AWS Developer Associate - C02 (Set 2)

Question 1

What can you use to speed up distribution of static and dynamic web content to users?

Answer 1

AWS CloudFront.
It is a web service that speeds up distribution of web content to users through a worldwide network of data centers called edge locations.

Question 2

What does AWS CodePipeline use to automatically start the pipeline? (Assuming you used the AWS CodePipeline console to construct the pipeline)

Answer 2

AWS CloudWatch Events (AKA EventBridge) are used to automatically start the pipeline.

Question 3

When using CodeDeploy, what is required to revert changes if anything goes wrong during deployment?

Answer 3

Nothing, CodeDeploy should be able to rollback on its own.

Question 4

What can you do to set up notifications if CodeDeploy fails a deployment and rolls back?

Answer 4

Set up a Lambda function subscribed to CodeDeploy events using CloudWatch Events.

Question 5

When you create a CloudTrail trail, by default, only what type of events are logged?

Answer 5

Only Management events are logged.

Question 6

To track Lambda function invocations with AWS CloudTrail, what type of events will need to be loggeed?

Answer 6

Data Events will show Lambda invocations.

Question 7

What are CloudTrail Insights?

Answer 7

They help developers identify and respond to unusual activity associated with API calls and API error rates by analyzing CloudTrail management events.

Question 8

What are CloudTrail data events?

Answer 8

They provide visibility into the resource operations performed on or within a resource.

Question 9

What are CloudTrail management events?

Answer 9

They provide visibility into management operations that are performed on resources in the AWS account.

Question 10

Is CodeDeploy able to deploy out to EC2 instances despite them being within an Auto Scaling Group?

Answer 10

Yes, the ASG has no effect and CodeDeploy will still deploy changes automatically.

Question 11

What AWS service can you use to send notification messages to an HTTP or HTTPS endpoint?

Answer 11

AWS SNS

Question 12

Between SNS and SQS, which supports sending notifications to HTTP / HTTPS endpoints?

Answer 12

AWS SNS

Question 13

What is a Lambda function’s Execution Role?

Answer 13

It refers to the AWS IAM Role that grants the function permission to access specific AWS services and resources.

Question 14

What can you do to reduce AWS Lambda latency?

Answer 14

Configure provisioned concurrency

Question 15

How does reserved concurrency affect a Lambda function’s execution?

Answer 15

It ensures the number of instances defined will be available concurrently and exclusively for a given function, but also limits functions from using concurrency outside of the reservation.

Question 16

How can you use AWS KMS to detect which KMS key was used to encrypt each ciphertext?

Answer 16

You can’t; AWS KMS does not store information about which key was used for which ciphertext.

Question 17

How can you tell which AWS KMS key was used to encrypt a given ciphertext?

Answer 17

By analyzing AWS CloudTrail logs

Question 18

What does AssumeRoleWithWebIdentity API return?

Answer 18

It returns a set of temporary security credentials for users who have been authenticated with a web identity provider.

Question 19

Why might you not be able to call APIs such as GetFederationTokens or GetSessionTokens after calling AssumeRoleWithWebIdentity?

Answer 19

Because this returns a temporary set of credentials and disallows calling those two APIs.

Question 20

What is Lambda@Edge?

Answer 20

It is a feature of CloudFront feature that can customize the content shown to different users using a CloudFront distribution.

Question 21

What is a good alternative when objects you intended to upload to DynamoDB are larger than 400KB and aren’t able to be compressed?

Answer 21

Writing attribute values of the objects to S3

Question 22

When creating a user pool and you want users to use SMS for MFA, is it necessary to set up any additional roles for this?

Answer 22

Yes, when MFA is required, phone numbers will be verified and you must provide a role to allow Amazon Cognito to send SMS messages.

Question 23

What two things does a developer need for programmatic access to AWS resources, or access from the AWS CLI?

Answer 23

An Access Key ID and a Secret Access Key.

Question 24

What does the X-Amzn-Trace-Id tracing header do?

Answer 24

It sends AWS X-Ray trace headers through all layers the request goes through.

Question 25

What does the SAM Resource AWS::Serverless::StateMachine create?

Answer 25

It creates an AWS Step Functions state machine

Question 26

What does the SAM Resource AWS::Serverless::Api create?

Answer 26

It creates a collection of Amazon API Gateway resources and methods that can be invoked through HTTPS endpoints. It is not explicitly needed as a resource of this type is implicitly created in AWS::Serverless::Function

Question 27

What does the SAM Resource AWS::Serverless::Application create?

Answer 27

It embeds a serverless application from the AWS SAR (Serverless Application Registry) or from an S3 bucket as a nested application.

Question 28

What does the SAM Resource AWS::Serverless::Connector create?

Answer 28

It configures permissions between two resources

Question 29

What does the SAM Resource AWS::Serverless::Function create?

Answer 29

It creates an AWS Lambda function, an AWS IAM execution Role, and event source mappings that trigger the function.

Question 30

What does the SAM Resource AWS::Serverless::HttpApi create?

Answer 30

It creates an Amazon API Gateway HTTP API, which enables you to create RESTful APIs with lower latency and lower costs than REST APIs.

Question 31

What does the SAM Resource AWS::Serverless::LayerVersion create?

Answer 31

It creates a Lambda LayerVersion that contains library or runtime code needed by a Lambda function. It is equivalent to AWS::Lambda::LayerVersion.

Question 32

What does the SAM Resource AWS::Serverless::SimpleTable create?

Answer 32

It creates a DynamoDB table with a single attribute primary key. If you need more advanced usage of DynamoDB, use AWS::DynamoDB::Table instead.

Question 33

To grant IAM permissions, users or groups can be assigned JSON documents called ____?

Answer 33

Policies

Question 34

What do policies do in IAM?

Answer 34

They define the permissions of the users

Question 35

What are the 3 properties an IAM Policy consists of?

Answer 35

Version, Id, Statement

Question 36

What are the 6 properties an IAM Policy Statement consists of?

Answer 36

Sid, Effect, Principal, Action, Resource, Condition

Question 37

What is a Sid in an IAM policy statement?

Answer 37

The identifier for the statement. This field is optional.

Question 38

What is the Effect in an IAM policy statement?

Answer 38

Whether the statement will allow or deny access

Question 39

What is the Principal in an IAM policy statement?

Answer 39

The account/user/role to which this policy will be applied to

Question 40

What is the Action in an IAM policy statement?

Answer 40

A list of actions this policy will allow or deny

Question 41

What is the Resource in an IAM policy statement?

Answer 41

A list of resources to which the actions will be applied to

Question 42

What is the Condition in an IAM policy statement?

Answer 42

Conditions for when this policy is in effect. This field is optional.