MyIndexCards

Question 1

Cognito Process

User authenticates with WebID Provider
Receives token
Token received for temp aws creds
Assume IAM Role

Answer 1

Cognito Process

Question 2

Route 53

Lookup domain for host

Answer 2

DNS Domain

Question 3

Route 53

Translates host name into an IP address

Answer 3

DNS Host

Question 4

Local Secondary Index

Same partition key as

Answer 4

Base Index

Question 5

Cognito

User directory for applications

Answer 5

Cognito User Pool

Question 6

Cognito

With federated id you obtain temporary, limited privileges to AWS credentials and services

Answer 6

Cognito Federated

Question 7

Cognito

Maps a user from identity provider to an IAM role

Answer 7

Identity Pool

Question 8

SQS

Not guaranteed - messages can be delivered more than once

Answer 8

Standard

Question 9

SQS

Order is strictly maintained and messages may be delivered more than once.

Answer 9

FIFO

Question 10

Cognito

Identity broker that handles interaction between apps and web Id provider

Answer 10

Cognito

Question 11

Simple Notification Service (SNS)

Instant push of data that is flexible and inexpensive

Answer 11

SNS

Question 12

S3 Security

Server side encryption with customer provided keys.

Answer 12

SSE-C

You give amazon your own keys that you manage.

Question 13

S3 Security

AWS Key Management Service: You and Amazon manage keys together

Answer 13

SSE-KMS

Question 14

S3 Security

S3 managed keys: Amazon manages keys for you

Answer 14

SSE - MKS

Question 15

S3

Eventual consistency for overwrite of PUTS and Deletes (can take some time to propagate)

Answer 15

You might see older object or deleted file until S3 catches up

Question 16

S3

Read after Write consistency for PUTS of new objects

Answer 16

As soon as you create an object it is available to read - immediately

Question 17

S3

Name of the object

Answer 17

Key

Question 18

S3

Data made up in bytes

Answer 18

Value

Question 19

S3

This is important for versioning

Answer 19

Version ID

Question 20

S3

Data about data

Answer 20

Metadata

Question 21

S3

Capability that can be used to provide an additional layer of security.

Answer 21

MFA Delete

Question 22

S3

Integrates with lifecycle rules

Answer 22

Versioning control

Question 23

S3

Versioning is a great backup tool
Once it is enabled it cannot be disabled

Answer 23

Only suspended

Question 24

S3

Stores all versions of an object (including all writes and even if you delete an object)

Answer 24

Version Control

Question 25

Authentication

Helps to protect credentials needed to access databases, applications, services and IT resources. It enables users to easily, rotate, manage and retrieve database credentials, API keys and other secrets throughout their lifecycle.

Answer 25

Secrets Manager

Question 26

Sample Question

A developer is designing a web app that allows users to post comments and receive near real-time feedback.

What architecture meets this requirement?

Answer 26

AppSync: Create flexible APIs to securely access, manipulate and combine data from one or more sources. Users get extracted data with real time updates
–AND–
DynamoDb table as data store

Question 27

Sample Question

What combination of actions would allow a developer to add sign-up and sign-in to an app?

*The app is required to make a call to a custom analytics solution to log user events.

Answer 27

AWS Cognito: adds user sign-up and user sign-in

–AND–

Execute a Lambda function to make an API call triggered by a post-authentication event.

Question 28

Sample Question

What combination of services would allow users from ANOTHER AWS account to access REST APIs in an account.

Answer 28

Create a resource policy to allow access to the APIs from users in another account using
Signature Version 4 Protocols (SigV4)

Question 29

Sample Question

A developer builds an app that transforms text files to .pdf files. The text files are written to a source S3 bucket by a separate app. The dev wants to read the files, as they arrive, in S3 and convert them to .pdf using Lambda. The dev wrote a policy to allow access to S3 and CloudWatch logs.

• What needs to be done so that the Lambda function has correct permissions?

Answer 29

Create a Lambda execution role with IAM and attach an IAM policy to the role. Then assign the Lambda execution role to the Lambda function.

Question 30

Sample Questions

A company has AWS workloads in multiple regions. A dev created an Aurora DB in us-west-1. The database is encrypted using customer-managed keys. Now the dev wants to duplicate the db in us-east-1.

• How can this be accomplished

Answer 30

Create a snapshot of db in us-west-1

Copy the snapshot to us-east-1 and specify KMS

Restore the database from the copied snapshot

Question 31

Sample Question

Delays loading a record until it is needed. It first checks the cache and if the record is not present, the record is retrieved from the database and stored in the cache.

• What does this describe?

Answer 31

Lazy Loading

Question 32

Sample Question

A developer is adding ElastiCache for Memcached to a company’s existing record storage app to reduce the load on the db and to increase performance. The developer has decided to use lazy loading based on analysis of common record handling patterns.

• What pseudonym code implements lazy loading?

Answer 32

record_value = cache.get (record_key)
if (record_value == NULL)
record_value = db.query(“SELECT Detail FROM Records WHERE ID == {0}, record_key)
cache.set (record_key, record_value)

Question 33

Sample Questions

A developer wants to track performance of an app that runs on a fleet of EC2 instances. The developer wants to view and track stats across the fleet such as average and maximum request latency. The dev wants immediate notification if average response time exceeds a threshold.

How can the developer accomplish this?

Answer 33

Configure the app to write response times to a log file.

Install and configure CloudWatch agent on the instance to stream to stream app logs to CloudWatch.

Create a metric filter of response times from the log.

View graphs in CloudWatch console.

Create an alarm to send to SNS notification when the average of response time metric exceeds threshold.

Question 34

Sample Question

A developer is testing an app locally and has deployed it to Lambda. To remain under the package size limit, the dependencies were NOT included in the deployment file. When testing the app remotely, the function does not execute due to missing dependencies.

• What would resolve this?

Answer 34

Attach a layer to the Lambda function that contains the missing dependencies.

Question 35

Sample Questions

A dev is building a web app that uses the API Gateway and he wants to maintain different envs for dev and prod workloads. The API is backed by a Lambda function with two aliases: one for dev and one for prod.

• How can this be achieved with LEAST amount of configuration?

Answer 35

Create one REST API and integrate it with Lambda using STAGE VARIABLES in place of alias.

Then deploy the API to two different stages - dev and prod.

Create stage variables in each stage with different aliases as values.

Access API using different stage URLs

Question 36

Assessment

You have an app running on EC2 that needs read-only access to several AWS services. What is the best way to grant that app permission only to a specific set of resources in your account?

Answer 36

Launch EC2 instances into IAM Role with custom IAM policies for the permissions.

Question 37

Assessment

You have deployed a new app in us-west (Oregon) Region. However, you accidentally deployed an Amazon Polly lexicon need for your app to EU (London). How can you use your lexicon to synthesize speech while minimizing the changes to your app code and reducing cost?

Answer 37

Upload a copy of the lexicon to us west (Oregon)

Question 38

Assessment

When your placing subnets for a specific VPC you can place subnets

Answer 38

In any AZ within the region for the VPC.

Question 39

Assessment

You identified two EC2 instances in your account that appear to have the SAME IP address. How/Why?

Answer 39

These instances are in different VPCs

Question 40

Assessment

You have a workload that requires 15,000 consistent IOPS for data that must be durable. What would you need for this scenario?

Answer 40

EBS Optimized Instance
–AND–
Provisioned IOPS SSD Volume

Question 41

Assessment

Your company stores critical documents in S3 but it wants to minimize cost. Most docs are used for about a month and then used much less frequently. However, all data needs to be available within minutes when requested. How?

Answer 41

Migrate the data to S3 Standard-IA after 30 days - using a lifecycle policy.

Question 42

Assessment
AWS

Your migrating your company’s apps and data from on premises to the AWS cloud. You have performed a data inventory and discovered that you will need to transfer about 2 PB of data to AWS. Which migration option will be the best choice for your company with minimal cost and shortest time?

Answer 42

Snowball

Question 43

Assessment

This is meant to be used for datasets of 10 PB or more

Answer 43

Snowmobile.

Question 44

Assessment

You are changing your app to take advantage of elasticity and cost benefits provided by auto scaling. To do this, you must move session state information from the EC2 instances. What AWS service is best suited as an alternative to storing session data.

Answer 44

DynamoDB

Question 45

Assessment

Your company’s senior management wants to query several data stores to obtain a “big picture” view of the business. The amount of data contained within the data stores is at least 2 TB in size. What service is the best option?

Answer 45

Amazon Redshift

Question 46

Assessment

What are the characteristics of Redshift

Answer 46

Data warehousing that span multiple data repositories and are at least 2 TB in size.

Question 47

Assessment

Your e-commerce application provides daily ad hoc reporting to various business units on customer purchases. These ops result in high level read traffic to your MySQL RDS instance. What can you do to scale up read traffic without impacting db performance?

Answer 47

Create a read replicas that provide enhanced performance and durability for RDS instances.

Question 48

Assessment

Your company has refactored their app to use NoSQL instead of SQL and they would like to use a managed service for running the new NoSQL db - which one would your recommend.

Answer 48

DynamoDB

Question 49

Assessment

A company is currently running RDS however, they are retiring a db that is currently running and they have automatic backups enabled on it. They want to ensure they retain the last backup before deleting the db. As the lead dev on the project what should you do?

Answer 49

Create a manual snapshot before deleting the db.

Question 50

Assessment

Used to migrate databases from one source to another

Answer 50

AWS Database Migration Service.

Question 51

Assessment

Can you SSH into an RDS database?

Answer 51

NO because it is a managed service.

Question 52

Assessment

When using Redshift on what node do you run your SQL queries

Answer 52

Leader Node

Question 53

Assessment

Acts as SQL endpoint and receives queries from client applications, parses the queries, and develops query execution plans.

Answer 53

Leader Node

Question 54

Assessment

Executes query execution plan set up by the leader node.

Answer 54

Compute Node

Question 55

Assessment

The node where you submit the actual query

Answer 55

Leader Node

Question 56

Assessment

Your company is building a recommendation feature for their app and they want to use a managed graph database - which would you recommend?

Answer 56

Neptune is a managed graph database

Question 57

Assessment

You have a DynamoDB table that has a partition key and a sort key. However, a business analyst on your team wants to be able to query the DynamoDB table with a different partition key. How?

Answer 57

Create a global secondary index

Question 58

Assessment

Enables you to use a different partition key or primary key in addition to a different sort key

Answer 58

Global Secondary Index

Question 59

Assessment

These secondary indexes can only have a different sort key.

Answer 59

Local Secondary Index

Question 60

Assessment

An app is using DynamoDB and a developer on your team noticed that occasionally the app does not return the most up-to-date data after a read from the database. How can this be solved.

Answer 60

Configure the app to run a strongly consistent read.

Question 61

Assessment

A developer on your team would like to test a new idea and requires a NoSQL database. Your current apps are using DynamoDB. What should be recommended?

Answer 61

Use DynamoDB Local

Question 62

Assessment

Downloadable version of DynamoDB that enables you to write and test apps without accessing the web service.

Answer 62

DynamoDB local.

Question 63

Assessment

The AWS Encryption SDK provides an encryption library that integrates with AWS KMS as a master key provider. What does the AWS Encryption SDK perform to build on the AWS SDK?

Answer 63

SDK is a client-side library designed to streamline data security operations so that customers can follow encryption best practices.

Question 64

Assessment

What cryptographic algorithm does AWS Encryption SDK support

Answer 64

AES - 256

Question 65

Assessment

Amazon EBS volumes are encrypted by default

Answer 65

FALSE

Because encryption is optional

Question 66

Assessment

What cannot be retained when deleting an AWS Elastic Beanstalk environment

Answer 66

ELB automatically deletes your RDS instance when your environment is deleted and does not automatically retain the data.

Question 67

Assessment

Since ELB automatically deletes your RDS instance upon deletion, how do you retain the data?

Answer 67

Make a snapshot BEFORE you delete the Beanstalk

Question 68

Assessment

What can Elastic Beanstalk do with language runtime platform changes.

Answer 68

Notify account users.

Question 69

Assessment

What can Elastic Beanstalk do with events

Answer 69

Display them per environment

Question 70

Assessment

What can Elastic Beanstalk do with instance statuses per environment

Answer 70

Show them

Question 71

Assessment

Something Elastic Beanstalk CANNOT do

Answer 71

Perform automatic changes to IAM policies.

Question 72

Assessment

What happens to AWS CodePipeline revisions, that upon reaching a manual approval gate, are rejected?

Answer 72

It is treated as a failed revision.

Question 73

Assessment

What strategy is invalid for migrating data to CodeCommit

Answer 73

Syncing files for S3 using CLI command

Question 74

Assessment

You have a CodeBuild task in your pipeline that requires large binary files that do not frequently change. What would be the best way to include these files in your build?

Answer 74

Create a custom build container that includes the files.

Question 75

Assessment

When you update AWS::S3:Bucket resource, what is the expected property if the Name property is updated?

Answer 75

Bucket names are globally unique and cannot be changed after a bucket is created. So you must create a replacement bucket when changing this property in CloudFormation

Question 76

Assessment

The preferred method of updating resources created by AWS CloudFormation?

Answer 76

Submit an updated template to CloudFormation to modify the stack.

Question 77

Assessment

When does the OpsWorks Stacks configure lifecycle event run?

Answer 77

On ALL instances in a stack when a single instance comes online or goes offline

Question 78

Assessment

What EC2 resources can OpsWorks Stacks manage?

Answer 78

Elastic IP Address
--
EBS Volumes
--
RDS db instances

Question 79

Assessment

What cloud service can Simple Active Directory (SimpleAD) use to authenticate users?

Answer 79

AWS WorkDocs

Question 80

Assessment

Identity Provider (IdP) and you cannot use Simple AD to authenticate users of EC2 or S3

Answer 80

Cognito

Question 81

Assessment

An implementation of Cognito - the best

Answer 81

Provide authentication to third-party web applications.

Question 82

Assessment

You manage a sales tracking system in which point-of-sale devices send transactions of this form:

{“date”:”2017-01-30”, “amount”:100.20, “product_id”:”1012”, “region”: “WA”, “customer_id”: “3382”}

You need to generate two real-time reports. The first reports on total sales per day for each customer. The second reports on the total sales per day for each product. What offering and service can you use to generate these real time reports?

Answer 82

Ingest data through Kinesis data streams.

Use Kinesis data analytics to query for sales per day for each product and sales per day for each customer using SQL queries.

Feed the results into two NEW streams in Kinesis Data Firehose

Question 83

Assessment

You design an application for selling toys online. Every time a customer orders a toy, you want to add an item into the orders table in DynamoDB and send an email to the customer acknowledging their order. The solution should be cost-effective and performant.

Answer 83

Use DynamoDB streams to publish a message every time there is a change in the table.

Question 84

Assessment

A company would like to use DynamoDB and they want to set up a NoSQL-style trigger. Can this be accomplished?

Answer 84

Yes.

You can use DynamoDB Streams and poll them with Lambda.

Question 85

Assessment

A company wants to access the infrastructure on which AWS Lambda runs. Is this possible?

Answer 85

No/Nay/Never

Lambda is a managed service and runs the necessary infrastructure on your behalf.

Question 86

Assessment

Using the smallest amount of memory possible for an AWS Lambda function, currently 128 MB, will result in the lowest bill. T or F

Answer 86

FALSE

Lambda uses 3 cost factors:
Amount of memory allocated
Amount of time spent on function (100-ms increments)
Number of times you execute or trigger a function

Question 87

Assessment

Two Amazon services used for caching

Answer 87

CloudFront
–and–
ElastiCache

Question 88

Assessment

Which API Gateway feature enables you to create a separate path that can be helpful in creating a dev endpoint and a prod endpoint?

Answer 88

Stages

Question 89

Assessment

What methods does API Gateway support?

Answer 89

GET
POST
PUT
PATCH
DELETE
HEAD
OPTIONS

Question 90

Assessment

What authorization mechanism does API Gateway support?

Answer 90

IAM Policies
Lambda customer authorizers
Cognito user pools

Question 91

Assessment

What tool can you use to develop and test AWS Lambda functions locally?

Answer 91

AWS SAM CLI

Question 92

Assessment

Which serverless AWS service can you use to store user session state?

Answer 92

DynamoDB

Question 93

Assessment

Which AWS service can you use to store user profile info?

Answer 93

Cognito

Question 94

Assessment

What are good candidates to store in cache?

Answer 94

Session State
--
Shopping Cart
--
Product Catalog

Question 95

Assessment

What cache engines does ElastiCache support

Answer 95

Memcached