AWS Dev Cert Q&A

Question 1

Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table?

Assume that no security Keys are allowed to be stored on the EC2 instance. (Choose two)

Answer 1

Launch an EC2 Instance with the IAM Role included in the launch configuration.

Create an IAM Role that allows write access to the DynamoDB table.

Question 2

What is the maximum number of S3 Buckets available per AWS account?

Answer 2

100 per account

Question 3

You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist.

What could explain this behavior?

Answer 3

US-STANDARD uses eventual consistency and it can take time for an object to be readable in a bucket

Question 4

After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful.

Which of the following steps could resolve the issue?

Answer 4

Disabling the Source/Destination Check attribute on the NAT instance

Question 5

What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?

Answer 5

BatchGetItem

Question 6

When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side?

Answer 6

x-amz-server-side-encryption

Question 7

Which of the following services are key/value stores? (Choose three)

Answer 7

Amazon ElastiCache

DynamoDB

Simple Storage Service

Question 8

If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users by default?

Answer 8

30 seconds

Question 9

You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable internet access?

Answer 9

Assign an Elastic IP address to the fourth instance.

Question 10

Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? (Choose two)

Answer 10

By default, all requests are denied

An explicit allow overrides default deny.

Question 11

What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

Answer 11

Previously-created resources are deleted and the stack creation terminates.

Question 12

Which features can be used to restrict access to data in S3? (Choose two)

Answer 12

Set an S3 Bucket policy.

Set an S3 ACL on the bucket or the object.

Question 13

Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name “ElasticLoad Balancer”?

Answer 13

“Fn::Join” : [“”. [ “http://”, {“Fn::GetAtr” : [ “ElasticLoadBalancer”,”DNSName”]}]]

Question 14

Which of the following platforms are supported by Elastic Beanstalk? (Choose two)

Answer 14

Apache Tomcat

.NET

Question 15

Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-west-1.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser.

What should Company D do to prevent the web fonts from being blocked by the browser?

Answer 15

Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration

Question 16

When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table’s provisioned throughput?

Answer 16

Set a smaller page size for the scan

Question 17

In AWS, which security aspects are the customer’s responsibility? (Choose four)

Answer 17

Life-cycle management of IAM credentials

Security Group and ACL (Access Control List) settings

Encryption of EBS (Elastic Block Storage) volumes

Patch management on the EC2 instance’s operating system

Question 18

Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?

Answer 18

DescribeImages

Question 19

EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:

Answer 19

only be used to launch EC2 instances in the same AWS region as the AMI is stored.

Question 20

How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

Answer 20

Query the local instance metadata.

Question 21

Which of the following are valid arguments for an SNS Publish request? (Choose three)

Answer 21

TopicArn

Subject

Message

Question 22

How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB table?

Answer 22

Strongly consistent reads use more throughput than eventually consistent reads

Question 23

Which of the following are valid SNS delivery transports? (Choose two)

Answer 23

HTTP

SMS

Question 24

A startups photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.
The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2 After 60 minutes of load-testing, the webserver logs show:

webserver #1 (subnet in us-west-2a) : | 19210 | 434
webserver #2 (subnet in us-west-2a) : | 21790 | 490
webserver #3 (subnet in us-west-2b) : | 0 | 410
webserver #4 (subnet in us-west-2b) : | 0 | 428

Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the four webservers? (Choose two)

Answer 24

Re-configure the load-testing software to re-resolve DNS for each web request.

Use a 3rd-party load-testing service which offers globally-distributed test clients.

Question 25

Which of the following statements about SWF are true? (Choose three)

Answer 25

SWF tasks are assigned once and never duplicated SWF workflow executions can last up to a year SWF uses deciders and workers to complete tasks

Question 26

Which of the following is chosen as the default region when making an API call with an AWS SDK?

Answer 26

us-east-1

Question 27

How can you secure data at rest on an EBS volume?

Answer 27

Use an encrypted file system on top of the EBS volume.

Question 28

What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

Answer 28

Amazon EBS-backed instances can be stopped and restarted

Question 29

An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is. “Return all Items in this office for names starting with A through E”. Which table configuration will result in the lowest impact on provisioned throughput for this query?

Answer 29

Configure the table to have a range index on the name attribute, and a hash index on the office identifier

Question 30

Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?

Answer 30

User ID, where the application has many different users.

Question 31

Company A has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can Company A provide only paid subscribers the ability to download a premier content file in the S3 bucket?

Answer 31

Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download

Question 32

When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?

Answer 32

Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue

Question 33

Which DynamoDB limits can be raised by contacting AWS support? (Choose two)

Answer 33

The number of tables per account The number of provisioned throughput units per account

Question 34

Company C has recently launched an online commerce site for bicycles on AWS. They have a “Product” DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details. Which approach below provides the least impact to provisioned throughput on the “Product” table?

Answer 34

Store the images in Amazon S3 and add an S3 URL pointer to the “Product” table item for each image

Question 35

In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?

Answer 35

4xx HTTP response code

Question 36

A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time. How much write throughput is required for the target table?

Answer 36

10 write capacity units

Question 37

Which of the following programming languages have an officially supported AWS SDK? (Choose two)

Answer 37

PHP Java

Question 38

Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API?

Answer 38

Request temporary security credentials using web identity federation to sign the requests

Question 39

What AWS products and features can be deployed by Elastic Beanstalk? (Choose three)

Answer 39

Auto scaling groups Elastic Load Balancers RDS Instances

Question 40

Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposed upload exceeds the maximum allowed object size.” error message. What is a possible solution for this?

Answer 40

Use the multi-part upload API for this object

Question 41

Which of the following services are included at no additional cost with the use of the AWS platform? (Choose two)

Answer 41

Auto Scaling CloudFormation

Question 42

You are writing to a DynamoDB table and receive the following exception:” ProvisionedThroughputExceededException”. Though according to your CloudWatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this?

Answer 42

You’re exceeding your capacity on a particular Hash Key

Question 43

You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however, the developers are not sure of the best way to do this. You advise them to:

Answer 43

Call the CreatePlatformEndPoint API function to register multiple device tokens.

Question 44

Which statements about DynamoDB are true? (Choose two)

Answer 44

DynamoDB uses optimistic concurrency control DynamoDB uses conditional writes for consistency

Question 45

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?

Answer 45

Remove public read access and use signed URLs with expiry dates

Question 46

You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers. Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already logged in. This is not behavior you have designed. What is a possible solution to prevent this happening?

Answer 46

Use ElastiCache to save session state.

Question 47

You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. Given these requirements, what is the most efficient way to manage these Items after the analysis?

Answer 47

Delete the table and create a new table per hour

Question 48

An Amazon S3 bucket, “myawsbucket” is configured with website hosting in Tokyo region, what is the region-specific website endpoint?

Answer 48

myawsbucket.s3-website-ap-northeast-1.amazonawscom

Question 49

Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability. The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company B reduce the number of empty responses?

Answer 49

Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds

Question 50

A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Which two approaches can satisfy the objectives? (Choose two)

Answer 50

The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the appropriate S3 bucket. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.

Question 51

Which of the following statements about SQS is true?

Answer 51

Messages will be delivered one or more times and message delivery order is indeterminate

Question 52

If an application is storing hourly log files from thousands of instances from a high traffic website, which naming scheme would give optimal performance on S3?

Answer 52

HH-DD-MM-YYYY-log_instanceID

Question 53

What type of block cipher does Amazon S3 offer for server side encryption?

Answer 53

Advanced Encryption Standard

Question 54

Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the browser. Which of the following steps will allow Company C to meet this requirement? (Choose two)

Answer 54

Upload an html page named welcome.html to their S3 bucket Set the Index Document property to welcome.html