object storage service offering industry-leading scalability, data availability, security, and performance B) A fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale C) A CDN that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds D) A web service that helps you reliably process and move data between different AWS compute and storage services

A

What is Cache Aside in the context of caching strategies? a. A strategy where the application checks the cache first for requested data, and if not found, retrieves the data from the database and adds it to the cache. b. A strategy where the application populates the cache with all data upon startup, and subsequently reads from the cache for all data requests. c. A strategy where the application writes data to both the cache and the database simultaneously, ensuring that the cache is always up-to-date.

A

What is IAM Auth in ElastiCache? a. A feature that enables users to authenticate using IAM roles when connecting to the ElastiCache Redis Cluster. b. A feature that enables users to enter a password when connecting to the ElastiCache Redis Cluster. c. A feature that allows you to control network access to your ElastiCache Redis Cluster.

A

What is IAM Database Authentication in RDS? a. A feature that enables IAM users to authenticate to an RDS database without the need for a database username and password. b. A feature that enables you to control network access to your RDS database. c. A feature that enables you to encrypt data at rest in your RDS database.

A

What is Multi-AZ deployment in RDS? a. A deployment option that allows you to run multiple replicas of your database in different availability zones for high availability. b. A deployment option that allows you to run multiple replicas of your database in the same availability zone for high availability. c. A deployment option that allows you to run multiple databases in different regions for high availability.

A

What is Origin Access Identity (OAI) in CloudFront? A) A security feature that restricts access to an S3 bucket B) A feature that improves data transfer speed C) A feature that improves read-heavy application performance D) A feature that improves write-heavy application performance

A

What is Redis Auth in ElastiCache? a. A feature that enables users to enter a password when connecting to the ElastiCache Redis Cluster. b. A feature that enables users to authenticate using IAM roles when connecting to the ElastiCache Redis Cluster. c. A feature that allows you to control network access to your ElastiCache Redis Cluster.

A

What is Redshift? A) A cloud-based data warehousing solution B) A NoSQL database C) A graph database D) A distributed file system

A

Which service is used for collecting and sending log data to CloudWatch Logs but does not have any feature that allows you to implement the requirement of archiving a specific number of application revisions? A) AWS CloudWatch Log Agent B) Integrate with AWS CodePipeline C) CodeDeploy Agent D) Have a load balancer in front of your instances

A

Which service is used for storing, managing, and deploying Docker container images on AWS? A) Amazon ECR B) Amazon ECS C) Amazon EKS D) Amazon SQS

A

Which type of API integration allows for returning CORS-related headers to ensure that the API method permits CORS access? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

A

Why should IAM roles be used in an AWS environment? a. To manage security credentials b. To run scripts on EC2 instances c. To access the AWS Management Console d. To store data on S3

A

Will selecting DELETE trigger events when an object is deleted from S3? A) Yes B) No

A

You are a developer working with the AWS CLI to create Lambda functions that contain environment variables. Your functions will require over 50 environment variables consisting of sensitive information of database table names. What is the total set size/number of environment variables you can create for AWS Lambda? A) The total size of all environment variables shouldn't exceed 4 KB. There is no limit on the number of variables B) The total size of all environment variables shouldn't exceed 8 KB. The maximum number of variables that can be created is 50 C) The total size of all environment variables shouldn't exceed 4 KB. The maximum number of variables that can be created is 35 D) The total size of all environment variables shouldn't exceed 8 KB. There is no limit on the number of variables

A

You are developing an application that is going to make use of Amazon Kinesis. Due to the high throughput, you decide to have multiple shards for the streams. Which of the following is TRUE when it comes to processing data across multiple shards? A. You cannot guarantee the order of data across multiple shards. It's possible only within a shard. B. Order of data is possible across all shards in a stream. C. Order of data is not possible at all in Kinesis streams. D. You need to uso Kinesis firehose to guarantee the order of data.

A

You are running a high-performance database that requires an IOPS of 310,000 for its underlying storage. What do you recommend? A) Use an EC2 Instance Store B) Use an EBS gp2 drive C) Use an EBS io1 drive D) Use an EBS io2 Block Express drive

A

You are running a website on 10 EC2 instances fronted by an Elastic Load Balancer. Your users are complaining about the fact that the website always asks them to re-authenticate when they are moving between website pages. You are puzzled because it's working just fine on your machine and in the Dev environment with 1 EC2 instance. What could be the reason? A) The Elastic Load Balancer does not have Sticky Sessions enabled B) Your website must have an issue when hosted on multiple EC2 instances C) The EC2 instances log out users as they can't see their IP addresses, instead, they receive ELB IP addresses.

A

You can use CreateQueue to create an SQS delay queue by setting the DelaySeconds attribute to any value between 0 and 900 (15 minutes). A) True B) False

A

You can use tags to organize your AWS bill to reflect your own cost structure. A) True B) False

A

You can work with tags using the AWS Management Console, the Amazon EC2 command line interface (CLI), and the Amazon EC2 API. A) True B) False

A

You have 3 S3 buckets. One source bucket A, and two destination buckets B and C in different AWS Regions. You want to replicate objects from bucket A to both bucket B and C. How would you achieve this? A) Configure replication from bucket A to bucket B, then from bucket A to bucket C B) Configure replication from bucket A to bucket B, then from bucket B to bucket C C) Configure replication from bucket A to bucket C, then from bucket C to bucket B

A

You have 3 VPCs A, B, and C. You want to establish a VPC Peering connection between all the 3 VPCs. What should you do? A) Establish 3 VPC Peering connections (A-B, A-C, B-C) B) As VPC Peering supports Transitive Peering, so you need to establish 2 VPC Peering connections (A-B, B-C)

A

You have a large dataset stored on-premises that you want to upload to the S3 bucket. The dataset is divided into 10 GB files. You have good bandwidth but your Internet connection isn't stable. What is the best way to upload this dataset to S3 and ensure that the process is fast and avoid any problems with the Internet connection? A) Use S3 Multi-part Upload & S3 Transfer Acceleration B) Use S3 Select & Use S3 Transfer Acceleration C) Use Multi-part Upload Only

A

You have a node.js lambda function that relies upon and external graphics library. What is the best way to include the external graphics library without consuming excessive lambda compute resources? A) Install the libraries with NPM before creating the deployment package B) Run an Arbitrary Executable script in AWS Lambda to install the libraries C) Create a second lambda function to install the libraries D) Upload library to S3 and import when lambda function executed.

A

You have a web application running on an ec2 instance that needs to know the IP address that it is running on. How can the application get this information? A) Use Curl or Get command to http://169.254.169.254/latest/meta-data/ B) Use Curl or Get command to http://169.254.169.254/latest/user-data C) Use API/SDK command get-host-address D) Use API/SDK command get-host-ip

A

You have an ElastiCache Redis Cluster that serves a popular application. You have noticed that there are a large number of requests that go to the database because a large number of items are removed from the cache before they expire. What is this called and how to solve it? A) Cache Evictions, Scale up or out your ElastiCache Redis Cluster B) Cache Invalidations, Scale up or out your ElastiCache Redis Cluster C) Cache Evictions, Scale down or in your ElastiCache Cluster D) Cache Invalidations, Scale down or in your ElastiCache Cluster

A

You have an S3 bucket that has S3 Versioning enabled. This S3 bucket has a lot of objects, and you would like to remove old object versions to reduce costs. What's the best approach to automate the deletion of these old object versions? A) S3 Lifecycle Rules - Expiration Actions B) S3 Lifecycle Rules - Transition Actions C) S3 Access Logs

A

You have an application that's hosted in two different AWS Regions us-west-1 and eu-west-2. You want your users to get the best possible user experience by minimizing the response time from application servers to your users. Which Route 53 Routing Policy should you choose? A) Latency B) Multi Value C) Weighted D) Geolocation

A

You have created and tested an example Lambda Node.js application from the AWS Serverless Application Repository. What are the next steps? A) Cloudformation CLI package and deploy commands B) Cloudformation CLI create-stack and update-stack commands C) Cloudformation CLI package-stack and deploy-stack commands D) Cloudformation CLI create-change-set and deploy-change-set

A

You have developed an application that calls the Amazon CloudWatch API. Every now and again your application receives ThrottlingException HTTP Status Code: 400 errors when making GetMetricData calls. How can you fix this problem? A) Implement exponential backoff algorithm for retries B) Use the GetBatchData API call C) Request a limit increase from AWS D) Increase CloudWatch IOPS

A

You have migrated an on-premise SQL Server database to an Amazon Relational Database Service (RDS) database attached to a VPC inside a private subnet. Also, the related Java application, hosted on-premise, has been moved to an Amazon Lambda function. Which of the following should you implement to connect AWS Lambda function to its RDS instance? A) Configure Lambda to connect to VPC with private subnet and Security Group needed to access RDS B) Configure lambda to connect to the public subnet that will give internet access and use Security Group to access RDS inside the private subnet C) Use Environment variables to pass in the RDS connection string D) Use Lambda layers to connect to the internet and RDS separately

A

You have migrated the MySQL database from on-premises to RDS. You have a lot of applications and developers interacting with your database. Each developer has an IAM user in the company's AWS account. What is a suitable approach to give access to developers to the MySQL RDS DB instance instead of creating a DB user for each one? A) Enable IAM Database Authentication B) Use Amazon Cognito C) By default IAM users have access to your RDS database

A

You want to host multiple secure websites on a single EC2 server using multiple SSL certificates. How can you achieve this? A) Assign a secondary private IPv4 address to a second attached network interface. Associate an elastic IP address with the private IPv4 address. B) Assign a secondary public IPv4 address to a second attached network interface. Associate an elastic IP address with the public IPv4 address. C) Assign a secondary private IPv6 address to a second attached network interface. Associate an elastic IP address with the private IPv6 address. D) Assign a secondary public IPv6 address to a second attached network interface. Associate an elastic IP address with the public IPv6 address. None of the above

A

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 Purchasing Option allows you to get visibility into them? A) Dedicated Hosts B) Spot Instances C) On-Demand D) Reserved Instances

A

You would like to have a high-performance local cache for your application hosted on an EC2 instance. You don't mind losing the cache upon the termination of your EC2 instance. Which storage mechanism do you recommend as a Solutions Architect? A) Instance Store B) EBS C) EFS

A

You would like to use Amazon API gateway to interface with an existing SOAP/XML backend. API Gateway will receive requests and forward them to the SOAP backend. How can you achieve this? A) Use API Gateway mapping templates to transform the data for the SOAP backend B) Use API Gateway data translation to transform the data for the SOAP backend C) Use a Lambda function to transform the data for the SOAP backend D) Use an EC2 instance with a load balancer to transform the data for the SOAP backend.

A

You're developing an application that will be hosted on an EC2 Instance. This will be part of an Autoscaling Group. The application needs to get the private IP of the instance to send it across to a controller-based application. Which of the following can be done to achieve this? A. Query the Instance Meta Data B. Query the Instance User Data C. Have an Admin get the IP address from the console D. Make the application run IFConfig

A

You're running an application on an on-premises server. The application needs to perform API calls to an S3 bucket. How can you achieve this in the most secure manner? A) Create an IAM user to be used by the application, then generate IAM credentials and put the credentials into environment variables B) From inside your on-premises server, run aws configure and insert your personal IAM Credentials C) Create an IAM user to be used by the application, then generate IAM credentials and use the credentials in the application's code D) Attach an IAM role to your on-premises server

A

You've been hired as a developer to work on an application. This application is hosted on an EC2 Instance and interacts with an SQS queue. It's been noticed that when the application is pulling messages, a lot of empty responses are being returned. What change can you make to ensure that the application uses the SQS queue effectively? A. Use long polling B. Set a custom visibility timeout C. Use short polling D. Implement exponential backoff.

A

You've developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC? (Select TWO) 1. Ensure that the subnet IDs are configured in the Lambda function. 2. Ensure that the NACL IDs are configured in the Lambda function. 3. Ensure that the Security Group IDs are configured in the Lambda function. 4. Ensure that the VPC Flow Log IDs are configured in the Lambda function. A) 1, 3 B) 1, 2 C) 2, 4 D) 3, 4

A

You've enabled website hosting on a bucket named 'backspace.academy' in the us-east-1 (us standard region). Select the URL you'll receive from AWS as the URL for the bucket. A) backspace.academy.s3-website-us-east-1.amazonaws.com B) backspace.academy.s3-website.amazonaws.com C) backspace.academy.us-east-1-s3-website.amazonaws.com D) backspace.academy.s3-website-us-east.amazonaws.com

A

What is the difference between an API Gateway REST API and an API Gateway HTTP API? a) REST APIs are a collection of HTTP resources and methods integrated with backend HTTP endpoints or Lambda functions, while HTTP APIs are a collection of routes and methods integrated with backend HTTP endpoints or Lambda functions b) REST APIs are a collection of routes and methods integrated with backend HTTP endpoints or Lambda functions, while HTTP APIs are a collection of HTTP resources and methods integrated with backend HTTP endpoints or Lambda functions c) REST APIs and HTTP APIs are the same thing d) There is no difference between REST APIs and HTTP APIs

A

What is the difference between caching and storage? a. Caching is used to store frequently accessed data while storage is used to store data permanently. b. Caching is used for long-term data storage while storage is used for short-term data storage. c. Caching and storage are interchangeable terms.

A

You've just created an AWS Lambda function. You're running the function, but the output of the function is not as expected. You need to check and see what the issue is. Which of the following can help the developer debug the issue with the Lambda function? A. Check CloudWatch logs B. Check VPC Flow Logs C. Check AWS Trusted Advisor D. Cheek AWS Inspector

A

Your application hosted on EC2 instances managed by an Auto Scaling Group suddenly receives a spike in traffic which triggers your ASG to scale out and a new EC2 instance has been launched. The traffic continuously increases but the ASG doesn't launch any new EC2 instances immediately but after 5 minutes. What is a possible cause for this behavior? A) Cooldown Period B) Lifecycle Hooks C) Target Tracking Policy D) Launch Template

A

Your team has started configuring CodeBuild to run builds in AWS. The source code is stored in a bucket. When the build is run. you are getting the below error. Error: "The bucket you are attempting to access must be addressed using the specified endpoint..." When Running a Build. Which of the following could be the cause of the error? A. The bucket is not in the same region as the Code Build project. B. Code should ideally be stored on EBS Volumes. C. Versioning is enabled for the bucket. D. MFA is enabled on the bucket.

A

What is Time-To-Live (TTL) in the context of caching strategies? a. A setting that determines how long data will remain in the cache before it is automatically evicted. b. A setting that determines the maximum size of the cache, and evicts data when the size limit is reached. c. A setting that determines the minimum amount of time that data must remain in the cache before it can be evicted.

A

What is a CloudWatch alarm in the context of AWS? a. A mechanism to send alerts to the user when a CloudWatch metric meets certain criteria b. A way to create a new EC2 instance automatically when the existing instances reach a certain capacity c. A security feature that restricts access to certain AWS resources d. None of the above

A

What is a Route 53 Health Check? a. A tool for monitoring the status of resources associated with a DNS name. b. A tool for managing the configuration of Route 53 routing policies. c. A tool for monitoring the performance of AWS resources. Answer: a

A

What is a Scan operation in Amazon DynamoDB? a. An operation that reads every item in a table or a secondary index b. An operation that has the same partition key as the base table c. An operation that returns all of the data attributes for every item in the table or index d. An operation that composes of two attributes: the partition key and the sort key

A

What is a Target Group in the context of an Elastic Load Balancer? a. A group of EC2 instances that the load balancer routes traffic to b. A set of rules that the load balancer uses to route traffic to different EC2 instances c. A collection of users who are accessing a web application d. None of the above

A

What is a composite primary key in Amazon DynamoDB? a. A type of key composed of two attributes: the partition key and the sort key. b. A type of key composed of only the partition key. c. A type of key composed of only the sort key. d. A type of key composed of three or more attributes.

A

What is a composite primary key in Amazon DynamoDB? a. A type of key that is composed of two attributes: the partition key and the sort key b. An index that has the same partition key as the base table, but a different sort key c. An index with a partition key and a sort key that can be different from those on the base table d. An operation that reads every item in a table or a secondary index

A

What is a cookie in the context of the Elastic Load Balancer? a. A small piece of data that is sent from the client to the load balancer to identify the client's session b. A type of target group that is used to route traffic to specific EC2 instances c. A protocol used to transfer data between the client and the server d. None of the above

A

What is a key benefit of using CloudFront in conjunction with S3 for serving website content? A) Cost-effective data transfer B) Faster data transfer over long distances C) Improved read-heavy application performance D) Improved write-heavy application performance

A

What is an OutputPath in an AWS Step Functions state? A) A path that selects a portion of the state's input to be passed to the state's output B) A path that selects a portion of the state's input to be passed to the state's task for processing C) A human-readable description of the state D) A required field that specifies the type of the state

A

What is created in the design phase? A. Design specification B. Cost analysis C. Deployment plan D. Testing environment

A

What is kubectl? A) An open source command line tool for interacting with Kubernetes infrastructure B) A tool for managing AWS services C) A command line utility for creating and managing Kubernetes clusters on Amazon EKS D) The AWS SDK for Python

A

What is not a capability of Amazon Kinesis Data Analytics? A. Deliver real-time streaming data to destinations such as Amazon Simple Storage Service B. Perform time-series analytics on streaming data using standard SQL C. Analyze data directly in Amazon Simple Storage Service using standard SQL D. Process Big Data

A

What is one solution for the data loss problem when using an EC2 Instance Store for database storage? A) Set up a replication mechanism on another EC2 instance with an Instance Store B) Use EBS volumes instead of Instance Store C) Store data in EFS D) Use S3 for database storage

A

What is the AWS resource used to create nested stacks in Cloudformation? A. AWS::CloudFormation::Stack B. AWS::CloudFormation::Deploy C. AWS::CloudFormation::Package D. AWS::CloudFormation::Create

A

What is the benefit of attaching an Elastic IP address to a Network Load Balancer? a. It provides a static IP address that can be used to access the load balancer from the internet b. It increases the capacity and scalability of the load balancer c. It improves the security of the load balancer d. None of the above

A

What is the benefit of using Amazon Aurora over other RDS database engines? a. It provides better scalability and performance for high-throughput workloads. b. It provides better durability and availability for critical applications. c. It provides better security and compliance for regulated industries. d. It provides better compatibility and interoperability with other AWS services.

A

What is the benefit of using Cognito User Pools for mobile application? a) It allows for user management to be fully managed by AWS b) It helps in balancing incoming traffic across different EC2 instances c) It can be used to send log data to CloudWatch Logs from Amazon EC2 instances d) It is not beneficial for mobile application

A

What is the best solution for larger objects up to 5 TB in size? A. Multipart upload API B. AWS Direct Connect C. Single PUT operation D. AWS Redshift

A

What is the cost model for AWS Lambda? A. Pay for the compute time you consume B. Pay a fixed rate per server C. Pay per GB of data captured D. No charge

A

What is the definition of a GSI in Amazon DynamoDB? a. An index with a partition key and sort key that can be different from the base table. b. An index with the same partition key as the base table but a different sort key. c. An index that queries only within a single partition of the base table. d. An index that reads every item in a table or secondary index.

A

What is the difference between Aurora Replica and Aurora Read Replica? a. Aurora Replica is a standby instance that can be promoted to become the primary instance, while Aurora Read Replica is a secondary instance that can be used for read scaling. b. Aurora Replica is a secondary instance that can be used for read scaling, while Aurora Read Replica is a standby instance that can be promoted to become the primary instance. c. Aurora Replica and Aurora Read Replica are interchangeable terms for the same thing.

A

What is the difference between IAM users and database users in RDS? a. IAM users are used for managing access to AWS resources, while database users are used for managing access to RDS databases. b. IAM users are used for managing access to RDS databases, while database users are used for managing access to AWS resources. c. IAM users and database users are interchangeable terms.

A

What is the difference between a cache and a buffer in the context of database management? a. A cache stores frequently accessed data, while a buffer stores data that has been recently modified. b. A buffer stores frequently accessed data, while a cache stores data that has been recently modified. c. A cache and a buffer are interchangeable terms for the same thing.

A

What is the difference between eager loading and lazy loading in the context of caching? a. Eager loading loads all data into the cache at once, while lazy loading loads data into the cache only when necessary. b. Lazy loading loads all data into the cache at once, while eager loading loads data into the cache only when necessary. c. Eager loading and lazy loading are interchangeable terms for the same thing.

A

What is the purpose of Amazon Cognito? a. To provide authentication and authorization for web and mobile applications. b. To provide a database management system for storing and retrieving data. c. To provide an in-memory data store for caching frequently accessed data.

A

What is the purpose of Amazon Simple Queue Service (SQS)? A) To decouple and scale microservices, distributed systems, and serverless applications B) To process data in real-time C) To load streaming data into data stores D) To organize, transform, aggregate and analyze data

A

What is the purpose of CloudWatch in the context of AWS? a. To monitor the performance of AWS resources and applications b. To automatically add or remove EC2 instances based on demand c. To monitor the health of EC2 instances and automatically replace any instances that fail d. All of the above

A

What is the purpose of Security Groups in ElastiCache? a. To control network access to your ElastiCache Redis Cluster. b. To enable users to authenticate using IAM roles when connecting to the ElastiCache Redis Cluster. c. To enable users to enter a password when connecting to the ElastiCache Redis Cluster.

A

What is the purpose of Server Name Indication (SNI) in the Elastic Load Balancer? a. To allow you to expose multiple HTTPS applications each with its own SSL certificate on the same listener b. To prevent conflicts with other SSL certificates that might be used in the application c. To improve the performance of the load balancer d. None of the above

A

What is the purpose of a Routing Policy in Route 53? a. To determine how incoming traffic to a web application should be distributed among a set of resources. b. To determine the geographic location of incoming traffic to a web application. c. To determine the response time of a web application to incoming traffic.

A

What is the purpose of the Action attribute in the policy statement? A) To specify the allowed call to the Lambda function B) To indicate the lambda function that Principal is allowed to access C) To specify the AWS account and S3 bucket name D) To specify the service that the policy applies to

A

What is the purpose of the ELB Sticky Session feature? a. To ensure that traffic for the same client is always redirected to the same target b. To increase the overall capacity and scalability of the Elastic Load Balancer c. To make it more difficult for clients to access their sessions d. None of the above

A

What is the purpose of the X-Ray daemon? a. To send trace data to the X-Ray service b. To debug performance issues in an application c. To send data to CloudWatch d. To install the X-Ray agent on an EC2 Instance

A

What is the purpose of the session token returned by AWS STS? A) It provides temporary access to AWS resources. B) It provides permanent access to AWS resources. C) It is used to encrypt data stored in AWS S3. D) It is used to authenticate API calls to AWS Lambda.

A

What is the purpose of using AWS KMS for encryption in RDS? a. To manage the encryption keys used to encrypt and decrypt data in the RDS instance. b. To manage the network access control lists (ACLs) for the RDS instance. c. To manage the database schema for the RDS instance.

A

What is the purpose of using Aurora Serverless? a. To automatically scale Aurora database clusters based on demand. b. To improve the durability and availability of Aurora database clusters. c. To encrypt data at rest in Aurora database clusters. d. To manage the database schema and indexes in Aurora database clusters.

A

What is the purpose of using a permissions boundary in IAM? A) To set the maximum permissions that an identity-based policy can grant to an IAM entity B) To provide permissions on its own to an IAM entity C) To authenticate a user to a DB instance D) To authenticate a user to Amazon S3

A

What is the purpose of using nested stacks in Cloudformation? A. To create a single, unified stack B. To package and deploy templates C. To create multiple, independent stacks D. To break the templates into smaller manageable templates

A

What is the purpose of using read replicas in an AWS RDS instance? A. To reduce the response time for the application B. To ensure high availability and disaster recovery for the database C. To change the database type D. To scale out beyond the capacity constraints of a single DB Instance

A

What is the purpose of weighted routing in Route 53? A. To balance the load between multiple resources B. To deploy a new version of software C. To perform failover D. To manage maintenance overhead

A

What is the recommended solution if the data being passed between states in a state machine definition is expected to grow over 32 KB? A. Store the data in Amazon S3 and pass the Amazon Resource Name instead of raw data B. Increase the payload size limit in the state machine definition

A

What is the requirement for data to be encrypted before being sent to Amazon S3 for storage when using server-side encryption? A. True B. False

A

What is the result of a Scan operation in Amazon DynamoDB? a. Returns all data attributes for every item in the table or index by default. b. Returns a random selection of data attributes for every item in the table or index. c. Returns only a single item in the table or index. d. Returns no data attributes for any item in the table or index.

A

What is the write-through caching strategy? A) A caching strategy that updates the cache whenever data is written to the database B) A caching strategy that always loads data from the database and never uses the cache C) A caching strategy that updates the cache only when necessary D) A caching strategy that updates the cache at regular intervals

A

What makes DynamoDB Accelerator (DAX) a preferred service to use with DynamoDB? A. It is an in-memory cache that reduces response times of eventually-consistent read workloads to microseconds. B. It is a service for replicating tables in different regions. C. It is a way to increase the throughput for tables. D. It is a method for handling throttling errors for tables.

A

Which of the following is NOT a valid Route 53 Health Check? a. Health Check that monitors an SQS Queue. b. Health Check that monitors an endpoint. c. Health Check that monitors other Health Checks. d. Health Check that monitors CloudWatch Alarms.

A

Which of the following is an IAM Security Tool? A) IAM Credentials Report B) IAM Root Account Manager C) IAM Services Report D) IAM Security Advisor

A

Which of the following is true about both Application Load Balancer and Network Load Balancer? a. They both provide a static DNS name b. They both provide a static IP c. They both provide a dynamic DNS name and IP d. None of the above

A

Which of the following options is NOT considered a secure way to store the database connection string? 1. In the CloudFormation template 2. In a Git repository 3. In AWS Systems Manager Parameter Store 4. Encrypted in the Lambda function code A) 1, 2, 4 B) 2, 3, 4 C) 1, 3, 4 D) 1, 2, 3

A

Which principle should you apply regarding IAM Permissions? A) Grant least privilege B) Grant most privilege C) Grant more permissions if your employee asks you to D) Restrict root account permissions

A

To prevent your API from being overwhelmed by too many requests, Amazon ___________________ throttles requests to your API. By default, ________________ limits the steady-state request rate to 10,000 requests per second (rps). It limits the burst (that is, the maximum bucket size) to 5,000 requests across all APIs within an AWS account. This is Account-level throttling. As you see, this is about limit on the number of requests and is not a suitable answer for the current scenario.

API Gateway

_____________________ is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.

AWS CodeCommit

____________________ is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers.

AWS CodeDeploy

After you disable an _________________, the targets in that ___________________ remain registered with the load balancer. However, even though they remain registered, the load balancer does not route traffic to them.

Availability Zone

A web application is accessed by thousands of untrusted users and stores data in S3 buckets. Which solution provides the necessary temporary credentials? A) Cognito user pools B) Cognito identity pools C) IAM users D) IAM groups

B

Can you remove a setting applied from a configuration file in Elastic Beanstalk? A. Yes, using AWS CLI or EB CLI B. No, the setting cannot be removed without modifying the configuration file and deploying a new application version

B

Can you use the AWS CLI start-build command to specify a different source location for a build project in AWS CodeBuild? A. No, you cannot use the start-build command. B. Yes, by setting the buildspecOverride value to the path to the alternate build spec file relative to the value of the CODEBUILD_SRC_DIR environment variable. C. Yes, but only if you have access to the project. D. No, you need to use the update-project command.

B

Elastic Load Balancers provide a ....................... A) static IPv4 we can use in our application B) static DNS name we can use in our application C) static IPv6 we can use in our application

B

For compliance purposes, you would like to expose a fixed static IP address to your end-users so that they can write firewall rules that will be stable and approved by regulators. What type of Elastic Load Balancer would you choose? A) Application Load Balancer with an Elastic IP attached to it B) Network Load Balancer C) Classic Load Balancer

B

For your RDS database, you can have up to ............ Read Replicas. A) 3 B) 5 C) 7

B

How can you capture information about IP traffic inside your VPCs? A) Enable VPC Traffic Mirroring B) Enable VPC Flow Logs C) Enable CloudWatch Traffic Logs

B

How can you check an IAM role for permissions to a Kinesis stream is associated to an EC2 instance? A) CLI command STSAssumeRole followed by describeStreams B) Check the EC2 instance metadata at iam/security-credentials/role-name C) Check the Kinesis stream logs using the console D) SDK command STSAssumeRole followed by describeStreams

B

How can you configure the Auto Scaling Group to use Application Load Balancer Health Checks to determine the health of its EC2 instances? a. By changing the EC2 instance type b. By modifying the launch configuration c. By adding a new target group to the load balancer d. None of the above

B

How can you ensure the write ordering in Amazon Kinesis Data Streams? a) By using Kinesis Firehose. b) By calling the PutRecord API and using the sequenceNumberForOrdering parameter. c) By using the PutRecords API. d) By using the client.putRecord API.

B

How can you minimize the impact of a scan operation on a table's provisioned throughput in Amazon DynamoDB? A) Increase the page size B) Reduce the page size C) Use parallel scans D) Use sequential scans

B

How do you encrypt an unencrypted RDS DB instance? A) Do it straight from AWS Console, select your RDS DB instance, choose Actions then Encrypt using KMS B) Create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick "Enable encryption", then restore the RDS DB instance from the encrypted snapshot C) Do it straight from AWS Console, after stopping the RDS DB instance

B

How does IAM database authentication work? A) It uses a password to connect to a DB instance B) It uses an authentication token to connect to a DB instance C) It can be used to authenticate for Amazon S3 D) It works with all databases

B

How does a network ACL differ from a security group in AWS? A) A network ACL controls traffic at the instance level, while a security group controls traffic at the subnet level. B) A network ACL controls traffic in and out of a VPC subnet, while a security group controls traffic between instances in the same subnet. C) A network ACL is a fully-managed, globally-distributed database service, while a security group is a firewall for controlling traffic in and out of one or more subnets. D) A network ACL is used to manage network access control for database instances, while a security group is used to manage access control for EC2 instances.

B

IAM User Groups can contain IAM Users and other User Groups. A) True B) False

B

IAM users do not need to be explicitly given permissions to administer credentials for themselves. A) True B) False

B

If an EC2 instance has multiple EBS volumes attached and you only want to delete one of them when terminating the instance, what should you do? A) Change the Delete On Termination attribute of the EBS volume to "true" B) Detach the EBS volume from the instance before terminating it C) Manually delete the EBS volume after terminating the instance D) There is no way to selectively delete an EBS volume when terminating an EC2 instance

B

In AWS Simple Queue Service (SQS), the maximum long polling wait time you can use via the ReceiveMessage API action is _________________. A) 10 seconds B) 20 seconds C) 30 seconds D) 60 seconds

B

In Amazon Kinesis, can you guarantee the order of records across multiple shards? a) Yes, you can guarantee the order of records across all shards. b) No, you can only guarantee the order of records within a single shard.

B

In SSE-KMS, who manages the customer master key (CMK)? a) AWS b) The user c) Amazon S3 d) The customer

B

In a CloudFormation template, which section specifies the stack resources and their properties, such as an EC2 instance or S3 bucket? A) Parameters B) Resources C) Mappings D) Conditions

B

In order to reduce response time for read workloads in DynamoDB, is it necessary to increase the throughput for tables? A. Yes B. No

B

In what environment is the software product delivered to the customer in the deploy phase? A. Production environment B. Testing or staging environment C. Design environment D. Develop environment

B

In which type of read request is the data stored in Item Cache in DynamoDB with a DAX cluster? a. Strongly consistent read request. b. Eventually consistent read request (GetItem and BatchGetItem). c. Eventually consistent read request (Query and Scan). d. Both a and b.

B

Is AWS Systems Manager Parameter Store offered at an additional cost? a) Yes b) No

B

Is Amazon Inspector a troubleshooting tool for an AWS Lambda function? A. Yes B. No

B

Is CloudFormation necessary for managing environments in Elastic Beanstalk? A. Yes B. No

B

Is CloudFormation needed for the Elastic Beanstalk service to manage an environment? A) Yes B) No

B

Is EC2 a serverless offering? A. Yes B. No

B

Is it correct to say that changes need to be done for the current configuration in Elastic Beanstalk? A) Yes B) No

B

Is it necessary to have a cron.yaml file to deploy a worker application in Elastic Beanstalk? A. No B. Yes

B

Is the log file of the last successful deployment also deleted by the CodeDeploy agent? a) Yes b) No

B

Is there a CPU setting available for a Lambda function via the AWS console? A) Yes B) No

B

Is there a CloudWatch metric for "requests per minute" for backend-to-database connections in AWS? a. Yes, it's available by default in the CloudWatch Metrics console b. No, it's not available by default in the CloudWatch Metrics console c. It's available, but only in certain regions d. None of the above

B

Is versioning possible in DynamoDB? a) Yes b) No

B

New EBS volumes are pre-formatted with a file system on them so you can easily mount and use them. A) True B) False

B

Running an application on an Auto Scaling Group that scales the number of EC2 instances in and out is called ..................... A) Vertical Scalability B) Horizontal Scalability

B

Scaling an EC2 instance from r4.large to r4.4xlarge is called ..................... A) Horizontal Scalability B) Vertical Scalability

B

The DisableConsoleTermination attribute controls whether the instance can be terminated using the console, CLI, or API. By default, termination protection is disabled. A) True B) False

B

The debugging results of a REST API test using API Gateway show the same data in the input and output. Which component of the API is missing? A) Schema B) Mapping C) Resource D) Model

B

The development team at a social media company is considering using Amazon ElastiCache to boost the performance of their existing databases. As a Developer Associate, which of the following use-cases would you recommend as the BEST fit for ElastiCache? (Select two) 1. Use ElastiCache to improve performance of compute-intensive workloads 2. Use ElastiCache to run highly complex JOIN queries 3. Use ElastiCache to improve latency and throughput for read-heavy application workloads 4. Use ElastiCache to improve performance of Extract-Transform-Load (ETL) workloads 5. Use ElastiCache to improve latency and throughput for write-heavy application workloads A) 1, 2 B) 1, 3 C) 2, 5 D) 3, 4

B

The following error codes would have a HTTP Status Code 409: AccessDenied BucketAlreadyExists BucketNotEmpty IncompleteBody A) True B) False

B

The last API calls you made to AWS KMS begin to throttle, as you have reached the max. allowed API calls per second. What should you do? A) Make API calls every 10 ms B) Use Exponential Backoff Strategy C) Use Linear Backoff Strategy

B

True or False. Both either CodeCommit or CodeDeploy can identify and notify failures in the Lambda code. A) True B) False

B

True or False: You can use visibility timeout to retrieve messages from your Amazon SQS queues. A) True B) False

B

We have an RDS database that struggles to keep up with the demand of requests from our website. Our million users mostly read news, and we don't post news very often. Which solution is NOT adapted to this problem? A) An ElastiCache Cluster B) RDS Multi-AZ C) RDS Read Replicas

B

What Amazon S3 API operations can create an object? A) GET B) PUT, POST, and COPY C) DELETE D) HEAD

B

What HTTP method is used to update an existing resource? A) GET B) PUT C) PATCH D) POST

B

What HTTP response code is returned if a resource has been created on the origin server? A) 200 (OK) B) 201 (Created) C) 400 (Bad Request) D) 404 (Not Found)

B

What are IAM Policies? A) A set of policies defines how AWS accounts interact with each other B) JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles C) A set of policies that define a password for IAM Users D) A set of policies defined by AWS that show how customers interact with AWS

B

What are some potential security vulnerabilities associated with storing database credentials in an S3 bucket, Lambda function configuration file, or hardcoding them in the function code? A) Credentials could be overwritten by other processes B) Credentials could be exposed to unauthorized users C) Credentials could become corrupted and cause errors D) Credentials could be lost if the storage solution fails

B

What can happen if the state machine definition does not have an explicit timeout specified? A. The execution will continue as expected B. The execution will be stuck waiting for a response that will never come

B

What determines the amount of virtual CPU available to a Lambda function? A) CPU setting B) Memory setting C) Deployment configuration D) None of the above

B

What does Amazon Kinesis Data Analytics provide for processing and analyzing streaming data? A. Deliver real-time streaming data to destinations such as Amazon Simple Storage Service B. Author and run SQL code against streaming sources to perform time-series analytics C. Analyze data directly in Amazon Simple Storage Service using standard SQL D. A fully managed service for Big Data

B

What does Amazon Kinesis Data Streams provide? A. Ability to read and/or replay records in a random order to multiple applications B. Ability to read and/or replay records in the same order to multiple applications C. Guaranteed exactly once delivery and processing of messages in the exact order they are sent D. Maximum throughput, best-effort ordering, and at-least-once delivery

B

What does the AWS::Serverless::Function resource describe? A) Embedding applications from Amazon S3 buckets B) Creating a Lambda function C) Creating API Gateway resources and methods D) Creating a Lambda layered function

B

What happens if you don't delete old versions of an application in Elastic Beanstalk? a) You can create new versions of the application b) You will hit the application version limit and be unable to create new versions of the application c) Nothing, you can keep all versions indefinitely d) None of the above

B

What happens when an EC2 instance fails the Application Load Balancer Health Checks? a. The Auto Scaling Group immediately terminates the instance and launches a new one b. The instance remains running, but is marked as unhealthy and the Auto Scaling Group launches a new instance c. The instance remains running and the Auto Scaling Group continues to use it until it becomes unreachable d. None of the above

B

What happens when server logging is enabled on an S3 bucket? A) Objects in the S3 bucket are encrypted B) Space in the S3 bucket is consumed C) The S3 bucket is automatically replicated across multiple regions D) The S3 bucket is automatically monitored

B

What happens when the get-object command is used without specifying the bytes range? A. Only the specified portion of the object is transferred B. The whole file is downloaded C. Only the data needed from the object is pulled out D. The file is copied to another location locally in S3

B

What information can you obtain by setting the ReturnConsumedCapacity parameter in a Query request to INDEXES? a. The aggregate number of read capacity units consumed b. The consumed capacity for each table and index that was accessed c. No consumed capacity data is returned d. No information can be obtained

B

What is AWS Direct Connect used for? A. Multipart uploads for larger objects B. An alternative to using the internet for AWS cloud services C. Single PUT operations for smaller objects D. Data warehousing

B

What is AWS Lambda? A) A fully managed NoSQL database service B) A serverless computing platform C) A cloud-based object storage service D) A service for real-time processing of streaming data at scale

B

What is AWS Step Functions? A) A fully managed NoSQL database service B) A visual workflow service for building distributed applications C) A serverless computing platform D) An event-driven service for real-time processing of streaming data at scale

B

What is Amazon API Gateway? A) An object storage service offering industry-leading scalability, data availability, security, and performance B) A fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale C) A CDN that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds D) A web service that helps you reliably process and move data between different AWS compute and storage services

B

What is Amazon ECR? A) A fully managed container orchestration service B) A fully managed Docker image registry C) A fully managed service for deploying, managing, and scaling containerized applications using Kubernetes on AWS D) A fully managed message queuing service

B

What is Amazon Kinesis Data Analytics used for? A. To load streaming data into data stores and analytics tools B. To build SQL queries and sophisticated Java applications C. To deliver all records for a given partition key to the same record processor D. To continuously capture gigabytes of data per second from multiple sources

B

What is Amazon Kinesis Data Firehose used for? A. To build SQL queries and sophisticated Java applications B. To load streaming data into data stores and analytics tools C. To deliver all records for a given partition key to the same record processor D. To continuously capture gigabytes of data per second from multiple sources

B

What is Amazon Kinesis Data Streams (KDS)? A. A fully managed message queuing service B. A massively scalable and durable real-time data streaming service C. The easiest way to load streaming data into data stores and analytics tools D. The easiest way to analyze streaming data in real-time

B

What is Amazon Kinesis Data Streams used for? A) To store data for long-term analysis B) To process data in real-time C) To load streaming data into data stores D) To organize, transform, aggregate and analyze data

B

What is Amazon Kinesis Data Streams? A) A fully managed pub/sub messaging service B) A service used to implement data streams C) A service used to implement message queues D) A service used to coordinate work across distributed components

B

What is Amazon S3 Transfer Acceleration? A) A web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud B) A feature that enables fast, easy, and secure transfers of files over long distances between a client and an S3 bucket C) A service that gives businesses and web application developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds D) A Memcached-compatible in-memory key-value store service that can be used as a cache or a data store

B

What is LSI in Amazon DynamoDB? a. An index with a partition key and a sort key that can be different from those on the base table b. An index that has the same partition key as the base table, but a different sort key c. An index that reads every item in a table or a secondary index d. A type of key that is composed of two attributes: the partition key and the sort key

B

What is Time To Live (TTL) in DynamoDB used for? a) To store irrelevant data in the database b) To automatically delete expired items from the database c) To enable versioning for items in the database d) To increase the cost of storing data in the database

B

What is a LSI in Amazon DynamoDB? a. An index with a partition key and sort key that can be different from the base table. b. An index with the same partition key as the base table but a different sort key. c. An index that queries only within a single partition of the base table. d. An index that reads every item in a table or secondary index.

B

What is a cache miss in the context of caching? a. When data is successfully retrieved from the cache. b. When data is not found in the cache and needs to be retrieved from the database. c. When the cache is full and data needs to be evicted to make room for new data.

B

What is a listener in the context of an Elastic Load Balancer? a. A type of target group that is used to route traffic to specific EC2 instances b. A configuration setting that determines how the load balancer handles incoming traffic c. A small piece of data that is sent from the client to the load balancer to identify the client's session d. None of the above

B

What is a proper definition of an IAM Role? A) IAM Users in multiple User Groups B) An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service C)An IAM entity that defines a password policy for IAM Users D) Permissions assigned to IAM Users to perform actions

B

What is a scale-out event in the context of an Auto Scaling Group? a. An event that occurs when the group reaches its maximum capacity b. An event that occurs when the group adds instances to meet increased demand c. An event that occurs when the group removes instances to meet decreased demand d. None of the above

B

What is an InputPath in an AWS Step Functions state? A) A path that selects a portion of the state's input to be passed to the state's output B) A path that selects a portion of the state's input to be passed to the state's task for processing C) A human-readable description of the state D) A required field that specifies the type of the state

B

What is an activity in AWS Step Functions? A) A way to coordinate the components of distributed applications and microservices B) A way to associate code running somewhere with a specific task in a state machine C) A way to prepare and load data for analytics D) A way to run batch computing jobs on the AWS Cloud

B

What is caching in the context of database management? a. A technique for storing database backups in a secure and encrypted format. b. A technique for optimizing database performance by temporarily storing frequently accessed data in memory. c. A technique for reducing database storage costs by compressing data and storing it in S3.

B

What is not a recommended practice for managing security credentials in AWS? a. Using IAM roles b. Hard coding IAM access keys c. Using IAM policies d. Rotating IAM access keys

B

What is required to run X-Ray with Elastic Beanstalk? A) Install the X-Ray daemon on the instances B) Set XRayEnabled to true in a config file inside the .ebextensions folder C) Set XRayEnabled to true in a config file in the root folder of the app D) Use the X-Ray API calls on the code

B

What is the AWS CLI? A) An open source command line tool for interacting with Kubernetes infrastructure B) A tool for managing AWS services C) A command line utility for creating and managing Kubernetes clusters on Amazon EKS D) The AWS SDK for Python

B

What is the AWS CLI? A. An AWS service for local development and testing B. A unified tool for managing AWS services C. A JavaScript library for accessing AWS services D. A cloud-based IDE

B

What is the AWS Systems Manager parameter store used for? A) Storing large files like images and videos B) Storing configuration data and sensitive information like database credentials C) Running Lambda functions D) Managing networking configurations

B

What is the advantage of using in-memory data store such as ElastiCache compared to disk-based storage? a. In-memory data store provides higher durability than disk-based storage. b. In-memory data store provides faster access to data than disk-based storage. c. In-memory data store provides more storage space than disk-based storage.

B

What is the basis for AWS Step Functions? A) Tasks B) State machines C) Extract, transform, and load (ETL) D) Compute resources

B

What is the benefit of using Route 53 Health Checks? a. To reduce the cost of operating AWS resources. b. To improve the performance of web applications by identifying and resolving issues with unhealthy resources. c. To simplify the management of DNS names and routing policies.

B

What is the default behavior of the Amazon States Language with regards to timeouts in state machine definitions? A. Timeouts are set by default B. Timeouts are not set by default

B

What is the default behavior when terminating an EC2 instance with multiple EBS volumes attached? A) All EBS volumes will be deleted B) The root volume will be deleted, but other EBS volumes will not be deleted C) The root volume will not be deleted, but other EBS volumes will be deleted D) None of the EBS volumes will be deleted

B

What is the default setting of the ReturnConsumedCapacity parameter in a Query request? a. TOTAL b. NONE c. INDEXES d. UNKNOWN

B

What is the difference between Amazon ElastiCache Memcached and Amazon ElastiCache Redis? A) Memcached is simpler while Redis offers more features B) Redis offers snapshots facility and replication, which Memcached cannot C) Memcached is designed for in-memory data storage while Redis is designed for Data Warehousing

B

What is the difference between MySQL and PostgreSQL in terms of data types and transactions? a. MySQL supports more data types than PostgreSQL, but PostgreSQL provides better transaction support. b. PostgreSQL supports more data types than MySQL, but MySQL provides better transaction support. c. Both MySQL and PostgreSQL support the same data types and transaction features.

B

What is the difference between Synchronous and Asynchronous replication in RDS? a. Synchronous replication provides high availability while Asynchronous replication provides read scalability. b. Synchronous replication ensures that the primary and replica instances have the same data at all times while Asynchronous replication may have a delay in replicating data. c. Synchronous replication only supports MySQL while Asynchronous replication supports PostgreSQL.

B

What is the error message indicating when it states that your IAM user or role needs permission for the kms:GenerateDataKey action? a) The user does not have access to the S3 bucket b) The user does not have access to the KMS key c) The user does not have access to the S3 bucket objects d) The user does not have access to the KMS key and S3 bucket

B

What is the ideal approach for reducing the load on a source DB instance in an RDS database? A. Place a CloudFront distribution in front of the database B. Enable read replicas for the database C. Change the database type from RDS to DynamoDB D. Enable Multi-AZ for the database

B

What is the impact of a scan operation on a table's provisioned throughput if you set a larger page size? A) It reduces the impact of the scan operation B) It increases the impact of the scan operation C) It does not have any impact on the scan operation D) It does not affect the provisioned throughput

B

What is the impact of enabling TTL in DynamoDB on the cost of storing data? a) It increases the cost of storing data b) It provides no extra cost c) It reduces the cost of storing data d) It does not have any impact on the cost of storing data

B

What is the impact on the application when using Read Replicas in RDS? a. The application can continue to use the same connection string to access the database. b. The application needs to reference the Read Replicas individually to balance the read load. c. The application needs to be rewritten to support Read Replicas.

B

What is the main advantage of Amazon Kinesis Data Streams over Amazon Kinesis Data Firehose? A) Kinesis Data Streams is easier to use B) Kinesis Data Streams offers real-time analysis C) Kinesis Data Firehose is easier to scale D) Kinesis Data Firehose is better for security

B

What is the main benefit of using Multi-AZ deployment in RDS? a. Scalability of your database. b. High availability of your database. c. Lower latency of your database.

B

What is the purpose of the reserved cookie names (AWSALB, AWSALBAPP, AWSALBTG) in the Elastic Load Balancer? a. To allow users to customize the cookie names for their applications b. To prevent conflicts with other cookies that might be used in the application c. To improve the performance of the load balancer d. None of the above

B

What is the purpose of using DynamoDB global tables? A. To reduce the response times of read workloads to microseconds. B. To replicate tables in different regions. C. To increase the throughput for tables. D. To handle throttling errors for tables.

B

What is the recommended design practice for managing Cloudformation templates as the infrastructure grows? A. Create one entire stack from the template B. Break the templates into smaller manageable templates C. Package the templates together and use the cloudformation deploy command D. Package the templates together and use the cloudformation package command

B

What is the recommended technique to avoid throttling errors during scans in Amazon DynamoDB? A) Large page size B) Reduced page size C) Parallel scans D) Sequential scans

B

What is the use of Multi-AZ in an AWS RDS database? A. To reduce the response time for the application B. To ensure high availability and disaster recovery for the database C. To change the database type D. To scale out beyond the capacity constraints of a single DB Instance

B

What items are considered in the plan phase? A. Software specifications B. Resources, costs, time, benefits, and risks C. Stakeholders' feedback and suggestions D. Deployment environment

B

What should you use to control traffic in and out of EC2 instances? A) Network Access Control List (NACL) B) Security Groups C) IAM Policies

B

What type of encryption is performed by Amazon S3 as the data is written to disks and decrypted when accessed? A. Client-side encryption B. Server-side encryption

B

What type of launch option can be used to host an Amazon Elastic Container Service (Amazon ECS) cluster on a serverless infrastructure? A. EC2 launch type B. Fargate launch type C. Third-party infrastructure D. Object-based storage

B

When might you want to use the ELB Sticky Session feature? a. When you want to distribute traffic evenly across multiple targets b. When you want to ensure that clients do not lose their session data c. When you want to add additional security to your Elastic Load Balancer d. None of the above

B

When using an Application Load Balancer, what is the IP address that you'll receive requests from? a. The client's IP address b. The ALB's private IP address c. The EC2 instance's private IP address d. None of the above

B

When you have an IAM role attached to your EC2 instance and you run AWS CLI commands from inside this instance, AWS CLI uses the .......................... to get .......................... credentials. A) Instance user data, temporary B) Instance Metadata, temporary C) Instance user data, permanent D) Instance Metadata, permanent

B

When you rename a DB instance, the endpoint for the DB instance does not change. A) True B) False

B

Which API integration type is best suited for proxying through to another AWS service? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

B

Which AWS service is a fully managed service that allows developers to create, publish, maintain, monitor, and secure APIs at any scale? A) Amazon CloudFront B) Amazon API Gateway C) Amazon S3 D) Amazon Data Pipeline

B

Which AWS service is a fully managed, continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy? A) AWS CodeStar B) AWS CodeBuild C) AWS CodeCommit D) AWS CodeDeploy

B

Which AWS service is used to store code repositories? A) CodeBuild B) CodeCommit C) CodePipeline D) CodeStar

B

Which Elastic Load Balancer type would be suitable for a gaming application that requires low latency and high throughput for UDP-based traffic? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. None of the above

B

Which command is used to build a Docker image from a Dockerfile? A) docker push B) docker build C) docker run D) docker ps

B

Which command is used to upload a SAM template to AWS S3? A) sam build B) sam package C) sam deploy D) sam init

B

Which cryptography scheme is supported by Amazon RDS for encrypting data at rest for databases? A) SHA-256 B) AES-256 C) RSA D) DES

B

Which file is mandatory to deploy a worker application in Elastic Beanstalk? A. appspec.yaml B. cron.yaml C. cron.config D. appspec.json

B

Which of the following databases is a fork of MySQL? a. PostgreSQL b. MariaDB c. Oracle d. MS SQL Server

B

Which of the following is NOT a Glacier Deep Archive retrieval mode? A) Standard (12 hours) B) Expedited (1 - 5 minutes) C) Bulk (48 hours)

B

Which of the following is a reserved cookie name in the Elastic Load Balancer? a. AWSCookie b. AWSALBAPP c. AWSLoadBalancer d. None of the above

B

Which of the following is the most effective way to avoid hitting the application version quota when deploying new versions of an application using Elastic Beanstalk? a) Create multiple environments and deploy the different versions to different environments. b) Create an Application Version Lifecycle policy. c) Create multiple applications and deploy the different versions to different applications. d) Delete the application versions manually.

B

Which of the following options is not an incorrect way to improve performance in your API Gateway? a) Use Stage Variables b) Enable API Gateway Caching c) Use Amazon Kinesis Data Streams to stream incoming data and reduce the burden on Gateway APIs d) Use Mapping Templates

B

Which of the following options is not appropriate for managing user access to your API Gateway? a) Using IAM permissions with sigv4 b) Using API Gateway User Pools c) Using Cognito User Pools d) None of the above

B

Which of the following statements is true regarding Multi-AZ and Read Replicas in RDS? a. Multi-AZ provides read scalability while Read Replicas provide high availability. b. Read Replicas provide read scalability while Multi-AZ provides high availability. c. Both Multi-AZ and Read Replicas provide read scalability and high availability.

B

Which permission should a developer use to allow an entity to assign additional permissions? A) sts:GetSessionToken B) iam:PassRole C) iam:AttachRolePolicy D) sts:GetCallerIdentity

B

Which policy is used to give an application global read-and-write access to all services in AWS? A) Resource policy B) Identity policy C) Password policy D) Session policy

B

Which service can be used to automate the release process but does not have any feature that allows you to implement the requirement of archiving a specific number of application revisions? A) AWS CloudWatch Log Agent B) Integrate with AWS CodePipeline C) CodeDeploy Agent D) Have a load balancer in front of your instances

B

Which service is used to monitor the duration for builds on CodeBuild? A) CloudTrail B) CloudWatch C) X-Ray D) VPC Flow

B

Which tool is used to capture information about the IP traffic going to and from network interfaces in a VPC? A. CloudWatch Logs B. VPC Flow Logs C. AWS Trusted Advisor D. AWS Inspector

B

Which type of API integration allows for direct interactions between the client and the integrated Lambda function? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

B

Which type of Elastic Load Balancer is recommended if you need to have a static IP for your load balancer? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. None of the above

B

Which type of Elastic Load Balancer provides both a static DNS name and a static IP? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. None of the above

B

Which types of protocols are supported by Network Load Balancers? a. TCP and HTTP b. TCP and UDP c. HTTP and UDP d. None of the above

B

While you're uploading large files to an S3 bucket using Multi-part Upload, there are a lot of unfinished parts stored in the S3 bucket due to network issues. You are not using these unfinished parts and they cost you money. What is the best approach to remove these unfinished parts? A) Use AWS Lambda to loop on each old/unfinished part and delete them B) Use an S3 Lifecycle Policy to automate old/unfinished parts deletion C) Request AWS Support to help you delete old/unfinished parts

B

Why is Amazon RDS MySQL an incorrect option for processing log data cost-effectively? A. It's not in real-time B. It's not cost-effective C. It requires the use of S3 buckets D. It requires the use of EC2 instances

B

Why is CloudWatch Logs an incorrect option for processing log data in real-time? A. It's not cost-effective B. Logs are not processed in real-time C. It requires the use of EC2 instances D. It requires the use of S3 buckets

B

Why is the size of the S3 bucket increasing when server logging is enabled? A) The S3 bucket is being encrypted B) Server access logs are being delivered to the same bucket C) The S3 bucket is being monitored D) The S3 bucket is being replicated across multiple regions

B

Will selecting DELETE trigger events when an object is uploaded to S3? A) Yes B) No

B

Will selecting GET trigger events when an object is uploaded to S3? A) Yes B) No

B

Will selecting POST trigger events when PUT and COPY are used to upload an object? A) Yes B) No

B

With ______________, Amazon SQS sends a response after it collects at least one available message, up to the maximum number of messages specified in the request. Amazon SQS sends an empty response only if the polling wait time expires. A) short polling B) long polling C) medium polling D) data polling

B

Write-capacity units (WCU's) are applied across to all your DynamoDB tables and this needs reconfiguration. A) True B) False; Read Capacity Units and Write Capacity Units are specific to one table.

B

You would like all your files in an S3 bucket to be encrypted by default. What is the optimal way of achieving this? A) Use a bucket policy that forces HTTPS connections B) Enable Default Encryption C) Enable versioning

B

You would like to deploy an AWS lambda function using the AWS CLI. Before deploying what needs to be done? A) Create a role for the AWS CLI with lambda permissions B) Package the local artefacts to S3 using cloudformation package CLI command C) Package the local artefacts to Lambda using cloudformation package CLI command D) Package the local artefacts to SAM using sam package CLI command

B

You would like to increase the throughput of a table scan but still leave capacity for the day to day workload. How would you do this? A) use a sequential scan with rate-limit parameter. B) use a parallel scan with rate-limit parameter C) use a query scan with rate-limit parameter D) Increase read capacity on a schedule.

B

You would like to provide Internet access to your EC2 instances in private subnets with IPv4 while making sure this solution requires the least amount of administration and scales seamlessly. What should you use? A) NAT Instances with Source/Destination Check flag off B) NAT Gateway C) Egress Only Internet Gateway

B

You would like to retrieve a subset of your dataset stored in S3 with the CSV format. You would like to retrieve a month of data and only 3 columns out of 10, to minimize compute and network costs. What should you use? A) S3 Inventory B) S3 Select C) S3 Analytics D) S3 Access Logs

B

You're getting errors while trying to create a new S3 bucket named dev. You're using a new AWS Account with no S3 buckets created before. What is a possible cause for this? A) You're missing IAM permissions to create an S3 bucket B) S3 bucket names must be globally unique and dev is already taken

B

You're planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your applications to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 Purchasing Option is suitable for you? A) Convertible Reserved Instances B) Dedicated Hosts C) Spot Instances

B

Your boss asked you to scale your Auto Scaling Group based on the number of requests per minute your application makes to your database. What should you do? A) You politely tell him it's impossible B) Create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG C) Enable Detailed Monitoring then create a CloudWatch Alarm to scale your ASG

B

How can you use an AMI in a different AWS Region? A) You can modify the AMI to work in the new Region B) You can launch an EC2 instance using the AMI in the new Region C) You can copy the AMI to the new Region and then use it to launch EC2 instances D) You can't use an AMI in a different Region

C

How does an Application Load Balancer obtain the client's IP address? a. By sending a request to the client's IP address b. By using a VPN to connect to the client's network c. By adding an additional header called X-Forwarded-For that contains the client's IP address d. None of the above

C

How does the CodeDeploy agent conserve disk space on instances? a) By integrating with AWS CodePipeline b) By having a load balancer in front of the instances c) By cleaning up archived revisions and log files d) By sending log data to CloudWatch Logs

C

How long is the default Cooldown Period in the Auto Scaling Group? a. 60 seconds b. 120 seconds c. 300 seconds d. 600 seconds

C

How many Aurora Read Replicas can you have in a single Aurora DB Cluster? A) 5 B) 10 C) 15

C

How many WCUs are needed to write an item that is 4 KB in size? A) 1 B) 2 C) 4 D) 8

C

If a user has two policies attached and one policy states an explicit deny on EC2 instances, while the other policy allows the "Describe" action, what will happen when the user tries to perform the "Describe" action on an EC2 instance? A) The user will be allowed access B) The result depends on the order of the policies C) The user will be denied access D) The user account will be invalid

C

If the front-end connection of your Classic ELB uses HTTP or HTTPS, then your back-end connections can use ___________. A) TCP or SSL B) TCP, SSL, HTTP or HTTPS C) HTTP or HTTPS D) None of the above

C

In which type of read request is the data stored in Query Cache in DynamoDB with a DAX cluster? a. Strongly consistent read request. b. Eventually consistent read request (GetItem and BatchGetItem). c. Eventually consistent read request (Query and Scan). d. Both a and b.

C

Is there any restriction on the number of environment variables that can be created in AWS Lambda? A) Yes, there is a limit of 50 variables B) Yes, there is a limit of 35 variables C) No, there is no limit on the number of variables D) None of the above

C

To improve the performance of a website hosted on S3, which service should be set up to work with the S3 bucket? A) Use Amazon S3 Transfer Acceleration B) Use Amazon S3 Caching C) Use Amazon CloudFront D) Use Amazon ElastiCache for Redis

C

What is the correct action to take to correct the policy of the IAM user to allow the kms:GenerateDataKey action? a) Correct the policy of the IAM user to allow the s3:Encrypt action b) Correct the bucket policy of the S3 bucket to allow the IAM user to upload encrypted objects c) Correct the policy of the IAM user to allow the kms:GenerateDataKey action d) Correct the ACL of the S3 bucket to allow the IAM user to upload encrypted objects

C

What is Amazon SQS? A) A fully managed pub/sub messaging service B) A service used to implement data streams C) A service used to implement message queues D) A service used to coordinate work across distributed components

C

What is Amazon Simple Queue Service (SQS) used for? A. To build SQL queries and sophisticated Java applications B. To load streaming data into data stores and analytics tools C. To decouple and scale microservices, distributed systems, and serverless applications D. To continuously capture gigabytes of data per second from multiple sources

C

What is CloudFront in the context of AWS? A) An API management service B) A storage service for static content C) A content delivery network (CDN) service D) A caching service for databases

C

What is EBS Multi-Attach? A) Attach the same EBS volume to multiple EC2 instances in multiple AZs B) Attach multiple EBS volumes in the same AZ to the same EC2 instance C) Attach the same EBS volume to multiple EC2 instances in the same AZ D) Attach multiple EBS volumes in multiple AZs to the same EC2 instance

C

What is ElastiCache? a. A managed service that provides scalable compute capacity in the cloud. b. A managed service that provides scalable storage capacity in the cloud. c. A managed service that provides in-memory data store in the cloud.

C

What is ElastiCache? a. A service that provides scalable block storage for EC2 instances. b. A service that provides scalable file storage for EC2 instances. c. A service that provides scalable in-memory caching for web applications.

C

What is Latency Routing Policy in Route 53? a. A routing policy that directs traffic to resources based on the geographic location of the client. b. A routing policy that distributes traffic across all healthy resources in proportion to their relative weight. c. A routing policy that evaluates the latency between users and AWS Regions to minimize response time.

C

What is Multi Value Routing Policy in Route 53? a. A routing policy that directs traffic to resources based on the geographic location of the client. b. A routing policy that distributes traffic across all healthy resources in proportion to their relative weight. c. A routing policy that returns multiple values for a single DNS query, to be interpreted by the client.

C

What is Route 53 in the context of web applications? a. A service that provides scalable in-memory caching for web applications. b. A service that provides block storage for EC2 instances. c. A service that provides DNS management for domain names and routing for web applications.

C

What is TTL in the context of DNS records? a. The maximum size of a DNS record that can be returned by a DNS server. b. The minimum number of DNS queries that must be made before a DNS record can be cached. c. The amount of time that a DNS record can be cached by a DNS resolver.

C

What is Write Through in the context of caching strategies? a. A strategy where the application checks the cache first for requested data, and if not found, retrieves the data from the database and adds it to the cache. b. A strategy where the application populates the cache with all data upon startup, and subsequently reads from the cache for all data requests. c. A strategy where the application writes data to both the cache and the database simultaneously, ensuring that the cache is always up-to-date.

C

What is a Comment in an AWS Step Functions state? A) A path that selects a portion of the state's input to be passed to the state's output B) A path that selects a portion of the state's input to be passed to the state's task for processing C) A human-readable description of the state D) A required field that specifies the type of the state

C

What is a security feature of Amazon CloudFront when used with S3? A) Amazon S3 Transfer Acceleration B) Amazon S3 Caching C) Origin Access Identity (OAI) D) Amazon ElastiCache for Redis

C

What is an AMI in AWS? A) An Amazon Machine Interface B) An Amazon Machine Integration C) An Amazon Machine Image D) An Amazon Machine Implementation

C

What is an environment variable in AWS Lambda? A) A limit of 50 variables B) A limit of 4 KB C) A pair of strings stored in a function's version-specific configuration D) A limit of 35 variables

C

What is eksctl? A) An open source command line tool for interacting with Kubernetes infrastructure B) A tool for managing AWS services C) A command line utility for creating and managing Kubernetes clusters on Amazon EKS D) The AWS SDK for Python

C

What is the AWS::Serverless::API resource used for? A) Embedding applications from Amazon S3 buckets B) Creating a Lambda function C) Creating API Gateway resources and methods D) Creating a Lambda layered function

C

What is the advantage of using Amazon ElastiCache Redis in Cluster-Mode compared to a single node? A) The number of shards can be scaled vertically B) The storage capacity of the cluster is limited to the instance type C) The number of shards can be scaled horizontally

C

What is the appropriate option for managing user access to an API Gateway? A) Use IAM permissions with sigv4 B) Use Lambda Authorizer C) Use Cognito User Pools D) Use AWS Web Application Firewall (AWS WAF)

C

What is the best way to specify a different source location for a build project in AWS CodeBuild if you don't have access to the project? A) Issue the update project command and specify the new location of the build. B) Specify the new location of the build in a new buildspec.yml file and issue the update- project command. C) Specify the new location of the build in a new buildspec.yml file and use the start-build command. D) Specify the new location of the build in a new buildspec.yml file and use the update-build command.

C

What is the common use case of storing session data in ElastiCache? a. To improve the durability of your application. b. To improve the availability of your application. c. To ensure different EC2 instances can retrieve user's state if needed.

C

___________________ lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. _________________ scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

Amazon Cognito

To manage large _________________ messages, you can use __________________ and the Amazon ____________________ library for Java. This is especially useful for storing and consuming messages up to 2 GB. Unless your application requires repeatedly creating queues and leaving them inactive or storing large amounts of data in your queues, consider using Amazon S3 for storing your data.

Amazon SQS; Amazon S3; SQS Extended Client

Object tags can be replicated across AWS Regions using ______________________. For customers with _______________________ already enabled, new permissions are required for tags to replicate

Cross-Region Replication (CRR)

A bank is using DynamoDB to manage their transaction records. The database has grown to tens of millions of records and querying the table is resulting in increased latency and cost. How can the bank optimize the database to reduce latency and costs, and still be able to query the entire table across all partitions with attributes other than the primary key? A) Use a composite primary key. B) Use local secondary index (LSI). C) Use the Scan operation. D) Use global secondary index (GSI).

D

A cloud engineer wants to retrieve the first 8 MB of a file hosted on Amazon S3 using a CLI. What is the best way to retrieve a specified portion from an S3 file? A) Use the aws s3 cp command. B) Use S3 Select. C) Use the get-object command. D) Use the Range HTTP header in a GET Object request.

D

A company develops an application that connects to DynamoDB at start-up to load content. Application load times need to be improved by changing to an eventual consistency model. Which solution should be used? A) Athena B) CloudFront C) Lambda D) ElastiCache

D

A company has a WebSocket messaging system that needs to be migrated to the cloud at a minimal cost. Which service should be used? A) Amazon Elastic Compute Cloud (EC2) B) Amazon Simple Queue Service (SQS) C) Amazon Short Message Service (SMS) D) Amazon managed message broker

D

A company is using DynamoDB to manage a large customer base spread across three regions. The company has three separate CustomerProfiles tables to allow customers in each region to update their profile information. Changes to data in one table are currently not reflected in other tables and customers in one region could lose their data if that region becomes unavailable. Which solution can the company use to keep the DynamoDB tables in sync? A) Create a local secondary index (LSI) from the base music table. B) Use global secondary index (GSI). C) Write code to replicate data changes among these tables. D) Use a global table.

D

A company just deployed a containerized guest book application onto Kubernetes clusters. They are using Amazon EKS to manage and scale the containerized application. Which command line tool can the developers use to interact with the Kubernetes infrastructure and view the Kubernetes resources? A) Boto3 B) eksctl C) AWS CLI D) kubectl

D

How can you increase the CPU power of an AWS Lambda function? A) Update deployment configuration with required CPU details for a Lambda function. B) Update the CPU setting required in AWS console. C) CPU power cannot be increased; it is automatically managed by AWS. D) Update the memory setting as required in AWS console.

D

How can you use a network ACL to block specific IP addresses in a VPC subnet? A) Update the outbound security group of the EC2 instance to deny access from the identified IPs. B) Update the inbound security group of the EC2 instance to deny access from the identified IPs. C) Update the outbound network ACL to deny access to connections originating from the identified IPs. D) Update the inbound network ACL to deny access to connections originating from the identified IPs.

D

How does Amazon Kinesis Data Streams differ from AWS Glue? a) KDS is a real-time data streaming service while Glue is a data integration service b) KDS is best suited for real-time data processing while Glue is not c) KDS is more cost-effective than Glue d) Both a and b

D

How does Amazon Kinesis Data Streams differ from Amazon Kinesis Firehose? a) KDS is highly customizable while Firehose is fully managed b) KDS is more cost-effective than Firehose c) KDS is best suited for developers building custom applications while Firehose is best suited for loading streaming data into data stores and analytics tools d) All of the above

D

How does Amazon Kinesis Data Streams differ from Amazon Simple Queue Service (SQS)? a) KDS is a real-time data streaming service while SQS is a message queue service b) KDS can be integrated with multiple downstream applications while SQS is only for individual message fail/success c) KDS is more cost-effective than SQS d) Both a and b

D

In AWS SQS SendMessage operation, what is the maximum size of the message body string? A) 512 MB B) 256 MB C) 512 KB D) 256 KB

D

In a CloudFormation template, which section is used to control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update? A) Resources B) Parameters C) Mappings D) Conditions

D

REST APIs enable you to develop all kinds of web applications that have all possible CRUD (create, retrieve, update, delete) operations. Which HTTP method is used for creating a new resource? A) GET B) PUT C) PATCH D) POST

D

Using S3 object tags, Amazon S3 Replication (Cross-Region Replication (CRR) and Same-Region Replication (SRR)) is configured at the: A) S3 bucket level B) a shared prefix level C) or an object level D) All of the above

D

What HTTP method is used to create a new resource? A) GET B) PUT C) PATCH D) POST

D

What HTTP response code is returned if the resource is not found on the server? A) 200 (OK) B) 201 (Created) C) 400 (Bad Request) D) 404 (Not Found)

D

When should the lazy loading caching strategy be used? A) To cache data that must be updated in real time B) To cache data that will be read often but written frequently C) To cache data that always loads from the database and never uses the cache D) To cache data that will be read often but written infrequently

D

Where can you set configuration options in Elastic Beanstalk? A. Elastic Beanstalk console and EB CLI during environment creation B. Saved configurations C. Configuration files (.ebextensions) D. All of the above

D

Where does CloudBuild cache large assets that are created during the build and rarely change? A) User-defined storage B) AWS EFS C) Microsoft GitHub D) Amazon S3 bucket

D

Where should you look in JSON policy documents to check if the user or role has permissions for the kms:GenerateDataKey action on the bucket's AWS KMS key? a) Policies related to S3 access b) Statements with "Effect": "Deny" c) Policies related to AWS KMS access d) Statements with "Effect": "Allow"

D

Which API integration type is best suited for proxying through to another HTTP endpoint? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

D

Which AWS Security Token Service (STS) API operation returns a set of temporary security credentials for federated users who are authenticated by an organization's existing identity system? A) GetSessionToken B) AssumeRoleWithWebIdentity C) AssumeRole D) AssumeRoleWithSAML

D

Which AWS Security Token Service (STS) API operation returns temporary security credentials for an existing IAM user? A) AssumeRoleWithWebIdentity B) AssumeRole C) AssumeRoleWithSAML D) GetSessionToken

D

Which AWS service enables you to quickly develop, build, and deploy applications on AWS? A) AWS CodeDeploy B) AWS CodeCommit C) AWS CodeBuild D) AWS CodeStar

D

Which AWS service helps monitor the logs for AWS Lambda function? A) AWS CloudFormation B) AWS Config C) AWS SWF D) AWS CloudWatch

D

Which AWS service is a content delivery network (CDN) that securely delivers data, videos, applications, and APIs to customers globally with low latency and at high transfer speeds? A) AWS Data Pipeline B) AWS S3 C) AWS API Gateway D) AWS CloudFront

D

Which AWS service is a fully managed deployment service that automates software deployments to a variety of compute services? A) AWS CodeStar B) AWS CodeBuild C) AWS CodeCommit D) AWS CodeDeploy

D

Which AWS service provides a publish and subscribe (pub/sub) messaging model for asynchronous message processing? A) AWS Simple Workflow Service (SWF) B) AWS Simple Queue Service (SQS) C) AWS Kinesis D) AWS Simple Notification Service (SNS)

D

Which AWS service provides serverless orchestration that you can use to combine Lambda functions and other AWS services to build critical applications? A) AWS API Gateway B) AWS Simple Queue Service (SQS) C) AWS Lambda D) AWS Step functions

D

Which CLI command is used to perform multifactor authentication (MFA)? A) aws iam get-login-profile B) aws iam get-access-key-last-used C) aws sts get-access-key-info D) aws sts get-session-token

D

Which Elastic Load Balancer type uses the reserved cookie names (AWSALB, AWSALBAPP, AWSALBTG)? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. All of the above

D

Which Elastic Load Balancer types have a static DNS name? a. Network Load Balancer b. Application Load Balancer c. Classic Load Balancer d. Both b and c

D

Which answer is INCORRECT regarding IAM Users? A) IAM Users can belong to multiple User Groups B) IAM Users don't have to belong to a User Group C) IAM Policies can be attached directly to IAM Users D) IAM Users access AWS services using root account credentials

D

Which application log-in solution uses a custom process? A) IAM B) OpenID Connect-provided identity pools C) Amazon Cognito user pools D) Developer-authenticated identity pools

D

Which command line tool can be used to view Kubernetes resources? A) Boto3 B) eksctl C) AWS CLI D) kubectl

D

Which declaration specifies that a CloudFormation template is an AWS SAM template? A) Properties B) Resources C) Policies D) Transform

D

Which logging mechanism provides a collection of logs in CloudWatch that share the same source? A) Log subscription B) Log group C) Log filter D) Log stream

D

Which messaging service is discussed in the business case that is used to asynchronously manage the flow of updates from suppliers? A) Amazon Relational Database Service (RDS) B) S3 C) Elastic Container Registry (ECR) D) SQS

D

Which of the following databases is not supported by Amazon Aurora? a. MySQL b. PostgreSQL c. MariaDB d. Oracle

D

Which of the following databases is not supported by RDS? a. MySQL b. PostgreSQL c. MariaDB d. MongoDB

D

Which of the following is NOT a Glacier Flexible retrieval mode? A) Expedited (1 - 5 minutes) B) Standard (3 - 5 hours) C) Bulk (5 - 12 hours) D) Instant (10 seconds)

D

You are creating a mobile application that needs access to the AWS API Gateway. Users will need to register first before they can access your API and you would like the user management to be fully managed. Which authentication option should you use for your API Gateway layer? A) Use IAM permissions with sigv4 B) Use API Gateway User Pools C) Use Lambda Authorizer D) Use Cognito User Pools

D

You have a MySQL RDS database instance on which you want to enforce SSL connections. What should you do? A) Modify your DB Security Group to only allow SSL traffic B) Download SSL certificates from your DB, then use these certificates in your application to connect over SSL C) Enable MySQL RDS Database Encryption D) Execute a REQUIRE SSL SQL statement to all your DB users

D

You have a legal requirement that people in any country but France should NOT be able to access your website. Which Route 53 Routing Policy helps you in achieving this? A) Latency B) Simple C) Multi Value D) Geolocation

D

You have a website that loads files from an S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when the website you're visiting tries to load these files it doesn't. What's the problem? A) The Bucket policy is wrong B) The IAM policy is wrong C) Encryption is wrong D) CORS is wrong

D

_________________ such as Amazon S3 invoke your Lambda function. These ___________________ maintain a mapping that identifies the function to invoke when events occur. If you specify a Lambda function alias in the mapping configuration, you don't need to update the mapping when the function version changes

Event sources

How do high-resolution CloudWatch Alarms compare to standard 1-minute alarms in terms of the actions that can be taken?

High-resolution CloudWatch Alarms allow you to react and take actions faster and support the same actions available with standard 1-minute alarms.

If you are configuring CORS in the S3 console, you must use _______________ to create a CORS configuration. The new S3 console only supports ______________ CORS configurations.

JSON

What is the purpose of setting a TTL value for a DNS record? a. To prevent DNS resolvers from caching the record and forcing them to query the authoritative DNS server each time. b. To ensure that the DNS record is cached for as long as possible, improving the performance of the web application. c. To strike a balance between how long the record should be cached vs. how many requests should go to the DNS resolver.

C

What is the purpose of the CodeDeploy agent? a) To send log data to CloudWatch Logs from Amazon EC2 instances b) To automate release pipelines for fast and reliable application and infrastructure updates c) To make it possible for an instance to be used in CodeDeploy deployments and manage revisions and log files on instances d) To balance incoming traffic across different EC2 instances

C

What is the purpose of the cp command in S3? A. To download a specific portion of an object B. To pull out only the data needed from an object C. To copy a local file or an S3 object to another location locally in S3 D. To download the whole file

C

What is the purpose of the docker ps command? A) To build a Docker image B) To push a Docker image to a registry C) To list running Docker containers D) To launch a Docker container

C

What is the purpose of the policies section in an AWS SAM template? A) To specify the properties of AWS resources B) To define the parameters used in the template C) To provide the IAM policy to be referenced for the function D) To specify the input data for the function

C

What is the purpose of using bucket policies to control access to Amazon S3 resources? A) To grant specific permissions to specific users for an individual bucket or object B) To create a URL to an Amazon S3 object that is only valid for a limited time C) To define rules that apply broadly across all requests to Amazon S3 resources D) To grant IAM users fine-grained control to specific Amazon S3 buckets or objects

C

What is the recommended service to use with S3 for optimization of performance and security while managing cost for a website that targets aviation enthusiasts and experiences slow response and lag from users from other parts of the world? A) Use Amazon S3 Transfer Acceleration B) Use Amazon S3 Caching C) Use Amazon CloudFront D) Use Amazon ElastiCache for Redis

C

What is the relationship between DNS resolvers and authoritative DNS servers? a. DNS resolvers are responsible for translating domain names to IP addresses, while authoritative DNS servers are responsible for storing and managing DNS records. b. Authoritative DNS servers are responsible for translating domain names to IP addresses, while DNS resolvers are responsible for storing and caching DNS records. c. DNS resolvers query authoritative DNS servers to obtain DNS records, which they then cache and return to clients.

C

What is the right place to configure the IAM role used by Auto Scaling group instances? a. In the Auto Scaling group policy b. In the IAM user policy c. In the Auto Scaling launch template d. In the EC2 instance policy

C

What is the simplest way to run periodic database backups on Amazon RDS? A) Enable RDS Multi-AZ B) Enable RDS Read replicas C) Create a cron event in CloudWatch, which triggers an AWS Lambda function that triggers the database snapshot D) Enable RDS automatic backups

C

What is the suitable solution for meeting the requirement of retaining monthly database backups for a three-year contract on Amazon RDS? A) Enable RDS Multi-AZ B) Enable RDS Read replicas C) Create a cron event in CloudWatch, which triggers an AWS Lambda function that triggers the database snapshot D) Enable RDS automatic backups

C

What kind of resources does the resources section contain in an AWS SAM template? A) Only AWS SAM resources B) Only CloudFormation resources C) Both AWS SAM and CloudFormation resources D) Neither AWS SAM nor CloudFormation resources

C

What problem does the ELB Sticky Session feature help to solve? a. Ensuring that all clients receive the same amount of traffic b. Ensuring that all clients are routed to the same target, regardless of their session data c. Ensuring that clients do not lose their session data d. None of the above

C

What service allows you to deploy code to EC2 instances and configure the instances to archive a specific number of application revisions? A) AWS CloudWatch Log Agent B) Integrate with AWS CodePipeline C) CodeDeploy Agent D) Have a load balancer in front of your instances

C

What should you check to troubleshoot instances that are being launched in the wrong ECS cluster, even when specifying a different cluster name in the CloudFormation template? a. The security groups on the EC2 instance b. The IAM permissions of the EC2 instance c. The cluster name Parameter in the file /etc/ecs/ecs.config d. The ECS agent Docker image

C

What should you do to increase your root account security? A) Remove permissions from the root account B) Only access AWS services through AWS Command Line Interface (CLI) C) Enable Multi-Factor Authentication (MFA) D) Don't create IAM Users, only access your AWS account using the root account

C

What type of API collection can be created using Amazon API Gateway? A) REST APIs B) HTTP APIs C) Both A and B D) None of the above

C

What will be the result if an IAM user tries to use the "Describe" action on an EC2 instance using the CLI and has two policies attached, one of which explicitly denies access to EC2 instances and the other allows permission for the "Describe" action? A) The user will get access because it has an explicit allow B) The order of the policy matters C) The user will be denied access because one of the policies has an explicit deny on it D) The IAM user stands in an invalid state

C

When calling a service using a REST API, a developer receives ThrottlingException errors. Which technique will solve this problem? A) Time-out B) Retry C) Exponential backoff D) Sliding window

C

When using VPC Endpoints, what are the only two AWS services that have a Gateway Endpoint available? A) Amazon S3 & Amazon SQS B) Amazon SQS & DynamoDB C) Amazon S3 & DynamoDB

C

Which API integration type is best suited for returning a pre-configured response without actually calling the API component? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

C

Which AWS Security Token Service (STS) API operation returns temporary security credentials for federated users who are authenticated by an organization's existing identity system? A) AssumeRoleWithWebIdentity B) AssumeRole C) AssumeRoleWithSAML D) GetSessionToken

C

Which AWS service is a fully managed source control service that hosts secure, Git-based repositories? A) AWS CodeStar B) AWS CodeBuild C) AWS CodeCommit D) AWS CodeDeploy

C

Which EC2 Instance Type should you choose for a critical application that uses an in-memory database? A) Compute Optimized B) Storage Optimized C) Memory Optimized D) General Purpose

C

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases? A) Convertible Reserved Instances B) Dedicated Hosts C) Spot Instances

C

Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year? A) On-Demand Instances B) Spot Instances C) Reserved Instances

C

Which build providers are natively supported by CodePipeline? A) CodeBuild and Azure DevOps B) CodeBuild and CodeDeploy C) CodeBuild and Jenkins D) CodeBuild and GitHub

C

Which item should be configured to grant an EC2 instance access to an S3 bucket without the use of a password? A) Root user B) Federated user C) Role D) User

C

Which of the following AWS services is not suitable for storing session data? a. DynamoDB b. ElastiCache c. S3 d. RDS

C

Which of the following databases is not a relational database? a. MySQL b. PostgreSQL c. DynamoDB d. Oracle

C

Which of the following is a feature of DynamoDB global tables? A) It consists of a single table B) It has a different primary key schema for each replica C) It consists of multiple replica tables with the same table name and primary key schema

C

Which of the following is an IAM best practice? A) Create several IAM Users for one physical person B) Share your AWS account credentials with your colleague, so he can perform a task for you C) Don't use the root user account D) Do not enable MFA for easier access

C

Which of the following is an example of a criterion that an Application Load Balancer can use to route traffic to different Target Groups? a. IP Address b. Port Number c. URL Path d. None of the above

C

Which of the following is not a database engine supported by RDS? a. PostgreSQL b. Oracle c. MongoDB d. SQL Server

C

Which of the following is not a feature of ElastiCache Redis Cluster? a. Caching data in-memory. b. Storing data on disk for long-term durability. c. Supporting multiple data models, including key-value, document, and graph.

C

Which of the following is true about Network Load Balancers? a. They only support the TCP protocol b. They only support the UDP protocol c. They support both the TCP and UDP protocols d. None of the above

C

Which of the following is true about the ELB Sticky Session feature? a. It ensures that traffic for different clients is always redirected to the same target b. It ensures that traffic for the same client is always redirected to a different target c. It ensures that traffic for the same client is always redirected to the same target d. None of the above

C

Which of the following options correctly describes the result of an IAM user trying to perform an EC2 "Describe" action when two policies are attached, one of which explicitly denies access to EC2 instances and the other allows permission for the "Describe" action? A) The user will be allowed access because of an explicit allow B) The result depends on the order of the policies C) The user will be denied access because of an explicit deny D) The IAM user account will be in an invalid state

C

Which of the following options provides the best performance improvement for read workloads in DynamoDB? A. ElastiCache B. Global Tables C. DynamoDB Accelerator D. Higher throughput for tables

C

Which of the following services is not available as an HTTP API via Amazon API Gateway? A) AWS Lambda B) Amazon Cognito C) AWS Web Application Firewall (AWS WAF) D) AWS Identity and Access Management (IAM)

C

Which section of a CloudFormation template is used to specify conditional parameter values, similar to a lookup table? A) Parameters B) Resources C) Mappings D) Conditions

C

Which service is used to analyze and debug distributed applications? A) CloudTrail B) CloudWatch C) AWS X-Ray D) VPC Flow Logs

C

Which storage option is ideal for high-performance applications that require high IOPS and low-latency storage? A) EBS volumes B) EFS C) EC2 Instance Store D) S3

C

Which type of API integration allows for testing the integration setup without incurring charges for using the backend? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

C

Which type of API integration is best suited for isolating the development effort of different teams in a collaborative development setting? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

C

Who is responsible for handling a 400 series error? A. The server B. The backend servers C. The developer D. The user

C

Why is it recommended to store database credentials in the AWS Systems Manager parameter store? A) It is easier to manage than other storage solutions B) It is less expensive than other storage solutions C) It is more secure than other storage solutions D) It is faster than other storage solutions

C

You and your colleague are working on an application that's interacting with some AWS services through making API calls. Your colleague can run the application on his machine without issues, while you get API Authorization Exceptions. What should you do? A) Send him your AWS Access Key and Secret Access Key so he can replicate the issue on his machine B) Ask him to send you his IAM credentials so you can work without issues C) Compare both your IAM Policy and him IAM Policy in AWS Policy Simulator to understand the differences D) Ask him to create an EC2 instance and insert his IAM credentials inside it, so you can run the application from the EC2 instance

C

You are a developer for a company. You have to develop an application that would transfer the logs from several EC2 Instances to an S3 bucket. Which of the following would you use for this purpose? A. AWS Database Migration Service B. AWS Athena C. AWS Data Pipeline D. AWSEMR

C

You are developing an application that is working with a DynamoDB table. During the development phase, you want to know how much of the Consumed capacity is being used for the queries being fired. How can this be achieved? A. The queries by default sent via the program will return the consumed capacity as part of the result. B. Ensure to set the ReturnConsumedCapacity in the query request to TRUE. C. Ensure to set the ReturnConsumedCapacity in the query request to TOTAL. D. Use the Scan operation instead of the query operation.

C

You are experiencing slow IOPS performance with your 8TB gp2 EBS volume. Which of the following is NOT a way to increase performance? A) Mount EBS volumes in RAID 0 B) Change to an io1 volume type C) Increase the EBS volume size D) Change the EC2 instance type

C

You are using an EBS volume for your database and experiencing slow IOPS performance. Which of the following actions should you consider to increase the IOPS? A) Increase the EBS volume size B) Use a larger EC2 instance C) Mount EBS volumes in RAID 0 D) Decrease the EBS volume size

C

You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second. Which type of Elastic Load Balancer should you choose? A) Application Load Balancer B) Classic Load Balancer C) Network Load Balancer

C

You are working for a shipping company that is automating the creation of ECS clusters with an Auto Scaling Group using an AWS CloudFormation template that accepts cluster name as its parameters. Initially, you launch the template with input value 'MainCluster', which deployed five instances across two availability zones. The second time, you launch the template with an input value 'SecondCluster'. However, the instances created in the second run were also launched in 'MainCluster' even after specifying a different cluster name. What is the root cause of this issue? A) The security groups on the EC2 instance are pointing to the wrong ECS cluster B) The EC2 instance is missing IAM permissions to join the other clusters C) The cluster name Parameter has not been updated in the file /etc/ecs/ecs.config during bootstrap D) The ECS agent Docker image must be re-built to connect to the other clusters

C

A _____________________ with HTTP or HTTPS listeners might route more traffic to higher-capacity instance types. This distribution aims to prevent lower-capacity instance types from having too many outstanding requests. It's a best practice to use similar instance types and configurations to reduce the likelihood of capacity gaps and traffic imbalances.

Classic Load Balancer

With _________________, you encrypt data _____________ and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

Client-Side Encryption; client-side

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. Hence, Lambda does not need _______________ to run its services.

CloudFormation

You can use an AWS ______________ template in conjunction with AWS _______________ and AWS _______________ to create a test environment that deploys to your production environment when the changes to your application are approved, helping you _________________ a continuous delivery workflow.

CloudFormation; CodePipeline; CodeCommit; automate

What is the frequency at which CloudWatch Alarms can evaluate metrics with high-resolution custom metrics?

CloudWatch Alarms can evaluate metrics with high-resolution custom metrics as frequently as every 10 seconds.

AWS _________________ is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With __________________, you don't need to provision, manage, and scale your own build servers. AWS CodePipeline uses AWS CloudFormation as a deployment action but is not a mandatory service

CodeBuild

AWS ___________________ supports Amazon _________________ endpoints powered by AWS ________________. This means you can connect directly to CodePipeline through a private endpoint in your VPC, keeping all traffic inside your VPC and the AWS network.

CodePipeline; Virtual Private Cloud (Amazon VPC); PrivateLink;

Amazon___________ scales dynamically, automatically provisioning the needed capacity.

SQS

With ______________, you request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects.

Server-Side Encryption

Amazon _____________________ is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

Simple Queue Service (SQS)

Amazon _____________________ provides short polling and long polling to receive messages from a queue.

Simple Queue Service (SQS)

Approval actions can't be added to ___________________ stages. _____________ stages can contain only _____________ actions.

Source

______________s are used to roll out updated ___________s. Each _____________will have its own URL as follows: https://api-id.execute-api.region.amazonaws.com/stage

Stage; API

___________________ support all service integrations, activities, and design patterns. ___________________ do not support activities, job-run (.sync), and Callback patterns.

Standard Workflows; Express Workflows

AWS _______________ lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. Using _______________, you can design and run workflows that stitch together services such as AWS Lambda and Amazon ECS into feature-rich applications.

Step Functions

____________________ is a feature that monitors your access policies, ensuring that the policies provide only the intended access to your S3 resources. __________________ evaluates your bucket access policies and enables you to discover and swiftly remediate buckets with potentially unintended access.

S3 Access Analyzer

True or False: Multi-Part Upload is recommended as soon as the file is over 100 MB.

True

True or False: S3 Replication allows you to replicate data from an S3 bucket to another in the same/different AWS Region.

True

True or False: Server push mechanism is not possible in REST and HTTP API's

True

True or False: With SSE-KMS, the encryption happens in AWS, and the encryption keys are managed by AWS but you have full control over the rotation policy of the encryption key. Encryption keys stored in AWS.

True

A ___________________ is a script expressed in Velocity Template Language (VTL) and applied to the payload using JSONPath expressions. ____________________s help format/structure the data in a way that it is easily readable, unlike a server response that might always be easy to ready. ____________________s have nothing to do with access and are not useful for the current scenario.

mapping template

You can use replication to make copies of your objects that retain all _________________, such as the original object creation time and version IDs. This capability is important if you need to ensure that your replica is identical to the source object.

metadata

How does detailed monitoring for Amazon EC2 instances differ from basic monitoring in terms of metric data collection?

With detailed monitoring, Amazon EC2 sends metric data to CloudWatch in 1-minute periods, whereas with basic monitoring, it sends metric data in 5-minute periods.

The _________________ request header helps you identify the IP address of a client when you use an HTTP or HTTPS load balancer. Because load balancers intercept traffic between clients and servers, your server access logs contain only the IP address of the load balancer. To see the IP address of the client, use the __________________ request header.

X-Forwarded-For

To configure your bucket to allow cross-origin requests, you create a CORS configuration, which is an _________________ with rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) that will support for each origin, and other operation-specific information.

XML document

Amazon S3 ________________________ enable you to manage access to buckets and objects. Each bucket and object has an __________________ attached to it as a subresource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding __________________ to verify that the requester has the necessary access permissions.

access control lists (ACLs)

Replication only replicates the objects added to the bucket ______________ replication is enabled on the bucket. Any objects present in the bucket before enabling replication are not replicated.

after

Event sources such as Amazon S3 invoke your Lambda function. These event sources maintain a mapping that identifies the function to invoke when events occur. If you specify a Lambda function _____________ in the mapping configuration, you don't need to update the mapping when the function version changes.

alias

A Lambda function ____________ is like a pointer to a specific Lambda function _____________. You can create one or more ________es for your AWS Lambda function. Users can access the function version using the _______________.

alias; version; alias ARN

You can add an _________________ to a stage in an AWS CodePipeline pipeline at the point where you want the pipeline to stop so someone can manually approve or reject the action.

approval action

You can add an _____________________ to a stage in a CodePipeline pipeline at the point where you want the pipeline to stop so someone can ______________ approve or reject the action

approval action; manually

What is the frequency at which you can set up CloudWatch Alarms with high-resolution custom metrics?

as frequently as every 10 seconds.

When an _________________ event ______________ the maximum age or fails all retry attempts, Lambda ___________ it. Or sends it to __________________ if you have configured one.

asynchronous invocation; exceeds; discards; dead-letter queue

What is the CLI command to enable detailed monitoring of the EC2 instances your team uses?

aws ec2 monitor-instances --instance-ids i-1234567890abcdef0

Use ________________ to manage cross-account control and audit the S3 object's permissions. If you apply a ________________ at the bucket level, you can define who can access (Principal element), which objects they can access (Resource element), and how they can access (Action element).

bucket policies; bucket policy

A _____________________ is a resource-based AWS Identity and Access Management (IAM) policy. You add a _________________ to a bucket to grant other AWS accounts or IAM users access permissions for the bucket and the objects in it. Object permissions apply only to the objects that the bucket owner creates.

bucket policy

Applying a _________________ at the bucket level allows you to define granular access to different objects inside the bucket by using multiple policies to control access. You can also review the __________________ to see who can access objects in an S3 bucket.

bucket policy

EBS volumes support both _______________ and ________________ using KMS. Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its attached EBS storage.

in-flight encryption; encryption at rest

You can configure your Lambda function to pull in additional code and content in the form of _____________s. A ___________ is a ZIP archive that contains libraries, a custom runtime, or other dependencies.

layer

Load Balancers intercept traffic between clients and servers, so server access logs will contain only the IP address of the _________________.

load balancer

In Lambda functions, you can insert _________________________ into your code to help you validate that your code is working as expected. Lambda automatically integrates with CloudWatch Logs and pushes all logs from your code to a CloudWatch Logs group associated with a Lambda function, which is named /aws/lambda/<function name>.

logging statements

When __________________ are enabled for the load balancer, this can be the reason for potential unequal traffic routing by the load balancer. __________________ are a mechanism to route requests to the same target in a target group. This is useful for servers that maintain state information in order to provide a continuous experience to clients. To use ____________________, the clients must support cookies.

sticky sessions

A _______________ can only be associated with one route table at a time, but you can associate multiple ______________s with the same route table.

subnet

When you invoke a function _______________, Lambda runs the function and waits for a response. Queues are generally used with __________ invocations since queues implement the decoupling feature of various connected systems.

synchronously; asynchronous

What is the primary benefit of using high-resolution CloudWatch Alarms?

the ability to react and take actions faster.

GenerateDataKey returns a _____________ data key for each request. The bytes in the plaintext key are not related to the API caller or the CMK.

unique

___________________ is a period during which Amazon SQS prevents other consumers from receiving and processing a given message. The default ___________________ for a message is 30 seconds. The minimum is 0 seconds. The maximum is 12 hours.

Visibility timeout

Using ChangeMessageVisibility from the AWS SQS API will do what? A) Changes the visibility timeout of a specified message in a queue to a new value. B) Changes the message visibility from true to false. C) Deletes the message after a period of time. D) None of the above

A

What HTTP method is used to retrieve a resource? A) GET B) PUT C) PATCH D) POST

A

What HTTP response code is returned if the GET API request is correctly formed and the resource is found on the server? A) 200 (OK) B) 201 (Created) C) 400 (Bad Request) D) 404 (Not Found)

A

What is the purpose of AWS Data Pipeline? A. To automate data movement and transformation B. To automate data storage C. To automate data analysis D. To automate data backup

A

What is Amazon S3? A) A fully managed NoSQL database service B) A serverless computing platform C) A cloud-based object storage service D) A service for real-time processing of streaming data at scale

C

Amazon RDS supports the following databases, EXCEPT: A) MongoDB B) MySQL C) MariaDB D) Microsoft SQL Server

A

An analytics application is currently performing its queries against your main production RDS database. These queries run at any time of the day and slow down the RDS database which impacts your users' experience. What should you do to improve the users' experience? A) Setup a Read Replica B) Setup Multi-AZ C) Run the analytics queries at night

A

It's not always possible to distribute read and write activity evenly. When data access is imbalanced, a __________________ can receive a higher volume of read and write traffic compared to other partitions. To better accommodate uneven access patterns, DynamoDB adaptive capacity enables your application to continue reading and writing to _________________ without being throttled, provided that traffic does not exceed your table's total provisioned capacity or the partition maximum capacity.

"hot" partition

When creating a Lambda function, what must be specified to provide the entry point for Lambda calls? A) Deployment package B) Event object C) Context object D) Function handler

D

By default, API Gateway limits the steady-state request rate to _________________. It limits the burst (the maximum bucket size) to __________________ across all APIs within an AWS account. This is Account-level throttling.

10,000 requests per second (rps); 5,000 requests

Multi-Part Upload for AWS S3 is recommended for files over what size?

100 MB

Which of the following error codes would have a HTTP Status Code 409: 1. AccessDenied 2. BucketAlreadyExists 3. BucketNotEmpty 4. IncompleteBody

2, 3

What is the interval at which Amazon EC2 sends metric data to CloudWatch as part of basic monitoring?

5-minute periods

To host your static website, you configure an Amazon S3 bucket for website hosting and then upload your website content to the bucket. The website is then available at the region-specific website endpoint of the bucket:

<bucket-name>.s3-website-<AWS-region>.amazonaws.com

A company has a production environment on AWS built with Elastic Beanstalk. Which action or feature in Elastic Beanstalk should the company employ to rapidly build a test environment based on this production environment? A) Elastic Beanstalk clone B) Elastic Beanstalk migration C) Elastic Beanstalk update D) Elastic Beanstalk worker

A

An application is tracking the number of logged-in users by creating a custom metric using the PutMetricData API. How long will it take for data to start becoming available for view on calls to ListMetrics? A) Between 0 and 15 minutes B) Between 30 and 60 minutes C) Between 12 and 24 hours D) Between 24 and 48 hours

A

A company has a workload that requires 14,000 consistent IOPS for data that must be durable and secure. The compliance standards of the company state that the data should be secure at every stage of its lifecycle on all of the EBS volumes they use. Which of the following statements are true regarding data security on EBS? A) EBS volumes support both in-flight encryption and encryption at rest using KMS B) EBS volumes do not support in-flight encryption but do support encryption at rest using KMS C) EBS volumes don't support any encryption D) EBS volumes support in-flight encryption but does not support encryption at rest

A

A company needs to ensure that Amazon Cognito Sync has sufficient capacity to deal with the company's large data sets. What is the maximum data set size allowed? A) 1 MB B) 10 MB C) 25 MB D) 100 MB

A

A company requires a fully managed database caching solution that supports replication and multiple availability zones for its SQL database instances. Which solution should the developer deploy to meet these requirements? A) ElastiCache for Redis B) CloudFront cache C) Elasticache for Memcached D) DynamoDB Accelerator

A

A developer is writing code that will use AWS Software Development Kit (SDK) for Java to handle the HTTP 404—Not Found status code generated when attempting to access a nonexistent S3 bucket. Which exception should this code handle? A) AmazonServiceException B) AmazonClientException C) Amazon.Runtime.AmazonServiceException D) Amazon.Runtime.AmazonClientException

A

A developer needs to add her AWS keys to her locally installed AWS CLI before using it. Which command should be used to do this? A) aws configure B) aws appconfig C) aws support D) aws transfer

A

A developer wants to have insights on all the data changes occurring as part of Cognito Sync. The solution needs to allow real-time analysis of the changes. Which services should be used? A) Cognito Streams and Kinesis B) Cognito Events and API Gateway C) Cognito user pools and API Gateway D) Cognito identity pools and Kinesis

A

A development team has deployed a REST API in Amazon API Gateway to two different stages - a test stage and a prod stage. The test stage is used as a test build and the prod stage as a stable build. After the updates have passed the test, the team wishes to promote the test stage to the prod stage. Which of the following represents the optimal solution for this use-case? A) Update stage variable value from the stage name of test to that of prod B) API performance is optimized in a different way for prod environments. Hence, promoting test to prod is not correct. The promotion should be done by redeploying the API to the prod stage C) Deploy the API without choosing a stage. This way, the working deployment will be updated in all stages D) Delete the existing prod stage. Create a new stage with the same name (prod) and deploy the tested version on this stage

A

A game developer is using DynamoDB as a serverless backend for a mobile game. The developer wants the application to write 180 items per minute to the DynamoDB table and the items are 4 KB in size. How many write capacity units (WCUs) must the developer provision? A) 12 B) 4 C) 24 D) 45

A

A junior developer working on ECS instances terminated a container instance in Amazon Elastic Container Service (Amazon ECS) as per instructions from the team lead. But the container instance continues to appear as a resource in the ECS cluster. As a Developer Associate, which of the following solutions would you recommend to fix this behavior? A) You terminated the container instance while it was in STOPPED state, that lead to this synchronization issues B) A custom software on the container instance could have failed and resulted in the container hanging in an unhealthy state till restarted again C) The container instance has been terminated with AWS CLI, whereas, for ECS instances, Amazon ECS CLI should be used to avoid any synchronization issues D) You terminated the container instance while it was in RUNNING state, that lead to this synchronization issues

A

A mobile application requires a user log-in. Which solution provides a token after successful authentication? A) Cognito user pools B) Cognito identity pools C) Identity and Access Management D) Single sign-on management

A

A multi-national enterprise uses AWS Organizations to manage its users across different divisions. Even though CloudTrail is enabled on the member accounts, managers have noticed that access issues to CloudTrail logs across different divisions and AWS Regions is becoming a bottleneck in troubleshooting issues. They have decided to use the organization trail to keep things simple. What are the important points to remember when configuring an organization trail? (Select two) 1. There is nothing called Organization Trail. The master account can, however, enable CloudTrail logging, to keep track of all activities across AWS accounts 2. Member accounts will be able to see the Organization trail, but cannot modify or delete it 3. Member accounts do not have access to organization trail, neither do they have access to the Amazon S3 bucket that logs the files 4. By default, CloudTrail event log files are not encrypted 5. By default, CloudTrail tracks only bucket-level actions. To track object-level actions, you need to enable Amazon S3 data events A) 2, 5 B) 1, 3 C) 4, 5 D) 2, 5

A

A recruit has created an Amazon Simple Storage Service (S3) bucket. He needs assistance in getting the security principles right for this bucket. Which of the following is NOT a security practice for access control to S3 buckets? A) Use of Security Groups B) Use of IAM Roles C) Use of Bucket Policies D) Use of Access Control Lists (ACLs)

A

A serverless application using Lambda requires retries to be done by the cloud provider, in the event of the throttling of requests. Which invocation pattern must be used for the Lambda function? A) Asynchronous B) Synchronous C) Poll-based D) Stream

A

A telecom service provider stores its critical customer data on Amazon Simple Storage Service (Amazon S3). Which of the following options can be used to control access to data stored on Amazon S3? (Select two) 1. IAM database authentication, Bucket policies 2. Bucket policies, Identity and Access Management (IAM) policies 3. Query String Authentication, Permissions boundaries 4. Query String Authentication, Access Control Lists (ACLs) 5. Permissions boundaries, Identity and Access Management (IAM) policies A) 2, 4 B) 1, 3 C) 2, 5 D) 3, 4

A

AWS CodePipeline uses AWS CloudFormation as a deployment action but is not a mandatory service A) True B) False

A

All read replicas associated with a DB instance remain associated with that instance after it is renamed. A) True B) False

A

An e-commerce company has an order processing workflow with several tasks to be done in parallel as well as decision steps to be evaluated for successful processing of the order. All the tasks are implemented via Lambda functions. Which of the following is the BEST solution to meet these business requirements? A) Use AWS Step Functions state machines to orchestrate the workflow B) Use AWS Step Functions activities to orchestrate the workflow C) Use AWS Glue to orchestrate the workflow D) Use AWS Batch to orchestrate the workflow

A

As a developer, you are looking at creating a custom configuration for Amazon EC2 instances running in an Auto Scaling group. The solution should allow the group to auto-scale based on the metric of 'average RAM usage' for your Amazon EC2 instances. Which option provides the best solution? A) Create a custom metric in CloudWatch and make your instances send data to it using PutMetricData. Then, create an alarm based on this metric B) Create a custom alarm for your ASG and make your instances trigger the alarm using PutAlarmData API C) Migrate your application to AWS Lambda D) Enable detailed monitoring for EC2 and ASG to get the RAM usage data and create a CloudWatch Alarm on top of it

A

Before making API calls against MFA-protected API, you should use ............................... to get temporary credentials. A) STS GetSessionToken B) STS GetFederationToken C) IAM GetMFAToken

A

Can developers see each other type in real-time in AWS Cloud9? A. Yes B. No

A

Can the CPU power of a Lambda function be increased by increasing the memory setting of a Lambda function? A) Yes B) No

A

Can the values stored in AWS Systems Manager Parameter Store be encrypted? a) Yes b) No

A

Can you attach an Elastic IP address to a Network Load Balancer? a. Yes b. No c. It depends on the region d. None of the above

A

Can you remove a setting applied from a saved configuration or settings applied directly to the environment in Elastic Beanstalk? A. Yes, using AWS CLI or EB CLI B. No, once applied it cannot be removed

A

Does Amazon ElastiCache Redis support multi-AZ deployment with automatic failover? A) Yes B) No

A

Each queue starts with a default setting of 30 seconds for the visibility timeout. A) True B) False

A

Elastic Beanstalk uses AWS CloudFormation to launch the resources in your environment and propagate configuration changes. A) True B) False

A

How can IAM policies be used to control access to Amazon S3 resources? A) By granting IAM users fine-grained control to specific Amazon S3 buckets or objects B) By restricting access to Amazon S3 resources based on the user's IP address C) By creating a URL to an Amazon S3 object that is only valid for a limited time D) By defining rules that apply broadly across all requests to Amazon S3 resources

A

How can you enhance the security of your ElastiCache Redis Cluster by forcing users to enter a password when they connect? A) Use Redis Auth B) Use IAM Auth C) Use Security Groups

A

How can you specify the number of application revisions to archive in the agent configuration file? a) By using the :max_revisions: option b) By integrating with AWS CodePipeline c) By having a load balancer in front of the instances d) By sending log data to CloudWatch Logs

A

How does using a smaller page size for scan operations in Amazon DynamoDB help avoid throttling errors? A) It requires fewer read operations B) It requires more read operations C) It does not have any impact on avoiding throttling errors D) It creates a pause between each request

A

How is a GSI different from an LSI in DynamoDB? A) A GSI has a different partition key from the base table, while an LSI has the same partition key B) A GSI has the same partition key as the base table, while an LSI has a different partition key C) A GSI can span all of the data in the base table across all partitions, while an LSI is scoped to a single partition

A

How is traffic routed to each resource in weighted routing? A. Based on the weight assigned to each resource B. Based on the time it takes to reach each resource C. Based on the availability of each resource D. Based on the name of each resource

A

How long can you reserve an EC2 Reserved Instance? A) 1 or 3 years B) 2 or 4 years C) 6 months or 1 year D) Anytime between 1 and 3 years

A

How many WCUs should be provisioned if the game developer wants to write 180 items per minute, each 4 KB in size? A) 12 B) 24 C) 36 D) 48

A

How many items can be written per second if 1 WCU = 1 write/sec for items up to 1KB in size? A) 1 item B) 2 items C) 4 items D) 8 items

A

How many static IP addresses does a Network Load Balancer have per Availability Zone (AZ)? a. One b. Two c. Three d. None of the above

A

If a policy has both allow and deny statements, what will happen? A) The deny statement will override the allow statement B) The allow statement will override the deny statement C) The policies will be evaluated based on the order in which they are attached to the user D) The user account becomes invalid

A

If you anticipate that your S3 workload will consistently exceed 100 PUT/LIST/DELETE requests per second or more than 300 GET requests per second, you should avoid sequential key names A) True B) False

A

If you have multiple Read Replicas for a master DB Instance and you promote one of them, the remaining Read Replicas will still replicate from the older master DB Instance. A) True B) False

A

If you want to retrieve the client's IP address from an Application Load Balancer, which header should you look for? a. X-Forwarded-For b. X-Client-IP c. X-Real-IP d. None of the above

A

In a CloudFormation template, which section is used to specify values to pass to the template at runtime when creating or updating a stack? A) Parameters B) Resources C) Mappings D) Conditions

A

In the given AWS step function, which state gets executed? { "StartAt": "LookupCustomerInfo", "States": { "LookupCustomerInfo": { "Type": "Parallel", "End": true, "Branches": [ { "StartAt": "LookupAddress", "States": { "LookupAddress": { "Type": "Task", "Resource": "arn:aws:lambda:us-east-1:123456789012:function:AddressFinder", "End": true } } }, { "StartAt": "LookupAddress", "States": { "LookupAddress": { "Type": "Task", "Resource": "arn:aws:lambda:us-east-1:123456789012:function:PhoneFinder", "End": true } } } ] } } } A) Execute state LookupAddress and LookupPhone. B) Execute state LookupAddress. C) Execute state LookupPhone. D) Execution fails as End:true.

A

Is AWS Web Application Firewall (AWS WAF) available in API Gateway REST APIs or API Gateway HTTP APIs? a) API Gateway REST APIs b) API Gateway HTTP APIs c) Both REST and HTTP APIs d) AWS WAF is not available in API Gateway

A

Is there a limit on the number of environment variables that can be used in AWS Lambda? A) No, there is no limit B) Yes, the limit is 50 variables C) Yes, the limit is 35 variables D) Yes, the limit is 8 KB

A

It does not make sense to use queues when the calling code will wait on it for a response. A) True; queues used with asynchronous invocation events; when the Lambda function requires to wait for a response it is synchronous invocation B) False, queues are used when the Lambda function requires a response

A

Once you version-enable a bucket, it can never return to an unversioned state. A) True B) False

A

Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. A) True B) False

A

Parts of a multipart upload will not be completed until the 'complete' request has been called which puts all the parts of the file together. A) True B) False

A

Recently, you started an online learning platform using AWS Lambda and AWS Gateway API. Your first version was successful, and you began developing new features for the second version. You would like to gradually introduce the second version by routing only 10% of the incoming traffic to the new Lambda version. Which solution should you opt for? A) Use AWS Lambda aliases B) Use environment variables C) Use Tags to distinguish the different versions D) Deploy your Lambda in a VPC

A

Registered targets in a Target Groups for an Application Load Balancer can be one of the following, EXCEPT: A) Network Load Balancer B) Lambda Functions C) Private IP Addresses D) EC2 Instances

A

Security Groups can be attached to only one EC2 instance. A) False B) True

A

Security Groups operate at the ................. level while NACLs operate at the ................. level. A) EC2 instance, Subnet B) Subnet, EC2 instance

A

Test-queue and test-queue are different queue names. A) True B) False

A

The default visibility timeout for a message is 30 seconds. The minimum is 0 seconds. The maximum is 12 hours. A) default timeout: 30 seconds, minimum: 0, maximum: 12 hours B) default timeout: 20 seconds, minimum: 0, maximum: 6 hours C) default timeout: 60 seconds, minimum: 0, maximum 1 hour

A

The development team at a company wants to encrypt a 111 GB object using AWS KMS. Which of the following represents the best solution? A) Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data B) Make a GenerateDataKeyWithPlaintext API call that returns an encrypted copy of a data key. Use a plaintext key to encrypt the data C) Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material D) Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data

A

The hash key of the DynamoDB __________ is the same attribute as the hash key of the table. The range key can be any scalar table attribute. A) Local Secondary Index B) Local Primary Index C) Global Secondary Index D) Global Primary Index

A

True or False: . Long-lived TCP connections between clients and instances can potentially lead to unequal distribution of traffic by the load balancer. A) True B) False

A

True or False: A successfully processed event is not sent to the dead-letter queue. A) True B) False

A

True or False: An API can only be deployed to a stage. You cannot forgo choosing a stage. A) True B) False

A

True or False: Enabling detailed monitoring for Amazon EC2 instances comes at an additional cost, which is not required for basic monitoring. A) True B) False

A

True or False: SQS queues are, by definition, auto-scalable and do not need any configuration changes for auto-scaling A) True B) False

A

True or False: Step functions support any human approval steps. A) True B) False

A

True or False: There is no multi-part API for Amazon Simple Queue Service. A) True B) False

A

True or False: To use sticky sessions, the clients must support cookies. A) True B) False

A

True or False: With Application Load Balancers, cross-zone load balancing is always enabled. A) True B) False

A

Two policies are attached to an IAM user. The first policy states that the user has explicitly been denied all access to EC2 instances. The second policy states that the user has been allowed permission for EC2:Describe action. When the user tries to use 'Describe' action on an EC2 instance using the CLI, what will be the output? A) The user will get access because it has an explicit allow B) The order of the policy matters. If policy 1 is before 2, then the user is denied access. If policy 2 is before 1, then the user is allowed access C) The user will be denied access because one of the policies has an explicit deny on it D) The IAM user stands in an invalid state, because of conflicting policies

A

What is the difference between server-side encryption and client-side encryption in RDS? a. Server-side encryption encrypts data at rest in the RDS instance, while client-side encryption encrypts data in transit between the RDS instance and the client application. b. Client-side encryption encrypts data at rest in the RDS instance, while server-side encryption encrypts data in transit between the RDS instance and the client application. c. Server-side encryption encrypts data in transit between the RDS instance and the client application, while client-side encryption encrypts data at rest in the RDS instance.

A

What is the effect of this resource-based policy? { "Version": "2012-10-17", "Id": "default", "Statement": [ { "Sid": "lambda-allow-s3-my-function", "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:us-east-2:123456789012:function:my-function:*", "Condition": { "StringEquals": { "AWS:SourceAccount": "123456789012" }, "ArnLike": { "AWS:SourceArn": "arn:aws:s3:::my-bucket" } } } A) S3 can invoke the Lambda function my-function for a bucket named my-bucket. B) The Lambda function can access all the S3 buckets that belong to AWS account: 123456789012. C) The Lambda function can only access the bucket my-bucket. D) S3 can invoke the Lambda function my-function for all buckets that belong to the AWS account:123456789012.

A

What is the formula for determining how much traffic is routed to a given resource in weighted routing? A. weight for a specified record/sum of the weights for all records B. weight for a specified record * sum of the weights for all records C. sum of the weights for all records/weight for a specified record D. weight for a specified record - sum of the weights for all records

A

What is the impact of using short polling on the number of empty responses returned from the queue? A. Increases B. Reduces

A

What is the impact on the application when using Multi-AZ deployment in RDS? a. The application can continue to use the same connection string to access the database. b. The application needs to reference the Multi-AZ endpoints individually to balance the read load. c. The application needs to be rewritten to support Multi-AZ deployment.

A

What is the main advantage of running heavy analytics workloads on a Read Replica instead of the source database? a. It reduces the read traffic on the source database. b. It increases the write performance of the source database. c. It reduces the latency of the source database.

A

What is the main advantage of using Access Control Lists (ACLs) to control access to Amazon S3 resources? A) It allows customers to grant specific permissions to specific users for an individual bucket or object B) It allows customers to define rules that apply broadly across all requests to Amazon S3 resources C) It allows customers to create a URL to an Amazon S3 object that is only valid for a limited time D) It allows customers to restrict access to Amazon S3 resources based on the user's IP address

A

What is the main advantage of using Amazon Kinesis for log data processing? A. Real-time processing of log data B. Cost-effectiveness of storing log data C. Flexibility to choose the best tools for processing log data D. All of the above

A

What is the main benefit of using AWS Data Pipeline? A. To define data-driven workflows B. To automate data storage C. To automate data analysis D. To automate data backup

A

What is the main benefit of using IAM Database Authentication in RDS? a. It eliminates the need to manage database usernames and passwords. b. It provides better security for your database. c. It improves the performance of your database.

A

What is the main benefit of using Read Replicas in RDS? a. Scalability of your database. b. High availability of your database. c. Lower latency of your database.

A

What is the main difference between a Read Replica and a standby database in RDS? a. A Read Replica can be used to offload read traffic from the primary database, while a standby database is used for high availability in case the primary database goes down. b. A standby database can be used to offload read traffic from the primary database, while a Read Replica is used for high availability in case the primary database goes down. c. A Read Replica and a standby database are interchangeable terms.

A

What is the main focus of the plan phase? A. Determining the scope of the problem B. Creating a design specification C. Developing and installing new components D. Delivering the software product to the customer

A

What is the main purpose of AWS Step Functions? A) To provide a reliable way to coordinate components and step through the functions of an application B) To provide a managed message queue service for building distributed applications C) To provide a fully managed service for building RESTful APIs D) To provide a serverless computing platform for running code in response to events

A

What is the main purpose of Amazon API Gateway? a) To create, publish, maintain, monitor, and secure REST, HTTP, and WebSocket APIs at any scale b) To store and retrieve large amounts of data c) To run and manage applications on a fully managed platform d) To provide a fully managed database service

A

What is the main purpose of the multipart upload API? A. Multipart uploads for larger objects B. An alternative to using the internet for AWS cloud services C. Single PUT operations for smaller objects D. Data warehousing

A

What is the maximum size limit for all environment variables in AWS Lambda? A) 4 KB B) 8 KB C) 16 KB D) 32 KB

A

What is the maximum size of the message body string for the SQS SendMessage operation? A) 256 KB B) 512 KB C) 1 MB D) 2 GB

A

What is the minimum Transport Layer Security (TLS) level required for client-side encryption to access Amazon S3 via AWS-published API? A) 1.0 B) 1.1 C) 1.2 D) 1.3

A

What is the nature of an index in Amazon DynamoDB? a. Global b. Local c. Partition d. Sort

A

What is the primary difference between ElastiCache Redis and ElastiCache Memcached? a. ElastiCache Redis provides persistent storage while ElastiCache Memcached does not. b. ElastiCache Redis provides in-memory data store while ElastiCache Memcached provides disk-based data store. c. ElastiCache Redis provides support for data partitioning while ElastiCache Memcached does not.

A

What permissions does the identity-based policy specify? { "Version": "2012-10-17", "Statement": [ { "Sid": "ListObjectsInBucket", "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::bucket-name"], }, { "Sid": "AllObjectActions", "Effect": "Allow", "Action": "s3:*Object", "Resource": ["arn:aws:s3:::bucket-name/*"] } ] } A) It allows read and write access to objects in a specific S3 bucket. B) It allows only to write objects to a specific bucket. C) It allows only read objects in a specific S3 bucket. D) It restricts Delete objects in a specific S3 bucket.

A

What service can be used to continuously capture gigabytes of data per second from multiple sources? a) Amazon Kinesis Data Streams b) Amazon API Gateway c) Amazon RDS d) AWS Lambda

A

What tool can you use to troubleshoot failures in an AWS Lambda function? A. CloudWatch Logs B. VPC Flow Logs C. AWS Trusted Advisor D. AWS Inspector

A

What type of encryption requires the security team to manage and maintain the encryption keys? A. Client-side encryption B. Server-side encryption

A

What will be executed in the given AWS Step Functions state machine? A) Execute state LookupAddress and LookupPhone. B) Execute state LookupAddress. C) Execute state LookupPhone. D) Execution fails as End:true.

A

When an IAM role is attached to your EC2 instance, you can retrieve both the IAM role name and the IAM policies attached to the role. A) False B) True

A

When should the write-through caching strategy be used? A) To cache data that must be updated in real time B) To cache data that will be read often but written frequently C) To cache data that always loads from the database and never uses the cache D) To cache data that will be read often but written infrequently

A

When you update a stack, you modify the original stack template then AWS CloudFormation : A) updates only the resources that you modified B) updates all the resources defined in the template C) None of the above

A

Which API integration type allows for direct calls to the API component while isolating development effort from other teams? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

A

Which AWS Elastic Beanstalk strategy will deploy two versions of an application for side-by-side A/B testing? A) Deploy the two versions of the app to separate compute instances simultaneously B) Deploy the two versions to the same compute instance after a period of time C) Issue the eb create command between the deployment of each version D) Issue the eb init command between the deployment of each version

A

Which AWS Security Token Service (STS) API operation returns temporary security credentials for federated users who are authenticated through a public IdP? A) AssumeRoleWithWebIdentity B) AssumeRole C) AssumeRoleWithSAML D) GetSessionToken

A

Which AWS service can be used to implement a pub/sub type of messaging service? A) Amazon SNS B) Amazon Kinesis Data Streams C) Amazon SQS D) Amazon SWF

A

Which AWS service integrates with Key Management Service (KMS) to log the use of the KMS keys? A) CloudTrail B) CloudWatch C) Identity and Access Management D) Software development kit

A

Which AWS service is a cloud-based development service that enables you to quickly develop, build, and deploy applications on AWS? A) AWS CodeStar B) AWS CodeBuild C) AWS CodeCommit D) AWS CodeDeploy

A

Which AWS service is used to speed up data exchange between a client and an S3 bucket? A) Amazon S3 Transfer Acceleration B) Amazon ElastiCache C) Amazon CloudFront D) Amazon ElastiCache for Memcached

A

Which Amazon S3 actions are allowed by the AllObjectActions statement? a) GetObject, DeleteObject, PutObject b) ListObjectsInBucket c) s3:*Object actions d) All of the above

A

Which Elastic Load Balancer type is best suited for routing traffic based on HTTP/HTTPS requests? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. None of the above

A

Which Elastic Load Balancer type supports Server Name Indication (SNI)? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. None of the above

A

Which RDS database technology does NOT support IAM Database Authentication? A) Oracle B) PostgreSQL C) MySQL

A

Which Route 53 Routing Policy should you choose if you want to minimize response time for users accessing your application from different geographic locations? a. Latency b. Multi Value c. Weighted d. Geolocation

A

Which S3 encryption method mandates that you use HTTPS while uploading/download objects? A) SSE-C B) SSE-S3 C) SSE-KMS D) Client-Side Encryption

A

Which configuration file should be updated to specify the ECS cluster name for instances launched from an AWS CloudFormation template? a. /etc/ecs/ecs.config b. /etc/aws/ecs.conf c. /etc/ecs/config d. /etc/ecs/cluster.config

A

Which feature allows you to monitor the total CPU time of a serverless application? A) Enable Lambda Insights using CLI B) Configure a CloudWatch agent to collect cluster metrics C) Configure X-Ray and call GetServiceGraph using AWS CLI D) Enable flow logs using AWS VPC

A

Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener? A) Server Name Indication (SNI) B) TLS Termination C) Host Headers D) SSL Security Policies

A

Which of the following EBS volume types can be used as boot volumes when you create EC2 instances? A) gp2, gp3, io1, io2 B) gp2, gp3, st1, sc1 C) io1, io2, st1, sc1

A

Which of the following are NOT valid Route 53 Health Checks? A) Health Check that monitor SQS Queue B) Health Check that monitors an Endpoint C) Health Check that monitors other Health Checks D) Health Check that monitor CloudWatch Alarms

A

Your team is currently managing a set of applications for a company in AWS. There is now a requirement to carry out Blue Green deployments for the future set of applications. Which of the following can help you achieve this? Choose 2 answers from the options given below. 1. Use Route 53 with the failover routing policy. 2. Use Route 53 with the weighted routing policy. 3. Ensure that the application is placed behind an ELB. 4. Ensure that the application is placed in a single AZ. A) 2, 3 B) 1, 3 C) 2, 4 D) 3, 4

A

In AWS Simple Queue Service (SQS), when the wait time for the ________________ API action is greater than 0, long polling is in effect. The maximum long polling wait time is 20 seconds.

ReceiveMessage

___________________ is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). ________________makes it easy for you to focus on building your applications. _________________ removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.

AWS Fargate

You use the ___________________ specification to define your serverless application. AWS ___________________ templates are an extension of AWS CloudFormation templates, with some additional components that make them easier to work with. AWS ____________ needs CloudFormation templates as a basis for its configuration.

AWS Serverless Application Model (AWS SAM)

______________________ by default, queues use short polling. With short polling, _______________ sends the response right away, even if the query found no messages.

AWS Simple Queue Service (SQS)

A HealthCare mobile app uses proprietary Machine Learning algorithms to provide early diagnosis using patient health metrics. To protect this sensitive data, the development team wants to transition to a scalable user management system with log-in/sign-up functionality that also supports Multi-Factor Authentication (MFA). Which of the following options can be used to implement a solution with the LEAST amount of development effort? (Select two) 1. Use Amazon Cognito for user-management and facilitating the log-in/sign-up process 2. Use Amazon SNS to send Multi-Factor Authentication (MFA) code via SMS to mobile app users 3. Use Amazon Cognito to enable Multi-Factor Authentication (MFA) when users log-in 4. Use Lambda functions and RDS to create a custom solution for user management 5. Use Lambda functions and DynamoDB to create a custom solution for user management. A) 1, 2 B) 1, 3 C) 2, 3 D) 4, 5

B

A VPC subnet can only be associated with one route table at a time, and you cannot associate multiple subnets with the same route table. A) True B) False

B

A WebSockets chat service is deployed in a set of Elastic Compute Cloud (EC2) instances. Which load balancer type should be used to distribute the requests among the instances? A) Classic B) Application C) Network D) Gateway

B

A banking application needs to send real-time alerts and notifications based on any updates from the backend services. The company wants to avoid implementing complex polling mechanisms for these notifications. Which of the following types of APIs supported by the Amazon API Gateway is the right fit? A) REST or HTTP APIs B) WebSocket APIs C) HTTP APIs D) REST APIs

B

A company develops a serverless solution that must process image files for display across multiple platforms. When an image is uploaded, it must be scaled in parallel for mobile, web, and virtual reality (VR). Which service should be used? A) An SQS endpoint connected to a single Lambda function B) An SQS endpoint connected to multiple Lambda functions C) An SNS topic connected to multiple Lambda functions D) An SNS topic with an EC2 instance subscriber

B

A company has a Cloudformation template that is used to create a huge list of resources. It creates a VPC, subnets, EC2 Instances, Autoscaling Groups, Load Balancers etc. Which of the following should be considered when designing such Cloudformation templates? A. Ensure to create one entire stack from the template. B. Look towards breaking the templates into smaller manageable templates. C. Package the templates together and use the cloudformation deploy command. D. Package the templates together and use the cloudformation package command.

B

A company has hired you for its on-going development project. The project entails streaming data onto Amazon Kinesis streams from various log sources. You need to analyze real-time data using standard SQL. Which of the following can be used for this purpose? A. Amazon Kinesis Firehose B. Amazon Kinesis Data Analytics C. Amazon Athena D. Amazon EMR

B

A company is planning to migrate an existing Python application to AWS as a collection of Lambda functions. It needs to redevelop its package tooling to prepare the application and manage the deployment of dependencies. Which technology should be used to isolate Python dependencies in the Lambda package when packaging the application? A) Composer B) Virtualenv C) Docker D) Conda

B

A company plans to deploy AWS CodeBuild and needs to securely pass a password into the build process. How should this be done? A) Through an Amazon S3 bucket B) Through the AWS Secrets Manager C) In a GitHub repository D) Through the SSM Parameter Store

B

A company you're working for wants their data stored in S3 to be encrypted. They don't mind the encryption keys stored and managed by AWS, but they want to maintain control over the rotation policy of the encryption keys. You recommend them to use .................... A) SSE-S3 B) SSE-KMS C) SSE-C D) Client-Side Encryption

B

A developer is working on deploying a new Node application with Elastic Beanstalk. He needs to make sure all dependencies are deployed alongside the main application source code. Which file name should this developer use to describe the dependencies that need to be deployed? A) requirements.txt B) package.json C) manifest.mf D) build.gradle

B

A developer needs to store data into a DynamoDB item. What is the maximum amount of data that can be stored? A) 4 KB B) 400 KB C) 4 MB D) 400 MB

B

A financial services company wants to ensure that the customer data is always kept encrypted on Amazon S3 but wants a fully managed solution to create, rotate and remove the encryption keys. As a Developer Associate, which of the following would you recommend to address the given use-case? A) Server-Side Encryption with Secrets Manager B) Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS) C) Server-Side Encryption with Customer-Provided Keys (SSE-C) D) Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

B

A high-frequency stock trading firm is migrating their messaging queues from self-managed message-oriented middleware systems to Amazon SQS. The development team at the company wants to minimize the costs of using SQS. As a Developer Associate, which of the following options would you recommend to address the given use-case? A) Use SQS message timer to retrieve messages from your Amazon SQS queues B) Use SQS long polling to retrieve messages from your Amazon SQS queues C) Use SQS short polling to retrieve messages from your Amazon SQS queues D) Use SQS visibility timeout to retrieve messages from your Amazon SQS queues

B

A new member of your team is working on creating Dead Letter Queue (DLQ) for AWS Lambda functions. As a Developer Associate, can you help him identify the use cases, wherein AWS Lambda will add a message into a DLQ after being processed? (Select two) 1. The event fails all processing attempts 2. The Lambda function invocation is asynchronous 3. The event has been processed successfully 4. The Lambda function invocation is synchronous 5. The Lambda function invocation failed only once but succeeded thereafter A) 1, 3 B) 1, 2 C) 2, 5 D) 3, 4

B

A single DynamoDB BatchGetItem request can retrieve up to 16 MB of data, which can contain as many as 25 items. A) True B) False

B

A student develops a code module that needs to be migrated to a serverless solution. When an application calls the module, all other actions should not be blocked while waiting for a return. Which solution should be used? A) Synchronous Lambda function B) Asynchronous Lambda function C) Elastic Compute Cloud D) Simple Storage Service (S3)

B

AWS CLI uses credentials located in multiple locations and certain locations take precedence over others. Which of the following is the correct order for locations AWS CLI uses to find credentials? A) Environment Variables —> Command-Line Options —> EC2 Instance Profile B) Command-Line Options —> Environment Variables —> EC2 Instance Profile C) EC2 Instance Profile —> Command-Line Options —> Environment Variables D) EC2 Instance Profile —> Environment Variables —> Command-Line Options

B

After you assign a secondary private IPv4 address to your instance, you need to configure the operating system on your instance to recognize the secondary private IP address. If you are using an Ubuntu Linux instance, the ec2-net-utils package can take care of this step for you. A) True B) False

B

An IT company has migrated to a serverless application stack on the AWS Cloud with the compute layer being implemented via Lambda functions. The engineering managers would like to actively troubleshoot any failures in the Lambda functions. As a Developer Associate, which of the following solutions would you suggest for this use-case? A) Use CodeCommit to identify and notify any failures in the Lambda code B) The developers should insert logging statements in the Lambda function code which are then available via CloudWatch logs C) Use CloudWatch Events to identify and notify any failures in the Lambda code D) Use CodeDeploy to identify and notify any failures in the Lambda code

B

An application has a database in an AWS RDS Instance. When the traffic is high, the application's response time grows as there are many read queries to the RDS database. Which of the following can be used to decrease the response time for the application? A. Place a CloudFront distribution in front of the database. B. Enable Read Replicas for the database. C. Change the database from RDS to DynamoDB. D. Enable Multi-AZ for the database.

B

An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB, and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors? A. Large Page size B. Reduced page size C. Parallel Scans D. Sequential scans

B

An application hosted on an EC2 instance wants to upload objects to an S3 bucket using the PutObject API call, but it lacks the required permissions. What should you do? A) From inside the EC2 instance, run aws configure and insert your personal IAM Credentials, because you have access to do the required API call B) Ask an administrator to attach an IAM Policy to the IAM Role on your EC2 instance that authorizes it to do the required API call C) Export the environment variables with your IAM credentials on the EC2 instance D) Use the EC2 Metadata API call

B

An organization is looking to reduce costs associated with GET requests to a Simple Storage Service (S3) bucket. Which technique can the developers use to reduce the size of the request query? A) Use a unique key identifier B) Use prefixes and delimiters C) Use suffixes and delimiters D) Use prefixes and suffixes

B

Application Load Balancers can route traffic to different Target Groups based on the following, EXCEPT: A) Hostname B) Client's Location (Geography) C) Request URL Path D) Source IP Address

B

As part of their on-boarding, the employees at an IT company need to upload their profile photos in a private S3 bucket. The company wants to build an in-house web application hosted on an EC2 instance that should display the profile photos in a secure way when the employees mark their attendance. As a Developer Associate, which of the following solutions would you suggest to address this use-case? A) Keep each user's profile image encoded in base64 format in a DynamoDB table and reference it from the application for display B) Save the S3 key for each user's profile photo in a DynamoDB table and use a lambda function to dynamically generate a pre-signed URL. Reference this URL for display via the web application C) Keep each user's profile image encoded in base64 format in an RDS table and reference it from the application for display D) Make the S3 bucket public so that the application can reference the image URL for display

B

Assume that you have an account in US West (N. California) in a standard aws partition. You also have an account in China (Beijing) in the aws-cn partition. Can you use an Amazon S3 resource-based policy in your account in China (Beijing) to allow access for users in your standard AWS account? A) Yes B) No

B

By default, what does the Auto Scaling Group use to determine the health of its EC2 instances? a. Application Load Balancer Health Checks b. EC2 Status Checks c. CPU utilization metrics d. None of the above

B

Can AWS Batch be used to orchestrate a workflow? A) Yes B) No

B

Can AWS Glue be used to orchestrate a workflow? A) Yes B) No

B

Can AWS Trusted Advisor be used to debug Lambda functions? A. Yes B. No

B

Can CodePipeline be used to manage version control and archives on an EC2 instance? a) Yes b) No

B

Can Query String Authentication be used in conjunction with Permissions boundaries? A) No B) Yes

B

Can Redis be installed on an Amazon EC2 instance? A) No, Redis cannot be installed on an Amazon EC2 instance B) Yes, Redis can be installed on an Amazon EC2 instance, but it will not scale C) Yes, Redis can be installed on an Amazon EC2 instance, and it will scale automatically D) Yes, Redis can be installed on an Amazon EC2 instance, but it requires manual scaling

B

Can S3 Select be used to get the first bytes of a file? A. Yes B. No

B

Can settings in configuration files be removed without modifying the configuration files and deploying a new application version? A) Yes B) No

B

Can the CPU setting be increased by updating the deployment configuration of a Lambda function? A) Yes B) No

B

Can the size of environment variables in AWS Lambda exceed 4 KB? A) Yes, it can exceed 4 KB B) No, it cannot exceed 4 KB

B

Can weighted routing be used for failover conditions? A. Yes B. No

B

What is the main difference between Asynchronous and Synchronous replication in RDS? a. Asynchronous replication guarantees that all data changes are applied in the same order on the primary and secondary instances, while Synchronous replication does not. b. Synchronous replication guarantees that all data changes are applied in the same order on the primary and secondary instances, while Asynchronous replication does not. c. Asynchronous replication ensures that data changes are applied immediately on the secondary instances, while Synchronous replication does not.

B

What is the main difference between Read Replicas and Multi-AZ deployment in RDS? a. Read Replicas provide high availability while Multi-AZ provides read scalability. b. Read Replicas provide read scalability while Multi-AZ provides high availability. c. Both Read Replicas and Multi-AZ provide high availability and read scalability.

B

What is the main purpose of the "ListObjectsInBucket" statement in an Amazon S3 policy? A) To list all buckets in an Amazon S3 account B) To read the objects in a bucket C) To delete objects in a bucket D) To put objects in a bucket

B

What is the maximum TTL value for API caching in Amazon API Gateway? a) 0 seconds b) 3600 seconds c) 300 seconds d) None of the above

B

What is the maximum capacity that an Auto Scaling Group can reach during scale-out events? a. The minimum capacity that you configured for the group b. The maximum capacity that you configured for the group c. The average capacity of all instances in the group d. None of the above

B

What is the maximum size limit for environment variables in AWS Lambda? A) 8 KB B) 4 KB C) 35 variables D) 50 variables

B

What is the maximum size of a message body string for the SQS SendMessageBatch operation? A) 256 KB per message B) 512 KB per message C) 1 MB per message D) 2 GB per message

B

What is the maximum size of payload that can be passed between states in a state machine definition? A. The payload size is unlimited B. The payload size can be up to 32 KB

B

What is the meaning of a 502 status code? A. An internal server error B. A bad gateway error C. An error that needs to be handled in the developer's application D. A successful response

B

What is the most effective way to avoid hitting the application version quota in Elastic Beanstalk? a) Create multiple environments b) Create an Application Version Lifecycle policy c) Create multiple applications d) Delete the application versions manually

B

What is the purpose of AWS Config? A) To store logs for AWS Lambda functions B) To assess, audit, and evaluate the configurations of AWS resources C) To build, run, and scale background jobs D) To model, provision, and manage AWS and third-party resources

B

What is the purpose of Multi-AZ deployment in RDS? a. To allow for scaling out read traffic to multiple replicas. b. To allow for high availability in case the primary database goes down. c. To allow for multi-region redundancy.

B

What is the purpose of S3 Select? A. To download a specific portion of an object B. To pull out only the data needed from an object C. To copy a local file or an S3 object to another location locally in S3 D. To download the whole file

B

What is the purpose of a Dockerfile? A) To list running Docker containers B) To build a Docker image C) To launch a Docker container D) To push a Docker image to a registry

B

What is the purpose of adding new endpoints with their own DNS name when setting up Read Replicas in RDS? a. To allow for high availability in case the primary database goes down. b. To allow for scaling out read traffic to multiple replicas. c. To allow for multi-region redundancy.

B

What is the purpose of caching in a web application? a. To store user credentials and personal information. b. To improve the performance of the application by reducing database queries and response times. c. To provide a backup copy of the application in case of a system failure.

B

What is the purpose of enabling API caching in Amazon API Gateway? a) To format/structure the data in a way that it is easily readable b) To reduce the number of calls made to your endpoint and improve the latency of requests to your API c) To change the behavior of your API Gateway methods for each deployment stage d) To continuously capture gigabytes of data per second from multiple sources

B

What is the purpose of migrating the database to Amazon Redshift? A) To improve performance B) To enable data warehousing C) To enhance reliability and availability

B

What is the purpose of setting a custom visibility timeout in the application that interacts with an SQS queue? A. To reduce the number of empty responses returned B. To control the length of time that the retrieved message will be hidden from other consumers

B

What is the purpose of the "End" parameter in the AWS Step Functions state machine? A) To indicate that the state machine has finished executing B) To indicate that a branch of the state machine has finished executing C) To indicate that a particular state has finished executing D) To indicate that a state machine execution has failed

B

What is the purpose of the Cooldown Period in the Auto Scaling Group? a. To prevent the group from launching or terminating EC2 instances during the period b. To allow time for the group's metrics to stabilize after a scaling activity c. To ensure that the group's capacity remains stable during periods of high demand d. All of the above

B

What is the purpose of the X-Forwarded-For header? a. To add additional security to the Application Load Balancer b. To provide the client's IP address to the EC2 instances c. To redirect traffic to a different target d. None of the above

B

What is the purpose of the duration value returned by AWS STS? A) It specifies the time interval between token renewals. B) It specifies the amount of time the token is valid. C) It specifies the maximum number of API calls that can be made with the token. D) It specifies the number of seconds before the token is expired.

B

You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, it is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There are over 100,000 files in your S3 bucket, amounting to 50 TB of data. How can you build this index efficiently? A) Use the RDS Import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index B) Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS C) Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS D) Create an application that will traverse the S3 bucket, use S3 Select to get the first 250 bytes, and store that information in RDS

B

You are looking to provide temporary URLs to a growing list of federated users to allow them to perform a file upload on your S3 bucket to a specific location. What should you use? A) S3 CORS B) S3 Pre-Signed URL C) S3 Bucket Policies D) IAM Users

B

You are planning on deploying an application to the worker role in Elastic Beanstalk. Moreover, this worker application is going to run the periodic tasks. Which of the following is a must-have as part of the deployment? A. An appspec.yaml file B. A cron.yaml file C. A cron.config file D. An appspec.json file

B

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instances? A) Connect to each EC2 instance using SSH, then install the required software and update your OS packages manually B) Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances C) Write a bash script that installs the required software and updates to your OS, then contact AWS Support and provide them with the script. They will run it on your EC2 instances at launch

B

You are using AWS X-ray to record trace data for requests to your application running on EC2. Unfortunately the trace data is not appearing in the X-ray console. You are in the Sao Paulo region. What is the most probable cause? A) You do not have permission for x-ray console access B) the ec2 instance does not have a role with permissions to send trace segments or telemetry records C) AWS X-ray does not support ec2 instances D) Sao Paulo region does not support AWS X-ray

B

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer's IP addresses. What should you do to get the IP address of clients connected to your website? A) Modify your website's frontend so that users send their IP in every request B) Modify your website's backend to get the client IP address from X-Forwarded-For header C) Modify your website's backend to get the client IP address from X-Forwarded-Port header D) Modify your website's backend to get the client IP address from X-Forwarded-Proto header

B

You can use an AMI in N.Virginia Region us-east-1 to launch an EC2 instance in any AWS Region. A) True B) False

B

You have a HTML5 website with a custom domain name on S3. You have a public software library on another S3 bucket but your browser prevents it from loading. What do you need to do? A) create a public bucket policy B) enable CORS on the website bucket C) create a public bucket ACL D) create a public object ACL E) None of the above

B

You have a JavaScript application that is used to upload objects to Amazon S3 by hundreds of thousands of clients. You are using server side encryption with the AWS Key Management Service. You are finding that many requests are not working. What is going on? A) You have KMS key rotation implemented B) You have exceeded the KMS API call limit C) The user STS token has expired D) There is a problem with the bucket permissions

B

You have a Network Load Balancer that distributes traffic across a set of EC2 instances in us-east-1. You have 2 EC2 instances in us-east-1b AZ and 5 EC2 instances in us-east-1e AZ. You have noticed that the CPU utilization is higher in the EC2 instances in us-east-1b AZ. After more investigation, you noticed that the traffic is equally distributed across the two AZs. How would you solve this problem? A) Enable Sticky Sessions B) Enable Cross-Zone Load Balancing C) Enable ELB Health Checks D) Enable SSL Termination

B

You have a dynamodb table that keeps reporting many failed requests with a ProvisionedThroughputExceededException in Cloudwatch. The requests are not continuous but a number of times during the day for a few seconds. What is the best solution for reducing the errors? A) create a cloudwatch alarm to retry the failed request B) Implement exponential backoff and retry C) Increase the provision capacity of the dynamodb table D) implement a secondary index

B

You have a three-tier web application consisting of a web layer using AngularJS, an application layer using an AWS API Gateway and a data layer in an Amazon Relational Database Service (RDS) database. Your web application allows visitors to look up popular movies from the past. The company is looking at reducing the number of calls made to endpoint and improve latency to the API. What can you do to improve performance? A) Use Stage Variables B) Enable API Gateway Caching C) Use Amazon Kinesis Data Streams to stream incoming data and reduce the burden on Gateway APIs D) Use Mapping Templates

B

You have an Amazon Kinesis Stream that is consuming records from an application. The kinesis Stream consists of multiple shards. A Lambda function will process the records from the Kinesis Stream. What order will the records be processed. A) In the exact order it is received by the kinesis Stream on a FIFO basis B) In the exact order it is received by each Kinesis shard on a FIFO basis. Order across shards is not guaranteed. C) A standard kinesis stream does not have a guaranteed order. A FIFO kinesis stream will have the exact order it is received on a FIFO basis. D) A standard kinesis stream does not have a guaranteed order. A LIFO kinesis stream will have the exact order it is received on a LIFO basis.

B

You want the content of an S3 bucket to be fully available in different AWS Regions. That will help your team perform data analysis at the lowest latency and cost possible. What S3 feature should you use? A) Amazon CloudFront Distributions B) S3 Replication C) S3 Versioning D) S3 Static Website Hosting

B

You have an Auto Scaling group configured to a minimum capacity of 1 and a maximum capacity of 5, designed to launch EC2 instances across 3 Availability Zones. During a low utilization period, an entire Availability Zone went down and your application experienced downtime. What can you do to ensure that your application remains highly available? A) Configure ASG fast failover B) Increase the minimum instance capacity of the Auto Scaling Group to 2 C) Change the scaling metric of auto-scaling policy to network bytes D) Enable RDS Multi-AZ

B

You have an EBS volume which also the root device attached to a running EC2 instance. What do you need to do to enable you to detach it? A) Unmount the volume then detach. B) Stop the instance then detach. C) Unmount volume, then stop the instance and then detach D) None of the above

B

You have an ElastiCache cluster with small cache size, so you want to ensure that only the data that's requested will be loaded into the cluster. Which caching strategy should you use? A) Write Through B) Lazy Loading C) Time-To-Live (TTL)

B

You have an application hosted on a set of EC2 instances managed by an Auto Scaling Group that you configured both desired and maximum capacity to 3. Also, you have created a CloudWatch Alarm that is configured to scale out your ASG when CPU Utilization reaches 60%. Your application suddenly received huge traffic and is now running at 80% CPU Utilization. What will happen? A) The desired capacity will go up to 4 and the maximum capacity will stay at 3 B) Nothing C) The desired capacity will go up to 4 and the maximum capacity will stay at 4

B

You have an application that requires coordination between serverless and server based distributed applications. You would like to implement this as a state machine. What AWS service would you use? A) SQS and SNS B) AWS Step Functions C) EC2 and SNS D) AWS Amplify

B

You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 Instance Type should you choose to handle this high-frequency OLTP database? A) Compute Optimized B) Storage Optimized C) Memory Optimized D) General Purpose

B

You have an un-encrypted RDS DB instance and you want to create Read Replicas. Can you configure the RDS Read Replicas to be encrypted? A) Yes B) No

B

You have created a JavaScript browser application that calls an API running on Amazon API Gateway. You have made a breaking change to your API and you want to minimize the impact on existing users of your application. You would like all users to be migrated over to the new API within one month. What can you do? A) Create a new API and use the new URL in your updated JavaScript application. Delete the old API after 1 month. B) Create a new stage and use the new URL in your updated JavaScript application. Delete the old stage after 1 month. C) Create a new API deployment package and use the new URL in your updated JavaScript application. Delete the old deployment package after 1 month. D) Create a new stage and use the new URL in your updated JavaScript application. Create an API snapshot then delete the stage after 1 month.

B

You have created a lambda function that is failing when deployed due to the size of the deployment package zip file. What can you do? A) Request a limit increase from AWS B) Create multiple Lambda functions and coordinate using AWS Step Functions C) Upload as a tar file with higher compression D) Increase Lambda function memory allocation

B

You have created an e-commerce site using DynamoDB. When creating a primary key on a table which of the following would be the best attribute for the primary key? A) division_id where there are few divisions to many products B) user_id where there are many users to few products C) product_id where there are many products to many users D) None of the above

B

You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment. This allows you to monitor for CloudWatch metrics and ensuring that there're no bugs exist with your new environment. Which Route 53 Record type allows you to do so? A) Simple B) Weighted C) Latency D) Failover

B

You have deployed an application on an EC2 Instance. This application makes calls to a DynamoDB service. There are numerous performance issues present in the application. You decide to use the XRay service to debug the performance issues. You are not able to see the trails in the XRay service. Which of the following could be the underlying issue? Choose 2 answers from the options given below. 1. The X-Ray daemon is not installed on the EC2 Instance. 2. The right AMI is not chosen for the EC2 Instance. 3. Ensure that the IAM Role attached to the Instance has permission to upload data onto X-Ray. 4. Ensure that the IAM Role attached to the Instance has permission to upload data onto CloudWatch. A) 1, 2 B) 1, 3 C) 2, 3 D) 3, 4

B

You have developed a browser JavaScript application that uses the AWS software development kit. The application accesses sensitive data and you would like to implement Multi Factor authentication. How would you achieve this? A) Use IAM Multi Factor authentication (MFA) B) Use Cognito Multi Factor authentication (MFA) C) Use requireMFA in the AWS SDK D) Use IAM.requireMFA in the AWS SDK

B

You have launched an EC2 instance with two EBS volumes, the Root volume type and the other EBS volume type to store the data. A month later you are planning to terminate the EC2 instance. What's the default behavior that will happen to each EBS volume? A) Both the root volume type and the EBS volume type will be deleted B) The Root volume type will be deleted and the EBS volume type will not be deleted C) The root volume type will not be deleted and the EBS volume type will be deleted D) Both the root volume type and the EBS volume type will not be deleted

B

You have purchased mycoolcompany.com on Amazon Route 53 Registrar and would like the domain to point to your Elastic Load Balancer my-elb-1234567890.us-west-2.elb.amazonaws.com. Which Route 53 Record type must you use here? A) CNAME B) Alias

B

You have set up read replicas on your RDS database, but users are complaining that upon updating their social media posts, they do not see their updated posts right away. What is a possible cause for this? A) There must be a bug in your application B) Read Replicas have Asynchronous Replication, therefore it's likely your users will only read Eventual Consistency C) You should have setup Multi-AZ instead

B

Your company has a production Node.js application that is using RDS MySQL 5.6 as its database. A new application programmed in Java will perform some heavy analytics workload to create a dashboard on a regular hourly basis. What is the most cost-effective solution you can implement to minimize disruption for the main application? A) Enable Multi-AZ for the RDS database and run the analytics workload on the standby database B) Create a Read Replica in a different AZ and run the analytics workload on the replica database C) Create a Read Replica in a different AZ and run the analytics workload on the source database

B

Your company has a three-year contract with a healthcare provider. The contract states that monthly database backups must be retained for the duration of the contract for compliance purposes. Currently, the limit on backup retention for automated backups, on Amazon Relational Database Service (RDS), does not meet your requirements. Which of the following solutions can help you meet your requirements? A) Enable RDS Read replicas B) Create a cron event in CloudWatch, which triggers an AWS Lambda function that triggers the database snapshot C) Enable RDS automatic backups D) Enable RDS Multi-AZ

B

Your company has asked you to maintain an application using Elastic Beanstalk. At times, you normally hit the application version quota limit when deploying new versions of the application. Which of the following is the most effective way to avoid hitting the application version quota? A. Create multiple environments and deploy the different versions to different environments. B. Create an Application Version Lifecycle policy. C. Create multiple applications and deploy the different versions to different applications. D. Delete the application versions manually.

B

Your items are 6KB in size and you want to have 100 strongly consistent reads per second. How many DynamoDB read capacity units do you need to provision? A) 100 B) 200 C) 300 D) 600

B

Your team has just finished developing a new version of an existing application. This is a web-based application hosted on AWS. Currently. Route 53 is being used to point the company's DNS name to the web site. Your Management has instructed you to deliver the new application to a portion of the users for testing. How can you achieve this? A. Port the application onto Elastic beanstalk and use the Swap URL feature. B. Use Route 53 weighted Routing policies. C. Port the application onto OpsWorks by creating a new stack. D. Use Route 53 failover Routing policies.

B

Your web application reads and writes data to your DynamoDB table. The table is provisioned with 400 Write Capacity Units (WCU's) shared across 4 partitions. One of the partitions receives 250 WCU/second while others receive much less. You receive the error 'ProvisionedThroughputExceededException'. What is the likely cause of this error? A) CloudWatch monitoring is lagging B) You have a hot partition C) Write Capacity Units (WCU's) are applied across to all your DynamoDB tables and this needs reconfiguration D) Configured IAM policy is wrong

B

__________________ returns the approximate number of SQS messages that are not timed-out and not deleted. A) NumberOfMessagesNotVisible B) ApproximateNumberOfMessagesNotVisible C) ApproximateNumberOfMessages D) ApproximateNumberOfMessagesVisible E) None of the above

B

A Lambda function requires access to a Simple Storage Service (S3) bucket to write its output. How should Lambda be configured? A) Set a role with the required permissions, passing it to the Lambda function B) Set the S3 bucket as the destination for the Lambda function C) Set a role with the required permissions as the Lambda function execution role D) Set the S3 bucket as the trigger for the Lambda function

C

A company currently has an application that works with DynamoDB. The application is a high revenue generating application for the company. Their current response time for their read workloads is in the order of milliseconds. But to bump up hits to their pages, they want to reduce the response time to microseconds. Which of the following would you suggest to be most preferably used with DynamoDB to fulfill this requirement? A. Consider deploying an ElastiCache in front of DynamoDB. B. Consider using DynamoDB global tables. C. Consider using DynamoDB accelerator. D. Consider using a higher throughput for the tables.

C

A company develops an application that requires an eventual consistency model and scheduled function execution. Which solution should be used? A) ElastiCache B) CloudFront C) Lambda D) Athena

C

A company follows collaborative development practices. The engineering manager wants to isolate the development effort by setting up simulations of API components owned by various development teams. Which API integration type is best suited for this requirement? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

C

A company has deployed CloudWatch for its logging requirements in AWS. It is now attempting to associate a Key Management Service (KMS) key with the log groups to provide encryption at rest. When running the associate-kms-key CLI, an AccessDeniedException error is returned. The developers know the key exists in KMS, so they need to provide permissions to access the key. Which policy should be changed to add permissions to this key? A) Session policy B) Identity-based policy C) Resource policy D) Service control policy

C

A company has hosted its website on an Amazon S3 bucket and have used another Amazon S3 bucket for storing the rest of the assets like images, fonts, etc. Which technique/mechanism will help the hosted website access its assets without access/permission issues? A) S3 Transfer Acceleration B) S3 Access Points C) S3 Cross-Origin Resource Sharing (CORS) D) S3 Access Analyzer

C

How can you create a CloudWatch metric for "requests per minute" for backend-to-database connections? a. By adding a new metric filter to the CloudWatch Logs console b. By modifying the CloudWatch agent configuration on the EC2 instance c. By creating a CloudWatch custom metric and pushing data to it using the CloudWatch API d. None of the above

C

A company has more than 100 million members worldwide enjoying 125 million hours of TV shows and movies each day. The company uses AWS for nearly all its computing and storage needs, which use more than 10,000 server instances on AWS. This results in an extremely complex and dynamic networking environment where applications are constantly communicating inside AWS and across the Internet. Monitoring and optimizing its network is critical for the company. The company needs a solution for ingesting and analyzing the multiple terabytes of real-time data its network generates daily in the form of flow logs. Which technology/service should the company use to ingest this data economically and has the flexibility to direct this data to other downstream systems? A) Amazon Simple Queue Service (SQS) B) AWS Glue C) Amazon Kinesis Data Streams D) Amazon Kinesis Firehose

C

A company is preparing to migrate an existing Java application development stack and its associated tooling to Amazon. Which AWS service provides a fully managed dependency repository? A) CodeGuru B) CodeDeploy C) CodeArtifact D) CodeStar

C

A company is using AWS Serverless Application Model (SAM) to manage an application. Each time a deployment is run, it wants to be able to back up the packages created by that deployment. Where are the packages created by the SAM templates stored? A) CodeDeploy B) EFS C) S3 D) CloudFront

C

A company needs to be notified as soon as a weekly transaction is posted to DynamoDB. Which Lambda feature meets this requirement? A) Event source mapping B) Synchronous notification C) Asynchronous notification D) Reserved concurrency

C

A company's e-commerce website is expecting hundreds of thousands of visitors on Black Friday. The marketing department is concerned that high volumes of orders might stress SQS leading to message failures. The company has approached you for the steps to be taken as a precautionary measure against the high volumes. What step will you suggest as a Developer Associate? A) Pre-configure the SQS queue to increase the capacity when messages hit a certain threshold B) Enable auto-scaling in the SQS queue C) Amazon SQS is highly scalable and does not need any intervention to handle the expected high volumes D) Convert the queue into FIFO ordered queue, since messages to the down system will be processed faster once they are ordered

C

A developer from your team has configured the load balancer to route traffic equally between instances or across Availability Zones. However, Elastic Load Balancing (ELB) routes more traffic to one instance or Availability Zone than the others. Why is this happening and how can it be fixed? (Select two) 1. Instances of a specific capacity type aren't equally distributed across Availability Zones 2. Sticky sessions are enabled for the load balancer 3. After you disable an Availability Zone, the targets in that Availability Zone remain registered with the load balancer, thereby receiving random bursts of traffic 4. For Application Load Balancers, cross-zone load balancing is disabled by default 5. There could be short-lived TCP connections between clients and instances A) 1, 5 B) 3, 4 C) 1, 2 D) 4, 5

C

A developer is configuring an Amazon API Gateway as a front door to expose backend business logic. To keep the solution cost-effective, the developer has opted for HTTP APIs. Which of the following services are not available as an HTTP API via Amazon API Gateway? A) AWS Lambda B) Amazon Cognito C) AWS Web Application Firewall (AWS WAF) D) AWS Identity and Access Management (IAM)

C

A developer needs to ensure encryption in transit is active for operations on an S3 bucket. Which condition must be present in the bucket policy? A) aws:PrincipalServiceName B) aws:MultiFactorAuthPresent C) aws:SecureTransport D) aws:FederatedProvider

C

A developer needs to force the use of SSL for data in transit with the S3 buckets. Which condition should be used in the bucket policy to force the use of SSL? A) aws:VersionId B) s3:x-amz-server-side-encryption C) aws:SecureTransport D) s3:x-amz-storage-class

C

A development team uses shared Amazon S3 buckets to upload files. Due to this shared access, objects in S3 buckets have different owners making it difficult to manage the objects. As a developer associate, which of the following would you suggest to automatically make the S3 bucket owner, also the owner of all objects in the bucket, irrespective of the AWS account used for uploading the objects? A) Use S3 CORS to make the S3 bucket owner, the owner of all objects in the bucket B) Use S3 Access Analyzer to identify the owners of all objects and change the ownership to the bucket owner C) Use S3 Object Ownership to default bucket owner to be the owner of all objects in the bucket D) Use Bucket Access Control Lists (ACLs) to control access on S3 bucket and then define its owner

C

A digital marketing company has its website hosted on an Amazon S3 bucket A. The development team notices that the web fonts that are hosted on another S3 bucket B are not loading on the website. Which of the following solutions can be used to address this issue? A) Configure CORS on the bucket A that is hosting the website to allow any origin to respond to requests B) Update bucket policies on both bucket A and bucket B to allow successful loading of the web fonts on the website C) Configure CORS on the bucket B that is hosting the web fonts to allow Bucket A origin to make the requests D) Enable versioning on both the buckets to facilitate correct functioning of the website

C

A media company uses Amazon Simple Queue Service (SQS) queue to manage their transactions. With changing business needs, the payload size of the messages is increasing. The Team Lead of the project is worried about the 256 KB message size limit that SQS has. What can be done to make the queue accept messages of a larger size? A) Get a service limit increase from AWS B) Use gzip compression C) Use the SQS Extended Client D) Use the Multipart API

C

A telecommunications company that provides internet service for mobile device users maintains over 100 c4.large instances in the us-east-1 region. The EC2 instances run complex algorithms. The manager would like to track CPU utilization of the EC2 instances as frequently as every 10 seconds. Which of the following represents the BEST solution for the given use-case? A) Open a support ticket with AWS B) Simply get it from the CloudWatch Metrics C) Create a high-resolution custom metric and push the data using a script triggered every 10 seconds D) Enable EC2 detailed monitoring

C

How can you ensure that instances launched from an AWS CloudFormation template are correctly registered with a specified ECS cluster? a. Update the security groups on the EC2 instance b. Assign the correct IAM permissions to the EC2 instance c. Update the cluster name Parameter in the file /etc/ecs/ecs.config d. Re-build the ECS agent Docker image

C

A web application hosted on a fleet of EC2 instances managed by an Auto Scaling Group. You are exposing this application through an Application Load Balancer. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18. How do you configure the EC2 instances' security group to ensure only the ALB can access them on port 80? A) Add an Inbound Rule with port 80 and 0.0.0.0/0 as the source B) Add an Inbound Rule with port 80 and 192.168.0.0/18 as the source C) Add an Inbound Rule with port 80 and ALB's Security Group as the source D) Load an SSL certificate on the ALB

C

AWS CLI requires .......................... as its runtime. A) Java B) Golang C) Python D) C#

C

Amazon Aurora supports both .......................... databases. A) MySQL and MariaDB B) Oracle and MariaDB C) MySQL and PostgreSQL D) Oracle and MS SQL Server

C

An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following, EXCEPT: A) Effect B) Principal C) Version D) Action E) Resource

C

An application has the following requirements for a cache engine: avoidance of needless cache updates easy scaling with Auto Discovery Which caching engine and strategy must be used to fulfill these requirements? A) Redis with lazy loading B) Memcached with write-through C) Memcached with lazy loading D) Redis with write-through

C

An organization deployed its static website on Amazon S3. Now, the Developer has a requirement to serve dynamic content using a serverless solution. Which combination of services should be used to implement a serverless application for the dynamic content? (Select TWO) 1. Amazon API Gateway 2. Amazon EC2 3. AWSECS 4. AWS Lambda 5. Amazon kinesis A) 1, 2 B) 2, 5 C) 1, 4 D) 3, 4

C

As a Senior Developer, you manage 10 Amazon EC2 instances that make read-heavy database requests to the Amazon RDS for PostgreSQL. You need to make this architecture resilient for disaster recovery. Which of the following features will help you prepare for database disaster recovery? (Select two) 1. Enable the automated backup feature of Amazon RDS in a multi-AZ deployment that creates backups in a single AWS Region 2. Use database cloning feature of the RDS DB cluster 3. Use RDS Provisioned IOPS (SSD) Storage in place of General Purpose (SSD) Storage 4. Use cross-Region Read Replicas 5. Enable the automated backup feature of Amazon RDS in a multi-AZ deployment that creates backups across multiple Regions A) 2, 3 B) 3, 5 C) 1, 4 D) 2, 4

C

As a developer, you have enabled server logging on an S3 bucket. You have a simple static web page with CSS pages uploaded to the bucket which is 1 MB in total size. After a duration of 2 weeks, you come back and see that the size of the bucket has increased to 50MB. Which of the following could be a reason for this? A. You have enabled CRR on the bucket as well. That is why the space is being consumed. B. You have enabled Encryption on the bucket as well. That is why the space is being consumed. C. Server access logs are configured to be delivered to the same bucket as the source bucket. D. Monitoring has been enabled for the bucket.

C

Can the size of a message body string for the SQS SendMessage operation be greater than 256 KB? A) Yes, by default B) Yes, but only with the Extended Client Library for Java C) No, the maximum size is 256 KB D) No, the maximum size is 512 KB

C

Can you launch an EC2 instance using an AMI in a different AWS Region? A) Yes, but you need to modify the AMI to work in the new Region B) Yes, but you need to create a new AMI in the new Region C) No, you can't launch an EC2 instance using an AMI in another Region D) No, but you can create a copy of the AMI in the new Region and then use it

C

Can you use the AWS CLI update-project command to specify a different source location for a build project in AWS CodeBuild? A. Yes, but only if you have access to the project. B. No, you cannot use the update-project command. C. Yes, by setting the buildspec value to the path to the alternate build spec file relative to the value of the CODEBUILD_SRC_DIR environment variable. D. No, you need to use the start-build command.

C

Cognito User Pools can be used to provide which of the following? a) temporary AWS credentials b) User management c) both a and b d) None of the above

C

How are configuration files executed in Elastic Beanstalk? A. In random order B. In order of creation C. Alphabetically D. In order of last modification

C

How are configuration options set for an environment in Elastic Beanstalk? A) Only through the Elastic Beanstalk console B) Only through the EB CLI C) Through the Elastic Beanstalk console, EB CLI, saved configurations, and configuration files D) Through the AWS Management Console only

C

How can Query String Authentication be used to control access to Amazon S3 resources? A) By granting specific permissions to specific users for an individual bucket or object B) By defining rules that apply broadly across all requests to Amazon S3 resources C) By creating a URL to an Amazon S3 object that is only valid for a limited time D) By restricting access to Amazon S3 resources based on the user's IP address

C

How can the X-Ray daemon be granted permission to upload trace data to X-Ray? a. By installing the agent on the EC2 Instance b. By attaching an IAM role to the EC2 Instance c. By using an instance profile d. By configuring the X-Ray service

C

How can you automate the transition of S3 objects between their different tiers? A) AWS Lambda B) CloudWatch Events C) S3 Lifecycle Rules

C

How can you be notified when there's an object uploaded to your S3 bucket? A) S3 Select B) S3 Access Logs C) S3 Event Notifications D) S3 Analytics

C

How can you change the location of a buildspec file in AWS CodeBuild if you don't have access to the project? A) Use the update project command and set the buildspec value to the new path. B) Create a new buildspec.yml file with the new location and use the update-project command. C) Create a new buildspec.yml file with the new location and use the start-build command. D) Create a new buildspec.yml file with the new location and use the update-build command.

C

How can you manage the lifecycle of server access log objects in the S3 bucket? A) By enabling monitoring for the bucket B) By enabling encryption for the bucket C) By setting rules in the Amazon S3 lifecycle configuration D) By enabling cross-region replication for the bucket

C

To meet compliance guidelines, a company needs to ensure replication of any data stored in its S3 buckets. Which of the following characteristics are correct while configuring an S3 bucket for replication? (Select two) 1. Once replication is enabled on a bucket, all old and new objects will be replicated 2. Same-Region Replication (SRR) and Cross-Region Replication (CRR) can be configured at the S3 bucket level, a shared prefix level, or an object level using S3 object tags 3. Replicated objects do not retain metadata 4. Object tags cannot be replicated across AWS Regions using Cross-Region Replication 5. S3 lifecycle actions are not replicated with S3 replication A) 1, 3 B) 2, 4 C) 2, 5 D) 3, 4

C

To reduce response time for read workloads from milliseconds to microseconds, which of the following options should be considered for DynamoDB? A. ElastiCache B. Global Tables C. DynamoDB Accelerator D. Higher throughput for tables

C

What HTTP method is used to make a partial update on an existing resource? A) GET B) PUT C) PATCH D) POST

C

What HTTP response code is returned if the GET API request is not correctly formed? A) 200 (OK) B) 201 (Created) C) 400 (Bad Request) D) 404 (Not Found)

C

What can be done with Kinesis Data Streams? A) Store and retrieve data in a NoSQL database B) Analyze large datasets using SQL queries C) Process streaming data in real-time D) Backup and archive data in the cloud

C

What can cause an S3 bucket to accumulate many server log objects? a) Enabling cross-region replication on the bucket. b) Enabling encryption on the bucket. c) Configuring server access logs to be delivered to the same bucket as the source bucket. d) Enabling monitoring for the bucket.

C

What determines the value used if the same option is set in multiple locations? A) The Elastic Beanstalk console B) The EB CLI C) The order of precedence D) The AWS Management Console

C

What does a 400 series error indicate? A. An internal server error B. A bad gateway error C. An error that needs to be handled in the developer's application D. A successful response

C

What does the docker push command do? A) Lists running Docker containers B) Builds a Docker image from a Dockerfile C) Pushes a Docker image to a registry D) Launches a Docker container

C

What happens if a user has conflicting policies? A) The user will be denied access B) The policies will be evaluated based on the order in which they are attached to the user C) The user account becomes invalid D) The user will be allowed access

C

What happens if an Auto Scaling Group reaches its maximum capacity during a scale-out event? a. The group stops adding new instances and returns an error message to the user b. The group continues to add new instances, regardless of the maximum capacity setting c. The group adds new instances until it reaches the maximum capacity, then stops adding new instances d. None of the above

C

What happens if there is an explicit deny statement in an IAM policy? A) The user will be allowed access B) The policies will be evaluated based on the order in which they are attached to the user C) The user will be denied access D) The user account becomes invalid

C

What happens when you upload a new version of an application with Elastic Beanstalk? a) A new environment is created b) A new application is created c) A new application version is created d) None of the above

C

What is AWS Lambda? A) A fully managed NoSQL database service B) A visual workflow service for building distributed applications C) A serverless computing platform D) An event-driven service for real-time processing of streaming data at scale

C

What is Amazon API Gateway used for? A. Streaming real-time data B. Hosting containers C. Creating, publishing, maintaining, monitoring, and securing APIs D. None of the above

C

What is Amazon CloudFront? A) A web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud B) A feature that enables fast, easy, and secure transfers of files over long distances between a client and an S3 bucket C) A service that gives businesses and web application developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds D) A Memcached-compatible in-memory key-value store service that can be used as a cache or a data store

C

What is Amazon CloudFront? A) An object storage service offering industry-leading scalability, data availability, security, and performance B) A fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale C) A CDN that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds D) A web service that helps you reliably process and move data between different AWS compute and storage services

C

What is Amazon EKS? A) A fully managed container orchestration service B) A fully managed Docker image registry C) A fully managed service for deploying, managing, and scaling containerized applications using Kubernetes on AWS D) A fully managed message queuing service

C

What is Amazon ElastiCache Memcached? A) A cloud-based data warehousing solution B) A NoSQL database C) A key-value store with no persistence D) A distributed file system

C

What is Amazon ElastiCache Redis? A) A cloud-based data warehousing solution B) A NoSQL database C) A key-value store with persistence D) A distributed file system

C

What is Amazon EventBridge used for? A) Running code in response to events B) Maintaining and securing APIs at any scale C) Providing real-time access to changes in data in AWS services D) A serverless, pay-as-you-go compute engine to focus on building applications without managing servers

C

What is Amazon Kinesis Data Streams used for? a) Storing messages as they travel between computers b) Loading streaming data into data stores and analytics tools c) A massively scalable and durable real-time data streaming service d) Discovering, preparing, and combining data for analytics

C

What is the correct method to specify a different source location for a build project in AWS CodeBuild when you have access to run the build but no access to the project? A. Issue the update project command and specify the new location of the build. B. Specify the new location of the build in a new buildspec.yml file and issue the update- project command. C. Specify the new location of the build in a new buildspec.yml file and use the start-build command. D. Specify the new location of the build in a new buildspec.yml file and use the update-build command.

C

What is the default TTL value for API caching in Amazon API Gateway? a) 0 seconds b) 3600 seconds c) 300 seconds d) None of the above

C

What is the default storage limit for Amazon Kinesis Data Streams? A. 365 days B. 7 days C. 24 hours D. A few hours

C

What is the disadvantage of using an EC2 Instance Store for database storage? A) Limited IOPS performance B) High cost C) Data loss if the EC2 instance is stopped D) Low-latency storage

C

What is the ideal operation for objects 5 GB or less in size? A. Multipart upload API B. AWS Direct Connect C. Single PUT operation D. AWS Redshift

C

What is the lazy loading caching strategy? A) A caching strategy that updates the cache whenever data is written to the database B) A caching strategy that always loads data from the database and never uses the cache C) A caching strategy that updates the cache only when necessary D) A caching strategy that updates the cache at regular intervals

C

What is the main benefit of using an Amazon Cognito user pool? A) It provides a custom authorization scheme that uses a bearer token authentication strategy B) It allows you to create security rules that protect your web applications C) It allows you to fully manage the user registration and authentication process D) It allows you to sign requests with an access key

C

What is the main focus of the develop phase? A. Determining the scope of the problem B. Creating a design specification C. Developing and installing new components D. Delivering the software product to the customer

C

What is the main purpose of AWS Lambda? A) A serverless, pay-as-you-go compute engine to focus on building applications without managing servers B) Maintaining and securing APIs at any scale C) Running code in response to events D) Providing real-time access to changes in data in AWS services

C

What is the main purpose of using Amazon CloudFront with S3? A) To improve the security of the website B) To improve the speed of data transfer between the client and S3 C) To improve the performance of the website D) To improve the latency of databases

C

What is the main purpose of using Cognito User Pools for a mobile application? a) To manage user registration and authentication b) To provide temporary AWS credentials to access the API Gateway c) Both a and b d) None of the above

C

What is the maximum duration for which records can be stored in Amazon Kinesis Data Streams? A) 7 days B) 24 hours C) 365 days D) 30 days

C

What is the maximum number of Read Replicas you can add in an ElastiCache Redis Cluster with Cluster-Mode Disabled? A) 3 B) 4 C) 5

C

What is the minimum size of the message body string for the SQS SendMessage operation? A) 256 KB B) 512 KB C) 1 character D) 1 byte

C

What is the most cost-effective solution for processing web application log data in real-time? A. CloudWatch Logs B. Amazon S3 bucket with post-processing application C. Amazon Kinesis data stream D. Amazon RDS MySQL cluster

C

What is the name of the database service provided by AWS that supports MySQL, PostgreSQL, MariaDB, Oracle, MS SQL Server, and Amazon Aurora? a. S3 b. EC2 c. RDS d. DynamoDB

C

What is the order of precedence for configuration options during environment creation? A) Default values, saved configurations, direct environment settings, configuration files B) Configuration files, saved configurations, direct environment settings, default values C) Direct environment settings, saved configurations, configuration files, default values D) Default values, configuration files, saved configurations, direct environment settings

C

What is the outcome when an IAM user tries to access an EC2 instance with conflicting policies? A) The user will be allowed access B) The policies will be evaluated based on the order in which they are attached to the user C) The user will be denied access D) The user account becomes invalid

C

What is the primary purpose of using Read Replicas in RDS? a. To improve the durability of your database. b. To improve the availability of your database. c. To improve the scalability of your database.

C

What is the purpose of AWS SWF? A) To store logs for AWS Lambda functions B) To assess, audit, and evaluate the configurations of AWS resources C) To build, run, and scale background jobs D) To model, provision, and manage AWS and third-party resources

C

What is the purpose of Amazon Kinesis Client Library (KCL)? A. To load streaming data into data stores and analytics tools B. To build SQL queries and sophisticated Java applications C. To deliver all records for a given partition key to the same record processor D. To decouple and scale microservices, distributed systems, and serverless applications

C

What is the purpose of a Route 53 Health Check? a. To determine the geographic location of incoming traffic to a web application. b. To evaluate the latency between users and AWS Regions to minimize response time. c. To monitor the status of resources associated with a DNS name.

C

What is the purpose of caching in a web application? a. To store user credentials and personal information. b. To provide a backup copy of the application in case of a system failure. c. To improve the performance of the application by reducing database queries and response times.

C

What is the purpose of environment variables in AWS Lambda? A) To store information about the function and invocation request B) To make sensitive information such as database table names available to the code C) Both A and B D) None of the above

C

You company runs business logic on smaller software components that perform various functions. Some functions process information in a few seconds while others seem to take a long time to complete. Your manager asked you to decouple components that take a long time to ensure software applications stay responsive under load. You decide to configure Amazon Simple Queue Service (SQS) to work with your Elastic Beanstalk configuration. Which of the following Elastic Beanstalk environment should you choose to meet this requirement? A) Load-balancing, Autoscaling environment B) Single Instance with Elastic IP C) Dedicated worker environment D) Single Instance Worker node

C

You have a 25 GB file that you're trying to upload to S3 but you're getting errors. What is a possible solution for this? A) The file size limit on S3 is 5 GB B) Update your bucket policy to allow the larger file C) Use Multi-Part upload when uploading files larger than 5GB D) Encrypt the file

C

You have a browser application hosted on Amazon S3. It is making requests to an AWS lambda function. Every time the lambda function is called you lose the session data on the lambda function. What is the best way to store the data used across multiple lambda functions. A) Store in lambda function localstorage B) Use AWS SQS C) Use Amazon Dynamodb D) Use an Amazon Kinesis data stream

C

You have a fleet of EC2 instances distributes across AZs that process a large data set. What do you recommend to make the same data to be accessible as an NFS drive to all of your EC2 instances? A) Use an Instance Store B) Use EBS C) Use EFS

C

You have a workflow process that pulls code from AWS CodeCommit and deploys to EC2 instances associated with tag group ProdBuilders. You would like to configure the instances to archive no more than two application revisions to conserve disk space. Which of the following will allow you to implement this? A) AWS CloudWatch Log Agent B) Integrate with AWS CodePipeline C) CodeDeploy Agent D) Have a load balancer in front of your instances

C

You have an Application Load Balancer that is configured to redirect traffic to 3 Target Groups based on the following hostnames: users.example.com, api.external.example.com, and checkout.example.com. You would like to configure HTTPS for each of these hostnames. How do you configure the ALB to make this work? A) Use an HTTP to HTTPS redirect rule B) Use a security group SSL certificate C) Use Server Name Indication (SNI)

C

You have an Auto Scaling Group fronted by an Application Load Balancer. You have configured the ASG to use ALB Health Checks, then one EC2 instance has just been reported unhealthy. What will happen to the EC2 instance? A) The ASG will keep the instance running and re-start the application B) The ASG will detach the EC2 instance and leave it running C) The ASG will terminate the EC2 instance

C

You have an ELB with multiple EC2 instances registered. One of the instances is unhealthy and not receiving traffic. After the instance becomes healthy again you will need to: A) Change the private IP address of the instance and register with ELB B) Change the public IP address of the instance and register with ELB C) Do nothing, the ELB will automatically direct traffic to the instance when it becomes healthy. D) None of the above

C

You have an application running on an EC2 instance inside a VPC that requires access to Amazon S3. What is the best solution? A) Use AWS configure SDK command in your application to pass credentials via application code. B) Create an IAM role for the EC2 instance C) Create a VPC S3 endpoint D) None of the above

C

You have an application that is polling an SQS queue continuously and wasting resources when the queue is empty. What can you do to reduce the resource overhead? A) Implement a load balancer B) Implement a load balancer and autoscaling group of EC2 instances C) Implement a load balancer, autoscaling group of EC2 instances linked to a queue length CloudWatch alarm D) Increase ReceiveMessageWaitTimeSeconds E) Increase queue visibility Timeout F) None of the above

C

You have attached an Internet Gateway to your VPC, but your EC2 instances still don't have access to the internet. What is NOT a possible issue? A) Route Tables are missing entries B) The EC2 instances don't have public IPs C) The Security Group does not allow traffic in D) The NACL does not allow network traffic out

C

You have created a NodeJS Lambda function that requires access to multiple third party packages and libraries. The function integrates with other AWS serverless services. You would like to deploy this application and be able to rollback any deployments that are not successful. A) Create a zip file containing your code and libraries. Upload the deployment package using the AWS CLI/SDKs CreateFunction. B) Create a zip file containing your code and libraries. Upload the deployment package using the Lambda console. C) Create a zip file containing your code and libraries. Upload the deployment package using the Lambda console or AWS CLI/SDKs CreateFunction. D) Create a zip file containing your code and libraries. Upload the deployment package using the Serverless application model (SAM) console.

C

You have created a lambda function to insert information to an RDS database over 20 times per minute. You are finding that the execution time is excessive. How can you improve the performance? A) increase the compute capacity of the lambda function to enable more concurrent connections B) increase the memory of the lambda function to enable more concurrent connections C) increase the size of the rds instance D) implement elasticache in front of the database.

C

You have created an IAM role with the required IAM permissions to make API calls to get sensitive files stored in an S3 bucket. You have attached the newly created IAM role to an EC2 instance and you want to test whether you can download these files from inside the EC2 instance. What should you do to make your tests without changing the parameters' values as they're critical? A) Use IAM Policy Simulator OR the Instance Metadata B) Use --dry-run AWS CLI option OR the Instance Metadata C) Use IAM Policy Simulator OR the --dry-run AWS CLI option

C

You have created an alias in IAM for your company called super-duper-co. What will be the login address for your IAM users? A) https://super-duper-co.iam.aws.amazon.com/console/ B) https://super-duper-co.aws.iam.amazon.com/console/ C) https://super-duper-co.signin.aws.amazon.com/console/ D) None of the above

C

You're planning for a new solution that requires a MySQL database that must be available even in case of a disaster in one of the Availability Zones. What should you use? A) Create Read Replicas B) Enable Encryption C) Enable Multi-AZ

C

You have deployed a traditional 3-tier web application architecture with a Classic Load Balancer, an Auto Scaling group, and an Amazon Relational Database Service (RDS) database. Users are reporting that they have to re-authenticate into the website often. Which of the following represents a scalable solution to make the application tier stateless and outsource the session information? A) Use Elastic IP B) Enable Load Balancer stickiness C) Add an ElastiCache Cluster D) Enable RDS read replicas

C

You have enabled server side encryption on an S3 bucket. How do you decrypt objects? A) The key will be located in the KMS B) The key can be accessed from the IAM console. C) S3 automatically decrypts objects when you download them. D) None of the above

C

You have enabled versioning and want to be extra careful when it comes to deleting files on an S3 bucket. What should you enable to prevent accidental permanent deletions? A) Use a bucket policy B) Encrypt the files C) Enable MFA Delete D) Disable versioning

C

You have given S3 bucket access to another AWS account. You are trying to change an object's permissions but can't. What do you need to do? A) Change the bucket ACL to public B) Change the bucket policy to public C) Ask the object owner to change permissions D) None of the above

C

You have implemented server access logging on an S3 bucket. Your source and target buckets are the same. You are finding that your logs are significantly more than the actual objects being uploaded. What is happening? A) You have enabled S3 replication on the log entries. B) You did not select compression on the S3 logs. C) S3 is creating growing logs of logs. D) You did not select compression on the S3 lifecycle policy

C

You have just terminated an EC2 instance in us-east-1a, and its attached EBS volume is now available. Your teammate tries to attach it to an EC2 instance in us-east-1b but he can't. What is a possible cause for this? A) He's missing IAM permissions B) EBS volumes are locked to an AWS Region C) EBS volumes are locked to an Availability Zone

C

You have provisioned an 8TB gp2 EBS volume and you are running out of IOPS. What is NOT a way to increase performance? A) Mount EBS volumes in RAID 0 B) Change to an io1 volume type C) Increase the EBS volume size

C

You have purchased a domain on GoDaddy and would like to use Route 53 as the DNS Service Provider. What should you do to make this work? A) Request for a domain transfer B) Create a Private Hosted Zone and update the 3rd party Registrar NS records C) Create a Public Hosted Zone and update the 3rd party Registrar NS records D) Create a Public Hosted Zone and update the Route 53 NS records

C

You have updated a Route 53 Record's myapp.mydomain.com value to point to a new Elastic Load Balancer, but it looks like users are still redirected to the old ELB. What is a possible cause for this behavior? A) Because of the Alias record B) Because of the CNAME record C) Because of the TTL D) Because of Route 53 Health Checks

C

You have updated an S3 bucket policy to allow IAM users to read/write files in the S3 bucket, but one of the users complain that he can't perform a PutObject API call. What is a possible cause for this? A) The S3 bucket policy must be wrong B) The user is lacking permissions C) The IAM user must have an explicit DENY in the attached IAM Policy D) You need to contact AWS Support to lift this limit

C

You hosted an application on a set of EC2 instances fronted by an Elastic Load Balancer. A week later, users begin complaining that sometimes the application just doesn't work. You investigate the issue and found that some EC2 instances crash from time to time. What should you do to protect users from connecting to the EC2 instances that are crashing? A) Enable ELB Stickiness B) Enable SSL Termination C) Enable ELB Health Checks D) Enable Cross-Zone Load Balancing

C

You suspect that some of your employees try to access files in an S3 bucket that they don't have access to. How can you verify this is indeed the case without them noticing? A) Restrict their IAM policies and look at CloudTrail logs B) Use a bucket policy C) Enable S3 Access Logs and analyze them using Athena

C

You want to create a custom application-based cookie in your Application Load Balancer. Which of the following you can use as a cookie name? A) AWSALBAPP B) AWSALBTG C) APPUSERC D) AWSALB

C

You want to increase the IOPS performance of your EBS volume. Which of the following options should you consider? 1. Increase the EBS volume size 2. Change the EC2 instance type 3. Mount EBS volumes in RAID 0 4. Change to an gp2 volume type A) 1, 2 B) 2, 4 C) 3, 4 D) 2, 3

C

You would like to create a disaster recovery strategy for your RDS PostgreSQL database so that in case of a regional outage the database can be quickly made available for both read and write workloads in another AWS Region. The DR database must be highly available. What do you recommend? A) Create a Read Replica in the same region and enable Multi-AZ on the main database B) Create a Read Replica in the same region and enable Multi-AZ on the Read Replica C) Create a Read Replica in a different region and enable Multi-AZ on the Read Replica D) Enable Multi-Region option on the main database

C

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose? A) Storage Optimized B) Memory Optimized C) Compute Optimized D) General Purpose

C

You're developing an application that is going to bo hosted in AWS Lambda. The function will make calls to a database. A requirement is that all database connection strings should be kept secure. Which of the following is the MOST secure way to implement this? A. Put the connection strings values in a CloudFormation template. B. Put the database connection string in the app.json file and store it in a Git repository. C. Lambda needs to reference the AWS Systems Manager Parameter Store for the encrypted database connection string. D. Place the database connection string in the AWS Lambda function itself since all Lambda functions are encrypted at rest.

C

You're hosting a dynamic website fronted by an ElastiCache Cluster. You have been instructed to keep latency to a minimum for all read requests for every user. Also, writes can take longer to happen. Which caching strategy do you recommend? A) Cache Aside B) Time-To-Live (TTL) C) Write Through

C

Your application running on a fleet of EC2 instances managed by an Auto Scaling Group behind an Application Load Balancer. Users have to constantly log back in and you don't want to enable Sticky Sessions on your ALB as you fear it will overload some EC2 instances. What should you do? A) Use your own custom Load Balancer on EC2 instances instead of using ALB B) Store session data in RDS C) Store session data in ElastiCache D) Store session data in a shared EBS volume

C

Your client wants to make sure that file encryption is happening in S3, but he wants to fully manage the encryption keys and never store them in AWS. You recommend him to use ............................. A) SSE-S3 B) SSE-KMS C) SSE-C D) Client-Side Encryption

C

Your company hosts a static website on Amazon Simple Storage Service (S3) written in HTML5. The website targets aviation enthusiasts and it has grown a worldwide audience with hundreds of thousands of visitors accessing the website now on a monthly basis. While users in the United States have a great user experience, users from other parts of the world are experiencing slow responses and lag. Which service can mitigate this issue? A) Use Amazon S3 Transfer Acceleration B) Use Amazon S3 Caching C) Use Amazon CloudFront D) Use Amazon ElastiCache for Redis

C

Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real-time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements. A. Publish your data to CloudWatch Logs, and configure your application to Autoscale to handle the load on demand. B. Publish your log data to an Amazon S3 bucket. Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is configured to pull down your log files stored an Amazon S3. C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is configured to process your logging data. D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.

C

Your development team is planning on working with Amazon Step Functions. Which of the following is a recommended practice when working with activity workers and tasks in Step Functions? Choose 2 answers from the options given below. 1. Ensure to specify a timeout in state machine definitions. 2. We can use only 1 transition per state. 3. If you are passing larger payloads between states, consider using the Simple Storage Service. 4. If you are passing larger payloads between states, consider using EBS volumes. A) 1, 2 B) 2, 3 C) 1, 3 D) 3, 4

C

Your team has currently developed an application using Docker containers. As the development lead, you now need to host this application in AWS. You also need to ensure that the AWS service has orchestration services built-in. Which of the following can be used for this purpose? A. Consider building a Kubernetes cluster on EC2 Instances. B. Consider building a Kubernetes cluster on your on-premise infrastructure. C. Consider using the Elastic Container Service. D. Consider using the Simple Storage service to store your docker containers.

C

Your team lead has finished creating a build project in the console using AWS CodeBuild. You have access to run the build but no access to the project. You want to specify a different source location for the build. How can you achieve this? A. Issue the update project command and specify the new location of the build. B. Specify the new location of the build in a new buildspec.yml file and issue the update- project command. C. Specify the new location of the build in a new buildspec.yml file and use the start-build command. D. Specify the new location of the build in a new buildspec.yml file and use the update-build command.

C

Cross-origin resource sharing (___________) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With ____________support in Amazon S3, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

CORS

What values does AWS STS return to the identity broker when a new token is requested? A) Access key and secret access key B) Session token and duration C) Access key, secret access key, and duration D) Access key, secret access key, session token, and duration

D

A company uses Amazon RDS as its database. For improved user experience, it has been decided that a highly reliable fully-managed caching layer has to be configured in front of RDS. Which of the following is the right choice, keeping in mind that cache content regeneration is a costly activity? A) Migrate the database to Amazon Redshift B) Implement Amazon ElastiCache Memcached C) Install Redis on an Amazon EC2 instance D) Implement Amazon ElastiCache Redis in Cluster Mode

D

A company using Docker containers to run their application on-prem wants to reduce the need to operate their own containers. The lead DevOps engineer has been tasked with migrating the company's Docker containers to AWS. Which service can the DevOps engineer use to store, manage, and deploy Docker images on AWS? A) Amazon Simple Queue Service (SQS) B) Amazon EKS C) Amazon ECS D) Amazon ECR

D

A company wants to use AWS Auto Scaling for its application using EC2 instances and a DynamoDB table. How can the developer manage access to DynamoDB when new instances are created when auto scaling kicks off? A) Create an IAM role with the right access permissions and configure the role to the instances launched in the Auto Scaling group. B) Hard code the IAM access keys in the application. C) Add IAM access keys to the environment variables of the EC2 instance. D) Create an IAM role with the right access permissions and configure the role in the launch template of the Auto Scaling group.

D

A company with remote offices in different countries uses a centralized S3 bucket for data backup. Each branch does multiple uploads to the S3 bucket daily. Recently, the rate of uploads has slowed. Which service can the company use to speed up data exchange between the remote offices and the central S3 bucket? A) Amazon ElastiCache for Memcached B) Amazon CloudFront C) Amazon ElastiCache for Redis D) S3 Transfer Acceleration

D

A data analyst is working with a music table with the following attributes: Artist (partition key), SongTitle (sort key), AlbumTitle, Price, Genre, and CriticRating. How can the analyst query the data by artist and genre? A) Use a composite primary key. B) Use a Scan operation on the base table. C) Create a global secondary index (GSI) from the base table. D) Create a local secondary index (LSI) from the base music table

D

A developer has X-Ray for code running in an EC2 instance, and no data about the application is seen in the X-Ray console. What can be causing this problem? A) The EC2 instance has no public IP address. B) The EC2 instance is not memory optimized. C) The developer does not have permissions to write to X-Ray. D) The X-Ray daemon is not running on the instance.

D

A developer is running Docker command line interface (CLI) commands from a bash terminal to manage Docker images and containers. Which CLI command can the developer use to launch a container from a Docker image? A) docker push B) docker build C) docker ps D) docker run

D

A developer is writing code that will check the HTTP response code and retry in case of a server-side error. Which HTTP series error code designates that a retry should be attempted? A) 200 B) 300 C) 400 D) 500

D

A developer makes an API request to the Amazon S3 service in the process of testing an application. The S3 service performs the request and returns a response that includes an HTTP 404 error code. Where should the developer handle the error? A) The Amazon S3 console B) The AWS internal server C) The proxy server D) The developer's application

D

A developer needs to be given access to multiple S3 buckets without assigning direct access to each bucket. Which feature should be used? A) AWS Certificate Manager (ACM) certificate B) Resource-based policy C) Instance profile D) IAM role

D

A developer tries to upload a 17 GB object to Amazon S3. The upload failed and the developer received an error message that said, "Your proposed upload exceeds the maximum allowed size." How should the developer upload the object? A) Use Amazon Redshift instead. B) Retry the upload with a single PUT operation. C) Upload the object over an AWS Direct Connect connection. D) Use the multipart upload API.

D

A developer wants to build APIs for a web-based chat application for users to interact with their support team in real time. What should the developer choose for this use case? A) AWS Lambda B) AWS RESTful APIs C) AWS Software Development Kit (SDK) D) AWS WebSocket APIs

D

A developer would like to process an image whenever a new image is uploaded to an S3 bucket. On which event should the Lambda function be triggered to process the image? A) DELETE B) GET C) POST D) Object Create (All) event

D

A development team has created a new IAM user that has s3:putObject permission to write to an S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. Using the access key ID and the secret access key of the IAM user, the application received an access denied error when calling the PutObject API. As a Developer Associate, how would you resolve this issue? A) Correct the ACL of the S3 bucket to allow the IAM user to upload encrypted objects B) Correct the bucket policy of the S3 bucket to allow the IAM user to upload encrypted objects C) Correct the policy of the IAM user to allow the s3:Encrypt action D) Correct the policy of the IAM user to allow the kms:GenerateDataKey action

D

A healthcare company wants to migrate critical patient data to AWS. Top management wants the data to be encrypted before it is sent to Amazon S3 for storage. They also agree that the company's security team should maintain and manage the encryption keys. Which encryption method can be used in this scenario to protect the client data at rest? A) Implement server-side encryption using customer-provided encryption keys. B) Implement client-side encryption using Amazon S3 managed keys. C) Implement server-side encryption by using a client-side master key. D) Implement client-side encryption using an AWS Key Management Service (KMS) managed customer master key (CMK).

D

An IT company has its serverless stack integrated with AWS X-Ray. The developer at the company has noticed a high volume of data going into X-Ray and the AWS monthly usage charges have skyrocketed as a result. The developer has requested changes to mitigate the issue. As a Developer Associate, which of the following solutions would you recommend to obtain tracing trends while reducing costs with minimal disruption? A) Implement a network sampling rule B) Custom configuration for the X-Ray agents C) Use Filter Expressions in the X-Ray console D) Enable X-Ray sampling

D

A large firm stores its static data assets on Amazon S3 buckets. Each service line of the firm has its own AWS account. For a business use case, the Finance department needs to give access to their S3 bucket's data to the Human Resources department. Which of the below options is NOT feasible for cross-account access of S3 bucket objects? A) Use Resource-based policies and AWS Identity and Access Management (IAM) policies for programmatic-only access to S3 bucket objects B) Use Cross-account IAM roles for programmatic and console access to S3 bucket objects C) Use Access Control List (ACL) and IAM policies for programmatic-only access to S3 bucket objects D) Use IAM roles and resource-based policies delegate access across accounts within different partitions via programmatic access only

D

A leading financial services company offers data aggregation services for Wall Street trading firms. The company bills its clients based on per unit of clickstream data provided to the clients. As the company operates in a regulated industry, it needs to have the same ordered clickstream data available for auditing within a window of 7 days. As a Developer Associate, which of the following AWS services do you think provides the ability to run the billing process and auditing process on the given clickstream data in the same order? A) AWS Kinesis Data Analytics B) AWS Kinesis Data Firehose C) Amazon SQS D) AWS Kinesis Data Streams

D

A mobile gaming company is experiencing heavy read traffic to its Amazon Relational Database Service (RDS) database that retrieves player's scores and stats. The company is using RDS database instance type db.m5.12xlarge, which is not cost-effective for their budget. They would like to implement a strategy to deal with the high volume of read traffic, reduce latency, and also downsize the instance size to cut costs. As a Developer, which of the following solutions do you recommend? A) Setup RDS Read Replicas B) Move to Amazon Redshift C) Switch application code to AWS Lambda for better performance D) Setup ElastiCache in front of RDS

D

A security monitoring company wants to process clickstream data from the security camera feeds from thousands of customers. Which AWS service can be used for this use case? A) AWS Lambda B) AWS Simple Storage Service (S3) C) AWS DynamoDB D) AWS Kinesis

D

A social media application that manages millions of user profiles is experiencing a page load delay. As more users visit the system at the same time, each web page viewed also loads the user profile from the database. Which caching strategy can be used to cache user profiles to reduce the database load? A) Install RDS database on an Amazon EC2 Instance to cache user profile data. Use a write-through caching strategy. B) Install RDS database on an Amazon EC2 Instance to cache user profile data. Use a write-through caching strategy. C) Use Amazon ElastiCache cluster to cache user profile data. Use a write-through caching strategy. D) Use Amazon ElastiCache cluster to cache user profile data. Use lazy loading caching strategy.

D

A software development company is migrating their operations to AWS. The developers want to be able to collaborate with one another in the development environment and need a browser-based integrated development environment (IDE) that will enable them to see each other type in real time and instantly chat with one another from within the IDE. Which AWS service meets this requirement? A) AWS Command Line Interface (CLI) B) AWS Software Development Kit (SDK) C) AWS Serverless Application Model (AWS SAM) Local D) Cloud9

D

A software industry wants to implement the systems development lifecycle (SDLC) framework for designing, developing, and delivering high-quality software. At which phase of the SDLC is the new system developed and new components obtained and installed? A) Deploy phase B) Plan phase C) Design phase D) Develop phase

D

A team is checking the viability of using AWS Step Functions for creating a banking workflow for loan approvals. The web application will also have human approval as one of the steps in the workflow. As a developer associate, which of the following would you identify as the key characteristics for AWS Step Function? (Select two) 1. You should use Express Workflows for workloads with high event rates and short duration 2. Standard Workflows on AWS Step Functions are suitable for long-running, durable, and auditable workflows that do not support any human approval steps 3. Express Workflows have a maximum duration of five minutes and Standard workflows have a maximum duration of 180 days or 6 months 4. Standard Workflows on AWS Step Functions are suitable for long-running, durable, and auditable workflows that can also support any human approval steps 5. Both Standard and Express Workflows support all service integrations, activities, and design patterns A) 1, 3 B) 2, 4 C) 3, 5 D) 1, 4

D

A user requested a resource on the server using the HTTP GET API. Which HTTP response code indicates that the request was successfully handled? A) HTTP response code 404 B) HTTP response code 201 C) HTTP response code 400 D) HTTP response code 200

D

A web-based application selling toys has become popular and the developer wants to allow third-party sellers to list items from its site by exposing APIs. Which AWS service can help the developer develop, publish, automate, and easily manage access to APIs? A) AWS EventBridge B) AWS Lambda C) AWS Fargate D) AWS API Gateway

D

AWS CLI and AWS SDKs sign API requests for you using your AWS access key. If you're writing your custom code, you must sign AWS API requests using ......................... A) Signature Version 1 (SigV1) B) Signature Version 2 (SigV2) C) Signature Version 3 (SigV3) D) Signature Version 4 (SigV4)

D

AWS CloudFormation helps model and provision all the cloud infrastructure resources needed for your business. Which of the following services rely on CloudFormation to provision resources (Select two)? 1. AWS Autoscaling 2. AWS Elastic Beanstalk 3. AWS Serverless Application Model (AWS SAM) 4. AWS CodeBuild 5. AWS Lambda A) 1, 2 B) 2, 4 C) 4, 5 D) 2, 3

D

According to the AWS Shared Responsibility Model, which of the following is AWS responsibility? A) Rotate Access Key for IAM Users B) Enable MFA for the root account and all IAM Users C) IAM Users, User Groups, and IAM Policies D) AWS Infrastructure

D

An AWS SAM template follows the CloudFormation template format. Which declaration specifies that template is an AWS SAM template? A) Properties B) Resources C) Policies D) Transform

D

What is Boto3? A) An open source command line tool for interacting with Kubernetes infrastructure B) A tool for managing AWS services C) A command line utility for creating and managing Kubernetes clusters on Amazon EKS D) The AWS SDK for Python

D

An IT security team has noticed a sudden spike in traffic and has determined that their VPC subnet is experiencing a DDoS attack from three specific IPs. What is the fastest way of stopping this unwanted traffic to prevent any further damage? A) Update the outbound security group of the EC2 instance to deny access from the identified IPs. B) Update the outbound network access control list (ACL) to deny access to connections originating from the identified IPs. C) Update the inbound security group of the EC2 instance to deny access from the identified IPs. D) Update the inbound network access control list (ACL) to deny access to connections originating from the identified IPs.

D

An application fetches open-source packages from a public package repository. When migrating the application to AWS, these requirements are in place for dependency management: use a fully managed solution have a curated repository as a dependency source Which solution should be used? A) CodePipeline B) CodeGuru C) CodeBuild D) CodeArtifact

D

An application hosted in AWS has been configured to use a DynamoDB table. Several items are written to the DynamoDB table. As a part of an archival strategy, these items will be accessible in a particular time frame, after which they can be archived & deleted. Which of the following is an ideal way to manage the deletion of the stale items? A. Perform a scan on the table for the stale items and issue the Delete operation. B. Create an additional column to store the date. Perform a query for the stale objects and then perform the Delete operation. C. Enable versioning for the items in DynamoDB and delete the last accessed version. D. Enable TTL for the items in DynamoDB.

D

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use? A) Simple Scaling Policy B) Step Scaling Policy C) Scheduled Scaling Policy D Target Tracking Policy

D

An application streams real-time data to Simple Queue Service (SQS). Critical events must be detected to trigger notifications. The developer needs to ensure that the processing does not affect other Lambda functions. Which Lambda feature meets this requirement? A) Provisioned concurrency B) Synchronous notification C) Asynchronous notification D) Reserved concurrency

D

An intern at an IT company is getting started with AWS Cloud and wants to understand the following Amazon S3 bucket access policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "ListAIIS3Buckets", "Effect": "Allow", "Action": ["s3:ListAIIMyBuckets"]( "Resource": "arn:aws:s3:::*" }, { "Sid": "AllowBucketLevelActions", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::*" }, { "Sid": "AIlowBucketObjectActions", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetObjectAcl", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::*/*" }; { "Sid": "RequireMFAForProductionBucket", "Effect": "Deny", "Action": "s3:*", "Resource": [ "arn:aws:s3:::Production/*", "arn:aws:s3:::Production" ], "Condition": { "NumericGreaterThanlfExists": {"aws:MultiFactorAuthAge": "1800"} } } ] } As a Developer Associate, can you help him identify what the policy is for? A) Allows full S3 access to an Amazon Cognito user, but explicitly denies access to the Production bucket if the Cognito user is not authenticated B) Allows a user to manage a single Amazon S3 bucket and denies every other AWS action and resource if the user is not signed in using MFA within last thirty minutes C) Allows IAM users to access their own home directory in Amazon S3, programmatically and in the console D) Allows full S3 access, but explicitly denies access to the Production bucket if the user has not signed in using MFA within the last thirty minutes

D

An organization is moving its on-premises resources to the cloud. Source code will be moved to AWS CodeCommit and AWS CodeBuild will be used for compiling the source code using Apache Maven as a build tool. The organization wants the build environment should allow for scaling and running builds in parallel. Which of the following options should the organization choose for their requirement? A) Run CodeBuild in an Auto Scaling group B) Enable CodeBuild Auto Scaling C) Choose a high-performance instance type for your CodeBuild instances D) CodeBuild scales automatically, the organization does not have to do anything for scaling or for parallel builds

D

Application Load Balancers support the following protocols, EXCEPT: A) HTTP B) HTTPS C) WebSocket D) TCP

D

As part of employee skills upgrade, the developers of your team have been delegated few responsibilities of DevOps engineers. Developers now have full control over modeling the entire software delivery process, from coding to deployment. As the team lead, you are now responsible for any manual approvals needed in the process. Which of the following approaches supports the given workflow? A) Create multiple CodePipelines for each environment and link them using AWS Lambda B) Create deeply integrated AWS CodePipelines for each environment C) Use CodePipeline with Amazon Virtual Private Cloud D) Create one CodePipeline for your entire flow and add a manual approval step

D

Developers are building a serverless AWS Lambda function and would like to make a call to the database. Database string and credentials should be kept secure. What can the developer do to store it securely? A) Developers can store the database string and credentials in an S3 bucket and reference it from the Lambda function. B) Developers can store the database string and credentials in the Lambda function configuration file. C) Developers can hard code the database string and credentials in the Lambda function code. D) Developers can store the database string and credentials in the AWS Systems Manager parameter store and have Lambda function reference the AWS Systems Manager parameter store for the database credentials.

D

How can a cloud engineer fetch a byte-range from an object in S3? A. By using the get-object command B. By using S3 Select C. By using the cp command D. By using the Range HTTP header in a GET Object request

D

How can you apply an S3 bucket policy to an object? A) Use the CLI --grants option B) Use the CLI --policy option C) Use the CLI --permissions option D) None of the above

D

How can you automatically delete the server log objects from the S3 bucket? a) By enabling cross-region replication on the bucket. b) By enabling encryption on the bucket. c) By configuring server access logs to be delivered to a different bucket. d) By setting rules in Amazon S3 lifecycle configuration.

D

What is CodePipeline's default location to store artifacts? A) EC2 B) GitHub C) CodeCommit D) S3

D

What are the key values that AWS STS returns when a new token is being requested by the user that is making the API call? A) AWS STS returns a session token to the identity broker. B) AWS STS returns an access key and a secret access key to the identity broker. C) AWS STS returns a session token and a duration (that is, the token's lifetime) to the identity broker. D) AWS STS returns an access key, a secret access key, a session token, and a duration (i.e., the token's lifetime) to the identity broker.

D

What are the requirements for an application source bundle that you want to deploy in Elastic Beanstalk? A. A single ZIP file or WAR file B. Should not exceed 512 MB C. Should not include a parent folder or top-level directory D. All of the above

D

What command is used to launch a container from a Docker image? A) docker ps B) docker build C) docker push D) docker run

D

What does AWS Cloud9 allow developers to do? A. Write code B. Run code C. Debug code D. All of the above

D

What does Amazon Kinesis Data Streams do to each data record? a) It assigns a unique identifier to each data record. b) It reorders the data records. c) It duplicates the data records. d) It assigns a sequence number to each data record.

D

What does the "s3:*Object" action in an Amazon S3 policy do? A) It allows all Amazon S3 actions that end with the word "Object" B) It allows a specific action related to the "Object" C) It disallows all Amazon S3 actions that end with the word "Object" D) It is a wildcard action and does not have any specific purpose

D

What does the AWS::Serverless::LayerVersion resource type do? A) Embeds applications from Amazon S3 buckets B) Creates a Lambda function C) Creates API Gateway resources and methods D) Creates a Lambda layered function

D

What does the properties section in an AWS SAM template reference? A) The IAM policy for the function B) The parameters used in the template C) The input data for the function D) The .zip file, handler, and runtime to be used

D

What happens if the total size of all environment variables exceeds 4 KB in AWS Lambda? A) The environment variables will be truncated B) The environment variables will be discarded C) The environment variables will not be available to the code D) None of the above

D

What happens to strongly consistent read requests from an application to DynamoDB with a DAX cluster? a. The requests are forwarded to DynamoDB and results are cached. b. The requests are forwarded to DynamoDB and results are stored in Item Cache. c. The requests are forwarded to DynamoDB and results are stored in Query Cache. d. The requests are forwarded to DynamoDB and results are not cached.

D

What happens when an action in AWS CodePipeline fails to complete successfully? A. A rollback will happen at the previous stage. B. The failed action will be attempted again. C. The failed action will be skipped and the next action will start. D. The entire pipeline will stop running.

D

What is AWS Cloud9? A. A cloud-based development environment B. A browser-based code editor C. A collaboration platform for developers D. All of the above

D

What is AWS Cloud9? A. An AWS service for local development and testing B. A unified tool for managing AWS services C. A JavaScript library for accessing AWS services D. A cloud-based IDE

D

What is AWS Fargate used for? A) Running code in response to events B) Maintaining and securing APIs at any scale C) Providing real-time access to changes in data in AWS services D) A serverless, pay-as-you-go compute engine to focus on building applications without managing servers

D

What is AWS Redshift? A. Multipart upload API B. AWS Direct Connect C. Single PUT operation D. Data warehousing solution

D

What is Amazon API Gateway? A) A fully managed NoSQL database service B) A visual workflow service for building distributed applications C) A serverless computing platform D) A fully managed service for creating, publishing, and securing APIs at any scale

D

What is Amazon Data Pipeline? A) An object storage service offering industry-leading scalability, data availability, security, and performance B) A fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale C) A CDN that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds D) A web service that helps you reliably process and move data between different AWS compute and storage services

D

What is Amazon ElastiCache for Memcached? A) A web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud B) A feature that enables fast, easy, and secure transfers of files over long distances between a client and an S3 bucket C) A service that gives businesses and web application developers an easy and cost-effective way to distribute content with low latency and high data transfer speeds D) A Memcached-compatible in-memory key-value store service that can be used as a cache or a data store

D

What is Amazon Kinesis? A) A fully managed NoSQL database service B) A serverless computing platform C) A cloud-based object storage service D) A service for real-time processing of streaming data at scale

D

What is Amazon RDS? A) A caching service that updates the cache whenever data is written to the database B) A caching service that always loads data from the database and never uses the cache C) A distributed in-memory data store service D) A distributed relational database service running in the cloud

D

What is Amazon SQS? A) A fully managed container orchestration service B) A fully managed Docker image registry C) A fully managed service for deploying, managing, and scaling containerized applications using Kubernetes on AWS D) A fully managed message queuing service

D

What is Amazon SWF? A) A fully managed pub/sub messaging service B) A service used to implement data streams C) A service used to implement message queues D) A service used to coordinate work across distributed components

D

What type of API can you create using Amazon API Gateway? a) REST APIs b) SOAP APIs c) GraphQL APIs d) All of the above

D

What is a network ACL in AWS VPC? A) It is a security group used to control traffic in and out of one or more subnets. B) It is a service used to configure domain names and route traffic to the appropriate resources. C) It is a database service that provides fast and predictable performance with seamless scalability. D) It is an optional layer of security that acts as a firewall for controlling traffic in and out of one or more subnets.

D

What is a required field in an AWS Step Functions state? A) OutputPath B) Comment C) InputPath D) Type

D

What is a scaling activity in the context of the Auto Scaling Group? a. An event that occurs when the group launches a new EC2 instance b. An event that occurs when the group terminates an existing EC2 instance c. An event that occurs when the group changes its desired capacity d. All of the above

D

What is an SSL certificate in the context of an Elastic Load Balancer? a. A small piece of data that is sent from the client to the load balancer to identify the client's session b. A type of target group that is used to route traffic to specific EC2 instances c. A protocol used to transfer data between the client and the server d. A digital certificate that authenticates the identity of a website and encrypts sensitive information

D

What is the Amazon Kinesis Client Library (KCL) used for? A) To process data in real-time B) To build SQL queries and sophisticated Java applications C) To load streaming data into data stores D) To simplify the building of multiple applications reading from the same data stream

D

What is the Delete On Termination attribute and how does it affect EBS volumes when terminating an EC2 instance? A) It is an attribute that deletes the EC2 instance on termination B) It is an attribute that deletes all EBS volumes on termination C) It is an attribute that deletes the root volume on termination D) It is an attribute that controls whether an EBS volume is deleted when an EC2 instance is terminated

D

What is the appropriate option for managing user access to your API Gateway? a) Using IAM permissions with sigv4 b) Using API Gateway User Pools c) Using Lambda Authorizer d) Using Cognito User Pools

D

What is the benefit of using AWS Cloud9 instead of a traditional local development environment? A. Real-time collaboration features B. Accessibility from anywhere with just a browser C. No need to install any software D. All of the above

D

What is the default behavior in AWS CodePipeline if an action fails to complete successfully? A. A rollback will happen at the previous stage. B. The failed action will be attempted again. C. The failed action will be skipped and the next action will start. D. The entire pipeline will stop running.

D

What is the maximum IOPS that can be achieved using EBS volumes? A) 100,000 IOPS B) 200,000 IOPS C) 300,000 IOPS D) 500,000 IOPS

D

What is the maximum message size when using the Extended Client Library for Java for the SQS SendMessage operation? A) 256 KB B) 512 KB C) 1 MB D) 2 GB

D

What is the most suitable technology for building real-time APIs for a chat application? A) AWS RESTful APIs B) AWS SDK C) AWS Lambda D) AWS WebSocket APIs

D

What is the name of the environment variable used to specify the path to the alternate build spec file in AWS CodeBuild? A. BUILDCONFIG_SRC_DIR B. BUILDSPEC_SRC_DIR C. CODEBUILD_ALTERNATE_SRC_DIR D. CODEBUILD_SRC_DIR

D

What is the purpose of AWS CloudFormation? A) To store logs for AWS Lambda functions B) To assess, audit, and evaluate the configurations of AWS resources C) To build, run, and scale background jobs D) To model, provision, and manage AWS and third-party resources

D

What is the purpose of an Auto Scaling Group in the context of AWS? a. To ensure that EC2 instances are always running and available to handle requests b. To automatically add or remove EC2 instances based on demand c. To monitor the health of EC2 instances and automatically replace any instances that fail d. All of the above

D

What is the purpose of an OutputPath in an AWS Step Functions state? A) To specify the type of the state B) To provide a human-readable description of the state C) To select a portion of the state's input to be passed to the state's task for processing D) To select a portion of the state's input to be passed to the state's output

D

What is the purpose of the Auto Scaling Group in the context of AWS? a. To ensure that EC2 instances are always running and available to handle requests b. To automatically add or remove EC2 instances based on demand c. To monitor the health of EC2 instances and automatically replace any instances that fail d. All of the above

D

What is the purpose of the Principal attribute in the policy statement? A) To specify the allowed call to the Lambda function B) To indicate the lambda function that Principal is allowed to access C) To specify the AWS account and S3 bucket name D) To specify the service that the policy applies to

D

What is the purpose of using encryption in RDS? a. To improve the durability of the database. b. To provide high availability of the database. c. To improve the scalability of the database. d. To improve the security of the database.

D

What is the required field in an AWS Step Functions state? A) OutputPath B) Comment C) InputPath D) Type

D

What is the role of an Application Load Balancer in an Elastic Container Service (ECS)? A) It is used to create a static host. B) It is used to organize container configurations. C) It is used to create an elastic internet protocol address. D) It is used to facilitate dynamic port forwarding.

D

What makes collaboration easy in AWS Cloud9? A. The ability to share the IDE B. The ability to pair-program C. The ability to chat in real time D. All of the above

D

What service is used to create, publish, maintain, monitor, and secure APIs in AWS? A) AWS EventBridge B) AWS Lambda C) AWS Fargate D) AWS API Gateway

D

What services can be integrated with Amazon API Gateway? a) AWS Lambda b) AWS Identity and Access Management (IAM) c) Amazon Cognito d) All of the above

D

Which of the following is a recommended best practice for storing database credentials in a serverless AWS Lambda function? A) Store database credentials in an S3 bucket and reference it from the Lambda function. B) Store the database credentials in the Lambda function configuration file. C) Hard code the database credentials in the Lambda function code. D) Store the database credentials in the AWS Systems Manager parameter store and have Lambda function reference the parameter store for the database credentials.

D

Which of the following is not a correct option when managing user access to an API Gateway? A) Use Lambda Authorizer B) Use IAM permissions with sigv4 C) Use Cognito User Pools D) Use AWS Web Application Firewall (AWS WAF)

D

Which of the following is not a database engine supported by RDS? a. MySQL b. PostgreSQL c. MariaDB d. MongoDB

D

Which of the following is not a database engine supported by RDS? a. MySQL b. PostgreSQL c. Oracle d. Cassandra

D

Which of the following is true with respect to strongly consistent read requests from an application to a DynamoDB with a DAX cluster? A. All requests are forwarded to DynamoDB & results are cached. B. All requests are forwarded to DynamoDB & results are stored in Item Cache before passing to application. C. All requests are forwarded to DynamoDB & results are stored in Query Cache before passing to application. D. All requests are forwarded to DynamoDB & results are not cached.

D

Which of the following options is not a mechanism for controlling access to Amazon S3 resources? A) IAM policies B) Bucket policies C) Access Control Lists (ACLs) D) AWS CloudFormation

D

Which of the following options provides secure storage for configuration data and secrets management for DynamoDB? A. ElastiCache B. Global Tables C. DynamoDB Accelerator D. AWS Systems Manager Parameter Store

D

Which of the following statement is true regarding replication in both RDS Read Replicas and Multi-AZ? A) Read Replica uses Asynchronous Replication and Multi-AZ uses Asynchronous Replication B) Read Replica uses Synchronous Replication and Multi-AZ uses Asynchronous Replication C) Read Replica uses Synchronous Replication and Multi-AZ uses Synchronous Replication D) Read Replica uses Asynchronous Replication and Multi-AZ uses Synchronous Replication

D

Which of the following statements is true about accessing Amazon RDS databases and Amazon Redshift data warehouses from an AWS Lambda function? a) Access to these resources is not possible from within a VPC b) Access is possible without any additional VPC-specific configuration c) Access is possible with the configuration of NACL IDs d) Access is possible with the configuration of subnet IDs and security group IDs

D

Which operating systems on Amazon EC2 support running the X-Ray daemon? a. Amazon Linux b. Ubuntu c. Windows Server (2012 R2 and newer) d. All of the above

D

Which role is responsible for writing, testing, and fixing the code that makes an application work? A) Network administrator B) Architect C) DevOps D) Developer

D

Which section of a CloudFormation template is used to control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update? A) Parameters B) Resources C) Mappings D) Conditions

D

Which service helps with scaling and availability but does not have any feature that allows you to implement the requirement of archiving a specific number of application revisions? A) AWS CloudWatch Log Agent B) Integrate with AWS CodePipeline C) CodeDeploy Agent D) Have a load balancer in front of your instances

D

Which statement is true when using CloudFront field-level encryption? A) Symmetric encryption is used, and encryption is done at the edge. B) Symmetric encryption is used, and encryption is done at the region. C) Asymmetric encryption is used, and encryption is done at the region. D) Asymmetric encryption is used, and encryption is done at the edge.

D

Which strategy allows Elastic Beanstalk to simultaneously run different versions of the same application? A) Create multiple versions of the application for one configuration B) Configure one compute instance to run different versions of one application C) Create multiple configurations for one version of the application D) Configure different versions of one application to run on multiple compute instances

D

Which type of API integration allows for passing the incoming request from the client to the HTTP endpoint and passing the outgoing response from the HTTP endpoint to the client? A) HTTP B) AWS.PROXY C) MOCK D) HTTP.PROXY

D

While performing EC2 API calls from inside your EC2 instance, you received the following authorization exception: vbguZQlpz4e1h4rtSaXnEfDAFZPii8XvCNW7dLIE4Xy-zE8VcNIeh8tf4DAn1APFw__Nr55bUE0hrS02bg50EimidVBPHH1rtWmhQOtmv5tdUY5VelEAhc5O9OC8h4fYRlegBxfUNrGSCqlH83h_HMyaqC1fQy2G7rNjmFEPcN-pue2NZc9MMZMRdfWbYszMlbkAYlrAmSMmr4F0FE6BWOUxFOCdRnuwwb8OEM9c8RXBK8F91YqgdbW_XvxYBi2_BEI2P-8gFz4LmBkba1UdEylh-WUS95XInC3OU8i3wZZ-xKExGWu1HwoqS9QAqIqm6jmn7wbTK_v9EVv0jMnCzmNxuMHpqmw2Ys3Bu3WdqvAwHxmT5W_XCbGBdtstckPXkeSyNS5hLSNLBjjRgd_I8JfPKTmB79sB_mUBSTlc28z5wjv1UBtxKBLT5GHdHQM8s2dP30cJCObRITmNvJo6Q8zaya1XYpwvCGIQrWF6-xaYQeXFCmMgyfsosIS8bVfpNyzzz2usC1mFJMlwIciissbz10YslH-PQF7Wwvn_6ypipoQVh0z80XglLVYnfbXGFv330ZyviBQnttklCecIK56OMcAxPJfTIWru57RoKedhJaHiKVEdLtILvVJgJ71wn-6wd4QA9aMh38jTpI_-cOPWLsvNq5NbtfqxQZ5BJOUs0rQpTmYRF_FtlY1k How can you decode this encrypted error message? A) Contact AWS Support as they're the only ones who can decode these messages B) Use the EC2 decode-authorization-message API call C) Use the IAM decode-authorization-message API call D) Use the STS decode-authorization-message API call

D

You are a developer for an e-commerce startup using Amazon RDS to store their transaction details. The startup wants to improve the application performance and reduce database costs. Which cache strategy will work best if it will be costly to regenerate the cache material if the data is lost? A) Migrate the database to Amazon Redshift. B) Implement Amazon ElastiCache Memcached. C) Install Redis on an Amazon EC2 instance. D) Implement Amazon ElastiCache Redis in Cluster Mode.

D

You have been asked by your Team Lead to enable detailed monitoring of the Amazon EC2 instances your team uses. As a Developer working on AWS CLI, which of the below command will you run? A) aws ec2 run-instances --image-id ami-09092360 --monitoring Enabled=true B) aws ec2 monitor-instances --instance-id i-1234567890abcdef0 C) aws ec2 run-instances --image-id ami-09092360 --monitoring State=enabled D) aws ec2 monitor-instances --instance-ids i-1234567890abcdef0

D

You have created the following stages in CodePipeline. Source» Build» Staging What happens if there is a failure detected in the "Build" stage? A. A rollback will happen at the "Source" stage. B. The "Build" step will be attempted again. C. The "Build" step will be skipped and the "Staging" step will start. D. The entire process will halt.

D

You have enabled versioning in your S3 bucket which already contains a lot of files. Which version will the existing files have? A) 1 B) 0 C) -1 D) null

D

You need to set up a dedicated connection between your on-premises corporate datacenter and AWS Cloud. This connection must be private, consistent, and traffic must not travel through the Internet. Which AWS service should you use? A) Site-to-Site VPN B) AWS PrivateLink C) Amazon EventBridge D) AWS Direct Connect

D

You team maintains a public API Gateway that is accessed by clients from another domain. Usage has been consistent for the last few months but recently it has more than doubled. As a result, your costs have gone up and would like to prevent other unauthorized domains from accessing your API. Which of the following actions should you take? A) Use Mapping Templates B) Use Account-level throttling C) Assign a Security Group to your API Gateway D) Restrict access by using CORS

D

You would like to implement an approval process before a stage is deployed on AWS codepipeline. How would you do this? A) Implement CloudTrail monitoring for the PipeLine B) Implement CloudWatch monitoring for the PipeLine C) Apply an IAM Role to the PipeLine D) Add an approval action to the stage

D

You would like to increase the capacity of an rds application for read heavy workloads. How would you do this? A) Create an rds auto scaling group and load balancer B) Use multi AZ deployment C) Increase the size of the rds instance D) Add read replicas with multiple connection strings and use Route 53 Multivalue Answer Routing.

D

Your AWS CodeBuild project keeps failing to compile your code. How can you identify what is happening? A) Define a Cloudwatch event in your buildspec.yml file B) Enable Cloudtrail logging C) Enable Cloudwatch logs D) Check the build logs in the CodeBuild console

D

Your application is deployed automatically using AWS Elastic Beanstalk. Your YAML configuration files are stored in the folder .ebextensions and new files are added or updated often. The DevOps team does not want to re-deploy the application every time there are configuration changes, instead, they would rather manage configuration externally, securely, and have it load dynamically into the application at runtime. What option allows you to do this? A) Use Environment variables B) Use S3 C) Use Stage Variables D) Use SSM Parameter Store

D

Your company does not trust AWS for the encryption process and wants it to happen on the application. You recommend them to use .................... A) SSE-S3 B) SSE-KMS C) SSE-C D) Client-Side Encryption

D

Your company is planning to move away from reserving EC2 instances and would like to adopt a more agile form of serverless architecture. Which of the following is the simplest and the least effort way of deploying the Docker containers on this serverless architecture? A) Amazon Elastic Container Service (Amazon ECS) on EC2 B) AWS Elastic Beanstalk C) Amazon Elastic Kubernetes Service (Amazon EKS) on Fargate D) Amazon Elastic Container Service (Amazon ECS) on Fargate

D

Your company uses an Application Load Balancer to route incoming end-user traffic to applications hosted on Amazon EC2 instances. The applications capture incoming request information and store it in the Amazon Relational Database Service (RDS) running on Microsoft SQL Server DB engines. As part of new compliance rules, you need to capture the client's IP address. How will you achieve this? A) You can get the Client IP addresses from server access logs B) Use the header X-Forwarded-From C) You can get the Client IP addresses from Elastic Load Balancing logs D) Use the header X-Forwarded-For

D

Your organization would like to have clear separation of costs between departments. What is the best way to achieve this? A) Tag resources by department B) Tag resources by IAM group C) Tag resources by IAM role D) Create separate AWS accounts for departments and use consolidated billing. E) None of the above

D

Amazon EBS works with AWS KMS to encrypt and decrypt your EBS volume. You can encrypt both the boot and data volumes of an EC2 instance. When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted: A) Data at rest inside the volume B) All data moving between the volume and the instance C) All snapshots created from the volume D) All volumes created from those snapshots E) All of the above

E

Lambda function failures are commonly caused by: A) permissions issues B) Code issues C) Network issues D) Throttling E) Invoke API 500 and 502 errors F) All of the above

E

What are some of the criteria that an Application Load Balancer can use to route traffic to different Target Groups? a. URL Path b. Hostname c. HTTP Headers d. Query Strings e. All of the above

E

What are the options for periodic database backups on Amazon RDS? A) Enable RDS Multi-AZ B) Enable RDS Read replicas C) Create a cron event in CloudWatch, which triggers an AWS Lambda function that triggers the database snapshot D) Enable RDS automatic backups E) D and C

E

What is the advantage of using Amazon ElastiCache Redis in Cluster-Mode over installing Redis on an Amazon EC2 instance? A) Managed service with less maintenance required B) More data storage capacity across multiple shards C) More cost-effective option D) All of the above E) A and B

E

What is the order of precedence for applying configuration options during environment creation in Elastic Beanstalk? A. Settings applied directly to the environment B. Saved Configurations C. Configuration Files (.ebextensions) D. Default Values E. All of the above in the same order

E

Which of the following services is available as an HTTP API via Amazon API Gateway? A) AWS Lambda B) Amazon Cognito C) AWS Web Application Firewall (AWS WAF) D) AWS Identity and Access Management (IAM) E) AWS Lambda, Amazon Cognito, and AWS IAM

E

AWS __________________ is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHR Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

Elastic Beanstalk

With _____________, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. _______________ reduces management complexity without restricting choice or control. You simply upload your application, and _________________ automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.

Elastic Beanstalk

Amazon ___________________ is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. __________________ uses EC2 instances and hence cannot be called a serverless solution.

Elastic Container Service (ECS)

Amazon ______________________ is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. You can host your cluster on a serverless infrastructure that is managed by ________________ by launching your services or tasks using the _________________ launch type.

Elastic Container Service (ECS); Fargate

______________________ logs requests sent to the load balancer, including requests that never made it to the targets. For example, if a client sends a malformed request, or there are no healthy targets to respond to the request, the request is still logged. So, this is not the right option if we wish to collect the IP addresses of the clients that have access to the instances.

Elastic Load Balancing

You should use ________________ for workloads with high event rates and short durations. ____________________ support event rates of more than 100,000 per second.

Express Workflows

_________________ have a maximum duration of five minutes and ________________ have a maximum duration of one year.

Express Workflows; Standard workflows

While it is possible to get service limits extended for certain AWS services, AWS already offers the ________________ library for Java to deal with queues that have larger messages.

Extended Client

You cannot convert an existing standard queue to _____________ queue. To make the move, you must either create a _________ FIFO queue for your application or ____________ your existing standard queue and recreate it as a FIFO queue.

FIFO; new; delete

The _______________ API call generates a unique ______________ data key for client-side encryption. This operation returns a ____________ copy of the __________ and a copy that is ____________ under a _______________ that you specify. You can use the ______________ key to encrypt your data outside of AWS KMS and store the ________________ data key with the encrypted data.

GenerateDataKey; plaintext; data key; encrypted; customer master key (CMK); plaintext; encrypted

For applications on Amazon EC2 or other AWS services to access Amazon S3 resources, they must include valid AWS credentials in their AWS API requests. ____________________ is the perfect option in such scenarios. When you use a(n) _________________, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an Amazon EC2 instance or AWS service such as AWS Lambda. The ________________ supplies temporary permissions that applications can use when they make calls to other AWS resources

IAM role

_______________ and _________________ delegate access across accounts only within a single partition.

IAM roles; resource-based policies

Long polling helps reduce your cost of using Amazon SQS by reducing the number of empty response. You can enable long polling using the AWS Management Console by setting a _____________________ to a value greater than 0.

ReceiveMessageWait ime

Deployment package size limits cannot be changed. Create multiple _______________ functions and coordinate using __________________ to reduce the package sizes.

Lambda; AWS Step Functions

You can create ________________ functions and add them as actions in your pipelines but the ________________ step is confined to a workflow process and cannot be outsourced to any other AWS service.

Lambda; approval

___________________ helps reduce the cost of using Amazon SQS by eliminating the number of empty responses (when there are no messages available for a ReceiveMessage request) and false empty responses (when messages are available but aren't included in a response).

Long polling

__________________ TCP connections between clients and instances cause uneven traffic load distribution by design. As a result, new instances take longer to reach connection equilibrium. Be sure to check your metrics for __________________ TCP connections that might be causing routing issues in the load balancer.

Long-lived

If you terminate a container instance in the ________________ state, that container instance is automatically removed, or deregistered, from the cluster.

RUNNING

With S3 ______________ (Cross-Region ________________ (CRR) and Same-Region _____________________ (SRR)), you can establish __________________ rules to make copies of your objects into another storage class, in the same or a different region. Lifecycle actions are not replicated, and if you want the same lifecycle configuration applied to both source and destination buckets, enable the same lifecycle configuration on both.

Replication

Amazon ____________________ simplifies managing data access at scale for applications using shared data sets on S3. With _______________________, you can now easily create hundreds of access points per bucket, representing a new way of provisioning access to shared data sets. ___________________ provide a customized path into a bucket, with a unique hostname and access policy that enforces the specific permissions and network controls for any request made through the access point.

S3 Access Points

___________________ policies can only be applied at the bucket level not objects. You can although change object permissions using access control lists (ACLs)

S3 Bucket

Amazon ______________________ enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. _________________________ leverages Amazon CloudFront's globally distributed AWS Edge Locations. As data arrives at an AWS ________________, data is routed to your Amazon S3 bucket over an optimized network path.

S3 Transfer Acceleration; Edge Location

If you terminate a container instance while it is in the ______________ state, that container instance isn't automatically removed from the cluster. You will need to _______________ your container instance in the _________________ state by using the Amazon ECS console or AWS Command Line Interface. Once _______________ed, the container instance will no longer appear as a resource in your Amazon ECS cluster.

STOPPED; deregister

Standard Workflows on AWS __________________ are more suitable for long-running, durable, and auditable workflows where repeating workflow steps is expensive (e.g., restarting a long-running media transcode) or harmful (e.g., charging a credit card twice). Example workloads include training and deploying machine learning models, report generation, billing, credit card processing, and ordering and fulfillment processes. ______________ also support any human approval steps.

Step Functions

Workflows are made up of a series of steps, with the output of one step acting as input into the next. Application development is simpler and more intuitive using ___________________, because it translates your workflow into a state machine diagram that is easy to understand, easy to explain to others, and easy to change.

Step Functions

To ensure that an AWS Lambda function can access EC2 instances in a VPC, which of the following must be configured in the Lambda function?

Subnet IDs and Security Group IDs

What additional configuration information is required for an AWS Lambda function to access resources in an Amazon VPC?

Subnet IDs and Security Group IDs

In a ________________________, the client and the server can both send messages to each other at any time. Backend servers can easily push data to connected users and devices, avoiding the need to implement complex polling mechanisms.

WebSocket API

You could build a serverless application using an API Gateway, __________________, and AWS Lambda to send and receive messages to and from individual users or groups of users in a chat room. Or you could invoke backend services such as AWS Lambda, Amazon Kinesis, or an HTTP endpoint based on message content.

WebSocket API

With___________________, Amazon SQS sends the response right away, even if the query found no messages. You end up paying more because of the increased number of empty receives.

short polling

When a load balancer first receives a request from a client, it routes the request to a target, generates a _______________ named _________________ that encodes information about the selected target, encrypts the _____________, and includes the ______________ in the response to the client. The client should include the _____________ that it receives in subsequent requests to the load balancer. When the load balancer receives a request from a client that contains the _____________, if sticky sessions are enabled for the target group and the request goes to the same target group, the load balancer detects the ______________ and routes the request to the same target.

cookie; AWSALB

When your API's resources receive requests from a domain other than the API's own domain and you want to restrict servicing these requests, you must disable _____________________ for selected methods on the resource.

cross-origin resource sharing (CORS)

Creating your own _____________________ gives you more flexibility and control over the ____________. For example, you can create, rotate, and disable _________________. You can also define access controls and audit the ___________________that you use to protect your data.

customer-managed CMK; CMK

A _______________ acts the same as an ________________ in that it is used when an event fails all processing attempts or expires without being processed.

dead-letter queue; on-failure destination

If your AWS Elastic Beanstalk application performs operations or workflows that take a long time to complete, you can offload those tasks to a ______________________. Decoupling your web application front end from a process that performs blocking operations is a common way to ensure that your application stays responsive under load.

dedicated worker environment

To configure your bucket to allow cross-origin requests, you create a CORS configuration. The CORS configuration is a ____________________ with rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) that will support each origin, and other operation-specific information. You can add up to ________________ to the configuration. You can add the CORS configuration as the cors subresource to the bucket

document; 100 rules

Connecting a Lambda function to a public subnet ______________ give it internet access or a public IP address. To grant internet access to your function, it's associated VPC must have a ____________________ in a public subnet.

does not; NAT gateway (or NAT instance)

If you use _________________ session stickiness, configure an appropriate cookie expiration time for your specific use case. If you set session stickiness from individual applications, use __________________ instead of persistent cookies where possible.

duration-based; session cookies

Amazon SQS leverages the AWS cloud to __________________, based on demand. SQS scales _______________ with your application so you don't have to worry about capacity planning and pre-provisioning. For most standard queues (depending on queue traffic and message backlog), there can be a maximum of approximately 120,000 inflight messages (received from a queue by a consumer, but not yet deleted from the queue).

dynamically scale; elastically

What is the recommended approach if you want to retrieve metrics from CloudWatch in the shortest possible interval?

enable detailed monitoring on the Amazon EC2 instances

How can you send metric data for your Amazon EC2 instance to CloudWatch in 1-minute periods?

enable detailed monitoring on the instance

Server-side encryption is about data encryption at rest ----- meaning, Amazon S3 _____________ your data at the object level as it writes it to disks in its data centers and ______________ it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects.

encrypts; decrypts

When you rename a DB instance, the ________________ for the DB instance changes, because the URL includes the name you assigned to the DB instance. You should always redirect traffic from the old URL to the new one.

endpoint

You can use ___________________ to store secrets securely and adjust your function's behavior without updating code. You can use ___________________ to exchange data with RDS, but you will still need access to RDS, which is not possible with just _____________________.

environment variables

Express Workflows have a maximum duration of _____________ and Standard workflows have a maximum duration of ________________.

five minutes; one year

How can you publish metrics to CloudWatch with a 1-second resolution?

high-resolution custom metric

Using ___________________, your applications can publish metrics to CloudWatch with 1-second resolution. You can watch the _______________ scroll across your screen seconds after they are published and you can set up that evaluate as frequently as every ______________. You can alert with ________________, as frequently as 10-second periods. __________________ allow you to react and take actions faster and support the same actions available today with standard 1-minute alarms.

high-resolution custom metrics; high-resolution custom metric; 10 seconds; high-resolution CloudWatch Alarms

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in __________ domain to interact with resources in a ____________ domain.

one; different

On Amazon S3, all objects by default are ___________. Only the _______________ has permission to access these objects. However, the ________________ can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects.

private; object owner;

API Gateway does not use security groups but uses __________________, which are JSON policy documents that you attach to an API to control whether a specified principal (typically an IAM user or role) can invoke the API. You can restrict IP address using ______________, the downside being, an IP address can be changed by the accessing user.

resource policies

A ______________________ acts as a virtual firewall for your instances to control incoming and outgoing traffic. S3 is a managed object storage service. ______________________s are NOT meant for S3.

security group

When you use ______________________________, you can use the default AWS managed CMK, or you can specify a customer-managed CMK that you have already created.

server-side encryption with AWS KMS (SSE-KMS)

A Cognito ______________ is a user directory in Amazon Cognito. With a _______________, your users can sign in to your web or mobile app through Amazon Cognito, or federate through a third-party identity provider (IdP). Whether your users sign-in directly or through a third party, all members of the ________________ have a directory profile that you can access through an SDK. Cognito _______________(s) provide support for sign-up and sign-in services as well as security features such as multi-factor authentication (MFA).

user pool

An AWS Lambda function alias can only point to a Lambda function ____________, not to another alias. You can update an alias to point to a new _____________ of the function.

version


Related study sets

Ch 26 - Assessing Male Genitalia and Rectum

View Set

Receiving, Storage and Inventory

View Set

algebra 1a - unit 4: polynomials and factoring quadratic expressions

View Set

How Is Genetic Information in DNA Used to Express Proteins?

View Set