Frage 1
Frage
You are deploying a mobile application that needs access to the AWS API Gateway. Users will need to register first before they can access your API and you would like the user management to be fully managed. Which authentication option should you use for your API Gateway layer?
Frage 2
Frage
You are a developer working for a shipping company. You began automating the creation of ECS clusters with an Auto Scaling Group using an AWS CloudFormation template that accepts a parameter for cluster name. You launch the template with a parameter input of MainCluster, which deployed five instances across two availability zones. You launch the template again with a parameter input of SecondCluster, however, you noticed that all instances were launched in MainCluster even though you specified a different cluster name. What is the root cause of this issue?
Antworten
-
The EC2 instance is missing IAM permissions to join the other clusters
-
The ECS agent Docker image must be re-built to connect to the other clusters
-
The cluster name Parameter isn't reflected in the file /etc/ecs/ecs.config during bootstrap
-
The security groups on the EC2 instance are pointing to the wrong ECS cluster
Frage 3
Frage
A company has a workload that requires 14,000 consistent IOPS for data that must be durable and secure. The security compliance team requests that the EBS volumes be encrypted. You have been hired as a consultant to help with this work, but have limited knowledge in building and maintaining encryption keys. After doing research, which of the following statements are true?
Antworten
-
EBS volumes support in flight encryption but no encryption at rest
-
EBS volumes do not support in flight encryption but do support encryption at rest using KMS
-
EBS volumes support in flight encryption and do support encryption at rest using KMS
-
EBS volumes don't support any encryption
Frage 4
Frage
Which of the following services rely on CloudFormation to provision resources?
Antworten
-
Lambda
-
Autoscaling
-
Elastic Beanstalk
-
CodeBuild
Frage 5
Frage
Several Developers have administrative access to a single AWS account. Each makes AWS KMS API calls to perform operations such as Decrypt, Encrypt, and ReEncrypt. Your AWS account has AWS CloudWatch alarms to monitor your keys and would like to find out which architects made AWS KMS API calls within the last week. How will you do that?
Antworten
-
IAM
-
KMS Key Logs
-
CloudTrail
-
VPC Flow Logs
Frage 6
Frage
As the team lead you have been tasked with analyzing ip traffic coming into your VPC as well as API calls that involve Encrypt and Decrypt. Which two services would you rely on to help with that analysis?
Antworten
-
CloudTrail
-
VPC Flow Logs
-
IAM
-
CloudWatch Logs
Frage 7
Frage
You have an Auto Scaling group configured with a minimum size value of 1 and a maximum size value of 5 designed to launch EC2 instances across 3 AWS Availability Zones. Your Auto Scaling group uses On-Demand instances and you want the CPU utilization to stay around 35 percent. During a low utilization period of your application an entire AWS Availability Zone went down and your application experienced downtime. What can you do to ensure that your application is highly available?
Antworten
-
Change the target auto-scaling policy for network bytes
-
Increase the minimum instances in the ASG to 2
-
Configure ASG fast failover
-
Enable RDS Multi-AZ
Frage 8
Frage
Your organization has developers that merge code changes regularly to an AWS CodeCommit repository. AWS CodeCommit is integrated with AWS CodePipeline in a workflow that allows for continuous delivery. Your pipeline has AWS CodeCommit as the source and you would like to configure a rule that reacts to changes in CodeCommit. Which of the following options do you choose for this type of integration?
Antworten
-
SES
-
SQS
-
SNS
-
CloudWatch Event Rules
Frage 9
Frage
The Amazon Simple Storage Service (S3) buckets make it easy for your developers to store log files shared across the development department. Anyone with access to those buckets can add new objects, update and delete. What kind of operations can lead to eventual consistency issues?
Antworten
-
Create a new object
-
Deleting an existing object
-
Updating an existing object
-
Reading an existing object
Frage 10
Frage
Your company’s e-commerce website is expecting hundreds of thousands of visitors on Black Friday. The marketing department is concerned that orders processed will put too much load on the Amazon Simple Queue Service (SQS) and you have been instructed to address this concern with management. What steps need to be taken in the preparation of the high volume of orders?
Antworten
-
SQS scales automatically
-
Increase the capacity of the SQS queue
-
Enable auto-scaling on the SQS queue
-
Open a support ticket to pre-warm the SQS queue
Frage 11
Frage
You have an existing three-tier application that uses Amazon Simple Queue Service (SQS) queues. You are planning on changing your system due to a new requirement that asks for message ordering. The new change should support up to 250 messages per second. What change can you make to meet your requirements?
Antworten
-
Use Kinesis
-
Use SQS DLQ
-
Use SQS Standard
-
Use SQS FIFO
Frage 12
Frage
You are a developer working for a mobile application company that wants to use Amazon Simple Queue Service (SQS) for a new feature that will send messages to a queue which will then be processed by other software components. One of the requirements is that messages should be stored in a queue at least 12 days. How will you meet your requirements?
Antworten
-
Enable Long Polling
-
The maximum retention of messages is 7 days, therefore you cannot have 12 days retention
-
Change the setting for message retention
-
Use a FIFO queue
Frage 13
Frage
An organization is moving its on-premise resources to the cloud. Source code will be moved to AWS CodeCommit and AWS CodeBuild will be used for compiling the source code using Apache Maven as a build tool. Build environments will be customized and should allow for scaling and running builds in parallel. Which of the following options should the organization choose?
Antworten
-
Increase the instance types for your CodeBuild instances
-
CodeBuild scales automatically
-
Run CodeBuild in an ASG
-
Enable CodeBuild Auto Scaling
Frage 14
Frage
You have a public API Gateway that is being accessed by clients from another domain. Usage has been consistent for the last few months but recently noticed API requests have more than doubled. As a result, your costs have gone up and would like to prevent other unauthorized domains from accessing your API. Which of the following actions should you take?
Frage 15
Frage
Your manager has handed you a new company policy in which each developer must sign a Contributor License Agreement (CLA) before code changes are committed to any AWS CodeCommit repository. You are responsible for checking that each commit in a repository includes the policy. Your manager has also provided you with python code. Which of the following AWS services can help you implement this solution?
Antworten
-
Cron Jobs
-
SNS
-
SES
-
AWS Lambda
-
Kinesis
Frage 16
Frage
A non-profit organization has migrated its on-site information to the cloud. A bucket was created in Amazon Simple Storage Service (S3) but they need assistance with security to prevent data breaches. Which of the following will NOT assist with security for S3?
Antworten
-
IAM Policies
-
Security Groups
-
ACLs
-
Bucket Policies
Frage 17
Frage
You are designing a new application, and you need to ensure that your software components are decoupled. You and your team decide to use Amazon Simple Queue Service (SQS) for the messaging component but need to ensure that deleting all messages in the SQS queue will not require reconfiguration of the queue. Which of the following options satisfies this requirement?
Frage 18
Frage
An organization has many applications hosted on-premise as well as in the AWS cloud infrastructure. The organization would like to make changes to existing on-premise applications by integrating the AWS SDK for .NET to allow applications access to AWS services. Users should only authenticate once using the organization's on-premise Active Directory. What is the most secure way of achieving this?
Antworten
-
Create an IAM user for your production instances, and run aws configure there
-
Put your IAM credentials onto the production instance
-
IAM Roles for EC2
-
Enable Federated Identities integration with Cognito
Frage 19
Frage
An organization is dealing with suspicions of a possible insider threat among their ranks. Management received notifications that policy changes were made to the AWS account after normal business hours. You have been hired to monitor all AWS services usages in the past month to the next couple of months. Which of the following AWS services will help you narrow down the culprit?
Antworten
-
CloudTrail
-
VPC Flow Logs
-
IAM
-
CloudWatch Logs
Frage 20
Frage
Your team leader gets text message notifications when CloudWatch alarms are triggered for a CloudWatch metric that checks memory usage. The team leader would like to watch the metrics scroll across the screen while viewing the AWS Management Console. Which of the following high-resolution CloudWatch Alarm options can you configure to satisfy your team leader?
Antworten
-
1 second
-
30 seconds
-
10 seconds
-
1 minute
Frage 21
Frage
An organization would like to write SQL for streaming data to build a stream application that will process the data and continuously emit results to other sources for further analysis. Which of the following solutions would take minimal work to implement?
Frage 22
Frage
You are running a cloud file storage website with an Internet-facing load balancer, which routes requests from users over the internet to 10 EC2 instances registered to the load balancer. Your users are complaining that your website always asks them to re-authenticate when they switch pages. You are puzzled because this behavior is not seen in your local machine or dev environment. What could be the reason?
Antworten
-
The Load Balancer does not have stickiness enabled
-
The application must have a bug
-
The EC2 instances log out users because they don't see their true IP's
-
The Load Balancer does not have TLS enabled
Frage 23
Frage
A Developer has been tasked to create a custom notification system that notifies management when code pushes have been made to production branches in AWS CodeCommit repositories. Management is not concerned about dev and testing branches. This trigger should send notifications with the use of an external HTTP endpoint located at corporate headquarters. Which of the following solutions will help implement this?
Frage 24
Frage
Your web application reads and writes items to your DynamoDB table. The table is provisioned with 400 write-capacity units (WCU’s) shared across 4 partitions. One of the partitions receives 250 WCU/second while others receive much less. You receive the error ProvisionedThroughputExceededException stating that you exceeded your maximum allowed provisioned throughput. What is the likely cause of this error?
Antworten
-
CloudWatch monitoring is lagging
-
Your IAM policy is wrong
-
WCU are applied across to all your DynamoDB tables, not just one table
-
You have a hot partition
Frage 25
Frage
You have a three-tier web application consisting of a web layer using Angular, an application layer using an AWS API Gateway and a data layer in an Amazon Relational Database Service (RDS) database. Your web application allows visitors to look up popular movies from the past but are looking to reduce the number of calls made to your endpoint and improve latency to your API. What can you do to improve performance?
Frage 26
Frage
You have software components that perform different functions. Some functions process information in a few seconds while others take a long time to complete. Your manager asks you to decouple components that take a long time to ensure software applications stay responsive under load. You decide to configure Amazon Simple Queue Service (SQS) to work with your Elastic Beanstalk configuration. Which of the following Elastic Beanstalk environment should you choose to meet this requirement?
Antworten
-
Single Instance Worker node
-
ASG and ELB
-
Dedicated worker environment
-
Single Instance with Elastic IP
Frage 27
Frage
A developer is looking for a database solution that automates infrastructure provisioning and automatically handles backups. The solution should be ideal for data warehousing, columnar data storage, and allow for analyzing data using a SQL client. Which of the following services best meets these requirements?
Antworten
-
Redshift
-
RDS
-
DynamoDB
-
ElasticCache
Frage 28
Frage
A development team works with three AWS Lambda functions using python code. Each function corresponds to environments for development, testing, and production. The code is exactly alike except for the Amazon Relational Database Service (RDS) database values referenced in each function. In order to maintain code in a clean and reusable fashion, the team decides to pass the RDS database value at run time. Which feature will allow you to do this?
Antworten
-
IAM Roles
-
Environment Variables
-
Timeouts
-
Aliases
Frage 29
Frage
Your company started with a single programmer maintaining a web application whose source code was stored in cloud-based file storage. In the last year, the business has grown and you have hired several developers to work on different features of the application. You are looking for a solution to help you grow. The solution should allow multiple development branches and restrict certain branches from being accessed using IAM roles. Which of the following services should you use?
Antworten
-
GitHub
-
S3
-
CodeCommit
-
CodeGit
Frage 30
Frage
An IAM user has two policies attached. The first policy states that the user has explicitly been denied on all EC2 actions. The second policy states that the user has been allowed permission for EC2:Describe actions. When the user tries to describe an EC2 instance using the CLI, what will happen?
Antworten
-
This IAM user is invalid and the policy conflict must be resolved first
-
The user will get allowed because it has an explicit allow
-
The user will get denied because the policy has an explicit denied
-
The order of the policy matters. If policy 1 is before 2, then it is denied, else if policy 2 is before 1, then it is allowed
Frage 31
Frage
You manage 10 EC2 instances that make read-heavy database requests to the Amazon RDS for PostgreSQL. You would like to be prepared for disasters and would like to start ensuring you have a strategy in place. Which of the following features will help you prepare for database disaster recovery?
Antworten
-
Enable RDS Multi-AZ
-
Use AWS Lambda to track the database binlog and persist it in S3.
-
Enable RDS Stream, persisted in DynamoDB and use the restore feature from DynamoDB when needed
-
Enable RDS backups and use the built-in feature
-
Add Read Replicas
Frage 32
Frage
Your team lead has requested that your code for AWS Lambda functions are be reviewed by another colleague. Your code is written in Python and makes use of the Amazon Simple Storage Service (S3) to upload logs to an S3 bucket. After your colleague is done reviewing your code, they recommend the use of singletons for execution context reuse to improve the performance of your function. Which of the following actions must you take to implement the recommendation?
Frage 33
Frage
An AWS CodePipeline was configured to be triggered by Amazon CloudWatch Events. Recently the pipeline failed and upon investigation, you noticed that the source was changed from AWS CodeCommit to Amazon Simple Storage Service (S3). The change would have been okay if the source code was stored in the S3 bucket. Which of the following can you use to check the IAM user who made the change?
Antworten
-
CloudWatch
-
SNS
-
SQS
-
CloudTrail
Frage 34
Frage
A senior cloud engineer designs and deploys online fraud detection solutions for credit card companies processing millions of transactions daily. The Elastic Beanstalk application sends files to Amazon S3 and then sends a message to an Amazon SQS queue containing the path of the uploaded file in S3. A solution architect recommended that since PUTS of existing objects in S3 deliver eventual consistency and we want to minimize the risk of consumers reading old data, it would be preferable to introduce a per-message lag so that consumers won't find a message in SQS until it has been in the queue for at least 10 seconds. Which SQS features should the developer leverage?
Frage 35
Frage
A communication platform serves millions of customers and deploys features in production daily to AWS. You are reviewing scripts for the deployment process located in the AppSec file. Which of the following options lists the correct order of lifecycle events?
Antworten
-
DownloadBundle => BeforeInstall => ApplicationStart => ValidateService
-
BeforeInstall => ApplicationStart => DownloadBundle => ValidateService
-
ValidateService => BeforeInstall =>DownloadBundle => ApplicationStart
-
BeforeInstall => ValidateService =>DownloadBundle => ApplicationStart
Frage 36
Frage
You are assigned as the new project lead for a web application that processes orders for customers. You want to integrate event-driven processing anytime data is modified or deleted and use a serverless approach using AWS Lambda for processing stream events. Which of the following databases should you choose from?
Antworten
-
DynamoDB
-
RDS
-
ElastiCache
-
Kinesis
Frage 37
Frage
Your company has developers worldwide with access to the company's Amazon Simple Storage Service (S3) buckets. The objects in the buckets are encrypted at the server-side but need more flexibility with access control, auditing, rotation, and deletion of keys. You would also like to limit who can use the key. Which encryption mechanism best fits your needs?
Antworten
-
SSE-S3
-
SSE-C
-
Client Side Encryption
-
SSE-KMS
Frage 38
Frage
An organization uses Alexa as its intelligent assistant to improve productivity throughout the organization. A group of developers manages custom Alexa Skills written in Node.Js to control conference-room equipment settings and start meetings using voice activation. The manager has made a request to developers that all functions code should be monitored for error rates with the possibility of creating alarms on top of them. Which of the following options should be chosen?
Antworten
-
CloudWatch Metrics
-
X-Ray
-
CloudWatch Alarms
-
CloudTrail
-
SSM
Frage 39
Frage
You are a cloud security engineer for a popular cyber exposure company that offers vulnerability scanning solutions to government contractors. The scanning solutions are integrated with AWS resources to monitor EC2 and S3 API calls which then display results to users on an analytical dashboard. Which of the following AWS services makes this possible?
Antworten
-
IAM
-
S3 Access Logs
-
VPC Flow Logs
-
CloudTrail
Frage 40
Frage
Your company is shifting towards Elastic Container Service (ECS) to deploy applications. The process should be automated using the AWS CLI to create a service where at least ten instances of a task definition are kept running under the default cluster. Which of the following commands should be executed?
Antworten
-
docker-compose create ecs-simple-service
-
aws ecr create-service --service-name ecs-simple-service --task-definition ecs-demo --desired-count 10
-
aws ecs create-service --service-name ecs-simple-service --task-definition ecs-demo --desired-count 10
-
aws ecs run-task --cluster default --task-definition ecs-demo
Frage 41
Frage
Your organization has a single Amazon Simple Storage Service (S3) bucket that contains folders labeled with customer names. Several administrators have IAM access to the S3 bucket and versioning is enabled to easily recover from unintended user actions. Which of the following statements about versioning is NOT true based on this scenario?
Antworten
-
Any file that was unversioned before enabling versioning will have the 'null' version
-
Overwriting a file increases its versions
-
Deleting a file is a recoverable operation
-
Versioning can be enabled only for a specific folder
Frage 42
Frage
After reviewing your monthly AWS bill you notice that the cost of using Amazon SQS has gone up substantially after creating new queues; however, you know that your queue clients do not have a lot of traffic and are receiving empty responses. Which of the following actions should you take?
Frage 43
Frage
Your company stores confidential data on an Amazon Simple Storage Service (S3) bucket. New security compliance guidelines require that files be stored with server-side encryption. The encryption used must be Advanced Encryption Standard (AES-256) and the company does not want to manage S3 encryption keys. Which of the following options should you use?
Antworten
-
SSE-S3
-
SSE-C
-
Client Side Encryption
-
SSE-KMS
Frage 44
Frage
You have an Amazon Kinesis Data Stream with 10 shards, and from the metrics, you are well below the throughput utilization of 10 MB per second to send data. You send 3 MB per second of data and yet you are receiving ProvisionedThroughputExceededException errors frequently. What is the likely cause of this?
Antworten
-
Metrics are slow to update
-
The partition key that you have selected isn't distributed enough
-
You have too many shards
-
The data retention period is too long
Frage 45
Frage
Bigdog is a firm that uses AWS CloudFormation templates to provision their AWS infrastructure for Amazon EC2, Amazon VPC, and Amazon S3 resources. Using cross-stack referencing, a developer creates a stack name called NetworkStack which will export the subnetId that can be used when creating EC2 instances in another stack. To use the exported value in another stack which of the following functions must be used?
Antworten
-
!Ref
-
!ImportValue
-
!GetAtt
-
!Sub
Frage 46
Frage
A firm uses AWS DynamoDB to store information about people’s favorite sports teams and allow the information to be searchable from their home page. There is a requirement on a daily basis that all 10 million records in the table should be deleted then re-loaded at 2:00 AM each night. Which option is an efficient way to delete with minimal costs?
Frage 47
Frage
You have a popular web application that accesses data stored in an Amazon Simple Storage Service (S3) bucket. Developers use the SDK to maintain the application and add new features. Security compliance requests that all new objects uploaded to S3 be encrypted using SSE-S3 at the time of upload. Which of the following headers must the developers add to their request?
Antworten
-
'x-amz-server-side-encryption': 'AES256'
-
x-amz-server-side-encryption': 'SSE-S3'
-
'x-amz-server-side-encryption': 'SSE-KMS'
-
'x-amz-server-side-encryption': 'aws:kms'
Frage 48
Frage
A startup company was acquired by a technology innovator whose applications run on Docker. You are responsible for packaging the runtime and tools for your AWS CodeBuild build into a Docker image and upload it to the Amazon Elastic Container Registry (ECR). The team lead has requested you add a trigger notification when your build fails or succeeds. Which of the following options can you use to implement the notification?
Frage 49
Frage
You have uploaded a zip file to AWS Lambda that contains code files written in Node.Js. When your function is executed you receive the following output, 'Error: Memory Size: 3008 MB Max Memory Used'. Which of the following explains the problem?
Antworten
-
The uncompressed zip file exceeds AWS Lambda limits
-
You have uploaded a zip file larger than 50 MB to AWS Lambda
-
Your Lambda function ran out of RAM
-
Your zip file is corrupt
Frage 50
Frage
A voting system hosted on-premise was recently migrated to AWS to lower cost, gain scalability, and to better serve thousands of concurrent users. When one of the AWS resource state changes, it generates an event and will need to trigger AWS Lambda. The AWS resource whose state changed and AWS Lambda does not have direct integration. Which of the following methods can be used to trigger AWS Lambda?
Antworten
-
Open a support ticket with AWS
-
AWS Lambda Custom Sources
-
CloudWatch Event Rules with AWS Lambda
-
Cron jobs to trigger AWS Lambda to check the state of your service
Frage 51
Frage
You just signed a year contract with a client maintaining a three-tier web application who has steady traffic throughout the day. You need the application instances to be stable and not terminated abruptly as you believe this will impact your users. Which of the following options should you choose?
Frage 52
Frage
You manage a group of developers that are experienced with the AWS SDK for Java. You have given them a requirement to build a state machine workflow where each state executes an AWS Lambda function written in Java. Data payloads of 1KB in size will be passed between states and should allow for two retry attempts it the state fails. Which of the following options will assist your developers with this requirement?
Antworten
-
AWS Step Functions
-
CloudWatch Rules
-
AWS SWF
-
AWS ECS
Frage 53
Frage
Which of the following are key differences between an Amazon SQS standard queue and Amazon Simple Workflow Service (SWF)?
Antworten
-
SQS is task-oriented API and SWF is message-oriented API
-
SQS ensures the task is assigned only once while SWF may deliver the message multiple times
-
SWF ensures the task is assigned only once while SQS may deliver the message multiple times
-
SWF is task-oriented API and SQS is message-oriented API
Frage 54
Frage
A company has configured an Auto Scaling group with health checks. The configuration is set to the desired capacity value of 3 and a maximum capacity value of 3. The EC2 instances of your Auto Scaling group are configured to scale when CPU utilization is at 60 percent and is now running at 80 percent utilization. Which of the following will take place?
Antworten
-
System will trigger CloudWatch alarms to AWS support
-
The desired capacity will go up to 4 and the maximum will stay at 3
-
The desired capacity will go up to 4 and the maximum will stay at 4
-
System will keep running as is
Frage 55
Frage
Your application is deployed automatically using AWS Elastic Beanstalk. Your YAML configuration files are stored in the folder .ebextensions and new files are added or updated often. The DevOps team does not want to re-deploy the application every time there are configuration changes, instead, they would rather manage configuration externally, securely, and have it load dynamically into the application at runtime. What option allows you to do this?
Frage 56
Frage
As a site reliability engineer, you work on building and running large-scale, distributed, fault-tolerant systems in the cloud using automation. You currently replaced the company's Jenkins based CI/CD platform with AWS CodeBuild and would like to programmatically define your build steps. Which of the following options should you choose?
Antworten
-
define an appspec.yml file in the root directory
-
define a buildspec.yml file in the root directory
-
define a buildspec.yml file in the codebuild/ directory
-
define an appspec.yml file in the codebuild/ directory
Frage 57
Frage
You are a software engineer working for an IT company and are asked to contribute to a growing internal application that includes dashboards for data visualization. You are provisioning your AWS DynamoDB table and need to perform 10 strongly consistent reads per second of 4 KB in size each. How many read capacity units (RCUs) are needed?
Frage 58
Frage
New cloud-developers is learning to reap the benefits of elasticity, horizontal scalability, and high availability. They inherited a web application running in the us-east-1 region with three availability zones (us-east-1a, us-east1-b, and us-east-1c) whose incoming web traffic is routed by a load balancer. When one of the EC2 instances hosting the web application crashes, they realize that the load balancer continues to route traffic to that instance causing intermittent issues. Which of the following should the developer do to minimize this problem?
Frage 59
Frage
You are storing your video files in a separate S3 bucket than your main static website in an S3 bucket. When accessing the video URLs directly the users are able to view the videos on the browser, but it is impossible for them to play the videos while visiting the main website. What is the root cause of this problem?
Frage 60
Frage
A company developed an app-based service for citizens to book transportation rides in the local community. The platform is running on AWS EC2 instances and uses Amazon Relational Database Service (RDS) for storing transportation data. A new feature has been requested where receipts would be emailed to customers with PDF attachments retrieved from Amazon Simple Storage Service (S3). Which of the following options will provide EC2 instances with the right permissions to upload files to Amazon S3 and generate S3 Signed URL?
Frage 61
Frage
You are getting ready for an event to show off your Alexa skill written in JavaScript. As you are testing your voice activation commands you find that some intents are not invoking as they should and you are struggling to figure out what is happening. You included the following code console.log(JSON.stringify(this.event)) in hopes of getting more details about the request to your Alexa skill. You would like the logs stored in an Amazon Simple Storage Service (S3) bucket named MyAlexaLog. How do you achieve this?
Antworten
-
Use CloudWatch integration feature with Kinesis
-
Use CloudWatch integration feature with S3
-
Use CloudWatch integration feature with Lambda
-
Use CloudWatch integration feature with Glue
Frage 62
Frage
DevOps engineers are developing an order processing system where notifications are sent to a department whenever an order is placed for a product. The system also pushes identical notifications of the new order to a processing module that would allow EC2 instances to handle the fulfillment of the order. In the case of processing errors, the messages should be allowed to be re-processed at a later stage and never lost. How can this be achieved?
Antworten
-
SNS + Kinesis
-
SNS + SQS
-
SNS + Lambda
-
SQS + SES
Frage 63
Frage
You are planning to build a fleet of EBS-optimized EC2 instances to handle the load of your new application. Due to security compliance, your organization wants any secret strings used in the application to be encrypted to prevent exposing values as clear text. The solution requires that decryption events be audited and API calls to be simple. How can this be achieved?
Antworten
-
Encrypt first with KMS then store in SSM Parameter store
-
Store the secret as SecureString in SSM Parameter Store
-
Store the secret as PlainText in SSM Parameter Store
-
Audit using CloudTrail
-
Audit using SSM Audit Trail
Frage 64
Frage
An application runs on an EC2 instance and processes orders on a nightly basis. This EC2 instance needs to access the orders that are stored in S3. How would you recommend the EC2 instance access the orders securely?
Frage 65
Frage
Your company leverages Amazon CloudFront to provide content via the internet to customers with low latency. Aside from latency, security is another concern and you are looking for help in enforcing end-to-end connections using HTTPS so that content is protected. Which of the following options is available for HTTPS in AWS CloudFront?
Antworten
-
Between clients and CloudFront only
-
Between clients and CloudFront and CloudFront and backend
-
Between CloudFront and backend only
-
Nowhere
Frage 66
Frage
As a site reliability engineer, you are responsible for improving the company’s deployment by scaling and automating applications. As new application versions are ready for production you ensure that the application gets deployed to different sets of EC2 instances at different times allowing for a smooth transition. Using AWS CodeDeploy, which of the following options will allow you to do this?
Frage 67
Frage
Your company has a load balancer in a VPC configured to be internet facing. The public DNS name assigned to the load balancer is myDns-1234567890.us-east-1.elb.amazonaws.com. When your client applications first load they capture the load balancer DNS name and resolve it to the IP address. The DNS name is a value used throughout other actions in the application. At load, client applications work well but unexpectedly stop working after a while. What is the reason for this?
Antworten
-
The load balancer is highly available and its public IP may change. The DNS is constant
-
Your security groups are not stable
-
You need to enable stickiness
-
You need to disable multi-AZ deployments
Frage 68
Frage
A firm maintains a highly available application that receives HTTPS traffic from mobile devices and web browsers. The main Developer would like to set up the Load Balancer routing to route traffic from web servers to smart.com/api and from mobile devices to smart.com/mobile. A developer advises that the previous recommendation is not needed and that requests should be sent to api.smart.com and mobile.smart.com instead. Which of the following routing options were discussed?
Antworten
-
URL Path
-
Cookie Value
-
Client IP
-
Web Browser Version
-
Hostname
Frage 69
Frage
You have been hired at a company that needs an experienced developer to help with a continuous integration/continuous delivery (CD/CD) workflow on AWS. You configure the company’s workflow to run an AWS CodePipeline pipeline whenever the application’s source code changes in a repository hosted in AWS Code Commit and compiles source code with AWS Code Build. You are configuring ProjectArtifacts in your build stage. Which of the following should you do?
Antworten
-
Configure AWS CodeBuild to store output artifacts on EC2 servers
-
Give AWS CodeBuild permission to upload the build output to your Amazon S3 bucket
-
Give AWS CodeCommit permission to upload the build output to your Amazon S3 bucket
-
Contact AWS Support to allow AWS CodePipeline to manage build outputs
Frage 70
Frage
You are revising options that would be best for monitoring a few EC2 instances you currently manage. Amazon CloudWatch has metrics available to monitor your EC2 instances for CPU load, I/O, and network I/O. Your budget does not allow for spending on monitoring so using the default monitoring available is your preferred choice. With default monitoring, at what interval will these metrics be collected?
Antworten
-
1 minute
-
10 minutes
-
2 minutes
-
5 minutes
Frage 71
Frage
Your company is in the process of building a DevOps culture and is moving all of its on-premise resources to the cloud using serverless architectures and automated deployments. You have created a CloudFormation template in YAML that uses an AWS Lambda function to pull HTML files from GitHub and place them into an Amazon Simple Storage Service (S3) bucket that you specify. Which of the following AWS CLI commands can you use to upload AWS Lambda functions and AWS CloudFormation templates to AWS?
Antworten
-
cloudformation zip and cloudformation deploy
-
cloudformation package and cloudformation upload
-
cloudformation zip and cloudformation upload
-
cloudformation package and cloudformation deploy
Frage 72
Frage
Your AWS CodeDeploy deployment to T2 instances succeed. The new application revision makes API calls to Amazon S3 however the application is not working as expected due to authorization exceptions and you were assigned to troubleshoot the issue. Which of the following should you do?
Antworten
-
Fix the IAM permissions for the CodeDeploy service role
-
Fix the IAM permissions for the EC2 instance role
-
Make the S3 bucket public
-
Enable CodeDeploy Proxy
Frage 73
Frage
BigBankCo, a company with over 10,000 employees, has added you as the new Sr. Developer. Initially caching was enabled to reduce the number of calls made to all API endpoints and improve the latency of requests to the company’s API Gateway. For testing purposes, you would like to invalidate caching for the API clients to get the most recent responses. Which of the following should you do?
Antworten
-
Using the request parameter ?cache-control-max-age=0
-
Use the Request parameter: ?bypass_cache=1
-
Using the Header Bypass-Cache=1
-
Using the Header Cache-Control: max-age=0
Frage 74
Frage
You have been collecting AWS X-Ray traces across multiple applications and you would now like to index your XRay traces to search and filter through them efficiently. What should you use in your instrumentation?
Antworten
-
Annotations
-
Sampling
-
Segments
-
Metadata
Frage 75
Frage
Your AWS account is now growing to 200 users and you would like to provide each of these users a personal space in the S3 bucket 'my_company_space' with the prefix /home/<username>, where they have read/write access. How can you do this efficiently?
Antworten
-
Create one customer-managed policy with dynamic variables and attach it to a group of all users
-
Create inline policies for each user as they are onboarded
-
Create one customer-managed policy per user and attach them to the relevant users
-
Create an S3 bucket policy and change it as users are added and removed
Frage 76
Frage
You would like to deploy a Lambda function globally so that requests are filtered at the AWS edge locations. Which Lambda deployment mode do you need?
Frage 77
Frage
Your organization has set up a full CICD pipeline leveraging CodePipeline and the deployment is done on Elastic Beanstalk. This pipeline has worked for over a year now but you are approaching the limits of Elastic Beanstalk in terms of how many versions can be stored in the service. How can you remove older versions that are not used by Elastic Beanstalk so that new versions can be created for your applications?
Antworten
-
setup .ebextensions file
-
define a lambda function
-
use a lifecycle policy
-
use worker environments
Frage 78
Frage
You are running a video website and provide users with S3 pre-signed URLs allowing your users to securely upload their video content onto your buckets. The average file size uploaded to your buckets is 500MB and you would like your users to efficiently send the content. What would you recommend doing in the client SDK?
Frage 79
Frage
Your Lambda function must use the Node.js drivers to connect to your RDS PostgreSQL database in your VPC. As such, how do you bundle your Lambda function to add the dependencies?
Antworten
-
Zip the function as-is with a package.json file so that AWS Lambda can resolve the dependencies for you
-
Upload the code through the AWS console and upload the dependencies as a zip
-
Zip the function and the dependencies separately and upload them in AWS Lambda as two parts
-
Put the function and the dependencies in one folder and zip them together
Frage 80
Frage
You would like to retrieve a subset of your dataset stored in S3 with the CSV format. You would like to retrieve a month of data and only 3 columns out of the 10. You need to minimize compute and network costs for this, what should you use?
Antworten
-
S3 Inventory
-
S3 Select
-
S3 Analytics
-
S3 Access Logs
Frage 81
Frage
Your client wants to deploy a service on EC2 instances, and as EC2 instances are added into an ASG, each EC2 instance should be running 3 different Docker Containers simultaneously. What Elastic Beanstalk platform should they choose?
Frage 82
Frage
You are implementing a banking application in which you need to update the Exchanges DynamoDB table and the AccountBalance DynamoDB table at the same time or not at all. Which DynamoDB feature should you use?
Antworten
-
DynamoDB Indexes
-
DynamoDB Transactions
-
DynamoDB TTL
-
DynamoDB Streams
Frage 83
Frage
As part of your video processing application, you are looking to perform a set of repetitive and scheduled tasks asynchronously. Your application is deployed on Elastic Beanstalk. Which Elastic Beanstalk environment should you set up for performing the repetitive tasks?
Antworten
-
Setup a Worker environment and a cron.yaml file
-
Setup a Web Server environment and a cron.yaml file
-
Setup a Work environment and a .ebextensions file
-
Setup a Web Server environment and a c.ebextensions file
Frage 84
Frage
An EC2 instance has an IAM instance role attached to it, providing it read and write access to the S3 bucket 'my_bucket'. You have tested the IAM instance role and both reads and writes are working. You then remove the IAM role from the EC2 instance and test both read and write again. Writes stopped working but Reads are still working. What is the likely cause of this behavior?
Antworten
-
The EC2 instance is using cached temporary IAM credentials
-
Removing an instance role from an EC2 instance can take a few minutes before being active
-
When a read is done on a bucket, there's a grace period of 5 minutes to do the same read again
-
The S3 bucket policy authorizes reads
Frage 85
Frage
You are deploying Lambda functions that operate on your S3 buckets to read files and extract key metadata. The Lambda functions are managed using SAM. Which Policy should you insert in your serverless model template to give buckets read access?
Antworten
-
SQSPollerPolicy
-
S3CrudPolicy
-
S3ReadPolicy
-
LambdaInvokePolicy
Frage 86
Frage
You are running a web application where users can author blogs and share them with their followers. Most of the workflow is read based, but when a blog is updated, you would like to ensure that the latest data is served to the users (no stale data). The Developer has already suggested using ElastiCache to cope with the read load but has asked you to implement a caching strategy that complies with the requirements of the site. Which strategy would you recommend?
Antworten
-
Use a Lazy Loading strategy with TTL
-
Use a Write Through strategy
-
Use a Lazy Loading strategy without TTL
-
Use DAX
Frage 87
Frage
You need to load SSL certificates onto your Load Balancers and also have EC2 instances dynamically retrieve them when needed for service to service two-way TLS communication. What service should you use to centrally manage these SSL certificates?
Frage 88
Frage
Your Lambda function processes files for your customers and as part of that process, it creates a lot of intermediary files it needs to store on its disk and then discard. What is the best way to store temporary files for your Lambda functions that will be discarded when the function stops running?
Antworten
-
Use the local directory /opt
-
Create a tmp/ directory in the source zip file and use it
-
Use an S3 bucket
-
Use the local directory /tmp
Frage 89
Frage
You are looking to invoke an AWS Lambda function every hour (similar to a cron job) in a serverless way. Which event source should you use for your AWS Lambda function?
Antworten
-
Amazon S3
-
CloudWatch Events
-
SQS
-
Kinesis
Frage 90
Frage
You are storing bids information on your betting application and you would like to automatically expire DynamoDB table data after one week. What should you use?
Antworten
-
Use DynamoDB Streams
-
Use DAX
-
Use TTL
-
Use a Lambda Function
Frage 91
Frage
You would like your Elastic Beanstalk environment to expose an HTTPS endpoint and an HTTP endpoint. The HTTPS endpoint should be used to get in-flight encryption between your clients and your web servers, while the HTTP endpoint should only be used to redirect traffic to HTTPS and support URLs starting with http://. What must be done to configure this setup?
Antworten
-
Open up port 80 & port 443
-
Configure your EC2 instances to redirect HTTPS traffic to HTTP
-
Configure your EC2 instances to redirect HTTP traffic to HTTPS
-
Only open up port 443
-
Only open up port 80
-
Assign an SSL certificate to the Load Balancer
Frage 92
Frage
You have created a test environment in Elastic Beanstalk and as part of that environment, you have created an RDS database. How can you make sure the database can be explored after the environment is destroyed?
Antworten
-
Change the Elastic Beanstalk environment variables
-
Make a selective delete in Elastic Beanstalk
-
Make a snapshot of the database before it gets deleted
-
Convert the Elastic Beanstalk environment to a worker environment
Frage 93
Frage
You are creating a web application in which users can follow each other. Some users will be more popular than others and thus their data will be requested very often. Currently, the user data sits in RDS and it has been recommended by your Developer to use ElastiCache as a caching layer to improve the read performance. The whole dataset of users cannot sit in ElastiCache without incurring tremendous costs and therefore you would like to cache only the most often requested users profiles there. As your website is high traffic, it is accepted to have stale data for users for a while, as long as the stale data is less than a minute old. What caching strategy do you recommend implementing?
Antworten
-
Lazy Loading Strategy with TTL
-
Lazy Loading Strategy without TTL
-
Write Through Strategy with TTL
-
Write Through Strategy without TTL
Frage 94
Frage
Which environment variable can be used by AWS X-Ray SDK to ensure that the daemon is correctly discovered on ECS?
Antworten
-
AWS_XRAY_TRACING_NAME
-
AWS_XRAY_CONTEXT_MISSING
-
AWS_XRAY_DAEMON_ADDRESS
-
AWS_XRAY_DEBUG_MODE
Frage 95
Frage
A company is migrating a legacy application to Amazon EC2. The application uses a user name and
password stored in the source code to connect to a MySQL database. The database will be migrated to an
Amazon RDS for MySQL DB instance. As part of the migration, the company wants to implement a secure
way to store and automatically rotate the database credentials.
Which approach meets these requirements?
Antworten
-
Store the database credentials in environment variables in an Amazon Machine Image (AMI). Rotate the credentials by replacing the AMI.
-
Store the database credentials in AWS Systems Manager Parameter Store. Configure Parameter Store to automatically rotate the credentials.
-
Store the database credentials in environment variables on the EC2 instances. Rotate the credentials by relaunching the EC2 instances.
-
Store the database credentials in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials.
Frage 96
Frage
A developer is designing a web application that allows the users to post comments and receive near real-time feedback. Which architectures meet these requirements? (Select TWO.)
Antworten
-
Create an AWS AppSync schema and corresponding APIs. Use an Amazon DynamoDB table as the data store.
-
Create a WebSocket API in Amazon API Gateway. Use an AWS Lambda function as the backend and an Amazon DynamoDB table as the data store.
-
Create an AWS Elastic Beanstalk application backed by an Amazon RDS database. Configure the application to allow long-lived TCP/IP sockets.
-
Create a GraphQL endpoint in Amazon API Gateway. Use an Amazon DynamoDB table as the data store.
-
Enable WebSocket on Amazon CloudFront. Use an AWS Lambda function as the origin and an Amazon Aurora DB cluster as the data store.
Frage 97
Frage
A developer is adding sign-up and sign-in functionality to an application. The application is required to
make an API call to a custom analytics solution to log user sign-in events. Which combination of actions should the developer take to satisfy these requirements? (Select TWO.)
Antworten
-
Use Amazon Cognito to provide the sign-up and sign-in functionality.
-
Use AWS IAM to provide the sign-up and sign-in functionality.
-
Configure an AWS Config rule to make the API call triggered by the post-authentication event.
-
Invoke an Amazon API Gateway method to make the API call triggered by the post-authentication event.
-
Execute an AWS Lambda function to make the API call triggered by the post-authentication event.
Frage 98
Frage
A company is using Amazon API Gateway for its REST APIs in an AWS account. The security team wants to allow only IAM users from another AWS account to access the APIs. Which combination of actions should the security team take to satisfy these requirements? (Select TWO.)
Antworten
-
Create an IAM permission policy and attach it to each IAM user. Set the APIs method authorization type to AWS_IAM. Use Signature Version 4 to sign the API requests.
-
Create an Amazon Cognito user pool and add each IAM user to the pool. Set the method authorization type for the APIs to COGNITO_USER_POOLS. Authenticate using the IAM credentials in Amazon Cognito and add the ID token to the request headers.
-
Create an Amazon Cognito identity pool and add each IAM user to the pool. Set the method authorization type for the APIs to COGNITO_USER_POOLS. Authenticate using the IAM credentials in Amazon Cognito and add the access token to the request headers.
-
Create a resource policy for the APIs that allows access for each IAM user only.
-
Create an Amazon Cognito authorizer for the APIs that allows access for each IAM user only. Set the method authorization type for the APIs to COGNITO_USER_POOLS.
Frage 99
Frage
A developer is building an application that transforms text files to .pdf files. The text files are written to a source Amazon S3 bucket by a separate application. The developer wants to read the files as they arrive in Amazon S3 and convert them to .pdf files using AWS Lambda. The developer has written an IAM policy to allow access to Amazon S3 and Amazon CloudWatch Logs.
Which actions should the developer take to ensure that the Lambda function has the correct permissions?
Antworten
-
Create a Lambda execution role using AWS IAM. Attach the IAM policy to the role. Assign the Lambda execution role to the Lambda function.
-
Create a Lambda execution user using AWS IAM. Attach the IAM policy to the user. Assign the Lambda execution user to the Lambda function.
-
Create a Lambda execution role using AWS IAM. Attach the IAM policy to the role. Store the IAM role as an environment variable in the Lambda function.
-
Create a Lambda execution user using AWS IAM. Attach the IAM policy to the user. Store the IAM user credentials as environment variables in the Lambda function.
Frage 100
Frage
A company has AWS workloads in multiple geographical locations. A developer has created an Amazon Aurora database in the us-west-1 Region. The database is encrypted using a customer-managed AWS KMS key. Now the developer wants to create the same encrypted database in the us-east-1 Region.
Which approach should the developer take to accomplish this task?
Antworten
-
Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region and specify a KMS key in the us-east-1 Region. Restore the database from the copied snapshot.
-
Create an unencrypted snapshot of the database in the us-west-1 Region. Copy the snapshot to the useast-1 Region. Restore the database from the copied snapshot and enable encryption using the KMS key from the us-east-1 Region.
-
Disable encryption on the database. Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region. Restore the database from the copied snapshot.
-
In the us-east-1 Region, choose to restore the latest automated backup of the database from the us-west1 Region. Enable encryption using a KMS key in the us-east-1 Region.
Frage 101
Frage
A developer is adding Amazon ElastiCache for Memcached to a company's existing record storage application to reduce the load on the database and increase performance. The developer has decided to use lazy loading based on an analysis of common record handling patterns.
Which pseudocode example would correctly implement lazy loading?
Antworten
-
record_value = db.query("UPDATE Records SET Details = {1} WHERE ID == {0}",
record_key, record_value)
cache.set (record_key, record_value)
-
record_value = cache.get(record_key)
if (record_value == NULL)
record_value = db.query("SELECT Details FROM Records WHERE ID == {0}",
record_key)
cache.set (record_key, record_value)
-
record_value = cache.get (record_key)
db.query("UPDATE Records SET Details = {1} WHERE ID == {0}", record_key,
record_value)
-
record_value = db.query("SELECT Details FROM Records WHERE ID == {0}",
record_key)
if (record_value != NULL)
cache.set (record_key, record_value)
Frage 102
Frage
A developer wants to track the performance of an application that runs on a fleet of Amazon EC2 instances. The developer wants to view and track statistics across the fleet, such as the average and maximum request latency. The developer would like to be notified immediately if the average response time exceeds a threshold.
Which solution meets these requirements?
Antworten
-
Configure a cron job on each instance to measure the response time and update a log file stored in an Amazon S3 bucket every minute. Use an Amazon S3 event notification to trigger an AWS Lambda function that reads the log file and writes new entries to an Amazon Elasticsearch Service (Amazon ES) cluster. Visualize the results in a Kibana dashboard. Configure Amazon ES to send an alert to an Amazon SNS topic when the response time exceeds a threshold.
-
Configure the application to write the response times to the system log. Install and configure the Amazon Inspector agent to continually read the logs and send the response times to Amazon EventBridge. View the metrics graphs in the EventBridge console. Configure an EventBridge custom rule to send an Amazon SNS notification when the average of the response time metric exceeds the threshold.
-
Configure the application to write the response times to a log file. Install and configure the Amazon CloudWatch agent on the instances to stream the application log to CloudWatch Logs. Create a metric filter of the response time from the log. View the metrics graphs in the CloudWatch console. Create a CloudWatch alarm to send an Amazon SNS notification when the average of the response time metric exceeds the threshold.
-
Install and configure the AWS Systems Manager Agent on the instances to monitor the response time and send it to Amazon CloudWatch as a custom metric. View the metrics graphs in Amazon QuickSight. Create a CloudWatch alarm to send an Amazon SNS notification when the average of the response time metric exceeds the threshold.
Frage 103
Frage
A developer is testing an application locally and has deployed it to AWS Lambda. To remain under the package size limit, the dependencies were not included in the deployment file. When testing the application remotely, the function does not execute because of missing dependencies.
Which approach would resolve the issue?
Antworten
-
Use the Lambda console editor to update the code and include the missing dependencies
-
Create an additional .zip file with the missing dependencies and include the file in the original Lambda deployment package.
-
Add references to the missing dependencies in the Lambda function's environment variables.
-
Attach a layer to the Lambda function that contains the missing dependencies.
Frage 104
Frage
A developer is building a web application that uses Amazon API Gateway. The developer wants to maintain different environments for development and production (dev and prod) workloads. The API will be backed by an AWS Lambda function with two aliases: one for dev and one for prod.
How can this be achieved with the LEAST amount of configuration?
Antworten
-
Create a REST API for each environment and integrate the APIs with the corresponding dev and prod aliases of the Lambda function. Then deploy the two APIs to their respective stages and access them using the stage URLs
-
Create one REST API and integrate it with the Lambda function using a stage variable in place of an alias. Then deploy the API to two different stages – dev and prod – and create a stage variable in each stage with different aliases as the values. Access the API using the different stage URLs.
-
Create one REST API and integrate it with the dev alias of the Lambda function, and deploy it to a dev environment. Configure a canary release deployment for prod where the canary will integrate with the Lambda prod alias.
-
Create one REST API and integrate it with the prod alias of the Lambda function and deploy it to a prod environment. Configure a canary release deployment for dev where the canary will integrate with the Lambda dev alias.