Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Candice DVA-C02 Developer > Misc > Flashcards

Misc Flashcards

1
Q

How can you Enable the X-Ray daemon on Beanstalk?

A

Include the xray-daemon.config configuration file in the .ebextensions directory of your source code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In Amazon API Gateway, API keys by themselves do not grant access to execute an API. What else needs to be done to grant access? What error do they get if this is not done?

A

The API keys need to be associated with a usage plan, and that usage plan then determines which API stages and methods the API key can access. If the API key is not associated with a usage plan, it will not have permission to access any of the resources, which will result in a “403 Forbidden” error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What API call do you use to associate API Gateway keys with a usage plan?

A

Associate the API keys for users with the intended usage plan using the CreateUsagePlanKey operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What should be done to only allow authorized clients to invalidate an API Gateway cache entry when submitting API requests? (TWO things)

A
  1. The client must send a request which contains the Cache-Control: max-age=0 header.
  2. Tick the Require Authorization checkbox in the Cache Settings of your API via the console.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If you have applications running outside of an AWS environment that need programmatic access to AWS resources, how do you do it?

A

Go to the AWS Console and create a new IAM user with programmatic access. In the application server, create the credentials file at ~/.aws/credentials with the access keys of the IAM user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What Gateway response types are associated with the HTTP 504 error in API Gateway?

A

INTEGRATION_FAILURE – The gateway response for an integration failed error. If the response type is unspecified, this response defaults to the DEFAULT_5XX type.

INTEGRATION_TIMEOUT – The gateway response for an integration timed out error. If the response type is unspecified, this response defaults to the DEFAULT_5XX type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can you ensure that all objects in your S3 bucket are encrypted at rest using server-side encryption with AWS KMS keys?

A

Add a bucket policy which denies any s3:PutObject action unless the request includes the x-amz-server-side-encryption-aws-kms-key-id header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you monitor the responsiveness of your API calls as well as the underlying Lambda function?

A

Using CloudWatch:

  • Monitor the IntegrationLatency metrics to measure the responsiveness of the backend.

– Monitor the Latency metrics to measure the overall responsiveness of your API calls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If you need server-side encryption for all of the objects that are stored in a bucket, how can you do it with amazon-managed keys? Can you use customer-provided keys?

A
  1. Use a bucket policy to deny permissions to upload an object unless the request includes the x-amz-server-side-encryption header to request server-side encryption.
  2. Yes: if you chose to use server-side encryption with customer-provided encryption keys (SSE-C), you must provide encryption key information using the following request headers: x-amz-server-side​-encryption​-customer-algorithm, x-amz-server-side​-encryption​-customer-key,
    x-amz-server-side​-encryption​-customer-key-MD5
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the three settings to enable CloudWatch to evaluate when to change the alarm state?

A

– Period is the length of time to evaluate the metric or expression to create each individual data point for an alarm. It is expressed in seconds. If you choose one minute as the period, there is one datapoint every minute.

– Evaluation Period is the number of the most recent periods, or data points, to evaluate when determining alarm state.

– Datapoints to Alarm is the number of data points within the evaluation period that must be breaching to cause the alarm to go to the ALARM state. The breaching data points do not have to be consecutive, they just must all be within the last number of data points equal to Evaluation Period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a system using CloudFront, how can you redirect requests , such as to display region-specific information?

A

Implement a CloudFront function that returns the appropriate URL based on the CloudFront-Viewer-Country. Configure the distribution to trigger the function on Viewer request events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

With ECS, how can you allow containers to access ports on the host container instance to send or receive traffic using port mapping?

A

Using the task definition. Port mappings are specified as part of the container definition which can be configured in the task definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What environment variables does AWS Lambda use to facilitate communication with the X-Ray daemon and configure the X-Ray SDK?

A

_X_AMZN_TRACE_ID: Contains the tracing header, which includes the sampling decision, trace ID, and parent segment ID. If Lambda receives a tracing header when your function is invoked, that header will be used to populate the _X_AMZN_TRACE_ID environment variable. If a tracing header was not received, Lambda will generate one for you.

AWS_XRAY_CONTEXT_MISSING: The X-Ray SDK uses this variable to determine its behavior in the event that your function tries to record X-Ray data, but a tracing header is not available. Lambda sets this value to LOG_ERROR by default.

AWS_XRAY_DAEMON_ADDRESS: This environment variable exposes the X-Ray daemon’s address in the following format: IP_ADDRESS:PORT. You can use the X-Ray daemon’s address to send trace data to the X-Ray daemon directly without using the X-Ray SDK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can a client using API gateway fetch the latest data from your endpoints every time a request is sent and invalidate the existing cache.

A

The client must send a request that contains the Cache-Control: max-age=0 header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

While using SAM locally, how can you provide permissions to interact with other AWS services?

A
  1. Use the aws configure command with the –profile parameter to add a named profile with the sandbox AWS account’s credentials.
  2. Run the function using sam local invoke with the –profile parameter.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An application scans the entire DynamoDB table to return requested data. How can performance be improved cheaply?

A

Use Query operations instead of Scan and reduce the page size. (DAX can be more expensive)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When should you choose Memcached over Redis ?

A
  • You need the simplest model possible.

– You need to run large nodes with multiple cores or threads.

– You need the ability to scale out and in, adding and removing nodes as demand on your system increases and decreases.

– You need to cache objects, such as a database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How can you detect new entries in a DynamoDB table and automatically trigger a Lambda function to run?

A

Enable DynamoDB Streams to detect the new entries and automatically trigger the Lambda function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What format does the output need to be that is returned from a Lambda proxy integration backend with API Gateway? What happens if it is the wrong format?

A

JSON
You’d get a 502 error in the API Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the default for Lambda total concurrent executions across all functions within a given region? How can it be increased?

A

1000
Request AWS to increase the limit of your concurrent executions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How can you estimate the concurrent executions used by your Lambda function and whether the limit needs to be increased?

A

concurrent executions = (invocations per second) x (average execution duration in seconds). If this is > 1000 then you need to ask AWS to increase it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How can you authenticate and authorize users for the premium pay-wall content on your website backed by S3?

A

Use Lambda@Edge. For example, you can trigger a Lambda function to authorize each viewer request by calling authentication and user management service such as Amazon Cognito.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is appspec.yml for?

A

In CodeDeploy - it defines how a deployment happens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What things can CodeDeploy deploy to?

A

EC2 Instances
On-prem servers
Lambda Functions
ECS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What kinds of deployments can be performed with Code Deploy for EC2/On-prem?
In-place Blue-green
26
For CodeDeploy on EC2 to work, what has to be running and where?
The CodeDeploy agent must be running on the EC2/on-prem instances
27
With CodeDeploy for EC2, what does EC2 need to have sufficient access to?
S3, because the deployment bundles are stored there
28
How does CodeDeploy work for Lambda?
It automates traffic shift for Lambda aliases
29
How does CodeDeploy work for ECS? What type of deployments does it do?
Automates the deployment of a new task definition. It only does blue/green.
30
What is the cron.yaml file used for?
For Elastic Beanstalk, you can define periodic tasks in a file named cron.yaml in your source bundle to add jobs to your worker environment’s queue automatically at a regular intervals.
31
What is a good way to do GeoRestriction, for example, to comply with copyright laws?
CloudFront Georestriction
32
How can you make CloudFront get content from different origins based on the URL path?
Use CloudFront Multiple Origin
33
What is a CloudFront Origin Group?
To increase high-availability and do failover. There is a primary and a secondary origin.
34
What are the API Gateway integration types?
MOCK - for testing AWS = for Lambda custom integration and all other AWS integrations AWS_PROXY = Lambda Proxy HTTP_PROXY = HTTP proxy integration HTTP = HTTP custom integration
35
When you configure your Lambda function to access VPC resources, what happens? What can you do to fix the situation if needed?
It loses default internet access. If you require external internet access for your function, make sure the Lambda's security group allows outbound connections, and that your VPC has a NAT gateway.
36
Which DynamoDB secondary index CAN be created after table creation?
Global
37
The name of the bucket used for Transfer Acceleration must be DNS-compliant and must not contain what?
Periods
38
What are the ECS task placement strategies?
binpack – Place tasks based on the least available amount of CPU or memory. This minimizes the number of instances in use. random – Place tasks randomly. spread – Place tasks evenly based on the specified value. Accepted values are attribute key-value pairs, instanceId, or host.
39
What are the steps to deploy code using CloudFormation?
1. Create a template to define your infrastructure resources 2. Bundle the template and your resource files into a zip file 3. Package using "aws cloudFormation Package" command 4. Deploy using "aws CloudFormation deploy" command
40
What are the ports for HTTP and HTTPS?
HTTP = 80 HTTPS = 443
41
What are the steps to set up a Lambda fn to be invoked by an ALB?
1. Create a Lambda fn. It should return text/html. 2. Create an ALB. 3. Create security group for ALB: a. inbound: allow HTTP from anywhere b. allow listening on port 80 for HTTP with default action - a target group 4. Create a Target Group with type = Lambda fn, and select your Lambda fn 5. Assign the Target Group to your ALB 6. A resource-based policy is created on your Lambda fn for you, to allow the ALB to invoke your Lambda fn.
42
How can you expose your Lambda function to the outside world?
ALB API Gateway Lambda Function URL
43
What is the best way to expose a REST API backed by a Lambda Function?
API Gateway + Lambda
44
What can you expose through API Gateway?
Lambda function, HTTP endpoints, any AWS service's API
45
What are the options for API Gateway security?
1. User auth: IAM roles (internal users); Cognito (external users such as mobile); a custom authorizer (= a lambda fn) 2. Custom domain name HTTPS with AWS cert mgr and you would need a CNAME or A-alias rec in Route 53
46
How many read replicas can you have for your RDS database? How about for Aurora in a single cluster?
15 15
47
How can you get the EC2 instance ID when you are SSH'd into it?
Query the metadata at http://169.254.169.254/latest/meta-data
48
How can an app on an EC2 instance in an ECS cluster access S3?
Create an IAM task role
49
You have a classic ECS cluster that you want to enable IAM roles for your ECS tasks so they can call AWS services. What config option should you enable and where?
Enable ECS_ENABLE_TASK_IAM_Role in the ECS.Config file
50
Can EC2 Container instances run multiple copies of the same Docker image?
Yes
51
How can you scale SQS, for example on Black Friday?
It will scale automatically
52
What is SQS Delay Queues? What is the default time period?
A period of time during which Amazon SQS keeps new SQS messages invisible to consumers. In SQS Delay Queues, a message is hidden when it is first added to the queue. (default: 0 mins, max.: 15 mins)
53
What is the SQS + SNS fan out pattern?
This is a common pattern where only one message is sent to the SNS topic and then "fan-out" to multiple SQS queues. This approach has the following features: it's fully decoupled, no data loss, and you have the ability to add more SQS queues (more applications) over time.
54
How would you load near real-time data into S3 and Redshift that needs to be transformed before loading?
Kinesis Data Streams + Kinesis Data Firehose. Kinesis Data Firehose supports custom data transformations using AWS Lambda.
55
What are the default retention period, and min and max that you can set SQS message retention to?
Default is 4 days. You can set it from 1 minute to 14 days.
56
You can configure a Kinesis Data Stream to keep records for a maximum of .................. days.
365
57
A CloudWatch Alarm set on a High-Resolution Custom Metric can be triggered as often as ......................
10 seconds
58
Which API call allows you to push custom metric data to CloudWatch?
PutMetricData
59
By default, when do CloudWatch Logs expire?
Never
60
What should you do to configure X-Ray Daemon to send traces from multiple AWS accounts to a central AWS account?
Create an IAM role in the central account, and then create IAM roles in the other accounts to assume this IAM role.
61
By default, the X-Ray SDK records the first request .................., and .................. of any additional requests.
Each second, 5%
62
What is the KB limit forLambda environment variables?
4KB
63
How do you declare a Lambda function in a CloudFormation template?
Upload all the code as a zip file to an S3 bucket and refer to the object in AWS::Lambda::function block
64
The maximum size for a Lambda function /tmp space is .........................
10240 MB
65
What can be the targets for an Application Load Balancer?
EC2 Instances ECS tasks Private IP Lambda function (HTTP request is translated into a JSON event)
66
What can an ALB route traffic based on?
URL Path HostName Query String, Headers
67
Can IAM user groups be part of other user groups?
Negative
68
When would you use the GetSessionToken API call?
if you want to use MFA to protect programmatic calls to specific AWS API operations . It returns temporary credentials: an access key ID, a secret access key, and a security token.
69
What is a Lambda authorizer?
An API Gateway feature that uses a Lambda function to control access to your API
70
What types of Lambda authorizers are there?
Token based and request parameter based
71
In DynamoDB, what is a way to reduce storage usage and reduce the cost of storing irrelevant data without using provisioned throughput?
Enable TTL - perfect use case for session data
72
In a Kinesis Data Stream, what API calls can you use to read records in the same order they are written to the stream?
PutRecord along with SequenceNumberForOrdering
73
Anytime a question asks about a storage system that can be accessed from multiple points, what should you think of?
EFS
74
How can you get messages back from the DLQ to the original Q so that they can be reprocessed?
If it is a FIFO Q, you could use StartMessageMoveTask API. But if they don't say it is a FIFO, you should use SendMessageBatch API to send multiple messages to an SQS Q.
75
How can you invoke a lambda function asynchronously?
Use the "Invoke" API to call the Lambda function and set the invocation type request parameter to Event
76
How can you invoke a lambda function synchronously?
Use the "Invoke" API to call the Lambda function and set the invocation type request parameter to RequestResponse
77
How can you validate parameter values for your Lambda function and verify that the user or role has permission to invoke the function - without running it?
Use the "Invoke" API to call the Lambda function and set the invocation type request parameter to DryRun
78
Where would you put environment configuration stuff for Elastic Beanstalk
env.yaml
79
What port does the AWS X-Ray daemon listen for traffic on?
UDP port 2000
80
How would you instrument x-ray to work on an ECS cluster?
1. Create a Docker image that runs the X-Ray daemon 2. Upload it to a Docker image repository 3. Deploy it to your Amazon ECS cluster 4. Configure the port mappings and network mode settings in your task definition file to allow traffic on UDP port 2000.
81
What consumes more RCU - strongly or eventually consistent reads?
strongly
82
What are the hooks in a serverless Lambda function version deployment, in order?
BeforeAllowTraffic AllowTraffic AfterAllowTraffic
83
Describe the process of envelope encryption
Encrypt plaintext data with a data key and then encrypt the data key with a top-level plaintext key. This is NOT a KMS key
84
What information is included in the ECS Task Definitions?
Image Name Port binding for Container and Host Memory and CPU required Environment variables Networking information IAM Role Logging configuration (ex: CloudWatch)
85
What should you check If X-Ray is not working on EC2?
* Ensure the EC2 IAM Role has the proper permissions * Ensure the EC2 instance is running the X-Ray Daemon
86
How would you enable x-ray on AWS Lambda?
* Ensure it has an IAM execution role with proper policy (AWSX-RayWriteOnlyAccess) * Ensure that X-Ray is imported in the code * Enable Lambda X-Ray Active Tracing
87
How is an execution role created and then referenced, for example a Lambda execution role?
1.Create the role in IAM 2. Then point to the role(reference it) when setting up your Lambda function (select the previously created IAM role as the "Execution role" in the function configuration)
88
What are the method authorization types for an API?
NONE - open access AWS_IAM - for using IAM CUSTOM - custom authorizer COGNITO_USER_POOLS - Cognito
89
What services can have an event source mapping for Lambda?
Kinesis DynamoDB SQS MQ Managed Streaming for Apache Kafka (Amazon MSK)
90
What are the 2 authentication types for controlling access to a Lambda function URL?
AWS IAM NONE
91
92
Which are the possible solutions that the developer can implement in order to set up HTTPS communication between the viewers and CloudFront?
*Set the Viewer Protocol Policy to use Redirect HTTP to HTTPS *Set the Viewer Protocol Policy to use HTTPS Only
93
When would you use Cognito User Pools?
1. Design sign-up and sign-in webpages for your app. 2. Access and manage user data. 3. Track user device, location, and IP address, and adapt to sign-in requests of different risk levels. 4. Use a custom authentication flow for your app.
94
When would you use Cognito Identity Pools?
1. Give your users access to AWS resources, such as an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon DynamoDB table. 2. Generate temporary AWS credentials for unauthenticated users.
95
What type of read consistency does the DynamoDB GetItem API do by default? What can you do to change it?
- it provides eventually consistent by default - to change to strongly, set the ConsistentRead parameter to true
96
What problem does DynamoDB DAX solve?
It solves the hot-key problem - prevents the "ProvisionedThroughputExceededException" exception.
97
The maximum size of an item in a DynamoDB table is ...................
400 KB
98
What types of databases are supported by RDS?
SQLServer DB2 Oracle MySQL Postgres Maria Aurora
99
***How can you scale RDS?
Turn on Auto-Scaling feature
100
What type of consistency are RDS read replicas?
Eventually (Async)
101
What is a benefit of using KMS from an audit perspective?
Calls to access your keys in KMS are logged in CloudTrail
102
Does KMS use symmetric or asymmetric keys? What does symmetric mean?
KMS uses symmetric keys. That means there is only one encryption key for encryption and decryption
103
What are the use cases for an asymmetric key?
Encryption outside of AWS by users who can't call the KMS ApI
104
What kind of KMS Key policies are there, and which one is useful for cross-account access of your KMS keys?
There are the Default which is created for you if you don't provide one; and a Custom one. A Custom key policy is useful for cross-account access.
105
When do you need to use envelope encryption? What API do you use?
When you need to encrypt anything over 4KB of data. Use the GenerateDataKey API
106
What are the key uses for: Cloudfront function Lambda@edge Lambda function url S3 object Lambda
Cloudfront function: simple & fast Lambda@edge: external api, complexity Lambda function url: direct http access without extra services S3 object Lambda for S3
107
Would you use Lambda @edge or CF function to retrieve credentials?
Lambda@edge, because it needs network access
108
A developer needs to create a serverless application that uses an event-driven architecture. How can the developer configure the application to automatically receive and process events?
Create an Amazon SNS topic and an AWS Lambda function. Subscribe the Lambda function to the SNS topic and submit events to the SNS topic
109
What serverless service can receive streaming data and load it directly into an Amazon Elasticsearch datastore?
Kinesis data Firehose - it can load directly. (Kinesis Data Streams cannot load directly - it requires EC2 or Lambda for processing the data from the stream.

Candice DVA-C02 Developer (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions