BPE5 Notes

Ace your homework & exams now with Quizwiz!

With Step Functions Pass State - __________

Simply pass its input to its output or inject some fixed data, without performing work.

SAM CLI commands sam build - The sam build command builds ___________

any dependencies that your application has, and copies your application source code to folders under .aws-sam/build to be zipped and uploaded to Lambda.

Amazon Cognito supports ____________ identities, in addition to web identity federation through Facebook (Identity Pools), Google (Identity Pools), Login with Amazon (Identity Pools), and Sign in with Apple (Identity Pools).

developer authenticated

key management functions in AWS KMS Temporarily ______________ keys so they cannot be used by anyone. ___________ disabled keys.

disable, Re-enable

With Step Functions You can use a Catch field to capture the error in _______________. This field's value must be an array of objects, known as catchers.

a Task and Parallel State

With Cognito and developer authenticated identities, you can register and authenticate users via ____________, while still using Amazon Cognito to synchronize user data and access AWS resources.

your own existing authentication process

With Amazon Cognito User Pools, You can specify app UI customization settings for all clients (by setting the clientId to ALL). If you specify UI customization settings for a particular client, it will ______________

no longer fall back to the ALL configuration.

For general use, the aws configure command is the fastest way to set up your AWS CLI installation. When you enter this command, the AWS CLI prompts you for four pieces of information:

- Access Key ID - Secret Access Key - AWS Region - Output format

You can use the Amazon SQS Extended Client Library for Java to do the following:

- Specify whether messages are always stored in Amazon S3 or only when the size of a message exceeds 256 KB - Send a message that references a single message object stored in an S3 bucket - Retrieve the message object from an S3 bucket - Delete the message object from an S3 bucket You can use the Amazon SQS Extended Client Library for

With Code Deploy An EC2/On-Premises deployment hook is executed once per deployment to an instance. You can specify one or more scripts to run in a hook. Each hook for a lifecycle event is specified with a string on a separate line. DownloadBundle deployment lifecycle event will throw an error whenever:

- The EC2 instance's IAM profile does not have permission to access the application code in the Amazon S3. - An Amazon S3 internal error occurs. - The instances you deploy to are associated with one AWS Region (for example, US West Oregon), but the Amazon S3 bucket that contains the application revision is related to another AWS Region (for example, US East N. Virginia).

You can authenticate with CodeCommit (HTTPS) in two ways:

1. Set-up a Git credential helper using your access key credentials specified in your AWS credential profile. 2. Generate HTTPS Git credentials for AWS CodeCommit. Specify the credentials in the Git Credential Manager.

Elastic Beanstalk applies an application's lifecycle policy each time you create a new application version and deletes up to ______ versions each time the lifecycle policy is applied. Elastic Beanstalk deletes old versions after creating the new version and does not count the new version towards the maximum number of versions defined in the policy.

100

AWS Managed Keys are automatically rotated every ________. You cannot change the rotation setting for AWS Managed Keys.

3 years

You can choose to have AWS KMS automatically rotate CMKs every year, provided that those keys were generated within ___________

AWS KMS HSMs.

With Amazon Cognito User Pools, You can use the _____________________ to specify customization settings for the built-in app UI experience.

AWS Management Console, or the AWS CLI or API

The AWS CLI includes a Git credential helper that you can use with CodeCommit. The Git credential helper requires an ____________

AWS credential profile

Several AWS services, such as ____________ and Amazon Simple Notification Service (Amazon SNS), invoke functions asynchronously to process events.

Amazon Simple Storage Service (Amazon S3)

With Step Functions Parallel State - _____________

Begin parallel branches of execution, ideal for asynchronous work

CloudWatch vs CloudTrail vs X-Ray Which tracks user activity and API usage to enable governance, compliance, operational auditing, and risk auditing of your AWS account.

CloudTrail

CloudWatch vs CloudTrail vs X-Ray Which can be used to capture performance metrics and log data.

CloudWatch

Developers can use their own authentication system with Cognito. This works by your app requesting a unique identity ID for your end-users based on the identifier you use in your own authentication system. You can use the _____________ to save and synchronize user data across devices with the Cognito sync service or retrieve temporary, limited-privilege AWS credentials to securely access your AWS resources.

Cognito identity ID these are generated Cognito

With Step Functions Task State - ___________

Does synchronous work in your state machine

With Step Functions Map State - __________

Dynamically iterate steps.

If you intend to use HTTPS with the credential helper that is included in the AWS CLI instead of configuring Git credentials for CodeCommit, on the Configuring extra options page, make sure the ______________ option is cleared.

Enable Git Credential Manager

With Step Functions You can use a Catch field to capture the error in a Task and Parallel State. This field's value must be an array of objects, known as catchers. A catcher contains the following fields:

ErrorEquals - A non-empty array of strings that match error names. Next - A string that must exactly match one of the state machine's state names. ResultPath - A path that determines what input is sent to the state specified in the Next field.

Task and Parallel states can have a field named Retry, whose value must be an array of objects known as retriers. An individual retrier represents a certain number of retries, usually at increasing time intervals. A retrier contains the following fields:

ErrorEquals A non-empty array of strings that match error names. When a state reports an error, Step Functions scans through the retriers. When the error name appears in this array, it implements the retry policy described in this retrier. IntervalSeconds An integer that represents the number of seconds before the first retry attempt (1 by default). MaxAttempts A positive integer that represents the maximum number of retry attempts (3 by default). If the error recurs more times than specified, retries cease and normal error handling resumes. A value of 0 specifies that the error or errors are never retried. BackoffRate The multiplier by which the retry interval increases during each attempt (2.0 by default) Task and Parallel states can have a field named Catch. This field's value must be an array of objects, known as catchers. A catcher contains the following fields. ErrorEquals A non-empty array of strings that match error names, specified exactly as they are with the retrier field of the same name. Next A string that must exactly match one of the state machine's state names. ResultPath A path that determines what input is sent to the state specified in the Next field.

When configuring a CloudFormation template, The optional Mappings section matches a key to a corresponding set of named values. You use the _______________ function to retrieve values in a map.

Fn::FindInMap intrinsic

When configuring a CloudFormation template, _____________ function is simply used to return the value of an attribute from a resource in the template and not in a Mappings section.

Fn::GetAtt

As an alternative to using _____________, you can use an Amazon Cognito User Pool to control who can access your API in Amazon API Gateway.

IAM roles and policies or Lambda Authorizers (formerly known as custom authorizers)

key management functions in AWS KMS Define which ______________ can use keys to encrypt and decrypt data.

IAM users and roles

The Git Credential Manager is only compatible with CodeCommit if ____________

IAM users configure Git credentials.

When invoking Lambda functions, The first argument is the event object. An event is a ______________ for a Lambda function to process.

JSON-formatted document that contains data

A development team has migrated an existing Git repository to a CodeCommit repository. One of the developers was given an HTTPS clone URL of their new repository. The developer must be able to clone the repository using his access key credentials. Is this a solution? Generate an HTTPS Git credential for AWS CodeCommit. Configure the Git credential helper with the AWS credential profile

Kind of Although this solution works, you still don't have to create HTTPS GIT credentials since you're already using the access key credentials to authenticate with CodeCommit.

With Step Functions Choice State - __________

Make a choice between branches of execution

A startup has recently opened an AWS account to develop a cloud-native web application. The CEO wants to improve the security of the account by implementing the best practices in managing access keys in AWS. Is this among the best security practices in IAM that AWS recommends? Maintain at least one access key for your AWS account root user

No

A developer has enabled the lifecycle policy of an application deployed in Elastic Beanstalk. The lifecycle is set to limit the application version to 15 versions. The developer wants to keep the source code in an S3 bucket, yet, it gets deleted. Is this what should the developer do? Trigger a Lambda function to copy the source code to another S3 bucket

No Although this is possible, this solution entails unnecessary configurations as you can just change the Retention of the application version lifecycle settings.

A developer wants to cut down the execution time of the scan operation to a DynamoDB table during periods of low demand without interfering with typical workloads. The operation consumes half of the strongly consistent read capacity units within regular operating hours. Is this how can the developer improve this scan operation? Use eventually consistent reads for the scan operation instead of strongly consistent reads

No You might reduce the cost of your provisioned throughput but the scan operation will still run sequentially, making no improvements at all.

A developer wants to cut down the execution time of the scan operation to a DynamoDB table during periods of low demand without interfering with typical workloads. The operation consumes half of the strongly consistent read capacity units within regular operating hours. Is this how can the developer improve this scan operation? Use a parallel scan operation

No running a parallel scan alone might consume all of your table's provisioned throughput which may affect your application's normal workload. You must use a rate-limiter along with it.

A developer has been instructed to automate the creation of the snapshot of an existing Amazon EC2 instance. The engineer created a script that uses the AWS Command Line Interface (CLI) to run the necessary API call. He is getting an InvalidInstanceID.NotFound error whenever the script is run. Is this the most likely cause of the error? The Image Id used in running the command for creating a snapshot

No the error is about the instance Id and not the Image Id.

A developer has been instructed to automate the creation of the snapshot of an existing Amazon EC2 instance. The engineer created a script that uses the AWS Command Line Interface (CLI) to run the necessary API call. He is getting an InvalidInstanceID.NotFound error whenever the script is run. Is this the most likely cause of the error? The AWS Region, where the programmatic access for the AWS CLI is created, does not match with the region where the instance lives

No the programmatic access is just another way of presenting yourself as an IAM User. IAM users are global entities which means it can not be associated with a particular region.

A developer is building a new feature for an application deployed on an EC2 instance in the N. Virginia region. A co-developer suggests to upload the code on Amazon S3 and use CodeDeploy to deploy the new version of the application. The deployment fails during the DownloadBundle deployment lifecycle event with the UnknownError: not opened for reading error. Is this the possible cause of this? Versioning is not enabled on the Amazon S3 Bucket where the application code resides

No versioning on Amazon S3 Bucket is just used to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket.

A developer is building a new feature for an application deployed on an EC2 instance in the N. Virginia region. A co-developer suggests to upload the code on Amazon S3 and use CodeDeploy to deploy the new version of the application. The deployment fails during the DownloadBundle deployment lifecycle event with the UnknownError: not opened for reading error. Is this the possible cause of this? Wrong configuration of the DownloadBundle lifecycle event in the AppSec file

No you can not manually configure DownloadBundle in the Appsec file. The CodeDeploy Agent installed on the EC2 instance manages the DownloadBundle lifecycle event.

A developer has been instructed to automate the creation of the snapshot of an existing Amazon EC2 instance. The engineer created a script that uses the AWS Command Line Interface (CLI) to run the necessary API call. He is getting an InvalidInstanceID.NotFound error whenever the script is run. Is this the most likely cause of the error? The AWS Access Key Id used to configure the AWS CLI is invalid

No you will get an InvalidAccessKeyId error as a response if you do not have the correct AWS Access Key Id. The scenario's issue is about the InvalidInstanceID.NotFound error.

An EC2 instance has an IAM role that explicitly denies all S3 API Write operations. Moreover, the instance has access key credentials configured to gain full access to S3 operations. Is this statement is correct for this scenario? The instance can perform all S3 operations except for write operations on any S3 bucket.

No the access key credentials are configured to gain full S3 access

With Step Functions, Although it can be used to run processes in a state machine, this type of state should only be used when you want to run processes asynchronously. __________ executes each branch concurrently and independently.

Parallel State

With Step Functions, __________ is mainly used for constructing and debugging state machines.

Pass State

With Step Functions Wait State - __________

Provide a delay for a certain amount of time or until a specified time/date.

________________ is an S3 storage class that provides secure and durable object storage for long-term retention of data that is accessed once or twice in a year. From just $0.00099 per GB-month (less than one-tenth of one cent, or about $1 per TB-month), ______________ offers the lowest cost storage in the cloud, at prices significantly lower than storing and maintaining data in on-premises magnetic tape libraries or archiving data off-site.

S3 Glacier Deep Archive

With S3 Storage classes, If you have data residency requirements that can't be met by an existing AWS Region, you can use the ___________ storage class to store your S3 data on-premises

S3 Outposts

Application Load Balancers provide two advanced options that you may want to configure when you use ALBs with AWS Lambda: support for multi-value headers and health check configurations. You can set up these options in ___________

Target Groups section on the Amazon EC2 console.

When Lambda invokes your function handler, the Lambda runtime passes two arguments to the function handler:

The first argument is the event object. The second argument is the context object.

CloudWatch vs CloudTrail vs X-Ray Which analyzes and debugs production, distributed applications, such as those built using a microservices architecture.

X-Ray

CloudWatch vs CloudTrail vs X-Ray Which can help you debug the applications' internal logic flow or determine where the potential bottlenecks are.

X-Ray

CloudWatch vs CloudTrail vs X-Ray Which can identify performance bottlenecks, edge case errors, and other hard to detect issues.

X-Ray

A startup has recently opened an AWS account to develop a cloud-native web application. The CEO wants to improve the security of the account by implementing the best practices in managing access keys in AWS. Is this among the best security practices in IAM that AWS recommends? Delete any access keys to your AWS account root user.

Yes

A developer is building a new feature for an application deployed on an EC2 instance in the N. Virginia region. A co-developer suggests to upload the code on Amazon S3 and use CodeDeploy to deploy the new version of the application. The deployment fails during the DownloadBundle deployment lifecycle event with the UnknownError: not opened for reading error. Is this the possible cause of this? The EC2 instance's IAM profile does not have the permissions to access the application code in Amazon S3.

Yes DownloadBundle deployment lifecycle event will throw an error whenever this happens

A developer has been instructed to automate the creation of the snapshot of an existing Amazon EC2 instance. The engineer created a script that uses the AWS Command Line Interface (CLI) to run the necessary API call. He is getting an InvalidInstanceID.NotFound error whenever the script is run. Is this the most likely cause of the error? The AWS Region name used to configure the AWS CLI does not match the region where the instance lives.

Yes The InvalidInstanceID.NotFound error suggests that an instance does not exist. Ensure that you have indicated the AWS Region in which the instance is located if it's not in the default Region. This error may occur because the ID of a recently created instance has not propagated through the system. Since it was mentioned in the scenario that the EC2 instance already exists, we can conclude that there is a mismatch in the AWS Region configured in the CLI. It means that the EC2 instance is located in another Region which is why the developer got the error message.

A developer wants to cut down the execution time of the scan operation to a DynamoDB table during periods of low demand without interfering with typical workloads. The operation consumes half of the strongly consistent read capacity units within regular operating hours. Is this how can the developer improve this scan operation? Perform a rate-limited parallel scan operation

Yes To make the most of your table's provisioned throughput, you'll want to use the Parallel Scan API operation so that your scan is distributed across your table's partitions. But be careful that your scan doesn't consume your table's provisioned throughput and cause the critical parts of your application to be throttled. To avoid throttling, you need to rate-limit your client application.

A company is looking to run a distributed application across hundreds of containers using Amazon Elastic Container Service. Due to the nature and size of the application, the Chief Technology Officer (CTO) is worried about how the developers can analyze and debug the application conveniently and efficiently. The developers need to have an end-to-end view of how the application runs and performs across the resources and services so they can make adjustments if needed. Is this the AWS service should the CTO use? AWS X-Ray.

Yes X-Ray provides an end-to-end view of requests as they travel through your application and shows a map of your application's underlying components. You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.

A developer has enabled the lifecycle policy of an application deployed in Elastic Beanstalk. The lifecycle is set to limit the application version to 15 versions. The developer wants to keep the source code in an S3 bucket, yet, it gets deleted. Is this what should the developer do? Configure the Retention setting to retain the source bundle in S3.

Yes In the Retention section of the application version lifecycle settings, you can either choose to delete the source bundle in S3 or retain it. To solve the problem in the scenario, the Retention option must be configured to the Retain source bundle in S3.

A development team has migrated an existing Git repository to a CodeCommit repository. One of the developers was given an HTTPS clone URL of their new repository. The developer must be able to clone the repository using his access key credentials. Is this a solution? Configure the Git credential helper with the AWS credential profile.

Yes Since the scenario requires the developer to authenticate with CodeCommit using his access key credentials, he should set up a Git credential helper.

An EC2 instance has an IAM role that explicitly denies all S3 API Write operations. Moreover, the instance has access key credentials configured to gain full access to S3 operations. Is this statement is correct for this scenario? The instance can perform all S3 operations on any S3 bucket.

Yes The EC2 instance can perform any S3 operations since the CLI credentials file takes precedence over Instance profile credentials.

For general use, the aws configure command is the fastest way to set up your AWS CLI installation. Access keys consist of an __________ and secret access keys are used to ___________________

access key ID, sign programmatic requests that you make to AWS.

With S3 Storage classes, S3 Glacier are for ______

archived data, retrieval times in minutes or hours

By default, AWS KMS creates the key material for a CMK. However, you can import your own key material into a CMK or create the key material for a CMK in the AWS CloudHSM cluster associated with an AWS KMS custom key store. There are also types of CMKs that are not eligible for automatic key rotation such as ________________

asymmetric CMKs, CMKs in custom key stores, and CMKs with imported key material.

With S3 Storage classes, S3 Intelligent-Tiering _______

automatically moves data to the most cost-effective tier

key management functions in AWS KMS Create _____________ for local use within your applications.

both symmetric and asymmetric data key pairs

The AWS CLI includes a Git credential helper that you can use with CodeCommit. The AWS credential profile stores a ___________

copy of an IAM user's AWS access key ID and AWS secret access key (along with a default AWS Region name and default output format)

When you update existing files in a CloudFront distribution, AWS recommends that you include some sort of version identifier either in your file names or in your directory names to give yourself better control over your content. This identifier might be a __________

date-time stamp, a sequential number, or some other method of distinguishing two versions of the same object.

With S3 Storage classes, S3 Standards are _____________

durable, immediately available, frequently accessed

With S3 Storage classes, S3 Standard-IA are __________

durable, immediately available, infrequently accessed

You use the IAM Condition element to implement a fine-grained access control policy. By adding a Condition element to a permissions policy, you can allow or deny access to items and attributes in DynamoDB tables and indexes, based upon your particular business requirements. this type of condition key is used for granting permissions that will limit access to specific attributes in the table. Note that the question is requiring access control to the items.

dynamodb:Attributes

You use the IAM Condition element to implement a fine-grained access control policy. By adding a Condition element to a permissions policy, you can allow or deny access to items and attributes in DynamoDB tables and indexes, based upon your particular business requirements. To match an item based on it's partition key, use the

dynamodb:LeadingKeys condition key to the IAM policy associated with the Identity provider's role.

You use the IAM Condition element to implement a fine-grained access control policy. By adding a Condition element to a permissions policy, you can allow or deny access to items and attributes in DynamoDB tables and indexes, based upon your particular business requirements. this type of condition key is just used for getting the item attributes as they appear before or after they are updated.

dynamodb:ReturnValues

You use the IAM Condition element to implement a fine-grained access control policy. By adding a Condition element to a permissions policy, you can allow or deny access to items and attributes in DynamoDB tables and indexes, based upon your particular business requirements. this type of condition key is mainly used for specifying attributes to be returned in the result of a Query or Scan request.

dynamodb:Select

By default, AWS KMS creates the key material for a CMK. You cannot ______________ this key material. Also, you cannot delete this key material; you must delete the CMK.

extract, export, view, or manage

key management functions in AWS KMS Choose to _________________ to be automatically rotated on an annual basis.

have keys that were generated by the service

A company is looking to run a distributed application across hundreds of containers using Amazon Elastic Container Service. Due to the nature and size of the application, the Chief Technology Officer (CTO) is worried about how the developers can analyze and debug the application conveniently and efficiently. The developers need to have an end-to-end view of how the application runs and performs across the resources and services so they can make adjustments if needed. Is this the AWS service should the CTO use? AWS CloudTrail

incorrect because it is just used for monitoring, logging user activity, and API usage at an account level and not for debugging applications.

key management functions in AWS KMS Audit the use of keys by ___________

inspecting logs in AWS CloudTrail.

key management functions in AWS KMS Define which IAM users and roles can manage _____

keys.

With S3 Storage classes, S3 One Zone-IA are _____________

lower cost for infrequently accessed data with less resilience

With S3 Storage classes, S3 Glacier Deep Archive has ____________

lowest cost storage class for long term retention

When configuring a CloudFormation template, Fn::GetAtt function is simply used to _________________ and not in a Mappings section.

return the value of an attribute from a resource in the template

key management functions in AWS KMS Import your own ________ for use within the service.

symmetric key

With Step Functions, Out of all the types of State, only ______________ can be used to run processes in the state machine.

the Task State and the Parallel State

With Step Functions When a state reports an error and either there is no Retry field, or if retries fail to resolve the error, Step Functions scans _____________. When the error name appears in the value of a catcher's ErrorEquals field, the state machine ____________

through the catchers in the order listed in the array transitions to the state named in the Next field.

The PassRole permission helps you make sure that a ____________. For example, Alice might be allowed to perform only EC2 and S3 actions. If Alice could pass a role to the EC2 instance that allows ___________

user doesn't pass a role to an EC2 instance where the role has more permissions than you want the user to have additional actions, she could log into the instance, get temporary security credentials via the role she passed, and make calls to AWS that you don't intend.

The Context object includes what properties and methods?

(Examine image) Default - done, - succeed, - fail, - clientContext, - callbackWaitsForEmptyEventLoop, Meta - identity, - awsRequestID, - invokedFunctionArn, - functionVersion, - functionName, - logGroupname, - logStreamName, Metrics - getRemainingTimeinMillis - memoryLimitInMB,

A task definition is required to run Docker containers in Amazon ECS. The following are some of the parameters you can specify in a task definition:

- The Docker image to use with each container in your task - How much CPU and memory to use with each task or each container within a task - The launch type to use, which determines the infrastructure on which your tasks are hosted - The Docker networking mode to use for the containers in your task - The logging configuration to use for your tasks - Whether the task should continue to run if the container finishes or fails - The command the container should run when it is started - Any data volumes that should be used with the containers in the task - The IAM role that your tasks should use

The AWS CLI credentials and configuration settings take precedence in the following order:

1. Command line options - Overrides settings in any other location. You can specify --region, --output, and --profile as parameters on the command line. 2. Environment variables - You can store values in your system's environment variables. 3. CLI credentials file - The credentials and config file are updated when you run the command aws configure. The credentials file is located at ~/.aws/credentials on Linux or macOS, or at C:\Users\USERNAME\.aws\credentials on Windows. This file can contain the credential details for the default profile and any named profiles. 4. CLI configuration file - The credentials and config file are updated when you run the command aws configure. The config file is located at ~/.aws/config on Linux or macOS, or at C:\Users\USERNAME\.aws\config on Windows. This file contains the configuration settings for the default profile and any named profiles. 5. Container credentials - You can associate an IAM role with each of your Amazon Elastic Container Service (Amazon ECS) task definitions. Temporary credentials for that role are then available to that task's containers. 6. Instance profile credentials - You can associate an IAM role with each of your Amazon Elastic Compute Cloud (Amazon EC2) instances. Temporary credentials for that role are then available to code running in the instance. The credentials are delivered through the Amazon EC2 metadata service.

_________________ are designed to be the lowest-cost Amazon S3 storage classes, allowing you to archive large amounts of data at a very low cost. This makes it feasible to retain all the data you want for use cases like data lakes, analytics, IoT, machine learning, compliance, and media asset archiving. You pay only for what you need, with no minimum commitments or up-front fees.

Amazon S3 Glacier and S3 Glacier Deep Archive

With Amazon Cognito User Pools, You can upload a custom logo image to be displayed in the app. You can also choose many ___________

CSS customizations.

With Step Functions Fail or Succeed State - ___________

Fail or Succeed State - Stop execution with failure or success

When configuring a CloudFormation template, the ______________ function is just used to return the value of an output exported by another stack. It can't be used to retrieve values from a Mappings section.

Fn::ImportValue

With Cognito developer authenticated identities, a new API, _____________, was introduced. This API call replaces the use of ___________ (APIs needed in the basic authflow) from the device and should be called from your backend as part of your own authentication API.

GetOpenIdTokenForDeveloperIdentity, GetId and GetOpenIdToken

A developer is building a serverless URL shortener using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. The application code as well as the stack that defines the cloud resources should be written in Python. The code should also be reusable in case an update must be done to the stack. Is the following appropriate for the situation? Use CloudFormation to build the stack. Then, use Python as the runtime environment in writing the application logic on Lambda

No CloudFormation only allows JSON and YAML in defining cloud resources in a stack.

An application executes GET operations to various AWS services. The development team is using AWS X-Ray to trace all the calls made to AWS. As one of the developers, you are responsible for maintaining a particular block of code on the application. To save time, you only want to record data associated with the code to group the traces in the AWS console. Is the following appropriate for the situation? Sampling

No Sampling is used to ensure efficient tracing and to provide a representative sample of the requests that your application serves. Additionally, sampling will help you save money by reducing the amount of traces for high-volume and unimportant requests.

A developer uses AWS Serverless Application Model (SAM) in a local machine to create a serverless Python application. After defining the required dependencies in the requirements.txt file, the developer is now ready to test and deploy. Does this deploy the application? Run the sam init command. Build the SAM template in the local machine and call the sam deploy command to package and deploy the SAM template from an S3 bucket

No You don't have to run the sam init command because from the conditions given, it is assumed that the runtime and the folder structure of the application have already been established.

A developer is building a serverless URL shortener using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. The application code as well as the stack that defines the cloud resources should be written in Python. The code should also be reusable in case an update must be done to the stack. Is the following appropriate for the situation? Use AWS SDK for Python (boto3) to build the stack. Then, use Python as the runtime environment in writing the application logic on Lambda

No boto3 is just a library for Python that lets you use AWS resources programmatically, allowing easy integration with your application.

An application executes GET operations to various AWS services. The development team is using AWS X-Ray to trace all the calls made to AWS. As one of the developers, you are responsible for maintaining a particular block of code on the application. To save time, you only want to record data associated with the code to group the traces in the AWS console. Is the following appropriate for the situation? Subsegment

No it is only used to provide more granular timing information and details about downstream calls that your application made to fulfill the original request. It cannot group traces from recorded data.

An application is hosted in the us-east-1 region. The app needs to be recreated on the us-east-2, ap-northeast-1, and ap-southeast-1 region using the same Amazon Machine Image (AMI). As the developer, you have to use AWS CloudFormation to rebuild the application using a template. Is this correct? Copy the AMI of the instance from the us-east-1 region to the us-east-2, ap-northeast-1, and ap-southeast-1 region. Then, add a Mappings section wherein you will define the different Image Id for the three regions. Use the region name as the key in mapping to its correct Image Id. Lastly, use the Fn::GetAtt function to retrieve the desired Image Id from the region key

No the Fn::GetAtt function is simply used to return the value of an attribute from a resource in the template and not in a Mappings section.

A developer is building a serverless NodeJs application consisting of an API Gateway and AWS Lambda. The developer wants to log certain events tagged with a unique identifier of the Lambda functions' invocation request. Is this the approach to take? Get the awsRequestId from the event object and log it to a file.

No the ID of an invocation request is not a property of the event object:

A developer is building a serverless NodeJs application consisting of an API Gateway and AWS Lambda. The developer wants to log certain events tagged with a unique identifier of the Lambda functions' invocation request. Is this the approach to take? Get the awsRequestId from the event object and log it to the console.

No the ID of an invocation request is not a property of the event object:

A company is providing various IoT services for a large number of consumers. The Data Analytics team revealed that an average consumer connects to two or more services. This leads to a complicated architecture that does not scale well and is difficult to manage. The development team is looking to efficiently manage these services to consumers using a single interface. Is this a solution? AWS Step Functions

No this service is only used for orchestrating multiple Lambda functions.

A development team has migrated an existing Git repository to a CodeCommit repository. One of the developers was given an HTTPS clone URL of their new repository. The developer must be able to clone the repository using his access key credentials. Is this a solution? Generate an RSA key pair to use with AWS CodeCommit using AWS KMS

No you can't authenticate a connection to CodeCommit with RSA key pairs.

An application is hosted in the us-east-1 region. The app needs to be recreated on the us-east-2, ap-northeast-1, and ap-southeast-1 region using the same Amazon Machine Image (AMI). As the developer, you have to use AWS CloudFormation to rebuild the application using a template. Is this correct? Copy the AMI of the instance from the us-east-1 region to the us-east-2, ap-northeast-1, and ap-southeast-1 region. Then, add a Mappings section wherein you will define the different Image Id for the three regions. Use the region name as the key in mapping to its correct Image Id. Lastly, use the Fn::ImportValue function to retrieve the desired Image Id from the region key

No the Fn::ImportValue function is just used to return the value of an output exported by another stack. It can't be used to retrieve values from a Mappings section.

An application is hosted in the us-east-1 region. The app needs to be recreated on the us-east-2, ap-northeast-1, and ap-southeast-1 region using the same Amazon Machine Image (AMI). As the developer, you have to use AWS CloudFormation to rebuild the application using a template. Is this correct? Copy the AMI of the instance from the us-east-1 region to the us-east-2, ap-northeast-1, and ap-southeast-1 region. Then, add a Parameters section wherein you will define the different Image Id for the three regions. Use the region name as the key in mapping to its correct Image Id. Lastly, use the Ref function to retrieve the desired Image Id from the region key

No the Parameters section is mainly used to declare values within a specified parameter. For example, you can specify the allowed Amazon EC2 instance type for the stack to use when you create or update the stack. Although you can specify the values for the Image Id in the Parameters section, it does not give you the flexibility to map the Image Ids according to its correct region. The Mappings section is more suited for this type of use case.

A cross-platform online game application has thousands of users. The developer needs to identify each user by designating them a unique identifier. The identifier must be kept consistent across devices and platforms. Can this work? Generate a universally unique identifier (UUID) for each device. Store the UUID with the user in a DynamoDB table

No this would produce multiple identifiers for a single user. The scenario requires you to identify users via a unique identifier regardless of the device they use.

There are six S3 storage classes. What are Amazon's Storage classes?

S3 Standard (durable, immediately available, frequently accessed). S3 Intelligent-Tiering (automatically moves data to the most cost-effective tier). S3 Standard-IA (durable, immediately available, infrequently accessed). S3 One Zone-IA (lower cost for infrequently accessed data with less resilience). S3 Glacier (archived data, retrieval times in minutes or hours). S3 Glacier Deep Archive (lowest cost storage class for long term retention).

With Step Functions States can perform a variety of functions in your state machine. States Include:

Task State - Do some work in your state machine Parallel State - Begin parallel branches of execution. Choice State - Make a choice between branches of execution Fail or Succeed State - Stop execution with failure or success Pass State - Simply pass its input to its output or inject some fixed data, without performing work. Wait State - Provide a delay for a certain amount of time or until a specified time/date. Map State - Dynamically iterate steps.

A developer is writing a web application that will allow users to save and retrieve images in an Amazon S3 bucket. The users are required to register and log in to access the application. Is this the combination of AWS Services should the Developer utilize for implementing the user authentication module of the application? Amazon Cognito Identity Pools and User Pools.

Yes A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers. Amazon Cognito identity pools (federated identities) enable you to create unique identities for your users and federate them with identity providers. With an identity pool, you can obtain temporary, limited-privilege AWS credentials to access other AWS services.

A developer is building a serverless URL shortener using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. The application code as well as the stack that defines the cloud resources should be written in Python. The code should also be reusable in case an update must be done to the stack. Is the following appropriate for the situation? Use AWS CDK to build the stack. Then, use Python as the runtime environment in writing the application logic on Lambda.

Yes Because the scenario requires the provisioning of cloud resources using a programming language (Python)

A developer uses AWS Serverless Application Model (SAM) in a local machine to create a serverless Python application. After defining the required dependencies in the requirements.txt file, the developer is now ready to test and deploy. Does this deploy the application? Build the SAM template in the local machine and call the sam deploy command to package and deploy the SAM template from an S3 bucket.

Yes Since the application's runtime and dependencies are already defined, the next step is to call the sam build command to install and build the dependencies of the application. After running a series of local tests, you can now package and deploy the SAM template into an S3 bucket via the sam deploy command.

A developer is building a serverless NodeJs application consisting of an API Gateway and AWS Lambda. The developer wants to log certain events tagged with a unique identifier of the Lambda functions' invocation request. Is this the approach to take? Get the awsRequestId from the context object and log it to a file.

Yes The request ID of all invocation requests is automatically logged in CloudWatch Logs, but you might want to get it from the Lambda context object if you have a need for custom logging such as logging key events with an associated request identifier. In this case, you can access the request ID from context.awsRequestID and write to a separate log file

An application executes GET operations to various AWS services. The development team is using AWS X-Ray to trace all the calls made to AWS. As one of the developers, you are responsible for maintaining a particular block of code on the application. To save time, you only want to record data associated with the code to group the traces in the AWS console. Is the following appropriate for the situation? Annotations

Yes Use annotations to record data that you want to use to group traces in the console, or when calling the GetTraceSummaries API.

A company is providing various IoT services for a large number of consumers. The Data Analytics team revealed that an average consumer connects to two or more services. This leads to a complicated architecture that does not scale well and is difficult to manage. The development team is looking to efficiently manage these services to consumers using a single interface. Is this a solution? Amazon API Gateway

Yes API Gateway allows for handling common API management tasks such as security, caching, throttling, and monitoring. While its primary objective is to provide that abstraction layer on top of your backend APIs and microservices, it can also allow backends to be simple web applications for web portal access or Amazon S3 buckets for providing access to static web content or documents.

A cross-platform online game application has thousands of users. The developer needs to identify each user by designating them a unique identifier. The identifier must be kept consistent across devices and platforms. Can this work? Use developer-authenticated identities in Amazon Cognito to generate unique identifiers for the users.

Yes You can use the Cognito identity ID to save and synchronize user data across devices with the Cognito sync service or retrieve temporary, limited-privilege AWS credentials to securely access your AWS resources.

An application is hosted in the us-east-1 region. The app needs to be recreated on the us-east-2, ap-northeast-1, and ap-southeast-1 region using the same Amazon Machine Image (AMI). As the developer, you have to use AWS CloudFormation to rebuild the application using a template. Is this correct? Copy the AMI of the instance from the us-east-1 region to the us-east-2, ap-northeast-1, and ap-southeast-1 region. Then, add a Mappings section wherein you will define the different Image Id for the three regions. Use the region name as the key in mapping to its correct Image Id. Lastly, use the Fn::FindInMap function to retrieve the desired Image Id from the region key.

Yes You use the Fn::FindInMap intrinsic function to retrieve values in a map.

Some static assets stored in an S3 bucket need to be accessed by a user on the development account. The S3 bucket is in the production account. According to the company policy, the sharing of full credentials between accounts is prohibited. The steps to execute this are as follows:

You use the AWS Management Console to establish trust between the Production account (ID numb er XXXXXXXXXXXX) and the Development account (ID number YYYYYYYYYYYY) by creating an IAM role. When you create the role, you define the Development account as a trusted entity and specify a permissions policy that allows trusted users to access the S3 bucket. On the development account, create an STS policy to assume the role created on the production account. This can be done by referencing the ARN of the role that was created to establish trust between the Production account and the

With Step Functions The output of a state can be ____________

a copy of its input, the result it produces (for example, the output from a Task state's Lambda function), or a combination of its input and result.

SAM CLI commands sam init - Initializes a serverless application with __________

an AWS SAM template. The template provides a folder structure for your Lambda functions and is connected to an event source such as APIs, S3 buckets, or DynamoDB tables. This application includes everything you need to get started and to eventually extend it into a production-scale application.

The request ID of all invocation requests is automatically logged in CloudWatch Logs, but you might want to get it from the Lambda ______________ if you have a need for custom logging such as logging key events with an associated request identifier.

context object

With Step Functions The output of a state can be a copy of its input, the result it produces (for example, the output from a Task state's Lambda function), or a combination of its input and result. Use ResultPath to __________

control which combination of these is passed to the state output.

You can specify your ASGss launch configuration with multiple Auto Scaling groups. However, you can only specify one launch configuration for an Auto Scaling group at a time, and you can't modify a launch configuration after you've created it. To change the launch configuration for an Auto Scaling group, you must __________

create a launch configuration and then update your Auto Scaling group with it.

You can choose to have AWS KMS automatically rotate CMKs every year, provided that those keys were generated within AWS KMS HSMs. If you choose to import keys to AWS KMS or asymmetric keys or use a custom key store, you can manually rotate them by ____________

creating a new CMK and mapping an existing key alias from the old CMK to the new CMK.

you can use an Amazon Cognito User Pool to control who can access your API in Amazon API Gateway. To use an Amazon Cognito user pool with your API, you must ___________

first create an authorizer of the COGNITO_USER_POOLS type and then configure an API method to use that authorizer.

you can use an Amazon Cognito User Pool to control who can access your API in Amazon API Gateway. After the API is deployed, the client must _____________

first sign the user into the user pool, obtain an identity or access token for the user, and then call the API method with one of the tokens, which are typically set to the request's Authorization header.

key management functions in AWS KMS Create symmetric keys where the key material is _____________

generated and used within a custom key store under your control.

The _____________ permissions are just used to grant permissions to retrieve and create an inline policy document that is embedded with a specified IAM role.

iam:GetRolePolicy and iam:PutRolePolicy

A team of developers needs permission to launch EC2 instances with an instance role that will allow them to update items in a DynamoDB table. Each developer has access to IAM users that belongs in the same IAM group. If the developers don't have _________ permission, he or she can't associate a role with the instance during launch.

iam:PassRole

You can choose to have AWS KMS automatically rotate CMKs every year, provided that those keys were generated within AWS KMS HSMs. Automatic key rotation is not supported for ____________ in an AWS CloudHSM cluster using the AWS KMS custom key store feature.

imported keys, asymmetric keys, or keys generated

A developer is writing a web application that will allow users to save and retrieve images in an Amazon S3 bucket. The users are required to register and log in to access the application. Is this the combination of AWS Services should the Developer utilize for implementing the user authentication module of the application? Amazon User Pools and AWS Security Token Service (STS)

incorrect. While it is true that you need AWS STS to allow users to access Amazon S3, it is already abstracted by the Amazon Cognito Identity Pools. That being said, you have to configure an Identity Pool to accept users federated with your Cognito User Pool.

With CodeBuild's buildspec.yml the artifacts element represents ____________

information about where CodeBuild can find the build output and how CodeBuild prepares it for uploading to the S3 output bucket.

You can use AWS CodeBuild with a proxy server to regulate HTTP and HTTPS traffic to and from the Internet. To run CodeBuild with a proxy server, you __________

install a proxy server in a public subnet and CodeBuild in a private subnet in a VPC.

Using Cognito developer authenticated identities involves ______________

interaction between the end-user device, your backend for authentication, and Amazon Cognito.

When Lambda invokes your function handler, the Lambda runtime passes two arguments to the function handler. The second argument is the context object. A context object is passed to your function by Lambda at runtime. This object provides methods and properties that provide information about the ________________

invocation, function, and runtime environment.

When Lambda invokes your function handler, the Lambda runtime passes two arguments to the function handler. The second argument is the context object. A context object is passed to your function by Lambda at runtime. This object provides ____________ that provide information about the invocation, function, and runtime environment.

methods and properties

With Amazon Cognito User Pools, You can specify app UI customization settings for all clients (by setting the clientId to ALL). If you specify ALL, the default configuration will be used for every client that has _______________

no UI customization set previously.

When configuring a CloudFormation template, the Fn::ImportValue function is just used to ________________. It can't be used to retrieve values from a Mappings section.

return the value of an output exported by another stack

SAM CLI commands sam deploy - performs the functionality of ______________

sam package. You can use the sam deploy command to directly package and deploy your application.

With Amazon Cognito User Pools, You can specify app UI customization settings for a ___________ or for all _________________

single client (with a specific clientId), clients (by setting the clientId to ALL)

Below are possible causes of error when running CodeBuild with a proxy server:

ssl-bump is not configured properly. Your organization's security policy does not allow you to use ssl-bump. If you do not use ssl-bump for an explicit proxy server, add a proxy configuration to your buildspec.yml using a proxy element. Your buildspec.yml file does not have proxy settings specified using a proxy element.

When you invoke a Lambda function, you determine___________ of the event. When an AWS service invokes your function, the service defines______________

the structure and contents the event structure

When configuring a CloudFormation template, the Parameters section is mainly used to declare ___________

values within a specified parameter

Let's say that there are four functions in your Lambda Function. And each of those functions runs for 5 minutes. We will get a total of 20 minutes if we add all their execution times. This is a problem since Lambda can only run for a maximum of 15 minutes. To solve this, ___________

we can turn the functions inside the Lambda function into individual states. Step Functions can help solve the problem of timeout errors for a Lambda function.

A team of developers needs permission to launch EC2 instances with an instance role that will allow them to update items in a DynamoDB table. Each developer has access to IAM users that belongs in the same IAM group. According to the scenario, the EC2 instances (that will be launched by the developers) need access to a DynamoDB table. First, _________

we need to create an IAM role with permission that will allow access to the DynamoDB table. After creating the role, you must add the EC2 service as a trusted entity in the role's trust policy. You need to do this so EC2 instances can assume the IAM role.

key management functions in AWS KMS Create symmetric and asymmetric keys where the key material is only ever used _________

within the service


Related study sets

Canada - Territories/Provinces & Capitals/Major Cities

View Set

Chapter 7 -- Benign Disorders of the Female Reproductive Tract

View Set

Chapter 5: Checking the Person (Practice Questions)

View Set

ZOOL 1020 Exam 2 (chp. 7,8,9,11,12)

View Set