You have configured a Network ACL and a Security Group for the load balancer and Amazon EC2 instances to allow inbound traffic on port 80.
However, users are still unable to connect to your website after launch.
Which additional configuration is required to make the website accessible to all users over the internet? Add a rule to the Network ACLs to allow outbound traffic on ports 1024 - 65535 Add a rule to the Network ACLs to allow outbound traffic on ports 1025 - 5000 Add a rule to the Network ACLs to allow outbound traffic on ports 32768 - 61000 Add a rule to the Security Group allowing outbound traffic on port 80.
You have been hired at a company that needs an experienced developer to help with a continuous integration/continuous delivery (CI/CD) workflow on AWS.
You configure the company’s workflow to run an AWS CodePipeline pipeline whenever the application’s source code changes in a repository hosted in AWS Code Commit and compiles source code with AWS Code Build.
You are configuring ProjectArtifacts in your build stage.
Which of the following should you do? Give AWS CodeBuild permissions to upload the build output to your Amazon S3 bucket Configure AWS CodeBuild to store output artifacts on EC2 servers Give AWS CodeCommit permissions to upload the build output to your Amazon S3 bucket Contact AWS Support to allow AWS CodePipeline to manage build outputs .
An IT company has a web application running on Amazon EC2 instances that needs read-only access to an Amazon DynamoDB table.
As a Developer Associate, what is the best-practice solution you would recommend to accomplish this task? Create an IAM role with an AmazonDynamoDBReadOnlyAccess policy and apply it to the EC2 instance profile Create a new IAM user with access keys. Attach an inline policy to the IAM user with read-only access to DynamoDB. Place the keys in the code. For security, redeploy the code whenever the keys rotate Create an IAM user with Administrator access and configure AWS credentials for this user on the given EC2 instance Run application code with AWS account root user credentials to ensure full access to all AWS services.
A development team uses the AWS SDK for Java to maintain an application that stores data in AWS DynamoDB.
The application makes use of Scan operations to return several items from a 25 GB table.
There is no possibility of creating indexes to retrieve these items predictably.
Developers are trying to get these specific rows from DynamoDB as fast as possible.
Which of the following options can be used to improve the performance of the Scan operation? Use parallel scans Use a ProjectionExpression Use a FilterExpression Use a Query.
You have a web application hosted on EC2 that makes GET and PUT requests for objects stored in Amazon Simple Storage Service (S3) using the SDK for PHP.
As the security team completed the final review of your application for vulnerabilities, they noticed that your application uses hardcoded IAM access key and secret access key to gain access to AWS services.
They recommend you leverage a more secure setup, which should use temporary credentials if possible.
Which of the following options can be used to address the given use-case? Use an IAM Instance Role Use environment variables Hardcode the credentials in the application code Use the SSM parameter store.
As part of internal regulations, you must ensure that all communications to Amazon S3 are encrypted.
For which of the following encryption mechanisms will a request get rejected if the connection is not using HTTPS? SSE-C SSE-KMS Client-Side Encryption SSE-S3.
Your AWS CodeDeploy deployment to T2 instances succeed.
The new application revision makes API calls to Amazon S3 however the application is not working as expected due to authorization exceptions and you were assigned to troubleshoot the issue.
Which of the following should you do? Fix the IAM permissions for the EC2 instance role Fix the IAM permissions for the CodeDeploy service role Make the S3 bucket public Enable CodeDeploy Proxy.
An IT company uses a blue/green deployment policy to provision new Amazon EC2 instances in an Auto Scaling group behind a new Application Load Balancer for each new application version.
The current set up requires the users to log in after every new deployment.
As a Developer Associate, what advice would you give to the company for resolving this issue? Use ElastiCache to maintain user sessions Use rolling updates instead of a blue/green deployment Enable sticky sessions in the Application Load Balancer Use multicast to replicate session information.
A senior cloud engineer designs and deploys online fraud detection solutions for credit card companies processing millions of transactions daily.
The Elastic Beanstalk application sends files to Amazon S3 and then sends a message to an Amazon SQS queue containing the path of the uploaded file in S3.
The engineer wants to postpone the delivery of any new messages to the queue for at least 10 seconds.
Which SQS feature should the engineer leverage? Use DelaySeconds parameter Implement application-side delay Use visibility timeout parameter Enable LongPolling.
You are creating a web application in which users can follow each other.
Some users will be more popular than others and thus their data will be requested very often.
Currently, the user data sits in RDS and it has been recommended by your Developer to use ElastiCache as a caching layer to improve the read performance.
The whole dataset of users cannot sit in ElastiCache without incurring tremendous costs and therefore you would like to cache only the most often requested users profiles there.
As your website is high traffic, it is accepted to have stale data for users for a while, as long as the stale data is less than a minute old.
What caching strategy do you recommend implementing? Use a Lazy Loading strategy with TTL Use a Lazy Loading strategy without TTL Use a Write Through strategy with TTL Use a Write Through strategy without TTL.
You are deploying Lambda functions that operate on your S3 buckets to read files and extract key metadata.
The Lambda functions are managed using SAM.
Which Policy should you insert in your serverless model template to give buckets read access? S3ReadPolicy SQSPollerPolicy S3CrudPolicy LambdaInvokePolicy.
An e-commerce company has multiple EC2 instances operating in a private subnet which is part of a custom VPC.
These instances are running an image processing application that needs to access images stored on S3.
Once each image is processed, the status of the corresponding record needs to be marked as completed in a DynamoDB table.
How would you go about providing private access to these AWS resources which are not part of this custom VPC? Create a separate gateway endpoint for S3 and DynamoDB each. Add two new target entries for these two gateway endpoints in the route table of the custom VPC Create a gateway endpoint for S3 and add it as a target in the route table of the custom VPC. Create an interface endpoint for DynamoDB and then connect to the DynamoDB service using the private IP address Create a separate interface endpoint for S3 and DynamoDB each. Then connect to these services using the private IP address Create a gateway endpoint for DynamoDB and add it as a target in the route table of the custom VPC. Create an API endpoint for S3 and then connect to the S3 service using the private IP address .
You were assigned to a project that requires the use of the AWS CLI to build a project with AWS CodeBuild.
Your project's root directory includes the buildspec.yml file to run build commands and would like your build artifacts to be automatically encrypted at the end.
How should you configure CodeBuild to accomplish this? Specify a KMS key to use Use an AWS Lambda Hook Use the AWS Encryption SDK Use In-Flight encryption (SSL) .
You would like to have a one-stop dashboard for all the CI/CD needs of one of your projects.
You don't need heavy control of the individual configuration of each component in your CI/CD, but need to be able to get a holistic view of your projects.
Which service do you recommend? CodeStar CodeBuild CodeDeploy CodePipeline.
Your company is shifting towards Elastic Container Service (ECS) to deploy applications.
The process should be automated using the AWS CLI to create a service where at least ten instances of a task definition are kept running under the default cluster.
Which of the following commands should be executed? aws ecs create-service --service-name ecs-simple-service --task-definition ecs-demo --desired-count 10 aws ecr create-service --service-name ecs-simple-service --task-definition ecs-demo --desired-count 10 docker-compose create ecs-simple-service aws ecs run-task --cluster default --task-definition ecs-demo.
|
