You would like your Elastic Beanstalk environment to expose an HTTPS endpoint and an HTTP endpoint.
The HTTPS endpoint should be used to get in-flight encryption between your clients and your web servers, while the HTTP endpoint should only be used to redirect traffic to HTTPS and support URLs starting with http://.
What must be done to configure this setup? (Select three) Assign an SSL certificate to the Load Balancer Open up port 80 & port 443 Configure your EC2 instances to redirect HTTP traffic to HTTPS Only open up port 80 Only open up port 443 Configure your EC2 instances to redirect HTTPS traffic to HTTP.
You are responsible for an application that runs on multiple Amazon EC2 instances.
In front of the instances is an Internet-facing load balancer that takes requests from clients over the internet and distributes them to the EC2 instances.
A health check is configured to ping the index.html page found in the root directory for the health status.
When accessing the website via the internet visitors of the website receive TIMEOUT errors.
What should be checked first to resolve the issue? Security Groups IAM Roles The application is down The ALB is warming up.
You are a developer working on AWS Lambda functions that are triggered by Amazon API Gateway and would like to perform testing on a low volume of traffic for new API versions.
Which of the following features will accomplish this task? Canary Deployment Stage Variables Mapping Templates Custom Authorizers.
A media company wants to migrate a video editing service to Amazon EC2 while following security best practices.
The videos are sourced and read from a non-public S3 bucket.
As a Developer Associate, which of the following solutions would you recommend for the given use-case? Set up an EC2 service role with read-only permissions for the S3 bucket and attach the role to the EC2 instance profile Set up an IAM user with read-only permissions for the S3 bucket. Configure AWS credentials for this user via AWS CLI on the EC2 instance Set up an IAM user with read-only permissions for the S3 bucket. Configure the IAM user credentials in the user data of the EC2 instance Set up an S3 service role with read-only permissions for the S3 bucket and attach the role to the EC2 instance profile.
You are using AWS SQS FIFO queues to get the ordering of messages on a per user_id basis.
As a developer, which message parameter should you set the value of user_id to guarantee the ordering? MessageGroupId MessageDeduplicationId MessageOrderId MessageHash.
Which of the following CLI options will allow you to retrieve a subset of the attributes coming from a DynamoDB scan? --projection-expression --filter-expression --page-size --max-items.
Your company has developers worldwide with access to the company's Amazon Simple Storage Service (S3) buckets.
The objects in the buckets are encrypted at the server-side but need more flexibility with access control, auditing, rotation, and deletion of keys.
You would also like to limit who can use the key.
Which encryption mechanism best fits your needs? SSE-KMS SSE-C Client-Side Encryption SSE-S3.
An IT company leverages CodePipeline to automate its release pipelines.
The development team wants to write a Lambda function that will send notifications for state changes within the pipeline.
As a Developer Associate, which steps would you suggest to associate the Lambda function with the event source? Set up an Amazon CloudWatch Events rule that uses CodePipeline as an event source with the target as the Lambda function Set up an Amazon CloudWatch alarm that monitors status changes in Code Pipeline and triggers the Lambda function Use the Lambda console to configure a trigger that invokes the Lambda function with CodePipeline as the event source Use the CodePipeline console to set up a trigger for the Lambda function.
You would like to deploy a Lambda function globally so that requests are filtered at the AWS edge locations.
Which Lambda deployment mode do you need? Use a Lambda@Edge Use a Global DynamoDB table as a Lambda source Deploy Lambda in a Global VPC Deploy Lambda in S3.
You have created a DynamoDB table to support your application and provisioned RCU and WCU to it so that your application has been running for over a year now without any throttling issues.
Your application now requires a second type of query over your table and as such, you have decided to create an LSI and a GSI on a new table to support that use case.
One month after having implemented such indexes, it seems your table is experiencing throttling.
Upon looking at the table's metrics, it seems the RCU and WCU provisioned are still sufficient. What's happening? The GSI is throttling so you need to provision more RCU and WCU to the GSI The LSI is throttling so you need to provision more RCU and WCU to the LSI Adding both an LSI and a GSI to a table is not recommended by AWS best practices as this is a known cause for creating throttles Metrics are lagging in your CloudWatch dashboard and you should see the RCU and WCU peaking for the main table in a few minutes.
You would like to run the X-Ray daemon for your Docker containers deployed using AWS Fargate.
What do you need to do to ensure the setup will work? (Select two) Deploy the X-Ray daemon agent as a sidecar container Provide the correct IAM task role to the X-Ray container Deploy the X-Ray daemon agent as a daemon set on ECS Deploy the X-Ray daemon agent as a process on your EC2 instance Provide the correct IAM instance role to the EC2 instance.
An e-commerce application writes log files into Amazon S3.
The application also reads these log files in parallel on a near real-time basis.
The development team wants to address any data discrepancies that might arise when the application overwrites an existing log file and then tries to read that specific log file.
Which of the following options BEST describes the capabilities of Amazon S3 relevant to this scenario? A process replaces an existing object and immediately tries to read it. Amazon S3 always returns the latest version of the object A process replaces an existing object and immediately tries to read it. Until the change is fully propagated, Amazon S3 might return the previous data A process replaces an existing object and immediately tries to read it. Until the change is fully propagated, Amazon S3 does not return any data A process replaces an existing object and immediately tries to read it. Until the change is fully propagated, Amazon S3 might return the new data.
A development team has noticed that one of the EC2 instances has been wrongly configured with the 'DeleteOnTermination' attribute set to True for its root EBS volume.
As a developer associate, can you suggest a way to disable this flag while the instance is still running? Set the DeleteOnTermination attribute to False using the command line Update the attribute using AWS management console. Select the EC2 instance and then uncheck the Delete On Termination check box for the root EBS volume Set the DisableApiTermination attribute of the instance using the API The attribute cannot be updated when the instance is running. Stop the instance from Amazon EC2 console and then update the flag.
A company stores confidential data on an Amazon Simple Storage Service (S3) bucket.
New regulatory guidelines require that files be stored with server-side encryption.
The encryption used must be Advanced Encryption Standard (AES-256) and the company does not want to manage S3 encryption keys.
Which of the following options should you use? SSE-S3 SSE-C Client-Side Encryption SSE-KMS.
The development team at a health-care company is planning to migrate to AWS Cloud from the on-premises data center.
The team is evaluating Amazon RDS as the database tier for its flagship application.
Which of the following would you identify as correct for RDS Multi-AZ? (Select two) RDS applies OS updates by performing maintenance on the standby, then promoting the standby to primary, and finally performing maintenance on the old primary, which becomes the new standby Amazon RDS automatically initiates a failover to the standby, in case the primary database fails for any reason For automated backups, I/O activity is suspended on your primary DB since backups are not taken from standby DB To enhance read scalability, a Multi-AZ standby instance can be used to serve read requests Updates to your DB Instance are asynchronously replicated across the Availability Zone to the standby in order to keep both in sync.
|
