#2 AWS Developer_set-1 Professional Development Quiz

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Question 1: Correct

You are working for a small organization that does not have a database administrator and are needing to install a database on the cloud quickly to support an accounting application used by thousands of users. The application will act as a backend and will perform (CRUD) operations such as create, read, update and delete as well as inner joins. Which database is best suited for this scenario?

Redshift

DynamoDB

RDS

ElastiCache

Answer explanation

Explanation

Correct answer - "RDS" : Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS supports the most demanding database applications. You can choose between two SSD-backed storage options: one optimized for high-performance OLTP applications, and the other for cost-effective general-purpose use.

Incorrect:

"DynamoDB" - RDS uses expensive joins which DynamoDB does not making DynamoDB a better choice for scaling by storing complex hierarchical data within a single item

"Redshift" - RDS is your best choice here but Amazon Redshift provides an excellent scale-out option as your data and query complexity grows

"ElastiCache" - You can use ElastiCache in combination with RDS. This would be a good option for slow performing database queries in RDS that need to be cached for your application users

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You are a developer working on AWS Lambda functions that are triggered by Amazon API Gateway and would like to perform testing for new API versions. Which of the following features will accomplish this task?

Custom Authorizers

Stage Variables

Mapping Templates

Canary Deployment

Answer explanation

Explanation

Correct answer - "Canary Deployment" : In a canary release deployment, total API traffic is separated at random into a production release and a canary release with a pre-configured ratio. Typically, the canary release receives a small percentage of API traffic and the production release takes up the rest. The updated API features are only visible to API traffic through the canary. You can adjust the canary traffic percentage to optimize test coverage or performance.

Incorrect:

"Stage Variables" - They act like environment variables and can be used in your API setup

"Mapping Templates" - Its a script to map the payload from a method request to the corresponding integration request and from an integration response to the corresponding method response

"Custom Authorizers" - Used for authentication purposes and must return AWS Identity and Access Management (IAM) policies

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

When your company first created an AWS account, you began with a single sign-in principal called a root user account that had complete access to all AWS services and resources. What should you do to adhere to best practices for using the root user account?

It should be accessible by no one, throw away the passwords after creating the account

It should be accessible by 3 to 6 members of the IT team

It should be accessible using the access_key_id and secret_access_key_id

It should be accessible by one admin only after enabling Multi-factor authentication

Answer explanation

Explanation

Correct answer - "It should be accessible by one admin only after enabling Multi-factor authentication" : If you continue to use the root user credentials, we recommend that you follow the security best practice to enable multi-factor authentication (MFA) for your account. Because your root user can perform sensitive operations in your account, adding an additional layer of authentication helps you to better secure your account. Multiple types of MFA are available.

Incorrect:

"It should be accessible by 3 to 6 members of the IT team" - After one admin as been configured create an IT group with permissions and assign new users to that group

"It should be accessible using the access_key_id and secret_access_key_id" - This is not possible via the web console

"It should be accessible by no one, throw away the passwords after creating the account" - You will still need to store the password somewhere for your root account

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Your company is new to cloud computing and would like to host a static HTML5 website on the cloud and be able to access it via domain www.mycompany.com. You have created a bucket in Amazon Simple Storage Service (S3), enabled website hosting and set the index.html as the default page. Finally, you create an Alias record in Amazon Route 53 that points to the S3 website endpoint of your S3 bucket. When you test the domain www.mycompany.com you get the following error: 'HTTP response code 403 (Access Denied)'. What can you do to resolve this error?

Enable CORS

Create an IAM role

Create a bucket policy

Enable Encryption

Answer explanation

Explanation

Correct answer - "Create a bucket policy" : Bucket policy is an access policy option available for you to grant permission to your Amazon S3 resources. It uses JSON-based access policy language.

Incorrect:

"Create an IAM role" - This will not help because IAM roles are attached to services and in this case we have public users

"Enable CORS" - CORS defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. Here we are not dealing with cross domains.

"Enable Encryption" - For the most part encryption does not have an effect on access denied/forbidden errors

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You were assigned to a project that requires the use of the AWS CLI to build a project with AWS CodeBuild. Your project's root directory includes the buildspec.yml file to run build commands and would like your build artifacts encrypted. Which of the following will accomplish this?

Specify a KMS key to use

Use an AWS Lambda Hook

Use the AWS Encryption SDK

Use In Flight encryption (SSL)

Answer explanation

Explanation

Correct answer - "Specify a KMS key to use" : For AWS CodeBuild to encrypt its build output artifacts, it needs access to an AWS KMS customer master key (CMK). By default, AWS CodeBuild uses the AWS-managed CMK for Amazon S3 in your AWS account.

Incorrect:

"Use an AWS Lambda Hook" - Code hook is used for integration with Lambda

"Use the AWS Encryption SDK" - The SDK just makes it easier for you to implement encryption best practices in your application

"Use In Flight encryption (SSL)" - SSL is usually for internet traffic which in this case will be using internal traffic through AWS

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You are responsible for an application that runs on multiple Amazon EC2 instances. In front of the instances is an Internet-facing load balancer that takes requests from clients over the internet and distributes them to the EC2 instances. A health check is configured to ping the index.html page found in the root directory for the health status. When accessing the website via the internet visitors of the website receive timeout errors. What should be checked first to resolve the issue?

Security Groups

IAM Roles

The application is down

The ALB is warming up

Answer explanation

Explanation

Correct answer - "Security Groups" : Check your security group rules of your EC2 instance. You need a security group rule that allows inbound traffic from your public IPv4 address on the proper port.

Incorrect:

"IAM Roles" - Usually you run into issues with authorization of APIs with roles but not for timeout

"The application is down" - Although you can set a health check for application ping or HTTP, timeouts are usually caused by blocked firewall access

"The ALB is warming up" - ALB has a slow start mode which allows a warm-up period before being able to respond to requests with optimal performance. So this is not the issue

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security company is requiring all developers to perform server-side encryption with customer-provided encryption keys when performing operations in AWS S3. Developers should write software with C# using the AWS SDK and implement the requirement in the PUT, GET, Head and Copy operations. Which of the following encryption methods meets this requirement?

Client Side Encryption

SSE-KMS

SSE-C

SSE-S3

Answer explanation

Explanation

Correct answer - "SSE-C" : Using server-side encryption with customer-provided encryption keys (SSE-C) allows you to set your own encryption keys. With the encryption key you provide as part of your request, Amazon S3 manages both the encryption, as it writes to disks, and decryption, when you access your objects.

Incorrect:

"SSE-KMS" - You can create your own keys using this service but its a bit more advanced

"Client Side Encryption" - The data is encrypted on the client side and is encrypted at rest but to download the file again, the client must decrypt it

"SSE-S3" - AWS manages the keys for you

8.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You are a solutions architect consultant working on several client projects using cloud technology and spending less time managing resources and more time focusing on applications is a priority. You have created AWS CloudFormation templates that are reusable by taking advantage of input parameters to name resources based on client names. You would like to save your templates on the cloud, which storage option should you choose?

EFS

EBS

S3

ECR

Answer explanation

Explanation

Correct answer - "S3" : If you upload a local template file, AWS CloudFormation uploads it to an Amazon Simple Storage Service (Amazon S3) bucket in your AWS account. If you don't already have an S3 bucket that was created by AWS CloudFormation, it creates a unique bucket for each region in which you upload a template file. If you already have an S3 bucket that was created by AWS CloudFormation in your AWS account, AWS CloudFormation adds the template to that bucket.

Incorrect:

"EBS" - Amazon EBS is a recommended storage option when data must be quickly accessible and requires long-term persistence

"EFS" - EFS is a file storage service where you mount the file system on an Amazon EC2 Linux-based instance which is not an option for CloudFormation

"ECR" - Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure which is not applicable to CloudFormation

9.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Your e-commerce company needs to improve its software delivery process and is moving away from the waterfall methodology. You decided that every application should be built using the best CI/CD practices and every application should be packaged and deployed as a Docker container. The Docker images should be stored in ECR and pushed with AWS CodePipeline and AWS CodeBuild. When you attempt to do this, the last step fails with an authorization issue. What is the most likely issue?

CodeBuild cannot talk to ECR because of security group issues

The ECR repository is stale, you must delete and re-create it

The IAM permissions are wrong for the CodeBuild service

The ECS instances are misconfigured and must contain additional data in /etc/ecs/ecs.config

Answer explanation

Explanation

Correct answer - "The IAM permissions are wrong for the CodeBuild service" : Amazon ECR users require permissions to call ecr:GetAuthorizationToken before they can authenticate to a registry and push or pull any images from any Amazon ECR repository. Amazon ECR provides several managed policies to control user access at varying levels

"The ECR repository is stale, you must delete and re-create it" - You can delete a repository when you are done using it, stale is not a concept within ECR

"CodeBuild cannot talk to ECR because of security group issues" - A security group acts as a virtual firewall at the instance level and its not related to pushing Docker images

"The ECS instances are misconfigured and must contain additional data in /etc/ecs/ecs.config" - The error Authorization is an indication that there is an access issue, therefore you should not look at your configuration first but rather permissions

10.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You are a DynamoDB developer for an aerospace company that requires you to write 6 objects per second of 4.5KB in size each. What write capacity unit is needed for your project?

46

24

15

30

Answer explanation

Explanation

Correct answer - "30" : One write capacity unit represents one write per second for an item up to 1 KB in size. If you need to write an item that is larger than 1 KB, DynamoDB will need to consume additional write capacity units. The total number of write capacity units required depends on the item size.

Incorrect:

"24"

"15"

"46"

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology