The company that you are working for recently decided to migrate and transform their monolithic application on-premises to a Lambda application.
It is your responsibility to ensure that application works effectively in AWS.
Which of the following are the best practices in developing Lambda functions? (Select TWO.) Take advantage of Execution Context reuse to improve the performance of your function. Use AWS Lambda Environment Variables to pass operational parameters to your function. Use Amazon Inspector for troubleshooting. Use recursive code. Include the core logic in the Lambda handler.
A developer is planning to use the AWS Elastic Beanstalk console to run the AWS X-Ray daemon on the EC2 instances in her application environment.
She will use X-Ray to construct a service map to help identify issues with her application and to provide insight on which application component to optimize.
The environment is using a default Elastic Beanstalk instance profile.
Which IAM managed policy does Elastic Beanstalk use for the X-Ray daemon to upload data to X-Ray? AWSXRayDaemonWriteAccess AWSXRayElasticBeanstalkWriteAccess AWSXrayFullAccess AWSXrayReadOnlyAccess.
An online learning platform, which is hosted in Elastic Beanstalk, has a lot of new features being deployed every month.
Their users are complaining that whenever there is a new deployment, the platform experiences outages or intermittently switches back between the old and the new version.
Upon checking, this was caused by partially completed deployments which occurs when a rolling deployment fails after some batches have already completed.
Which of the following is the BEST deployment method to use to prevent these issues from happening? Use the Immutable deployment method Use the All at once deployment method Use the Rolling with additional batch deployment method Use the Rolling deployment method.
An online role-playing video game requires cross-device syncing of application-related user data.
It must synchronize the user profile data across mobile devices without requiring your own backend.
When the device is online, it should synchronize data and notify other devices immediately that an update is available.
Which of the following is the most suitable feature that you have to use to meet this requirement? Amazon Cognito Sync AWS Device Farm Amazon Cognito Identity Pools Amazon Cognito User Pools.
A developer runs a shell script that uses the AWS CLI to upload a large file to an S3 bucket, which includes an AWS KMS key.
An Access Denied error always shows up whenever the developer uploads a file with a size of 100 GB or more.
However, when he tried to upload a smaller file with the KMS key, the upload succeeds.
Which of the following are possible reasons why this issue is happening? (Select TWO.) The AWS CLI S3 commands perform a multipart upload when the file is large. The developer does not have the kms:Decrypt permission. The developer's IAM permission has an attached inline policy that restricts him from uploading a file to S3 with a size of 100 GB or more. The developer does not have the kms:Encrypt permission. The maximum size that can be encrypted in KMS is only 100 GB.
A company has a central data repository in Amazon S3 that needs to be accessed by developers belonging to different AWS accounts.
The required IAM role has been created with the appropriate S3 permissions.
Given that the developers mostly interact with S3 via APIs, which API should the developers call to use the IAM role? AssumeRole AssumeRoleWithWebIdentity AssumeRoleWithSAML GetSessionToken.
A developer has been instructed to configure Cross-Region Replication (CRR) to their S3 bucket as part of the company's disaster recovery plan.
She is using the put-bucket-replication AWS CLI to enable CRR on the bucket but it fails whenever she attempts to issue the command.
However, the same command works for the other S3 buckets.
Which of the following options is the MOST likely reason for this issue? Versioning is not enabled in the bucket. Amazon S3 Object Lock is enabled in the bucket. S3 Transfer Acceleration is not enabled in the bucket. The bucket should be configured as a static web hosting first.
Your serverless AWS Lambda functions are integrated with Amazon API gateway using Lambda proxy integration.
The API caching feature is enabled in the API Gateway with a TTL value of 300 seconds.
A client would like to fetch the latest data from your endpoints every time a request is sent and invalidate the existing cache.
What should the client do in order to get the latest data? Have the client send a request with the Cache-Control: max-age=0 header. Override API caching by allowing the client to send requests to the endpoint directly. Have the client send a request with the Cached: false header. Modify cache TTL value to a shorter period.
A developer is working on an online game based on a popular movie, which may have a few users on its first few weeks of release.
However, it is expected to grow and reach millions of concurrent users, with terabytes or more of new data generated per day.
The database must seamlessly handle hundreds of thousands of reads and writes per second.
Which of the following would be the MOST ideal data store to choose for this application? DynamoDB S3 Redshift RDS.
A company has different AWS accounts, namely Account A, Account B, and Account C, which are used for their Development, Test, and Production environments respectively.
A developer needs access to perform an audit whenever a new version of the application has been deployed to the Test (Account B) and production (Account C) environments.
What is the MOST efficient way to provide the developer access to execute the specified task? Grant the developer cross-account access to the resources of Accounts B and C. Enable AWS multi-factor authentication (MFA) to the IAM User of the developer. Create separate identities and passwords for the developer on both the Test and Production accounts. Set up AWS Organizations and attach a Service Control Policy to the developer to access the other accounts.
A company is using AWS Organizations to manage its multiple AWS accounts which is being used by its various departments.
To avoid security issues, it is of utmost importance to test the impact of service control policies (SCPs) on your IAM policies and resource policies before applying them.
Which of the following services can you use to test and troubleshoot IAM and resource-based policies? IAM Policy Simulator Systems Manager AWS Config Amazon Inspector.
A developer is building the cloud architecture of an application which will be hosted in a large EC2 instance.
The application will process the data and it will upload results to an S3 bucket.
Which of the following is the SAFEST way to implement this architecture? Use an IAM Role to grant the application the necessary permissions to upload data to S3. Store the access keys in the instance then use the AWS SDK to upload the results to S3. Use an IAM Inline Policy to grant the application the necessary permissions to upload data to S3. Install the AWS CLI then use it to upload the results to S3.
A company has a static website running in an Auto Scaling group of EC2 instances which they want to convert as a dynamic e-commerce web portal.
One of the requirements is to use HTTPS to improve the security of their portal and also improve their search ranking as a reputable and secure site.
A developer recently requested an SSL/TLS certificate from a third-party certificate authority (CA) which is ready to be imported to AWS.
Which of the following services can the developer use to safely import the SSL/TLS certificate? (Select TWO.) IAM certificate store AWS Certificate Manager A private S3 bucket with versioning enabled CloudFront Amazon Cognito.
A company has recently adopted a hybrid cloud architecture to augment their on-premises data center with virtual private clouds (VPCs) in AWS.
You were assigned to manage all of the company’s cloud infrastructure including the security of their resources using IAM.
In this scenario, which of the following are best practices in managing security in AWS? (Select TWO.) Grant only the permissions required by the resource to perform a task. Delete root user access keys. Grant all the permissions to the resource in order to perform the task without any issues. Use IAM inline policies to delegate permissions. Always keep your AWS account root user access key.
A financial mobile application has a serverless backend API which consists of DynamoDB, Lambda, and Cognito.
Due to the confidential financial transactions handled by the mobile application, there is a new requirement provided by the company to add a second authentication method that doesn’t rely solely on user name and password.
Which of the following is the MOST suitable solution that the developer should implement? Integrate multi-factor authentication (MFA) to a user pool in Cognito to protect the identity of your users. Use Cognito with SNS to allow additional authentication via SMS. Use a new IAM policy to a user pool in Cognito. Create a custom application that integrates with Amazon Cognito which implements the second layer of authentication.
|
