Tag: AWS Certified Developer – Associate Exam Preparation

Posted on

2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump

You can translate the content of this page by selecting a language in the select box.

2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump.

Welcome to AWS Certified Developer Associate Exam Preparation:

Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates

2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump
2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump
 
#AWS #Developer #AWSCloud #DVAC02 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

What is the AWS Certified Developer Associate Exam?

This AWS Certified Developer-Associate Examination is intended for individuals who perform a Developer role. It validates an examinee’s ability to:

  • Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
  • Demonstrate proficiency in developing, deploying, and debugging cloud-based applications by using AWS

Recommended general IT knowledge
The target candidate should have the following:
– In-depth knowledge of at least one high-level programming language
– Understanding of application lifecycle management
– The ability to write code for serverless applications
– Understanding of the use of containers in the development process

Recommended AWS knowledge
The target candidate should be able to do the following:

  • Use the AWS service APIs, CLI, and software development kits (SDKs) to write applications
  • Identify key features of AWS services
  • Understand the AWS shared responsibility model
  • Use a continuous integration and continuous delivery (CI/CD) pipeline to deploy applications on AWS
  • Use and interact with AWS services
  • Apply basic understanding of cloud-native applications to write code
  • Write code by using AWS security best practices (for example, use IAM roles instead of secret and access keys in the code)
  • Author, maintain, and debug code modules on AWS

What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
– Design architectures (for example, distributed system, microservices)
– Design and implement CI/CD pipelines

  • Administer IAM users and groups
  • Administer Amazon Elastic Container Service (Amazon ECS)
  • Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)
  • Understand compliance and licensing

Exam content
Response types
There are two types of questions on the exam:
– Multiple choice: Has one correct response and three incorrect responses (distractors)
– Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that will affect your score.

Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence

Ace the AWS Certified Machine Learning Specialty Exam with Confidence: Get Your Hands on the Ultimate MLS-C01 Practice Exams! Pass the AWS Certified Machine Learning Specialty Exam with Flying Colors

Exam results
The AWS Certified Developer – Associate (DVA-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.

Domain 1: Deployment 22%
Domain 2: Security 26%
Domain 3: Development with AWS Services 30%
Domain 4: Refactoring 10%
Domain 5: Monitoring and Troubleshooting 12%

Domain 1: Deployment
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
–  Commit code to a repository and invoke build, test and/or deployment actions
–  Use labels and branches for version and release management
–  Use AWS CodePipeline to orchestrate workflows against different environments
–  Apply AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeStar, and AWS
CodeDeploy for CI/CD purposes
–  Perform a roll back plan based on application deployment policy

1.2 Deploy applications using AWS Elastic Beanstalk.
–  Utilize existing supported environments to define a new application stack
–  Package the application
–  Introduce a new application version into the Elastic Beanstalk environment
–  Utilize a deployment policy to deploy an application version (i.e., all at once, rolling, rolling with batch, immutable)
–  Validate application health using Elastic Beanstalk dashboard
–  Use Amazon CloudWatch Logs to instrument application logging

1.3 Prepare the application deployment package to be deployed to AWS.
–  Manage the dependencies of the code module (like environment variables, config files and static image files) within the package
–  Outline the package/container directory structure and organize files appropriately
–  Translate application resource requirements to AWS infrastructure parameters (e.g., memory, cores)

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLFC01 book below.

Achieve AWS Solutions Architect Associate Certification with Confidence: Master SAA Exam with the Latest Practice Tests and Quizzes illustrated

1.4 Deploy serverless applications.
–  Given a use case, implement and launch an AWS Serverless Application Model (AWS SAM) template
–  Manage environments in individual AWS services (e.g., Differentiate between Development, Test, and Production in Amazon API Gateway)

Domain 2: Security
2.1 Make authenticated calls to AWS services.
–  Communicate required policy based on least privileges required by application.
–  Assume an IAM role to access a service
–  Use the software development kit (SDK) credential provider on-premises or in the cloud to access AWS services (local credentials vs. instance roles)

"Become a Canada Expert: Ace the Citizenship Test and Impress Everyone with Your Knowledge of Canadian History, Geography, Government, Culture, People, Languages, Travel, Wildlife, Hockey, Tourism, Sceneries, Arts, and Data Visualization. Get the Top 1000 Canada Quiz Now!"


2.2 Implement encryption using AWS services.
– Encrypt data at rest (client side; server side; envelope encryption) using AWS services
–  Encrypt data in transit

2.3 Implement application authentication and authorization.
– Add user sign-up and sign-in functionality for applications with Amazon Cognito identity or user pools
–  Use Amazon Cognito-provided credentials to write code that access AWS services.
–  Use Amazon Cognito sync to synchronize user profiles and data
–  Use developer-authenticated identities to interact between end user devices, backend
authentication, and Amazon Cognito

Domain 3: Development with AWS Services
3.1 Write code for serverless applications.
– Compare and contrast server-based vs. serverless model (e.g., micro services, stateless nature of serverless applications, scaling serverless applications, and decoupling layers of serverless applications)
– Configure AWS Lambda functions by defining environment variables and parameters (e.g., memory, time out, runtime, handler)
– Create an API endpoint using Amazon API Gateway
–  Create and test appropriate API actions like GET, POST using the API endpoint
–  Apply Amazon DynamoDB concepts (e.g., tables, items, and attributes)
–  Compute read/write capacity units for Amazon DynamoDB based on application requirements
–  Associate an AWS Lambda function with an AWS event source (e.g., Amazon API Gateway, Amazon CloudWatch event, Amazon S3 events, Amazon Kinesis)
–  Invoke an AWS Lambda function synchronously and asynchronously

3.2 Translate functional requirements into application design.
– Determine real-time vs. batch processing for a given use case
– Determine use of synchronous vs. asynchronous for a given use case
– Determine use of event vs. schedule/poll for a given use case
– Account for tradeoffs for consistency models in an application design

Domain 4: Refactoring
4.1 Optimize applications to best use AWS services and features.
 Implement AWS caching services to optimize performance (e.g., Amazon ElastiCache, Amazon API Gateway cache)
 Apply an Amazon S3 naming scheme for optimal read performance

Invest in your future today by enrolling in this Azure Fundamentals - Pass the Azure Fundamentals Exam with Ease: Master the AZ-900 Certification with the Comprehensive Exam Preparation Guide!

Microsoft Azure AZ900 Certification and Training

4.2 Migrate existing application code to run on AWS.
– Isolate dependencies
– Run the application as one or more stateless processes
– Develop in order to enable horizontal scalability
– Externalize state

Domain 5: Monitoring and Troubleshooting

5.1 Write code that can be monitored.
– Create custom Amazon CloudWatch metrics
– Perform logging in a manner available to systems operators
– Instrument application source code to enable tracing in AWS X-Ray

5.2 Perform root cause analysis on faults found in testing or production.
– Interpret the outputs from the logging mechanism in AWS to identify errors in logs
– Check build and testing history in AWS services (e.g., AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline) to identify issues
– Utilize AWS services (e.g., Amazon CloudWatch, VPC Flow Logs, and AWS X-Ray) to locate a specific faulty component

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.


Which key tools, technologies, and concepts might be covered on the exam?

The following is a non-exhaustive list of the tools and technologies that could appear on the exam.
This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:
– Analytics
– Application Integration
– Containers
– Cost and Capacity Management
– Data Movement
– Developer Tools
– Instances (virtual machines)
– Management and Governance
– Networking and Content Delivery
– Security
– Serverless

AWS services and features

Analytics:
– Amazon Elasticsearch Service (Amazon ES)
– Amazon Kinesis
Application Integration:
– Amazon EventBridge (Amazon CloudWatch Events)
– Amazon Simple Notification Service (Amazon SNS)
– Amazon Simple Queue Service (Amazon SQS)
– AWS Step Functions

Compute:
– Amazon EC2
– AWS Elastic Beanstalk
– AWS Lambda

Containers:
– Amazon Elastic Container Registry (Amazon ECR)
– Amazon Elastic Container Service (Amazon ECS)
– Amazon Elastic Kubernetes Services (Amazon EKS)


Ace AWS Cloud Practitioner Exam Certification with this book

Database:
– Amazon DynamoDB
– Amazon ElastiCache
– Amazon RDS

Developer Tools:
– AWS CodeArtifact
– AWS CodeBuild
– AWS CodeCommit
– AWS CodeDeploy
– Amazon CodeGuru
– AWS CodePipeline
– AWS CodeStar
– AWS Fault Injection Simulator
– AWS X-Ray

Management and Governance:
– AWS CloudFormation
– Amazon CloudWatch

Networking and Content Delivery:
– Amazon API Gateway
– Amazon CloudFront
– Elastic Load Balancing

Security, Identity, and Compliance:
– Amazon Cognito
– AWS Identity and Access Management (IAM)
– AWS Key Management Service (AWS KMS)

Storage:
– Amazon S3

Out-of-scope AWS services and features

The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this list because they are assumed to be irrelevant.
Out-of-scope AWS services and features include the following:
– AWS Application Discovery Service
– Amazon AppStream 2.0
– Amazon Chime
– Amazon Connect
– AWS Database Migration Service (AWS DMS)
– AWS Device Farm
– Amazon Elastic Transcoder
– Amazon GameLift
– Amazon Lex
– Amazon Machine Learning (Amazon ML)
– AWS Managed Services
– Amazon Mobile Analytics
– Amazon Polly

– Amazon QuickSight
– Amazon Rekognition
– AWS Server Migration Service (AWS SMS)
– AWS Service Catalog
– AWS Shield Advanced
– AWS Shield Standard
– AWS Snow Family
– AWS Storage Gateway
– AWS WAF
– Amazon WorkMail
– Amazon WorkSpaces

To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

Unlock the Secrets of Africa: Master African History, Geography, Culture, People, Cuisine, Economics, Languages, Music, Wildlife, Football, Politics, Animals, Tourism, Science and Environment with the Top 1000 Africa Quiz and Trivia. Get Yours Now!

Top

AWS Certified Developer – Associate Practice Questions And Answers Dump

Q0: Your application reads commands from an SQS queue and sends them to web services hosted by your
partners. When a partner’s endpoint goes down, your application continually returns their commands to the queue. The repeated attempts to deliver these commands use up resources. Commands that can’t be delivered must not be lost.
How can you accommodate the partners’ broken web services without wasting your resources?

  • A. Create a delay queue and set DelaySeconds to 30 seconds
  • B. Requeue the message with a VisibilityTimeout of 30 seconds.
  • C. Create a dead letter queue and set the Maximum Receives to 3.
  • D. Requeue the message with a DelaySeconds of 30 seconds.
2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump
AWS Developer Associates DVA-C01 PRO
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 


C. After a message is taken from the queue and returned for the maximum number of retries, it is
automatically sent to a dead letter queue, if one has been configured. It stays there until you retrieve it for forensic purposes.

Reference: Amazon SQS Dead-Letter Queues


Top

Q1: A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently.
What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. The AWS Documentation mentions the following:

DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

Q2: You are creating a DynamoDB table with the following attributes:

  • PurchaseOrderNumber (partition key)
  • CustomerID
  • PurchaseDate
  • TotalPurchaseValue

One of your applications must retrieve items from the table to calculate the total value of purchases for a
particular customer over a date range. What secondary index do you need to add to the table?

  • A. Local secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • B. Local secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute
  • C. Global secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • D. Global secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute


C. The query is for a particular CustomerID, so a Global Secondary Index is needed for a different partition
key. To retrieve only the desired date range, the PurchaseDate must be the sort key. Projecting the
TotalPurchaseValue into the index provides all the data needed to satisfy the use case.

Reference: AWS DynamoDB Global Secondary Indexes

Difference between local and global indexes in DynamoDB

    • Global secondary index — an index with a hash and range key that can be different from those on the table. A global secondary index is considered “global” because queries on the index can span all of the data in a table, across all partitions.
    • Local secondary index — an index that has the same hash key as the table, but a different range key. A local secondary index is “local” in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key.
    • Local Secondary Indexes still rely on the original Hash Key. When you supply a table with hash+range, think about the LSI as hash+range1, hash+range2.. hash+range6. You get 5 more range attributes to query on. Also, there is only one provisioned throughput.
    • Global Secondary Indexes defines a new paradigm – different hash/range keys per index.
      This breaks the original usage of one hash key per table. This is also why when defining GSI you are required to add a provisioned throughput per index and pay for it.
    • Local Secondary Indexes can only be created when you are creating the table, there is no way to add Local Secondary Index to an existing table, also once you create the index you cannot delete it.
    • Global Secondary Indexes can be created when you create the table and added to an existing table, deleting an existing Global Secondary Index is also allowed.

Throughput :

  • Local Secondary Indexes consume throughput from the table. When you query records via the local index, the operation consumes read capacity units from the table. When you perform a write operation (create, update, delete) in a table that has a local index, there will be two write operations, one for the table another for the index. Both operations will consume write capacity units from the table.
  • Global Secondary Indexes have their own provisioned throughput, when you query the index the operation will consume read capacity from the index, when you perform a write operation (create, update, delete) in a table that has a global index, there will be two write operations, one for the table another for the index*.


Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

AWS Developer Associate DVA-C01 Exam Prep
AWS Developer Associate DVA-C01 Exam Prep
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q3: When referencing the remaining time left for a Lambda function to run within the function’s code you would use:

  • A. The event object
  • B. The timeLeft object
  • C. The remains object
  • D. The context object


D. The context object.

Reference: AWS Lambda


Top

Q4: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context
D. event, context
def handler_name(event, context):

return some_value

Reference: AWS Lambda Function Handler in Python

Top

Q5: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda Deployment Package

Top

Q6: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime

C. Function code and libraries not included within the runtime

Reference: AWS Lambda Deployment Package in PowerShell

Top

Q7: You are attempting to SSH into an EC2 instance that is located in a public subnet. However, you are currently receiving a timeout error trying to connect. What could be a possible cause of this connection issue?

  • A. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic, but does not have an outbound rule that allows SSH traffic.
  • B. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND has an outbound rule that explicitly denies SSH traffic.
  • C. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND the associated NACL has both an inbound and outbound rule that allows SSH traffic.
  • D. The security group associated with the EC2 instance does not have an inbound rule that allows SSH traffic AND the associated NACL does not have an outbound rule that allows SSH traffic.


D. Security groups are stateful, so you do NOT have to have an explicit outbound rule for return requests. However, NACLs are stateless so you MUST have an explicit outbound rule configured for return request.

Reference: Comparison of Security Groups and Network ACLs

AWS Security Groups and NACL


Top

Q8: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.

Reference: AWS Network Address Translation Gateway


Top

Q9: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.

Reference: AWS Autoscalling


Top

Q10: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda

Top

Q11: You’re writing a script with an AWS SDK that uses the AWS API Actions and want to create AMIs for non-EBS backed AMIs for you. Which API call should occurs in the final process of creating an AMI?

  • A. RegisterImage
  • B. CreateImage
  • C. ami-register-image
  • D. ami-create-image

A. It is actually – RegisterImage. All AWS API Actions will follow the capitalization like this and don’t have hyphens in them.

Reference: API RegisterImage

Top

Q12: When dealing with session state in EC2-based applications using Elastic load balancers which option is generally thought of as the best practice for managing user sessions?

  • A. Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information
  • B. Permenantly assigning users to specific instances and always routing their traffic to those instances
  • C. Using Application-generated cookies to tie a user session to a particular instance for the cookie duration
  • D. Using Elastic Load Balancer generated cookies to tie a user session to a particular instance

Top

Q13: Which API call would best be used to describe an Amazon Machine Image?

  • A. ami-describe-image
  • B. ami-describe-images
  • C. DescribeImage
  • D. DescribeImages

D. In general, API actions stick to the PascalCase style with the first letter of every word capitalized.

Reference: API DescribeImages

Top

Q14: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

  • A. Autoscaling requires using Amazon EBS-backed instances
  • B. Virtual Private Cloud requires EBS backed instances
  • C. Amazon EBS-backed instances can be stopped and restarted without losing data
  • D. Instance-store backed instances can be stopped and restarted without losing data

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

C. Instance-store backed images use “ephemeral” storage (temporary). The storage is only available during the life of an instance. Rebooting an instance will allow ephemeral data stay persistent. However, stopping and starting an instance will remove all ephemeral storage.

Reference: What is the difference between EBS and Instance Store?

Top

Q15: After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called Toto.pem) you try and SSH into your IP address (54.1.132.33) using the following command.
ssh -i my_key.pem ec2-user@52.2.222.22
However you receive the following error.
@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@
What is the most probable reason for this and how can you fix it?

  • A. You do not have root access on your terminal and need to use the sudo option for this to work.
  • B. You do not have enough permissions to perform the operation.
  • C. Your key file is encrypted. You need to use the -u option for unencrypted not the -i option.
  • D. Your key file must not be publicly viewable for SSH to work. You need to modify your .pem file to limit permissions.

D. You need to run something like: chmod 400 my_key.pem

Reference:

Top

Q16: You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you need to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. However, you are unsure if changing the instance state in any of the aforementioned ways will cause you to lose data stored on the EBS volume. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1?

  • A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used.
  • B. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost.
  • C. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used.
  • D. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.

D. The question states that an EBS-backed root device is mounted at /dev/sda1, and EBS volumes maintain information regardless of the instance state. If it was instance store, this would be a different answer.

Reference: AWS Root Device Storage

Top

Q17: EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:

  • A. Can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
  • B. Can only be used to launch EC2 instances in the same country as the AMI is stored
  • C. Can only be used to launch EC2 instances in the same AWS region as the AMI is stored
  • D. Can be used to launch EC2 instances in any AWS region

C. AMIs are only available in the region they are created. Even in the case of the AWS-provided AMIs, AWS has actually copied the AMIs for you to different regions. You cannot access an AMI from one region in another region. However, you can copy an AMI from one region to another

Reference: https://aws.amazon.com/amazon-linux-ami/

Top

Q18: Which of the following statements is true about the Elastic File System (EFS)?

  • A. EFS can scale out to meet capacity requirements and scale back down when no longer needed
  • B. EFS can be used by multiple EC2 instances simultaneously
  • C. EFS cannot be used by an instance using EBS
  • D. EFS can be configured on an instance before launch just like an IAM role or EBS volumes

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

A. and B.

Reference: https://aws.amazon.com/efs/

Top

Q19: IAM Policies, at a minimum, contain what elements?

  • A. ID
  • B. Effects
  • C. Resources
  • D. Sid
  • E. Principle
  • F. Actions

B. C. and F.

Effect – Use Allow or Deny to indicate whether the policy allows or denies access.

Resource – Specify a list of resources to which the actions apply.

Action – Include a list of actions that the policy allows or denies.

Id, Sid aren’t required fields in IAM Policies. But they are optional fields

Reference: AWS IAM Access Policies

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q20: What are the main benefits of IAM groups?

  • A. The ability to create custom permission policies.
  • B. Assigning IAM permission policies to more than one user at a time.
  • C. Easier user/policy management.
  • D. Allowing EC2 instances to gain access to S3.

B. and C.

A. is incorrect: This is a benefit of IAM generally or a benefit of IAM policies. But IAM groups don’t create policies, they have policies attached to them.

Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

 

Top

Q21: What are benefits of using AWS STS?

  • A. Grant access to AWS resources without having to create an IAM identity for them
  • B. Since credentials are temporary, you don’t have to rotate or revoke them
  • C. Temporary security credentials can be extended indefinitely
  • D. Temporary security credentials can be restricted to a specific region

Top

Q22: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios:

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q23: A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application which needs to handle thousands of requests. Currently the dev environment is running on a t1 micro instance. How can the Developer change the EC2 instance type to m4.large?

  • A. Use CloudFormation to migrate the Amazon EC2 instance type of the environment from t1 micro to m4.large.
  • B. Create a saved configuration file in Amazon S3 with the instance type as m4.large and use the same during environment creation.
  • C. Change the instance type to m4.large in the configuration details page of the Create New Environment page.
  • D. Change the instance type value for the environment to m4.large by using update autoscaling group CLI command.

B. The Elastic Beanstalk console and EB CLI set configuration options when you create an environment. You can also set configuration options in saved configurations and configuration files. If the same option is set in multiple locations, the value used is determined by the order of precedence.
Configuration option settings can be composed in text format and saved prior to environment creation, applied during environment creation using any supported client, and added, modified or removed after environment creation.
During environment creation, configuration options are applied from multiple sources with the following precedence, from highest to lowest:

  • Settings applied directly to the environment – Settings specified during a create environment or update environment operation on the Elastic Beanstalk API by any client, including the AWS Management Console, EB CLI, AWS CLI, and SDKs. The AWS Management Console and EB CLI also applyrecommended values for some options that apply at this level unless overridden.
  • Saved Configurations
    Settings for any options that are not applied directly to the
    environment are loaded from a saved configuration, if specified.
  • Configuration Files (.ebextensions)– Settings for any options that are not applied directly to the
    environment, and also not specified in a saved configuration, are loaded from configuration files in the .ebextensions folder at the root of the application source bundle.

     

    Configuration files are executed in alphabetical order. For example,.ebextensions/01run.configis executed before.ebextensions/02do.config.

  • Default Values– If a configuration option has a default value, it only applies when the option is not set at any of the above levels.

If the same configuration option is defined in more than one location, the setting with the highest precedence is applied. When a setting is applied from a saved configuration or settings applied directly to the environment, the setting is stored as part of the environment’s configuration. These settings can be removed with the AWS CLI or with the EB CLI
.
Settings in configuration files are not applied
directly to the environment and cannot be removed without modifying the configuration files and deploying a new application version.If a setting applied with one of the other methods is removed, the same setting will be loaded from configuration files in the source bundle.

Reference: Managing ec2 features – Elastic beanstalk

Q24: What statements are true about Availability Zones (AZs) and Regions?

  • A. There is only one AZ in each AWS Region
  • B. AZs are geographically separated inside a region to help protect against natural disasters affecting more than one at a time.
  • C. AZs can be moved between AWS Regions based on your needs
  • D. There are (almost always) two or more AZs in each AWS Region

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B and D.

Reference: AWS global infrastructure/

Top

Q25: An AWS Region contains:

  • A. Edge Locations
  • B. Data Centers
  • C. AWS Services
  • D. Availability Zones


B. C. D. Edge locations are actually distinct locations that don’t explicitly fall within AWS regions.

Reference: AWS Global Infrastructure


Top

Q26: Which read request in DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful?

  • A. Eventual Consistent Reads
  • B. Conditional reads for Consistency
  • C. Strongly Consistent Reads
  • D. Not possible


C. This is provided very clearly in the AWS documentation as shown below with regards to the read consistency for DynamoDB. Only in Strong Read consistency can you be guaranteed that you get the write read value after all the writes are completed.

Reference: https://aws.amazon.com/dynamodb/faqs/


Top

Q27: You’ ve been asked to move an existing development environment on the AWS Cloud. This environment consists mainly of Docker based containers. You need to ensure that minimum effort is taken during the migration process. Which of the following step would you consider for this requirement?

  • A. Create an Opswork stack and deploy the Docker containers
  • B. Create an application and Environment for the Docker containers in the Elastic Beanstalk service
  • C. Create an EC2 Instance. Install Docker and deploy the necessary containers.
  • D. Create an EC2 Instance. Install Docker and deploy the necessary containers. Add an Autoscaling Group for scalability of the containers.


B. The Elastic Beanstalk service is the ideal service to quickly provision development environments. You can also create environments which can be used to host Docker based containers.

Reference: Create and Deploy Docker in AWS


Top

Q28: You’ve written an application that uploads objects onto an S3 bucket. The size of the object varies between 200 – 500 MB. You’ve seen that the application sometimes takes a longer than expected time to upload the object. You want to improve the performance of the application. Which of the following would you consider?

  • A. Create multiple threads and upload the objects in the multiple threads
  • B. Write the items in batches for better performance
  • C. Use the Multipart upload API
  • D. Enable versioning on the Bucket

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 


C. All other options are invalid since the best way to handle large object uploads to the S3 service is to use the Multipart upload API. The Multipart upload API enables you to upload large objects in parts. You can use this API to upload new large objects or make a copy of an existing object. Multipart uploading is a three-step process: You initiate the upload, you upload the object parts, and after you have uploaded all the parts, you complete the multipart upload. Upon receiving the complete multipart upload request, Amazon S3 constructs the object from the uploaded parts, and you can then access the object just as you would any other object in your bucket.

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html


Top

Q29: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?

  • A. 6000
  • B. 10
  • C. 3600
  • D. 600

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B. When you mention the write capacity of a table in Dynamo DB, you mention it as the number of 1KB writes per second. So in the above question, since the write is happening every minute, we need to divide the value of 600 by 60, to get the number of KB writes per second. This gives a value of 10.

You can specify the Write capacity in the Capacity tab of the DynamoDB table.

Reference: AWS working with tables

Q30: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context


D. event, context def handler_name(event, context):

return some_value
Reference: AWS Lambda Function Handler in Python

Top

Q31: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda Deployment Package

Top

Q32: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime


C. Function code and libraries not included within the runtime
Reference: AWS Lambda Deployment Package in PowerShell

Top

Q33: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.
Reference: AWS Network Address Translation Gateway

Top

Q34: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.
Reference: AWS Autoscalling

Top

Q30: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

Answer:


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda

Top

Q31: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this?

  • A. Lazy loading
  • B. Write-through
  • C. Error retries
  • D. Exponential backoff

Answer:


Answer – A
Whenever your application requests data, it first makes the request to the ElastiCache cache. If the data exists in the cache and is current, ElastiCache returns the data to your application. If the data does not exist in the cache, or the data in the cache has expired, your application requests data from your data store which returns the data to your application. Your application then writes the data received from the store to the cache so it can be more quickly retrieved next time it is requested. All other options are incorrect.
Reference: Caching Strategies

Top

Q32: A developer is writing an application that will run on Ec2 instances and read messages from SQS queue. The nessages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages?

  • A. Use long polling
  • B. Set a custom visibility timeout
  • C. Use short polling
  • D. Implement exponential backoff


Answer – A Long polling will help insure that the applications make less requests for messages in a shorter period of time. This is more cost effective. Since the messages are only going to be available after 15 seconds and we don’t know exacly when they would be available, it is better to use Long Polling.
Reference: Amazon SQS Long Polling

Top

Q33: You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With new Lambda function working as per expectation which of the following will shift traffic from original Lambda function to new Lambda function in the shortest time frame?

  • A. Canary10Percent5Minutes
  • B. Linear10PercentEvery10Minutes
  • C. Canary10Percent15Minutes
  • D. Linear10PercentEvery1Minute


Answer – A
With Canary Deployment Preference type, Traffic is shifted in two intervals. With Canary10Percent5Minutes, 10 percent of traffic is shifted in the first interval while remaining all traffic is shifted after 5 minutes.
Reference: Gradual Code Deployment

Top

Q34: You are using AWS SAM templates to deploy a serverless application. Which of the following resource will embed application from Amazon S3 buckets?

  • A. AWS::Serverless::Api
  • B. AWS::Serverless::Application
  • C. AWS::Serverless::Layerversion
  • D. AWS::Serverless::Function


Answer – B
AWS::Serverless::Application resource in AWS SAm template is used to embed application frm Amazon S3 buckets.
Reference: Declaring Serverless Resources

Top

Q35: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?

  • A. Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
  • B. Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
  • C. Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
  • D. Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.


Answer – D
With Envelope Encryption, unencrypted data is encrypted using plaintext Data key. This Data is further encrypted using plaintext Master key. This plaintext Master key is securely stored in AWS KMS & known as Customer Master Keys.
Reference: AWS Key Management Service Concepts

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q36: You are developing an application that will be comprised of the following architecture –

  1. A set of Ec2 instances to process the videos.
  2. These (Ec2 instances) will be spun up by an autoscaling group.
  3. SQS Queues to maintain the processing messages.
  4. There will be 2 pricing tiers.

How will you ensure that the premium customers videos are given more preference?

  • A. Create 2 Autoscaling Groups, one for normal and one for premium customers
  • B. Create 2 set of Ec2 Instances, one for normal and one for premium customers
  • C. Create 2 SQS queus, one for normal and one for premium customers
  • D. Create 2 Elastic Load Balancers, one for normal and one for premium customers.


Answer – C
The ideal option would be to create 2 SQS queues. Messages can then be processed by the application from the high priority queue first.<br? The other options are not the ideal options. They would lead to extra costs and also extra maintenance.
Reference: SQS

Top

Q37: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?

  • A. CustomerID
  • B. CustomerName
  • C. Location
  • D. Age


Answer- A
Use high-cardinality attributes. These are attributes that have distinct values for each item, like e-mailid, employee_no, customerid, sessionid, orderid, and so on..
Use composite attributes. Try to combine more than one attribute to form a unique key.
Reference: Choosing the right DynamoDB Partition Key

Top

Q38: A developer is making use of AWS services to develop an application. He has been asked to develop the application in a manner to compensate any network delays. Which of the following two mechanisms should he implement in the application?

  • A. Multiple SQS queues
  • B. Exponential backoff algorithm
  • C. Retries in your application code
  • D. Consider using the Java sdk.


Answer- B. and C.
In addition to simple retries, each AWS SDK implements exponential backoff algorithm for better flow control. The idea behind exponential backoff is to use progressively longer waits between retries for consecutive error responses. You should implement a maximum delay interval, as well as a maximum number of retries. The maximum delay interval and maximum number of retries are not necessarily fixed values, and should be set based on the operation being performed, as well as other local factors, such as network latency.
Reference: Error Retries and Exponential Backoff in AWS

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q39: An application is being developed that is going to write data to a DynamoDB table. You have to setup the read and write throughput for the table. Data is going to be read at the rate of 300 items every 30 seconds. Each item is of size 6KB. The reads can be eventual consistent reads. What should be the read capacity that needs to be set on the table?

  • A. 10
  • B. 20
  • C. 6
  • D. 30


Answer – A

Since there are 300 items read every 30 seconds , that means there are (300/30) = 10 items read every second.
Since each item is 6KB in size , that means , 2 reads will be required for each item.
So we have total of 2*10 = 20 reads for the number of items per second
Since eventual consistency is required , we can divide the number of reads(20) by 2 , and in the end we get the Read Capacity of 10.

Reference: Read/Write Capacity Mode


Top

Q40: You are in charge of deploying an application that will be hosted on an EC2 Instance and sit behind an Elastic Load balancer. You have been requested to monitor the incoming connections to the Elastic Load Balancer. Which of the below options can suffice this requirement?

  • A. Use AWS CloudTrail with your load balancer
  • B. Enable access logs on the load balancer
  • C. Use a CloudWatch Logs Agent
  • D. Create a custom metric CloudWatch lter on your load balancer


Answer – B
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
Reference: Access Logs for Your Application Load Balancer

Top

Q41: A static web site has been hosted on a bucket and is now being accessed by users. One of the web pages javascript section has been changed to access data which is hosted in another S3 bucket. Now that same web page is no longer loading in the browser. Which of the following can help alleviate the error?

  • A. Enable versioning for the underlying S3 bucket.
  • B. Enable Replication so that the objects get replicated to the other bucket
  • C. Enable CORS for the bucket
  • D. Change the Bucket policy for the bucket to allow access from the other bucket


Answer – C

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

Cross-Origin Resource Sharing: Use-case Scenarios The following are example scenarios for using CORS:

Scenario 1: Suppose that you are hosting a website in an Amazon S3 bucket named website as described in Hosting a Static Website on Amazon S3. Your users load the website endpoint http://website.s3-website-us-east-1.amazonaws.com. Now you want to use JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket, website.s3.amazonaws.com. A browser would normally block JavaScript from allowing those requests, but with CORS you can configure your bucket to explicitly enable cross-origin requests from website.s3-website-us-east-1.amazonaws.com.

Scenario 2: Suppose that you want to host a web font from your S3 bucket. Again, browsers require a CORS check (also called a preight check) for loading web fonts. You would configure the bucket that is hosting the web font to allow any origin to make these requests.

Reference: Cross-Origin Resource Sharing (CORS)


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q42: Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below

  • A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URL for the appropriate content.
  • B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
  • C. Authenticate your users at the application level, and use AWS Security Token Service (STS)to grant token-based authorization to S3 objects.
  • D. Authenticate your users at the application level, and send an SMS token message to the user. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.


Answer- C
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). The token can then be used to grant access to the objects in S3.
You can then provides access to the objects based on the key values generated via the user id.

Reference: The AWS Security Token Service (STS)


Top

Q43: Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements.

  • A. Publish your data to CloudWatch Logs, and congure your application to Autoscale to handle the load on demand.
  • B. Publish your log data to an Amazon S3 bucket.  Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is congured to pull down your log les stored an Amazon S3
  • C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is congured to process your logging data.
  • D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.

Answer:


Answer – C
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as application logs, website clickstreams, IoT telemetry data, and more into your databases, data lakes and data warehouses, or build your own real-time applications using this data.
Reference: Amazon Kinesis

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q44: You’ve been instructed to develop a mobile application that will make use of AWS services. You need to decide on a data store to store the user sessions. Which of the following would be an ideal data store for session management?

  • A. AWS Simple Storage Service
  • B. AWS DynamoDB
  • C. AWS RDS
  • D. AWS Redshift

Answer:


Answer – B
DynamoDB is a alternative solution which can be used for storage of session management. The latency of access to data is less , hence this can be used as a data store for session management
Reference: Scalable Session Handling in PHP Using Amazon DynamoDB

Top

Q45: Your application currently interacts with a DynamoDB table. Records are inserted into the table via the application. There is now a requirement to ensure that whenever items are updated in the DynamoDB primary table , another record is inserted into a secondary table. Which of the below feature should be used when developing such a solution?

  • A. AWS DynamoDB Encryption
  • B. AWS DynamoDB Streams
  • C. AWS DynamoDB Accelerator
  • D. AWSTable Accelerator


Answer – B
DynamoDB Streams Use Cases and Design Patterns This post describes some common use cases you might encounter, along with their design options and solutions, when migrating data from relational data stores to Amazon DynamoDB. We will consider how to manage the following scenarios:

  • How do you set up a relationship across multiple tables in which, based on the value of an item from one table, you update the item in a second table?
  • How do you trigger an event based on a particular transaction?
  • How do you audit or archive transactions?
  • How do you replicate data across multiple tables (similar to that of materialized views/streams/replication in relational data stores)?

Relational databases provide native support for transactions, triggers, auditing, and replication. Typically, a transaction in a database refers to performing create, read, update, and delete (CRUD) operations against multiple tables in a block. A transaction can have only two states—success or failure. In other words, there is no partial completion. As a NoSQL database, DynamoDB is not designed to support transactions. Although client-side libraries are available to mimic the transaction capabilities, they are not scalable and cost-effective. For example, the Java Transaction Library for DynamoDB creates 7N+4 additional writes for every write operation. This is partly because the library holds metadata to manage the transactions to ensure that it’s consistent and can be rolled back before commit. You can use DynamoDB Streams to address all these use cases. DynamoDB Streams is a powerful service that you can combine with other AWS services to solve many similar problems. When enabled, DynamoDB Streams captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores the information for up to 24 hours. Applications can access a series of stream records, which contain an item change, from a DynamoDB stream in near real time. AWS maintains separate endpoints for DynamoDB and DynamoDB Streams. To work with database tables and indexes, your application must access a DynamoDB endpoint. To read and process DynamoDB Streams records, your application must access a DynamoDB Streams endpoint in the same Region. All of the other options are incorrect since none of these would meet the core requirement.
Reference: DynamoDB Streams Use Cases and Design Patterns


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q46: An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB , and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors?

  • A. Large Page size
  • B. Reduced page size
  • C. Parallel Scans
  • D. Sequential scans

Answer – B
When you scan your table in Amazon DynamoDB, you should follow the DynamoDB best practices for avoiding sudden bursts of read activity. You can use the following technique to minimize the impact of a scan on a table’s provisioned throughput. Reduce page size Because a Scan operation reads an entire page (by default, 1 MB), you can reduce the impact of the scan operation by setting a smaller page size. The Scan operation provides a Limit parameter that you can use to set the page size for your request. Each Query or Scan request that has a smaller page size uses fewer read operations and creates a “pause” between each request. For example, suppose that each item is 4 KB and you set the page size to 40 items. A Query request would then consume only 20 eventually consistent read operations or 40 strongly consistent read operations. A larger number of smaller Query or Scan operations would allow your other critical requests to succeed without throttling.
Reference1: Rate-Limited Scans in Amazon DynamoDB

Reference2: Best Practices for Querying and Scanning Data


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q47: Which of the following is correct way of passing a stage variable to an HTTP URL ? (Select TWO.)

  • A. http://example.com/${}/prod
  • B. http://example.com/${stageVariables.}/prod
  • C. http://${stageVariables.}.example.com/dev/operation
  • D. http://${stageVariables}.example.com/dev/operation
  • E. http://${}.example.com/dev/operation
  • F. http://example.com/${stageVariables}/prod


Answer – B. and C.
A stage variable can be used as part of HTTP integration URL as in following cases, ·         A full URI without protocol ·         A full domain ·         A subdomain ·         A path ·         A query string In the above case , option B & C displays stage variable as a path & sub-domain.
Reference: Amazon API Gateway Stage Variables Reference

Top

Q48: Your company is planning on creating new development environments in AWS. They want to make use of their existing Chef recipes which they use for their on-premise configuration for servers in AWS. Which of the following service would be ideal to use in this regard?

  • A. AWS Elastic Beanstalk
  • B. AWS OpsWork
  • C. AWS Cloudformation
  • D. AWS SQS


Answer – B
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments All other options are invalid since they cannot be used to work with Chef recipes for configuration management.
Reference: AWS OpsWorks

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q49: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

  • A. Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
  • B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
  • C. Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
  • D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.


Answer – C
With web identity federation, you don’t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don’t have to embed and distribute long-term security credentials with your application. Option A is invalid since Roles cannot be assigned to S3 buckets Options B and D are invalid since the AWS Access keys should not be used
Reference: About Web Identity Federation

Top

Q50: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?

  • A. Cognito Data
  • B. Cognito Events
  • C. Cognito Streams
  • D. Cognito Callbacks


Answer – C
Amazon Cognito Streams gives developers control and insight into their data stored in Amazon Cognito. Developers can now configure a Kinesis stream to receive events as data is updated and synchronized. Amazon Cognito can push each dataset change to a Kinesis stream you own in real time. All other options are invalid since you should use Cognito Streams
Reference:

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q51: You’ve developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC. Choose 2 answers from the options given below

  • A. Ensure that the subnet ID’s are mentioned when conguring the Lambda function
  • B. Ensure that the NACL ID’s are mentioned when conguring the Lambda function
  • C. Ensure that the Security Group ID’s are mentioned when conguring the Lambda function
  • D. Ensure that the VPC Flow Log ID’s are mentioned when conguring the Lambda function


Answer: A and C.
AWS Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPCspecific configuration information that includes VPC subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC.
Reference: Configuring a Lambda Function to Access Resources in an Amazon VPC

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q52: You’ve currently been tasked to migrate an existing on-premise environment into Elastic Beanstalk. The application does not make use of Docker containers. You also can’t see any relevant environments in the beanstalk service that would be suitable to host your application. What should you consider doing in this case?

  • A. Migrate your application to using Docker containers and then migrate the app to the Elastic Beanstalk environment.
  • B. Consider using Cloudformation to deploy your environment to Elastic Beanstalk
  • C. Consider using Packer to create a custom platform
  • D. Consider deploying your application using the Elastic Container Service


Answer – C
Elastic Beanstalk supports custom platforms. A custom platform is a more advanced customization than a Custom Image in several ways. A custom platform lets you develop an entire new platform from scratch, customizing the operating system, additional software, and scripts that Elastic Beanstalk runs on platform instances. This flexibility allows you to build a platform for an application that uses a language or other infrastructure software, for which Elastic Beanstalk doesn’t provide a platform out of the box. Compare that to custom images, where you modify an AMI for use with an existing Elastic Beanstalk platform, and Elastic Beanstalk still provides the platform scripts and controls the platform’s software stack. In addition, with custom platforms you use an automated, scripted way to create and maintain your customization, whereas with custom images you make the changes manually over a running instance. To create a custom platform, you build an Amazon Machine Image (AMI) from one of the supported operating systems—Ubuntu, RHEL, or Amazon Linux (see the flavor entry in Platform.yaml File Format for the exact version numbers)—and add further customizations. You create your own Elastic Beanstalk platform using Packer, which is an open-source tool for creating machine images for many platforms, including AMIs for use with Amazon EC2. An Elastic Beanstalk platform comprises an AMI configured to run a set of software that supports an application, and metadata that can include custom configuration options and default configuration option settings.
Reference: AWS Elastic Beanstalk Custom Platforms

Top

Q53: Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.

  • A. 10
  • B. 160
  • C. 155
  • D. 16


Answer – B.
Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.
Reference: Read/Write Capacity Mode

Top

Top

Q54: Which AWS Service can be used to automatically install your application code onto EC2, on premises systems and Lambda?

  • A. CodeCommit
  • B. X-Ray
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q55: Which AWS service can be used to compile source code, run tests and package code?

  • A. CodePipeline
  • B. CodeCommit
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy Answer: B.

Reference: AWS CodeBuild


Top

Q56: How can your prevent CloudFormation from deleting your entire stack on failure? (Choose 2)

  • A. Set the Rollback on failure radio button to No in the CloudFormation console
  • B. Set Termination Protection to Enabled in the CloudFormation console
  • C. Use the –disable-rollback flag with the AWS CLI
  • D. Use the –enable-termination-protection protection flag with the AWS CLI

Answer: A. and C.

Reference: Protecting a Stack From Being Deleted

Top

Q57: Which of the following practices allows multiple developers working on the same application to merge code changes frequently, without impacting each other and enables the identification of bugs early on in the release process?

  • A. Continuous Integration
  • B. Continuous Deployment
  • C. Continuous Delivery
  • D. Continuous Development

Answer: A

Reference: What is Continuous Integration?

Top

Q58: When deploying application code to EC2, the AppSpec file can be written in which language?

  • A. JSON
  • B. JSON or YAML
  • C. XML
  • D. YAML

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q59: Part of your CloudFormation deployment fails due to a mis-configuration, by defaukt what will happen?

  • A. CloudFormation will rollback only the failed components
  • B. CloudFormation will rollback the entire stack
  • C. Failed component will remain available for debugging purposes
  • D. CloudFormation will ask you if you want to continue with the deployment

Answer: B

Reference: Troubleshooting AWS CloudFormation


Top

Q60: You want to receive an email whenever a user pushes code to CodeCommit repository, how can you configure this?

  • A. Create a new SNS topic and configure it to poll for CodeCommit eveents. Ask all users to subscribe to the topic to receive notifications
  • B. Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository.
  • C. Configure Notifications in the console, this will create a CloudWatch events rule to send a notification to a SNS topic which will trigger an email to be sent to the user.
  • D. Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository.

Answer: C

Reference: Getting Started with Amazon SNS


Top

Q61: Which AWS service can be used to centrally store and version control your application source code, binaries and libraries

  • A. CodeCommit
  • B. CodeBuild
  • C. CodePipeline
  • D. ElasticFileSystem

Answer: A

Reference: AWS CodeCommit


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q62: You are using CloudFormation to create a new S3 bucket, which of the following sections would you use to define the properties of your bucket?

  • A. Conditions
  • B. Parameters
  • C. Outputs
  • D. Resources

Answer: D

Reference: Resources


Top

Q63: You are deploying a number of EC2 and RDS instances using CloudFormation. Which section of the CloudFormation template would you use to define these?

  • A. Transforms
  • B. Outputs
  • C. Resources
  • D. Instances

Answer: C.
The Resources section defines your resources you are provisioning. Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack. Transforms is used to reference code located in S3.
Reference: Resources

Top

Q64: Which AWS service can be used to fully automate your entire release process?

  • A. CodeDeploy
  • B. CodePipeline
  • C. CodeCommit
  • D. CodeBuild

Answer: B.
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates

Reference: AWS CodePipeline


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q65: You want to use the output of your CloudFormation stack as input to another CloudFormation stack. Which sections of the CloudFormation template would you use to help you configure this?

  • A. Outputs
  • B. Transforms
  • C. Resources
  • D. Exports

Answer: A.
Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack.
Reference: CloudFormation Outputs

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q66: You have some code located in an S3 bucket that you want to reference in your CloudFormation template. Which section of the template can you use to define this?

  • A. Inputs
  • B. Resources
  • C. Transforms
  • D. Files

Answer: C.
Transforms is used to reference code located in S3 and also specififying the use of the Serverless Application Model (SAM) for Lambda deployments.
Reference: Transforms

Top

Q67: You are deploying an application to a number of Ec2 instances using CodeDeploy. What is the name of the file
used to specify source files and lifecycle hooks?

  • A. buildspec.yml
  • B. appspec.json
  • C. appspec.yml
  • D. buildspec.json

Answer: C.

Reference: CodeDeploy AppSpec File Reference

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q68: Which of the following approaches allows you to re-use pieces of CloudFormation code in multiple templates, for common use cases like provisioning a load balancer or web server?

  • A. Share the code using an EBS volume
  • B. Copy and paste the code into the template each time you need to use it
  • C. Use a cloudformation nested stack
  • D. Store the code you want to re-use in an AMI and reference the AMI from within your CloudFormation template.

Answer: C.

Reference: Working with Nested Stacks

Top

Q69: In the CodeDeploy AppSpec file, what are hooks used for?

  • A. To reference AWS resources that will be used during the deployment
  • B. Hooks are reserved for future use
  • C. To specify files you want to copy during the deployment.
  • D. To specify, scripts or function that you want to run at set points in the deployment lifecycle

Answer: D.
The ‘hooks’ section for an EC2/On-Premises deployment contains mappings that link deployment lifecycle event hooks to one or more scripts.

Reference: AppSpec ‘hooks’ Section

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q70: Which command can you use to encrypt a plain text file using CMK?

  • A. aws kms-encrypt
  • B. aws iam encrypt
  • C. aws kms encrypt
  • D. aws encrypt

Answer: C.
aws kms encrypt –key-id 1234abcd-12ab-34cd-56ef-1234567890ab –plaintext fileb://ExamplePlaintextFile –output text –query CiphertextBlob > C:\Temp\ExampleEncryptedFile.base64

Reference: AWS CLI Encrypt

Top

Q72: Which of the following is an encrypted key used by KMS to encrypt your data

  • A. Custmoer Mamaged Key
  • B. Encryption Key
  • C. Envelope Key
  • D. Customer Master Key

Answer: C.
Your Data key also known as the Enveloppe key is encrypted using the master key.This approach is known as Envelope encryption.
Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key.

Reference: Envelope Encryption

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q73: Which of the following statements are correct? (Choose 2)

  • A. The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
  • B. The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
  • C. The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
  • D. The Customer MasterKey is used to encrypt and decrypt plain text files.

Answer: A. and B.

Reference: AWS Key Management Service Concepts

Top

Q74: Which of the following statements is correct in relation to kMS/ (Choose 2)

  • A. KMS Encryption keys are regional
  • B. You cannot export your customer master key
  • C. You can export your customer master key.
  • D. KMS encryption Keys are global

Answer: A. and B.

Reference: AWS Key Management Service FAQs

Q75:  A developer is preparing a deployment package for a Java implementation of an AWS Lambda function. What should the developer include in the deployment package? (Select TWO.)
A. Compiled application code
B. Java runtime environment
C. References to the event sources
D. Lambda execution role
E. Application dependencies


Answer: C. E.
Notes: To create a Lambda function, you first create a Lambda function deployment package. This package is a .zip or .jar file consisting of your code and any dependencies.
Reference: Lambda deployment packages.

Q76: A developer uses AWS CodeDeploy to deploy a Python application to a fleet of Amazon EC2 instances that run behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. What should the developer include in the CodeDeploy deployment package?
A. A launch template for the Amazon EC2 Auto Scaling group
B. A CodeDeploy AppSpec file
C. An EC2 role that grants the application access to AWS services
D. An IAM policy that grants the application access to AWS services


Answer: B.
Notes: The CodeDeploy AppSpec (application specific) file is unique to CodeDeploy. The AppSpec file is used to manage each deployment as a series of lifecycle event hooks, which are defined in the file.
Reference: CodeDeploy application specification (AppSpec) files.
Category: Deployment

Q76: A company is working on a project to enhance its serverless application development process. The company hosts applications on AWS Lambda. The development team regularly updates the Lambda code and wants to use stable code in production. Which combination of steps should the development team take to configure Lambda functions to meet both development and production requirements? (Select TWO.)

A. Create a new Lambda version every time a new code release needs testing.
B. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready unqualified Amazon Resource Name (ARN) version. Point the Development alias to the $LATEST version.
C. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to the production-ready qualified Amazon Resource Name (ARN) version. Point the Development alias to the variable LAMBDA_TASK_ROOT.
D. Create a new Lambda layer every time a new code release needs testing.
E. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready Lambda layer Amazon Resource Name (ARN). Point the Development alias to the $LATEST layer ARN.


Answer: A. B.
Notes: Lambda function versions are designed to manage deployment of functions. They can be used for code changes, without affecting the stable production version of the code. By creating separate aliases for Production and Development, systems can initiate the correct alias as needed. A Lambda function alias can be used to point to a specific Lambda function version. Using the functionality to update an alias and its linked version, the development team can update the required version as needed. The $LATEST version is the newest published version.
Reference: Lambda function versions.

For more information about Lambda layers, see Creating and sharing Lambda layers.

For more information about Lambda function aliases, see Lambda function aliases.

Category: Deployment

Q77: Each time a developer publishes a new version of an AWS Lambda function, all the dependent event source mappings need to be updated with the reference to the new version’s Amazon Resource Name (ARN). These updates are time consuming and error-prone. Which combination of actions should the developer take to avoid performing these updates when publishing a new Lambda version? (Select TWO.)
A. Update event source mappings with the ARN of the Lambda layer.
B. Point a Lambda alias to a new version of the Lambda function.
C. Create a Lambda alias for each published version of the Lambda function.
D. Point a Lambda alias to a new Lambda function alias.
E. Update the event source mappings with the Lambda alias ARN.


Answer: B. E.
Notes: A Lambda alias is a pointer to a specific Lambda function version. Instead of using ARNs for the Lambda function in event source mappings, you can use an alias ARN. You do not need to update your event source mappings when you promote a new version or roll back to a previous version.
Reference: Lambda function aliases.
Category: Deployment

Q78:  A company wants to store sensitive user data in Amazon S3 and encrypt this data at rest. The company must manage the encryption keys and use Amazon S3 to perform the encryption. How can a developer meet these requirements?
A. Enable default encryption for the S3 bucket by using the option for server-side encryption with customer-provided encryption keys (SSE-C).
B. Enable client-side encryption with an encryption key. Upload the encrypted object to the S3 bucket.
C. Enable server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Upload an object to the S3 bucket.
D. Enable server-side encryption with customer-provided encryption keys (SSE-C). Upload an object to the S3 bucket.


Answer: D.
Notes: When you upload an object, Amazon S3 uses the encryption key you provide to apply AES-256 encryption to your data and removes the encryption key from memory.
Reference: Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).

Category: Security

Q79: A company is developing a Python application that submits data to an Amazon DynamoDB table. The company requires client-side encryption of specific data items and end-to-end protection for the encrypted data in transit and at rest. Which combination of steps will meet the requirement for the encryption of specific data items? (Select TWO.)

A. Generate symmetric encryption keys with AWS Key Management Service (AWS KMS).
B. Generate asymmetric encryption keys with AWS Key Management Service (AWS KMS).
C. Use generated keys with the DynamoDB Encryption Client.
D. Use generated keys to configure DynamoDB table encryption with AWS managed customer master keys (CMKs).
E. Use generated keys to configure DynamoDB table encryption with AWS owned customer master keys (CMKs).


Answer: A. C.
Notes: When the DynamoDB Encryption Client is configured to use AWS KMS, it uses a customer master key (CMK) that is always encrypted when used outside of AWS KMS. This cryptographic materials provider returns a unique encryption key and signing key for every table item. This method of encryption uses a symmetric CMK.
Reference: Direct KMS Materials Provider.
Category: Deployment

Q80: A company is developing a REST API with Amazon API Gateway. Access to the API should be limited to users in the existing Amazon Cognito user pool. Which combination of steps should a developer perform to secure the API? (Select TWO.)
A. Create an AWS Lambda authorizer for the API.
B. Create an Amazon Cognito authorizer for the API.
C. Configure the authorizer for the API resource.
D. Configure the API methods to use the authorizer.
E. Configure the authorizer for the API stage.


Answer: B. D.
Notes: An Amazon Cognito authorizer should be used for integration with Amazon Cognito user pools. In addition to creating an authorizer, you are required to configure an API method to use that authorizer for the API.
Reference: Control access to a REST API using Amazon Cognito user pools as authorizer.
Category: Security

Q81: A developer is implementing a mobile app to provide personalized services to app users. The application code makes calls to Amazon S3 and Amazon Simple Queue Service (Amazon SQS). Which options can the developer use to authenticate the app users? (Select TWO.)
A. Authenticate to the Amazon Cognito identity pool directly.
B. Authenticate to AWS Identity and Access Management (IAM) directly.
C. Authenticate to the Amazon Cognito user pool directly.
D. Federate authentication by using Login with Amazon with the users managed with AWS Security Token Service (AWS STS).
E. Federate authentication by using Login with Amazon with the users managed with the Amazon Cognito user pool.


Answer: C. E.
Notes: The Amazon Cognito user pool provides direct user authentication. The Amazon Cognito user pool provides a federated authentication option with third-party identity provider (IdP), including amazon.com.
Reference: Adding User Pool Sign-in Through a Third Party.
Category: Security

Question: A company is implementing several order processing workflows. Each workflow is implemented by using AWS Lambda functions for each task. Which combination of steps should a developer follow to implement these workflows? (Select TWO.)
A. Define a AWS Step Functions task for each Lambda function.
B. Define a AWS Step Functions task for each workflow.
C. Write code that polls the AWS Step Functions invocation to coordinate each workflow.
D. Define an AWS Step Functions state machine for each workflow.
E. Define an AWS Step Functions state machine for each Lambda function.
Answer: A. D.
Notes: Step Functions is based on state machines and tasks. A state machine is a workflow. Tasks perform work by coordinating with other AWS services, such as Lambda. A state machine is a workflow. It can be used to express a workflow as a number of states, their relationships, and their input and output. You can coordinate individual tasks with Step Functions by expressing your workflow as a finite state machine, written in the Amazon States Language.
ReferenceText: Getting Started with AWS Step Functions.
ReferenceUrl: https://aws.amazon.com/step-functions/getting-started/
Category: Development

Welcome to AWS Certified Developer Associate Exam Preparation: Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates

AWS Developer Associate DVA-C01 Exam Prep
AWS Developer Associate DVA-C01 Exam Prep
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

What is the AWS Certified Developer Associate Exam?

This AWS Certified Developer-Associate Examination is intended for individuals who perform a Developer role. It validates an examinee’s ability to:

  • Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
  • Demonstrate proficiency in developing, deploying, and debugging cloud-based applications by using AWS

Recommended general IT knowledge
The target candidate should have the following:
– In-depth knowledge of at least one high-level programming language
– Understanding of application lifecycle management
– The ability to write code for serverless applications
– Understanding of the use of containers in the development process

Recommended AWS knowledge
The target candidate should be able to do the following:

  • Use the AWS service APIs, CLI, and software development kits (SDKs) to write applications
  • Identify key features of AWS services
  • Understand the AWS shared responsibility model
  • Use a continuous integration and continuous delivery (CI/CD) pipeline to deploy applications on AWS
  • Use and interact with AWS services
  • Apply basic understanding of cloud-native applications to write code
  • Write code by using AWS security best practices (for example, use IAM roles instead of secret and access keys in the code)
  • Author, maintain, and debug code modules on AWS

What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
– Design architectures (for example, distributed system, microservices)
– Design and implement CI/CD pipelines

  • Administer IAM users and groups
  • Administer Amazon Elastic Container Service (Amazon ECS)
  • Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)
  • Understand compliance and licensing

Exam content
Response types
There are two types of questions on the exam:
– Multiple choice: Has one correct response and three incorrect responses (distractors)
– Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that will affect your score.

Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results
The AWS Certified Developer – Associate (DVA-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.

Domain 1: Deployment 22%
Domain 2: Security 26%
Domain 3: Development with AWS Services 30%
Domain 4: Refactoring 10%
Domain 5: Monitoring and Troubleshooting 12%

Domain 1: Deployment
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
–  Commit code to a repository and invoke build, test and/or deployment actions
–  Use labels and branches for version and release management
–  Use AWS CodePipeline to orchestrate workflows against different environments
–  Apply AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeStar, and AWS
CodeDeploy for CI/CD purposes
–  Perform a roll back plan based on application deployment policy

1.2 Deploy applications using AWS Elastic Beanstalk.
–  Utilize existing supported environments to define a new application stack
–  Package the application
–  Introduce a new application version into the Elastic Beanstalk environment
–  Utilize a deployment policy to deploy an application version (i.e., all at once, rolling, rolling with batch, immutable)
–  Validate application health using Elastic Beanstalk dashboard
–  Use Amazon CloudWatch Logs to instrument application logging

1.3 Prepare the application deployment package to be deployed to AWS.
–  Manage the dependencies of the code module (like environment variables, config files and static image files) within the package
–  Outline the package/container directory structure and organize files appropriately
–  Translate application resource requirements to AWS infrastructure parameters (e.g., memory, cores)

1.4 Deploy serverless applications.
–  Given a use case, implement and launch an AWS Serverless Application Model (AWS SAM) template
–  Manage environments in individual AWS services (e.g., Differentiate between Development, Test, and Production in Amazon API Gateway)

Domain 2: Security
2.1 Make authenticated calls to AWS services.
–  Communicate required policy based on least privileges required by application.
–  Assume an IAM role to access a service
–  Use the software development kit (SDK) credential provider on-premises or in the cloud to access AWS services (local credentials vs. instance roles)

2.2 Implement encryption using AWS services.
– Encrypt data at rest (client side; server side; envelope encryption) using AWS services
–  Encrypt data in transit

2.3 Implement application authentication and authorization.
– Add user sign-up and sign-in functionality for applications with Amazon Cognito identity or user pools
–  Use Amazon Cognito-provided credentials to write code that access AWS services.
–  Use Amazon Cognito sync to synchronize user profiles and data
–  Use developer-authenticated identities to interact between end user devices, backend
authentication, and Amazon Cognito

Domain 3: Development with AWS Services
3.1 Write code for serverless applications.
– Compare and contrast server-based vs. serverless model (e.g., micro services, stateless nature of serverless applications, scaling serverless applications, and decoupling layers of serverless applications)
– Configure AWS Lambda functions by defining environment variables and parameters (e.g., memory, time out, runtime, handler)
– Create an API endpoint using Amazon API Gateway
–  Create and test appropriate API actions like GET, POST using the API endpoint
–  Apply Amazon DynamoDB concepts (e.g., tables, items, and attributes)
–  Compute read/write capacity units for Amazon DynamoDB based on application requirements
–  Associate an AWS Lambda function with an AWS event source (e.g., Amazon API Gateway, Amazon CloudWatch event, Amazon S3 events, Amazon Kinesis)
–  Invoke an AWS Lambda function synchronously and asynchronously

3.2 Translate functional requirements into application design.
– Determine real-time vs. batch processing for a given use case
– Determine use of synchronous vs. asynchronous for a given use case
– Determine use of event vs. schedule/poll for a given use case
– Account for tradeoffs for consistency models in an application design

Domain 4: Refactoring
4.1 Optimize applications to best use AWS services and features.
 Implement AWS caching services to optimize performance (e.g., Amazon ElastiCache, Amazon API Gateway cache)
 Apply an Amazon S3 naming scheme for optimal read performance

4.2 Migrate existing application code to run on AWS.
– Isolate dependencies
– Run the application as one or more stateless processes
– Develop in order to enable horizontal scalability
– Externalize state

Domain 5: Monitoring and Troubleshooting

5.1 Write code that can be monitored.
– Create custom Amazon CloudWatch metrics
– Perform logging in a manner available to systems operators
– Instrument application source code to enable tracing in AWS X-Ray

5.2 Perform root cause analysis on faults found in testing or production.
– Interpret the outputs from the logging mechanism in AWS to identify errors in logs
– Check build and testing history in AWS services (e.g., AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline) to identify issues
– Utilize AWS services (e.g., Amazon CloudWatch, VPC Flow Logs, and AWS X-Ray) to locate a specific faulty component

Which key tools, technologies, and concepts might be covered on the exam?

The following is a non-exhaustive list of the tools and technologies that could appear on the exam.
This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:
– Analytics
– Application Integration
– Containers
– Cost and Capacity Management
– Data Movement
– Developer Tools
– Instances (virtual machines)
– Management and Governance
– Networking and Content Delivery
– Security
– Serverless

AWS services and features

Analytics:
– Amazon Elasticsearch Service (Amazon ES)
– Amazon Kinesis
Application Integration:
– Amazon EventBridge (Amazon CloudWatch Events)
– Amazon Simple Notification Service (Amazon SNS)
– Amazon Simple Queue Service (Amazon SQS)
– AWS Step Functions

Compute:
– Amazon EC2
– AWS Elastic Beanstalk
– AWS Lambda

Containers:
– Amazon Elastic Container Registry (Amazon ECR)
– Amazon Elastic Container Service (Amazon ECS)
– Amazon Elastic Kubernetes Services (Amazon EKS)

Database:
– Amazon DynamoDB
– Amazon ElastiCache
– Amazon RDS

Developer Tools:
– AWS CodeArtifact
– AWS CodeBuild
– AWS CodeCommit
– AWS CodeDeploy
– Amazon CodeGuru
– AWS CodePipeline
– AWS CodeStar
– AWS Fault Injection Simulator
– AWS X-Ray

Management and Governance:
– AWS CloudFormation
– Amazon CloudWatch

Networking and Content Delivery:
– Amazon API Gateway
– Amazon CloudFront
– Elastic Load Balancing

Security, Identity, and Compliance:
– Amazon Cognito
– AWS Identity and Access Management (IAM)
– AWS Key Management Service (AWS KMS)

Storage:
– Amazon S3

Out-of-scope AWS services and features

The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this list because they are assumed to be irrelevant.
Out-of-scope AWS services and features include the following:
– AWS Application Discovery Service
– Amazon AppStream 2.0
– Amazon Chime
– Amazon Connect
– AWS Database Migration Service (AWS DMS)
– AWS Device Farm
– Amazon Elastic Transcoder
– Amazon GameLift
– Amazon Lex
– Amazon Machine Learning (Amazon ML)
– AWS Managed Services
– Amazon Mobile Analytics
– Amazon Polly

– Amazon QuickSight
– Amazon Rekognition
– AWS Server Migration Service (AWS SMS)
– AWS Service Catalog
– AWS Shield Advanced
– AWS Shield Standard
– AWS Snow Family
– AWS Storage Gateway
– AWS WAF
– Amazon WorkMail
– Amazon WorkSpaces

To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

Top

AWS Certified Developer – Associate Practice Questions And Answers Dump

Q0: Your application reads commands from an SQS queue and sends them to web services hosted by your
partners. When a partner’s endpoint goes down, your application continually returns their commands to the queue. The repeated attempts to deliver these commands use up resources. Commands that can’t be delivered must not be lost.
How can you accommodate the partners’ broken web services without wasting your resources?

  • A. Create a delay queue and set DelaySeconds to 30 seconds
  • B. Requeue the message with a VisibilityTimeout of 30 seconds.
  • C. Create a dead letter queue and set the Maximum Receives to 3.
  • D. Requeue the message with a DelaySeconds of 30 seconds.
AWS Developer Associates DVA-C01 PRO
AWS Developer Associates DVA-C01 PRO
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 


C. After a message is taken from the queue and returned for the maximum number of retries, it is
automatically sent to a dead letter queue, if one has been configured. It stays there until you retrieve it for forensic purposes.

Reference: Amazon SQS Dead-Letter Queues


Top

Q1: A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently.
What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. The AWS Documentation mentions the following:

DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

Q2: You are creating a DynamoDB table with the following attributes:

  • PurchaseOrderNumber (partition key)
  • CustomerID
  • PurchaseDate
  • TotalPurchaseValue

One of your applications must retrieve items from the table to calculate the total value of purchases for a
particular customer over a date range. What secondary index do you need to add to the table?

  • A. Local secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • B. Local secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute
  • C. Global secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • D. Global secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute


C. The query is for a particular CustomerID, so a Global Secondary Index is needed for a different partition
key. To retrieve only the desired date range, the PurchaseDate must be the sort key. Projecting the
TotalPurchaseValue into the index provides all the data needed to satisfy the use case.

Reference: AWS DynamoDB Global Secondary Indexes

Difference between local and global indexes in DynamoDB

    • Global secondary index — an index with a hash and range key that can be different from those on the table. A global secondary index is considered “global” because queries on the index can span all of the data in a table, across all partitions.
    • Local secondary index — an index that has the same hash key as the table, but a different range key. A local secondary index is “local” in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key.
    • Local Secondary Indexes still rely on the original Hash Key. When you supply a table with hash+range, think about the LSI as hash+range1, hash+range2.. hash+range6. You get 5 more range attributes to query on. Also, there is only one provisioned throughput.
    • Global Secondary Indexes defines a new paradigm – different hash/range keys per index.
      This breaks the original usage of one hash key per table. This is also why when defining GSI you are required to add a provisioned throughput per index and pay for it.
    • Local Secondary Indexes can only be created when you are creating the table, there is no way to add Local Secondary Index to an existing table, also once you create the index you cannot delete it.
    • Global Secondary Indexes can be created when you create the table and added to an existing table, deleting an existing Global Secondary Index is also allowed.

Throughput :

  • Local Secondary Indexes consume throughput from the table. When you query records via the local index, the operation consumes read capacity units from the table. When you perform a write operation (create, update, delete) in a table that has a local index, there will be two write operations, one for the table another for the index. Both operations will consume write capacity units from the table.
  • Global Secondary Indexes have their own provisioned throughput, when you query the index the operation will consume read capacity from the index, when you perform a write operation (create, update, delete) in a table that has a global index, there will be two write operations, one for the table another for the index*.


Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

AWS Developer Associate DVA-C01 Exam Prep
AWS Developer Associate DVA-C01 Exam Prep
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q3: When referencing the remaining time left for a Lambda function to run within the function’s code you would use:

  • A. The event object
  • B. The timeLeft object
  • C. The remains object
  • D. The context object


D. The context object.

Reference: AWS Lambda


Top

Q4: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context
D. event, context
def handler_name(event, context):

return some_value

Reference: AWS Lambda Function Handler in Python

Top

Q5: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda Deployment Package

Top

Q6: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime

C. Function code and libraries not included within the runtime

Reference: AWS Lambda Deployment Package in PowerShell

Top

Q7: You are attempting to SSH into an EC2 instance that is located in a public subnet. However, you are currently receiving a timeout error trying to connect. What could be a possible cause of this connection issue?

  • A. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic, but does not have an outbound rule that allows SSH traffic.
  • B. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND has an outbound rule that explicitly denies SSH traffic.
  • C. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND the associated NACL has both an inbound and outbound rule that allows SSH traffic.
  • D. The security group associated with the EC2 instance does not have an inbound rule that allows SSH traffic AND the associated NACL does not have an outbound rule that allows SSH traffic.


D. Security groups are stateful, so you do NOT have to have an explicit outbound rule for return requests. However, NACLs are stateless so you MUST have an explicit outbound rule configured for return request.

Reference: Comparison of Security Groups and Network ACLs

AWS Security Groups and NACL


Top

Q8: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.

Reference: AWS Network Address Translation Gateway


Top

Q9: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.

Reference: AWS Autoscalling


Top

Q10: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda

Top

Q11: You’re writing a script with an AWS SDK that uses the AWS API Actions and want to create AMIs for non-EBS backed AMIs for you. Which API call should occurs in the final process of creating an AMI?

  • A. RegisterImage
  • B. CreateImage
  • C. ami-register-image
  • D. ami-create-image

A. It is actually – RegisterImage. All AWS API Actions will follow the capitalization like this and don’t have hyphens in them.

Reference: API RegisterImage

Top

Q12: When dealing with session state in EC2-based applications using Elastic load balancers which option is generally thought of as the best practice for managing user sessions?

  • A. Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information
  • B. Permenantly assigning users to specific instances and always routing their traffic to those instances
  • C. Using Application-generated cookies to tie a user session to a particular instance for the cookie duration
  • D. Using Elastic Load Balancer generated cookies to tie a user session to a particular instance

Top

Q13: Which API call would best be used to describe an Amazon Machine Image?

  • A. ami-describe-image
  • B. ami-describe-images
  • C. DescribeImage
  • D. DescribeImages

D. In general, API actions stick to the PascalCase style with the first letter of every word capitalized.

Reference: API DescribeImages

Top

Q14: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

  • A. Autoscaling requires using Amazon EBS-backed instances
  • B. Virtual Private Cloud requires EBS backed instances
  • C. Amazon EBS-backed instances can be stopped and restarted without losing data
  • D. Instance-store backed instances can be stopped and restarted without losing data

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

C. Instance-store backed images use “ephemeral” storage (temporary). The storage is only available during the life of an instance. Rebooting an instance will allow ephemeral data stay persistent. However, stopping and starting an instance will remove all ephemeral storage.

Reference: What is the difference between EBS and Instance Store?

Top

Q15: After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called Toto.pem) you try and SSH into your IP address (54.1.132.33) using the following command.
ssh -i my_key.pem ec2-user@52.2.222.22
However you receive the following error.
@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@
What is the most probable reason for this and how can you fix it?

  • A. You do not have root access on your terminal and need to use the sudo option for this to work.
  • B. You do not have enough permissions to perform the operation.
  • C. Your key file is encrypted. You need to use the -u option for unencrypted not the -i option.
  • D. Your key file must not be publicly viewable for SSH to work. You need to modify your .pem file to limit permissions.

D. You need to run something like: chmod 400 my_key.pem

Reference:

Top

Q16: You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you need to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. However, you are unsure if changing the instance state in any of the aforementioned ways will cause you to lose data stored on the EBS volume. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1?

  • A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used.
  • B. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost.
  • C. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used.
  • D. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.

D. The question states that an EBS-backed root device is mounted at /dev/sda1, and EBS volumes maintain information regardless of the instance state. If it was instance store, this would be a different answer.

Reference: AWS Root Device Storage

Top

Q17: EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:

  • A. Can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
  • B. Can only be used to launch EC2 instances in the same country as the AMI is stored
  • C. Can only be used to launch EC2 instances in the same AWS region as the AMI is stored
  • D. Can be used to launch EC2 instances in any AWS region

C. AMIs are only available in the region they are created. Even in the case of the AWS-provided AMIs, AWS has actually copied the AMIs for you to different regions. You cannot access an AMI from one region in another region. However, you can copy an AMI from one region to another

Reference: https://aws.amazon.com/amazon-linux-ami/

Top

Q18: Which of the following statements is true about the Elastic File System (EFS)?

  • A. EFS can scale out to meet capacity requirements and scale back down when no longer needed
  • B. EFS can be used by multiple EC2 instances simultaneously
  • C. EFS cannot be used by an instance using EBS
  • D. EFS can be configured on an instance before launch just like an IAM role or EBS volumes

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

A. and B.

Reference: https://aws.amazon.com/efs/

Top

Q19: IAM Policies, at a minimum, contain what elements?

  • A. ID
  • B. Effects
  • C. Resources
  • D. Sid
  • E. Principle
  • F. Actions

B. C. and F.

Effect – Use Allow or Deny to indicate whether the policy allows or denies access.

Resource – Specify a list of resources to which the actions apply.

Action – Include a list of actions that the policy allows or denies.

Id, Sid aren’t required fields in IAM Policies. But they are optional fields

Reference: AWS IAM Access Policies

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q20: What are the main benefits of IAM groups?

  • A. The ability to create custom permission policies.
  • B. Assigning IAM permission policies to more than one user at a time.
  • C. Easier user/policy management.
  • D. Allowing EC2 instances to gain access to S3.

B. and C.

A. is incorrect: This is a benefit of IAM generally or a benefit of IAM policies. But IAM groups don’t create policies, they have policies attached to them.

Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

 

Top

Q21: What are benefits of using AWS STS?

  • A. Grant access to AWS resources without having to create an IAM identity for them
  • B. Since credentials are temporary, you don’t have to rotate or revoke them
  • C. Temporary security credentials can be extended indefinitely
  • D. Temporary security credentials can be restricted to a specific region

Top

Q22: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios:

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q23: A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application which needs to handle thousands of requests. Currently the dev environment is running on a t1 micro instance. How can the Developer change the EC2 instance type to m4.large?

  • A. Use CloudFormation to migrate the Amazon EC2 instance type of the environment from t1 micro to m4.large.
  • B. Create a saved configuration file in Amazon S3 with the instance type as m4.large and use the same during environment creation.
  • C. Change the instance type to m4.large in the configuration details page of the Create New Environment page.
  • D. Change the instance type value for the environment to m4.large by using update autoscaling group CLI command.

B. The Elastic Beanstalk console and EB CLI set configuration options when you create an environment. You can also set configuration options in saved configurations and configuration files. If the same option is set in multiple locations, the value used is determined by the order of precedence.
Configuration option settings can be composed in text format and saved prior to environment creation, applied during environment creation using any supported client, and added, modified or removed after environment creation.
During environment creation, configuration options are applied from multiple sources with the following precedence, from highest to lowest:

  • Settings applied directly to the environment – Settings specified during a create environment or update environment operation on the Elastic Beanstalk API by any client, including the AWS Management Console, EB CLI, AWS CLI, and SDKs. The AWS Management Console and EB CLI also applyrecommended values for some options that apply at this level unless overridden.
  • Saved Configurations
    Settings for any options that are not applied directly to the
    environment are loaded from a saved configuration, if specified.
  • Configuration Files (.ebextensions)– Settings for any options that are not applied directly to the
    environment, and also not specified in a saved configuration, are loaded from configuration files in the .ebextensions folder at the root of the application source bundle.

     

    Configuration files are executed in alphabetical order. For example,.ebextensions/01run.configis executed before.ebextensions/02do.config.

  • Default Values– If a configuration option has a default value, it only applies when the option is not set at any of the above levels.

If the same configuration option is defined in more than one location, the setting with the highest precedence is applied. When a setting is applied from a saved configuration or settings applied directly to the environment, the setting is stored as part of the environment’s configuration. These settings can be removed with the AWS CLI or with the EB CLI
.
Settings in configuration files are not applied
directly to the environment and cannot be removed without modifying the configuration files and deploying a new application version.If a setting applied with one of the other methods is removed, the same setting will be loaded from configuration files in the source bundle.

Reference: Managing ec2 features – Elastic beanstalk

Q24: What statements are true about Availability Zones (AZs) and Regions?

  • A. There is only one AZ in each AWS Region
  • B. AZs are geographically separated inside a region to help protect against natural disasters affecting more than one at a time.
  • C. AZs can be moved between AWS Regions based on your needs
  • D. There are (almost always) two or more AZs in each AWS Region

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B and D.

Reference: AWS global infrastructure/

Top

Q25: An AWS Region contains:

  • A. Edge Locations
  • B. Data Centers
  • C. AWS Services
  • D. Availability Zones


B. C. D. Edge locations are actually distinct locations that don’t explicitly fall within AWS regions.

Reference: AWS Global Infrastructure


Top

Q26: Which read request in DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful?

  • A. Eventual Consistent Reads
  • B. Conditional reads for Consistency
  • C. Strongly Consistent Reads
  • D. Not possible


C. This is provided very clearly in the AWS documentation as shown below with regards to the read consistency for DynamoDB. Only in Strong Read consistency can you be guaranteed that you get the write read value after all the writes are completed.

Reference: https://aws.amazon.com/dynamodb/faqs/


Top

Q27: You’ ve been asked to move an existing development environment on the AWS Cloud. This environment consists mainly of Docker based containers. You need to ensure that minimum effort is taken during the migration process. Which of the following step would you consider for this requirement?

  • A. Create an Opswork stack and deploy the Docker containers
  • B. Create an application and Environment for the Docker containers in the Elastic Beanstalk service
  • C. Create an EC2 Instance. Install Docker and deploy the necessary containers.
  • D. Create an EC2 Instance. Install Docker and deploy the necessary containers. Add an Autoscaling Group for scalability of the containers.


B. The Elastic Beanstalk service is the ideal service to quickly provision development environments. You can also create environments which can be used to host Docker based containers.

Reference: Create and Deploy Docker in AWS


Top

Q28: You’ve written an application that uploads objects onto an S3 bucket. The size of the object varies between 200 – 500 MB. You’ve seen that the application sometimes takes a longer than expected time to upload the object. You want to improve the performance of the application. Which of the following would you consider?

  • A. Create multiple threads and upload the objects in the multiple threads
  • B. Write the items in batches for better performance
  • C. Use the Multipart upload API
  • D. Enable versioning on the Bucket

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 


C. All other options are invalid since the best way to handle large object uploads to the S3 service is to use the Multipart upload API. The Multipart upload API enables you to upload large objects in parts. You can use this API to upload new large objects or make a copy of an existing object. Multipart uploading is a three-step process: You initiate the upload, you upload the object parts, and after you have uploaded all the parts, you complete the multipart upload. Upon receiving the complete multipart upload request, Amazon S3 constructs the object from the uploaded parts, and you can then access the object just as you would any other object in your bucket.

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html


Top

Q29: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?

  • A. 6000
  • B. 10
  • C. 3600
  • D. 600

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B. When you mention the write capacity of a table in Dynamo DB, you mention it as the number of 1KB writes per second. So in the above question, since the write is happening every minute, we need to divide the value of 600 by 60, to get the number of KB writes per second. This gives a value of 10.

You can specify the Write capacity in the Capacity tab of the DynamoDB table.

Reference: AWS working with tables

Q30: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context


D. event, context def handler_name(event, context):

return some_value
Reference: AWS Lambda Function Handler in Python

Top

Q31: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda Deployment Package

Top

Q32: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime


C. Function code and libraries not included within the runtime
Reference: AWS Lambda Deployment Package in PowerShell

Top

Q33: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.
Reference: AWS Network Address Translation Gateway

Top

Q34: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.
Reference: AWS Autoscalling

Top

Q30: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

Answer:


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda

Top

Q31: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this?

  • A. Lazy loading
  • B. Write-through
  • C. Error retries
  • D. Exponential backoff

Answer:


Answer – A
Whenever your application requests data, it first makes the request to the ElastiCache cache. If the data exists in the cache and is current, ElastiCache returns the data to your application. If the data does not exist in the cache, or the data in the cache has expired, your application requests data from your data store which returns the data to your application. Your application then writes the data received from the store to the cache so it can be more quickly retrieved next time it is requested. All other options are incorrect.
Reference: Caching Strategies

Top

Q32: A developer is writing an application that will run on Ec2 instances and read messages from SQS queue. The nessages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages?

  • A. Use long polling
  • B. Set a custom visibility timeout
  • C. Use short polling
  • D. Implement exponential backoff


Answer – A Long polling will help insure that the applications make less requests for messages in a shorter period of time. This is more cost effective. Since the messages are only going to be available after 15 seconds and we don’t know exacly when they would be available, it is better to use Long Polling.
Reference: Amazon SQS Long Polling

Top

Q33: You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With new Lambda function working as per expectation which of the following will shift traffic from original Lambda function to new Lambda function in the shortest time frame?

  • A. Canary10Percent5Minutes
  • B. Linear10PercentEvery10Minutes
  • C. Canary10Percent15Minutes
  • D. Linear10PercentEvery1Minute


Answer – A
With Canary Deployment Preference type, Traffic is shifted in two intervals. With Canary10Percent5Minutes, 10 percent of traffic is shifted in the first interval while remaining all traffic is shifted after 5 minutes.
Reference: Gradual Code Deployment

Top

Q34: You are using AWS SAM templates to deploy a serverless application. Which of the following resource will embed application from Amazon S3 buckets?

  • A. AWS::Serverless::Api
  • B. AWS::Serverless::Application
  • C. AWS::Serverless::Layerversion
  • D. AWS::Serverless::Function


Answer – B
AWS::Serverless::Application resource in AWS SAm template is used to embed application frm Amazon S3 buckets.
Reference: Declaring Serverless Resources

Top

Q35: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?

  • A. Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
  • B. Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
  • C. Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
  • D. Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.


Answer – D
With Envelope Encryption, unencrypted data is encrypted using plaintext Data key. This Data is further encrypted using plaintext Master key. This plaintext Master key is securely stored in AWS KMS & known as Customer Master Keys.
Reference: AWS Key Management Service Concepts

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q36: You are developing an application that will be comprised of the following architecture –

  1. A set of Ec2 instances to process the videos.
  2. These (Ec2 instances) will be spun up by an autoscaling group.
  3. SQS Queues to maintain the processing messages.
  4. There will be 2 pricing tiers.

How will you ensure that the premium customers videos are given more preference?

  • A. Create 2 Autoscaling Groups, one for normal and one for premium customers
  • B. Create 2 set of Ec2 Instances, one for normal and one for premium customers
  • C. Create 2 SQS queus, one for normal and one for premium customers
  • D. Create 2 Elastic Load Balancers, one for normal and one for premium customers.


Answer – C
The ideal option would be to create 2 SQS queues. Messages can then be processed by the application from the high priority queue first.<br? The other options are not the ideal options. They would lead to extra costs and also extra maintenance.
Reference: SQS

Top

Q37: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?

  • A. CustomerID
  • B. CustomerName
  • C. Location
  • D. Age


Answer- A
Use high-cardinality attributes. These are attributes that have distinct values for each item, like e-mailid, employee_no, customerid, sessionid, orderid, and so on..
Use composite attributes. Try to combine more than one attribute to form a unique key.
Reference: Choosing the right DynamoDB Partition Key

Top

Q38: A developer is making use of AWS services to develop an application. He has been asked to develop the application in a manner to compensate any network delays. Which of the following two mechanisms should he implement in the application?

  • A. Multiple SQS queues
  • B. Exponential backoff algorithm
  • C. Retries in your application code
  • D. Consider using the Java sdk.


Answer- B. and C.
In addition to simple retries, each AWS SDK implements exponential backoff algorithm for better flow control. The idea behind exponential backoff is to use progressively longer waits between retries for consecutive error responses. You should implement a maximum delay interval, as well as a maximum number of retries. The maximum delay interval and maximum number of retries are not necessarily fixed values, and should be set based on the operation being performed, as well as other local factors, such as network latency.
Reference: Error Retries and Exponential Backoff in AWS

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q39: An application is being developed that is going to write data to a DynamoDB table. You have to setup the read and write throughput for the table. Data is going to be read at the rate of 300 items every 30 seconds. Each item is of size 6KB. The reads can be eventual consistent reads. What should be the read capacity that needs to be set on the table?

  • A. 10
  • B. 20
  • C. 6
  • D. 30


Answer – A

Since there are 300 items read every 30 seconds , that means there are (300/30) = 10 items read every second.
Since each item is 6KB in size , that means , 2 reads will be required for each item.
So we have total of 2*10 = 20 reads for the number of items per second
Since eventual consistency is required , we can divide the number of reads(20) by 2 , and in the end we get the Read Capacity of 10.

Reference: Read/Write Capacity Mode


Top

Q40: You are in charge of deploying an application that will be hosted on an EC2 Instance and sit behind an Elastic Load balancer. You have been requested to monitor the incoming connections to the Elastic Load Balancer. Which of the below options can suffice this requirement?

  • A. Use AWS CloudTrail with your load balancer
  • B. Enable access logs on the load balancer
  • C. Use a CloudWatch Logs Agent
  • D. Create a custom metric CloudWatch lter on your load balancer


Answer – B
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
Reference: Access Logs for Your Application Load Balancer

Top

Q41: A static web site has been hosted on a bucket and is now being accessed by users. One of the web pages javascript section has been changed to access data which is hosted in another S3 bucket. Now that same web page is no longer loading in the browser. Which of the following can help alleviate the error?

  • A. Enable versioning for the underlying S3 bucket.
  • B. Enable Replication so that the objects get replicated to the other bucket
  • C. Enable CORS for the bucket
  • D. Change the Bucket policy for the bucket to allow access from the other bucket


Answer – C

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

Cross-Origin Resource Sharing: Use-case Scenarios The following are example scenarios for using CORS:

Scenario 1: Suppose that you are hosting a website in an Amazon S3 bucket named website as described in Hosting a Static Website on Amazon S3. Your users load the website endpoint http://website.s3-website-us-east-1.amazonaws.com. Now you want to use JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket, website.s3.amazonaws.com. A browser would normally block JavaScript from allowing those requests, but with CORS you can configure your bucket to explicitly enable cross-origin requests from website.s3-website-us-east-1.amazonaws.com.

Scenario 2: Suppose that you want to host a web font from your S3 bucket. Again, browsers require a CORS check (also called a preight check) for loading web fonts. You would configure the bucket that is hosting the web font to allow any origin to make these requests.

Reference: Cross-Origin Resource Sharing (CORS)


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q42: Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below

  • A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URL for the appropriate content.
  • B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
  • C. Authenticate your users at the application level, and use AWS Security Token Service (STS)to grant token-based authorization to S3 objects.
  • D. Authenticate your users at the application level, and send an SMS token message to the user. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.


Answer- C
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). The token can then be used to grant access to the objects in S3.
You can then provides access to the objects based on the key values generated via the user id.

Reference: The AWS Security Token Service (STS)


Top

Q43: Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements.

  • A. Publish your data to CloudWatch Logs, and congure your application to Autoscale to handle the load on demand.
  • B. Publish your log data to an Amazon S3 bucket.  Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is congured to pull down your log les stored an Amazon S3
  • C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is congured to process your logging data.
  • D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.

Answer:


Answer – C
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as application logs, website clickstreams, IoT telemetry data, and more into your databases, data lakes and data warehouses, or build your own real-time applications using this data.
Reference: Amazon Kinesis

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q44: You’ve been instructed to develop a mobile application that will make use of AWS services. You need to decide on a data store to store the user sessions. Which of the following would be an ideal data store for session management?

  • A. AWS Simple Storage Service
  • B. AWS DynamoDB
  • C. AWS RDS
  • D. AWS Redshift

Answer:


Answer – B
DynamoDB is a alternative solution which can be used for storage of session management. The latency of access to data is less , hence this can be used as a data store for session management
Reference: Scalable Session Handling in PHP Using Amazon DynamoDB

Top

Q45: Your application currently interacts with a DynamoDB table. Records are inserted into the table via the application. There is now a requirement to ensure that whenever items are updated in the DynamoDB primary table , another record is inserted into a secondary table. Which of the below feature should be used when developing such a solution?

  • A. AWS DynamoDB Encryption
  • B. AWS DynamoDB Streams
  • C. AWS DynamoDB Accelerator
  • D. AWSTable Accelerator


Answer – B
DynamoDB Streams Use Cases and Design Patterns This post describes some common use cases you might encounter, along with their design options and solutions, when migrating data from relational data stores to Amazon DynamoDB. We will consider how to manage the following scenarios:

  • How do you set up a relationship across multiple tables in which, based on the value of an item from one table, you update the item in a second table?
  • How do you trigger an event based on a particular transaction?
  • How do you audit or archive transactions?
  • How do you replicate data across multiple tables (similar to that of materialized views/streams/replication in relational data stores)?

Relational databases provide native support for transactions, triggers, auditing, and replication. Typically, a transaction in a database refers to performing create, read, update, and delete (CRUD) operations against multiple tables in a block. A transaction can have only two states—success or failure. In other words, there is no partial completion. As a NoSQL database, DynamoDB is not designed to support transactions. Although client-side libraries are available to mimic the transaction capabilities, they are not scalable and cost-effective. For example, the Java Transaction Library for DynamoDB creates 7N+4 additional writes for every write operation. This is partly because the library holds metadata to manage the transactions to ensure that it’s consistent and can be rolled back before commit. You can use DynamoDB Streams to address all these use cases. DynamoDB Streams is a powerful service that you can combine with other AWS services to solve many similar problems. When enabled, DynamoDB Streams captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores the information for up to 24 hours. Applications can access a series of stream records, which contain an item change, from a DynamoDB stream in near real time. AWS maintains separate endpoints for DynamoDB and DynamoDB Streams. To work with database tables and indexes, your application must access a DynamoDB endpoint. To read and process DynamoDB Streams records, your application must access a DynamoDB Streams endpoint in the same Region. All of the other options are incorrect since none of these would meet the core requirement.
Reference: DynamoDB Streams Use Cases and Design Patterns


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q46: An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB , and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors?

  • A. Large Page size
  • B. Reduced page size
  • C. Parallel Scans
  • D. Sequential scans

Answer – B
When you scan your table in Amazon DynamoDB, you should follow the DynamoDB best practices for avoiding sudden bursts of read activity. You can use the following technique to minimize the impact of a scan on a table’s provisioned throughput. Reduce page size Because a Scan operation reads an entire page (by default, 1 MB), you can reduce the impact of the scan operation by setting a smaller page size. The Scan operation provides a Limit parameter that you can use to set the page size for your request. Each Query or Scan request that has a smaller page size uses fewer read operations and creates a “pause” between each request. For example, suppose that each item is 4 KB and you set the page size to 40 items. A Query request would then consume only 20 eventually consistent read operations or 40 strongly consistent read operations. A larger number of smaller Query or Scan operations would allow your other critical requests to succeed without throttling.
Reference1: Rate-Limited Scans in Amazon DynamoDB

Reference2: Best Practices for Querying and Scanning Data


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q47: Which of the following is correct way of passing a stage variable to an HTTP URL ? (Select TWO.)

  • A. http://example.com/${}/prod
  • B. http://example.com/${stageVariables.}/prod
  • C. http://${stageVariables.}.example.com/dev/operation
  • D. http://${stageVariables}.example.com/dev/operation
  • E. http://${}.example.com/dev/operation
  • F. http://example.com/${stageVariables}/prod


Answer – B. and C.
A stage variable can be used as part of HTTP integration URL as in following cases, ·         A full URI without protocol ·         A full domain ·         A subdomain ·         A path ·         A query string In the above case , option B & C displays stage variable as a path & sub-domain.
Reference: Amazon API Gateway Stage Variables Reference

Top

Q48: Your company is planning on creating new development environments in AWS. They want to make use of their existing Chef recipes which they use for their on-premise configuration for servers in AWS. Which of the following service would be ideal to use in this regard?

  • A. AWS Elastic Beanstalk
  • B. AWS OpsWork
  • C. AWS Cloudformation
  • D. AWS SQS


Answer – B
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments All other options are invalid since they cannot be used to work with Chef recipes for configuration management.
Reference: AWS OpsWorks

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q49: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

  • A. Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
  • B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
  • C. Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
  • D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.


Answer – C
With web identity federation, you don’t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don’t have to embed and distribute long-term security credentials with your application. Option A is invalid since Roles cannot be assigned to S3 buckets Options B and D are invalid since the AWS Access keys should not be used
Reference: About Web Identity Federation

Top

Q50: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?

  • A. Cognito Data
  • B. Cognito Events
  • C. Cognito Streams
  • D. Cognito Callbacks


Answer – C
Amazon Cognito Streams gives developers control and insight into their data stored in Amazon Cognito. Developers can now configure a Kinesis stream to receive events as data is updated and synchronized. Amazon Cognito can push each dataset change to a Kinesis stream you own in real time. All other options are invalid since you should use Cognito Streams
Reference:

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q51: You’ve developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC. Choose 2 answers from the options given below

  • A. Ensure that the subnet ID’s are mentioned when conguring the Lambda function
  • B. Ensure that the NACL ID’s are mentioned when conguring the Lambda function
  • C. Ensure that the Security Group ID’s are mentioned when conguring the Lambda function
  • D. Ensure that the VPC Flow Log ID’s are mentioned when conguring the Lambda function


Answer: A and C.
AWS Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPCspecific configuration information that includes VPC subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC.
Reference: Configuring a Lambda Function to Access Resources in an Amazon VPC

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q52: You’ve currently been tasked to migrate an existing on-premise environment into Elastic Beanstalk. The application does not make use of Docker containers. You also can’t see any relevant environments in the beanstalk service that would be suitable to host your application. What should you consider doing in this case?

  • A. Migrate your application to using Docker containers and then migrate the app to the Elastic Beanstalk environment.
  • B. Consider using Cloudformation to deploy your environment to Elastic Beanstalk
  • C. Consider using Packer to create a custom platform
  • D. Consider deploying your application using the Elastic Container Service


Answer – C
Elastic Beanstalk supports custom platforms. A custom platform is a more advanced customization than a Custom Image in several ways. A custom platform lets you develop an entire new platform from scratch, customizing the operating system, additional software, and scripts that Elastic Beanstalk runs on platform instances. This flexibility allows you to build a platform for an application that uses a language or other infrastructure software, for which Elastic Beanstalk doesn’t provide a platform out of the box. Compare that to custom images, where you modify an AMI for use with an existing Elastic Beanstalk platform, and Elastic Beanstalk still provides the platform scripts and controls the platform’s software stack. In addition, with custom platforms you use an automated, scripted way to create and maintain your customization, whereas with custom images you make the changes manually over a running instance. To create a custom platform, you build an Amazon Machine Image (AMI) from one of the supported operating systems—Ubuntu, RHEL, or Amazon Linux (see the flavor entry in Platform.yaml File Format for the exact version numbers)—and add further customizations. You create your own Elastic Beanstalk platform using Packer, which is an open-source tool for creating machine images for many platforms, including AMIs for use with Amazon EC2. An Elastic Beanstalk platform comprises an AMI configured to run a set of software that supports an application, and metadata that can include custom configuration options and default configuration option settings.
Reference: AWS Elastic Beanstalk Custom Platforms

Top

Q53: Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.

  • A. 10
  • B. 160
  • C. 155
  • D. 16


Answer – B.
Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.
Reference: Read/Write Capacity Mode

Top

Top

Q54: Which AWS Service can be used to automatically install your application code onto EC2, on premises systems and Lambda?

  • A. CodeCommit
  • B. X-Ray
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q55: Which AWS service can be used to compile source code, run tests and package code?

  • A. CodePipeline
  • B. CodeCommit
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy Answer: B.

Reference: AWS CodeBuild


Top

Q56: How can your prevent CloudFormation from deleting your entire stack on failure? (Choose 2)

  • A. Set the Rollback on failure radio button to No in the CloudFormation console
  • B. Set Termination Protection to Enabled in the CloudFormation console
  • C. Use the –disable-rollback flag with the AWS CLI
  • D. Use the –enable-termination-protection protection flag with the AWS CLI

Answer: A. and C.

Reference: Protecting a Stack From Being Deleted

Top

Q57: Which of the following practices allows multiple developers working on the same application to merge code changes frequently, without impacting each other and enables the identification of bugs early on in the release process?

  • A. Continuous Integration
  • B. Continuous Deployment
  • C. Continuous Delivery
  • D. Continuous Development

Answer: A

Reference: What is Continuous Integration?

Top

Q58: When deploying application code to EC2, the AppSpec file can be written in which language?

  • A. JSON
  • B. JSON or YAML
  • C. XML
  • D. YAML

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q59: Part of your CloudFormation deployment fails due to a mis-configuration, by defaukt what will happen?

  • A. CloudFormation will rollback only the failed components
  • B. CloudFormation will rollback the entire stack
  • C. Failed component will remain available for debugging purposes
  • D. CloudFormation will ask you if you want to continue with the deployment

Answer: B

Reference: Troubleshooting AWS CloudFormation


Top

Q60: You want to receive an email whenever a user pushes code to CodeCommit repository, how can you configure this?

  • A. Create a new SNS topic and configure it to poll for CodeCommit eveents. Ask all users to subscribe to the topic to receive notifications
  • B. Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository.
  • C. Configure Notifications in the console, this will create a CloudWatch events rule to send a notification to a SNS topic which will trigger an email to be sent to the user.
  • D. Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository.

Answer: C

Reference: Getting Started with Amazon SNS


Top

Q61: Which AWS service can be used to centrally store and version control your application source code, binaries and libraries

  • A. CodeCommit
  • B. CodeBuild
  • C. CodePipeline
  • D. ElasticFileSystem

Answer: A

Reference: AWS CodeCommit


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q62: You are using CloudFormation to create a new S3 bucket, which of the following sections would you use to define the properties of your bucket?

  • A. Conditions
  • B. Parameters
  • C. Outputs
  • D. Resources

Answer: D

Reference: Resources


Top

Q63: You are deploying a number of EC2 and RDS instances using CloudFormation. Which section of the CloudFormation template would you use to define these?

  • A. Transforms
  • B. Outputs
  • C. Resources
  • D. Instances

Answer: C.
The Resources section defines your resources you are provisioning. Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack. Transforms is used to reference code located in S3.
Reference: Resources

Top

Q64: Which AWS service can be used to fully automate your entire release process?

  • A. CodeDeploy
  • B. CodePipeline
  • C. CodeCommit
  • D. CodeBuild

Answer: B.
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates

Reference: AWS CodePipeline


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q65: You want to use the output of your CloudFormation stack as input to another CloudFormation stack. Which sections of the CloudFormation template would you use to help you configure this?

  • A. Outputs
  • B. Transforms
  • C. Resources
  • D. Exports

Answer: A.
Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack.
Reference: CloudFormation Outputs

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q66: You have some code located in an S3 bucket that you want to reference in your CloudFormation template. Which section of the template can you use to define this?

  • A. Inputs
  • B. Resources
  • C. Transforms
  • D. Files

Answer: C.
Transforms is used to reference code located in S3 and also specififying the use of the Serverless Application Model (SAM) for Lambda deployments.
Reference: Transforms

Top

Q67: You are deploying an application to a number of Ec2 instances using CodeDeploy. What is the name of the file
used to specify source files and lifecycle hooks?

  • A. buildspec.yml
  • B. appspec.json
  • C. appspec.yml
  • D. buildspec.json

Answer: C.

Reference: CodeDeploy AppSpec File Reference

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q68: Which of the following approaches allows you to re-use pieces of CloudFormation code in multiple templates, for common use cases like provisioning a load balancer or web server?

  • A. Share the code using an EBS volume
  • B. Copy and paste the code into the template each time you need to use it
  • C. Use a cloudformation nested stack
  • D. Store the code you want to re-use in an AMI and reference the AMI from within your CloudFormation template.

Answer: C.

Reference: Working with Nested Stacks

Top

Q69: In the CodeDeploy AppSpec file, what are hooks used for?

  • A. To reference AWS resources that will be used during the deployment
  • B. Hooks are reserved for future use
  • C. To specify files you want to copy during the deployment.
  • D. To specify, scripts or function that you want to run at set points in the deployment lifecycle

Answer: D.
The ‘hooks’ section for an EC2/On-Premises deployment contains mappings that link deployment lifecycle event hooks to one or more scripts.

Reference: AppSpec ‘hooks’ Section

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q70: Which command can you use to encrypt a plain text file using CMK?

  • A. aws kms-encrypt
  • B. aws iam encrypt
  • C. aws kms encrypt
  • D. aws encrypt

Answer: C.
aws kms encrypt –key-id 1234abcd-12ab-34cd-56ef-1234567890ab –plaintext fileb://ExamplePlaintextFile –output text –query CiphertextBlob > C:\Temp\ExampleEncryptedFile.base64

Reference: AWS CLI Encrypt

Top

Q72: Which of the following is an encrypted key used by KMS to encrypt your data

  • A. Custmoer Mamaged Key
  • B. Encryption Key
  • C. Envelope Key
  • D. Customer Master Key

Answer: C.
Your Data key also known as the Enveloppe key is encrypted using the master key.This approach is known as Envelope encryption.
Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key.

Reference: Envelope Encryption

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q73: Which of the following statements are correct? (Choose 2)

  • A. The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
  • B. The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
  • C. The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
  • D. The Customer MasterKey is used to encrypt and decrypt plain text files.

Answer: A. and B.

Reference: AWS Key Management Service Concepts

Top

 
 

Q74: Which of the following statements is correct in relation to kMS/ (Choose 2)

  • A. KMS Encryption keys are regional
  • B. You cannot export your customer master key
  • C. You can export your customer master key.
  • D. KMS encryption Keys are global

Answer: A. and B.

Reference: AWS Key Management Service FAQs

Q75:  A developer is preparing a deployment package for a Java implementation of an AWS Lambda function. What should the developer include in the deployment package? (Select TWO.)
A. Compiled application code
B. Java runtime environment
C. References to the event sources
D. Lambda execution role
E. Application dependencies


Answer: C. E.
Notes: To create a Lambda function, you first create a Lambda function deployment package. This package is a .zip or .jar file consisting of your code and any dependencies.
Reference: Lambda deployment packages.

Q76: A developer uses AWS CodeDeploy to deploy a Python application to a fleet of Amazon EC2 instances that run behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. What should the developer include in the CodeDeploy deployment package?
A. A launch template for the Amazon EC2 Auto Scaling group
B. A CodeDeploy AppSpec file
C. An EC2 role that grants the application access to AWS services
D. An IAM policy that grants the application access to AWS services


Answer: B.
Notes: The CodeDeploy AppSpec (application specific) file is unique to CodeDeploy. The AppSpec file is used to manage each deployment as a series of lifecycle event hooks, which are defined in the file.
Reference: CodeDeploy application specification (AppSpec) files.
Category: Deployment

Q76: A company is working on a project to enhance its serverless application development process. The company hosts applications on AWS Lambda. The development team regularly updates the Lambda code and wants to use stable code in production. Which combination of steps should the development team take to configure Lambda functions to meet both development and production requirements? (Select TWO.)

A. Create a new Lambda version every time a new code release needs testing.
B. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready unqualified Amazon Resource Name (ARN) version. Point the Development alias to the $LATEST version.
C. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to the production-ready qualified Amazon Resource Name (ARN) version. Point the Development alias to the variable LAMBDA_TASK_ROOT.
D. Create a new Lambda layer every time a new code release needs testing.
E. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready Lambda layer Amazon Resource Name (ARN). Point the Development alias to the $LATEST layer ARN.


Answer: A. B.
Notes: Lambda function versions are designed to manage deployment of functions. They can be used for code changes, without affecting the stable production version of the code. By creating separate aliases for Production and Development, systems can initiate the correct alias as needed. A Lambda function alias can be used to point to a specific Lambda function version. Using the functionality to update an alias and its linked version, the development team can update the required version as needed. The $LATEST version is the newest published version.
Reference: Lambda function versions.

For more information about Lambda layers, see Creating and sharing Lambda layers.

For more information about Lambda function aliases, see Lambda function aliases.

Category: Deployment

Q77: Each time a developer publishes a new version of an AWS Lambda function, all the dependent event source mappings need to be updated with the reference to the new version’s Amazon Resource Name (ARN). These updates are time consuming and error-prone. Which combination of actions should the developer take to avoid performing these updates when publishing a new Lambda version? (Select TWO.)
A. Update event source mappings with the ARN of the Lambda layer.
B. Point a Lambda alias to a new version of the Lambda function.
C. Create a Lambda alias for each published version of the Lambda function.
D. Point a Lambda alias to a new Lambda function alias.
E. Update the event source mappings with the Lambda alias ARN.


Answer: B. E.
Notes: A Lambda alias is a pointer to a specific Lambda function version. Instead of using ARNs for the Lambda function in event source mappings, you can use an alias ARN. You do not need to update your event source mappings when you promote a new version or roll back to a previous version.
Reference: Lambda function aliases.
Category: Deployment

Q78:  A company wants to store sensitive user data in Amazon S3 and encrypt this data at rest. The company must manage the encryption keys and use Amazon S3 to perform the encryption. How can a developer meet these requirements?
A. Enable default encryption for the S3 bucket by using the option for server-side encryption with customer-provided encryption keys (SSE-C).
B. Enable client-side encryption with an encryption key. Upload the encrypted object to the S3 bucket.
C. Enable server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Upload an object to the S3 bucket.
D. Enable server-side encryption with customer-provided encryption keys (SSE-C). Upload an object to the S3 bucket.


Answer: D.
Notes: When you upload an object, Amazon S3 uses the encryption key you provide to apply AES-256 encryption to your data and removes the encryption key from memory.
Reference: Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).

Category: Security

Q79: A company is developing a Python application that submits data to an Amazon DynamoDB table. The company requires client-side encryption of specific data items and end-to-end protection for the encrypted data in transit and at rest. Which combination of steps will meet the requirement for the encryption of specific data items? (Select TWO.)

A. Generate symmetric encryption keys with AWS Key Management Service (AWS KMS).
B. Generate asymmetric encryption keys with AWS Key Management Service (AWS KMS).
C. Use generated keys with the DynamoDB Encryption Client.
D. Use generated keys to configure DynamoDB table encryption with AWS managed customer master keys (CMKs).
E. Use generated keys to configure DynamoDB table encryption with AWS owned customer master keys (CMKs).


Answer: A. C.
Notes: When the DynamoDB Encryption Client is configured to use AWS KMS, it uses a customer master key (CMK) that is always encrypted when used outside of AWS KMS. This cryptographic materials provider returns a unique encryption key and signing key for every table item. This method of encryption uses a symmetric CMK.
Reference: Direct KMS Materials Provider.
Category: Deployment

Q80: A company is developing a REST API with Amazon API Gateway. Access to the API should be limited to users in the existing Amazon Cognito user pool. Which combination of steps should a developer perform to secure the API? (Select TWO.)
A. Create an AWS Lambda authorizer for the API.
B. Create an Amazon Cognito authorizer for the API.
C. Configure the authorizer for the API resource.
D. Configure the API methods to use the authorizer.
E. Configure the authorizer for the API stage.


Answer: B. D.
Notes: An Amazon Cognito authorizer should be used for integration with Amazon Cognito user pools. In addition to creating an authorizer, you are required to configure an API method to use that authorizer for the API.
Reference: Control access to a REST API using Amazon Cognito user pools as authorizer.
Category: Security

Q81: A developer is implementing a mobile app to provide personalized services to app users. The application code makes calls to Amazon S3 and Amazon Simple Queue Service (Amazon SQS). Which options can the developer use to authenticate the app users? (Select TWO.)
A. Authenticate to the Amazon Cognito identity pool directly.
B. Authenticate to AWS Identity and Access Management (IAM) directly.
C. Authenticate to the Amazon Cognito user pool directly.
D. Federate authentication by using Login with Amazon with the users managed with AWS Security Token Service (AWS STS).
E. Federate authentication by using Login with Amazon with the users managed with the Amazon Cognito user pool.


Answer: C. E.
Notes: The Amazon Cognito user pool provides direct user authentication. The Amazon Cognito user pool provides a federated authentication option with third-party identity provider (IdP), including amazon.com.
Reference: Adding User Pool Sign-in Through a Third Party.
Category: Security

 
 

Q82: A company is implementing several order processing workflows. Each workflow is implemented by using AWS Lambda functions for each task. Which combination of steps should a developer follow to implement these workflows? (Select TWO.)
A. Define a AWS Step Functions task for each Lambda function.
B. Define a AWS Step Functions task for each workflow.
C. Write code that polls the AWS Step Functions invocation to coordinate each workflow.
D. Define an AWS Step Functions state machine for each workflow.
E. Define an AWS Step Functions state machine for each Lambda function.


Answer: A. D.
Notes: Step Functions is based on state machines and tasks. A state machine is a workflow. Tasks perform work by coordinating with other AWS services, such as Lambda. A state machine is a workflow. It can be used to express a workflow as a number of states, their relationships, and their input and output. You can coordinate individual tasks with Step Functions by expressing your workflow as a finite state machine, written in the Amazon States Language.
Reference: Getting Started with AWS Step Functions.

Category: Development

Q83: A company is migrating a web service to the AWS Cloud. The web service accepts requests by using HTTP (port 80). The company wants to use an AWS Lambda function to process HTTP requests. Which application design will satisfy these requirements?
A. Create an Amazon API Gateway API. Configure proxy integration with the Lambda function.
B. Create an Amazon API Gateway API. Configure non-proxy integration with the Lambda function.
C. Configure the Lambda function to listen to inbound network connections on port 80.
D. Configure the Lambda function as a target in the Application Load Balancer target group.


Answer: D.
Notes: Elastic Load Balancing supports Lambda functions as a target for an Application Load Balancer. You can use load balancer rules to route HTTP requests to a function, based on the path or the header values. Then, process the request and return an HTTP response from your Lambda function.
Reference: Using AWS Lambda with an Application Load Balancer.
Category: Development

Q84: A company is developing an image processing application. When an image is uploaded to an Amazon S3 bucket, a number of independent and separate services must be invoked to process the image. The services do not have to be available immediately, but they must process every image. Which application design satisfies these requirements?
A. Configure an Amazon S3 event notification that publishes to an Amazon Simple Queue Service (Amazon SQS) queue. Each service pulls the message from the same queue.
B. Configure an Amazon S3 event notification that publishes to an Amazon Simple Notification Service (Amazon SNS) topic. Each service subscribes to the same topic.
C. Configure an Amazon S3 event notification that publishes to an Amazon Simple Queue Service (Amazon SQS) queue. Subscribe a separate Amazon Simple Notification Service (Amazon SNS) topic for each service to an Amazon SQS queue.
D. Configure an Amazon S3 event notification that publishes to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe a separate Simple Queue Service (Amazon SQS) queue for each service to the Amazon SNS topic.


Answer: D.
Notes: Each service can subscribe to an individual Amazon SQS queue, which receives an event notification from the Amazon SNS topic. This is a fanout architectural implementation.
Reference: Common Amazon SNS scenarios.
Category: Development

Q85: A developer wants to implement Amazon EC2 Auto Scaling for a Multi-AZ web application. However, the developer is concerned that user sessions will be lost during scale-in events. How can the developer store the session state and share it across the EC2 instances?
A. Write the sessions to an Amazon Kinesis data stream. Configure the application to poll the stream.
B. Publish the sessions to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe each instance in the group to the topic.
C. Store the sessions in an Amazon ElastiCache for Memcached cluster. Configure the application to use the Memcached API.
D. Write the sessions to an Amazon Elastic Block Store (Amazon EBS) volume. Mount the volume to each instance in the group.


Answer: C.
Notes: ElastiCache for Memcached is a distributed in-memory data store or cache environment in the cloud. It will meet the developer’s requirement of persistent storage and is fast to access.
Reference: What is Amazon ElastiCache for Memcached?

Category: Development

 
 
 

Q86: A developer is integrating a legacy web application that runs on a fleet of Amazon EC2 instances with an Amazon DynamoDB table. There is no AWS SDK for the programming language that was used to implement the web application. Which combination of steps should the developer perform to make an API call to Amazon DynamoDB from the instances? (Select TWO.)
A. Make an HTTPS POST request to the DynamoDB API endpoint for the AWS Region. In the request body, include an XML document that contains the request attributes.
B. Make an HTTPS POST request to the DynamoDB API endpoint for the AWS Region. In the request body, include a JSON document that contains the request attributes.
C. Sign the requests by using AWS access keys and Signature Version 4.
D. Use an EC2 SSH key to calculate Signature Version 4 of the request.
E. Provide the signature value through the HTTP X-API-Key header.


Answer: B. C.
Notes: The HTTPS-based low-level AWS API for DynamoDB uses JSON as a wire protocol format. When you send HTTP requests to AWS, you sign the requests so that AWS can identify who sent them. Requests are signed with your AWS access key, which consists of an access key ID and secret access key. AWS supports two signature versions: Signature Version 4 and Signature Version 2. AWS recommends the use of Signature Version 4.
Reference: Signing AWS API requests.
Category: Development

Q87: A developer has written several custom applications that read and write to the same Amazon DynamoDB table. Each time the data in the DynamoDB table is modified, this change should be sent to an external API. Which combination of steps should the developer perform to accomplish this task? (Select TWO.)
A. Configure an AWS Lambda function to poll the stream and call the external API.
B. Configure an event in Amazon EventBridge (Amazon CloudWatch Events) that publishes the change to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) data stream.
C. Create a trigger in the DynamoDB table to publish the change to an Amazon Kinesis data stream.
D. Deliver the stream to an Amazon Simple Notification Service (Amazon SNS) topic and subscribe the API to the topic.
E. Enable DynamoDB Streams on the table.


Answer: A. E.
Notes: If you enable DynamoDB Streams on a table, you can associate the stream Amazon Resource Name (ARN) with an Lambda function that you write. Immediately after an item in the table is modified, a new record appears in the table’s stream. Lambda polls the stream and invokes your Lambda function synchronously when it detects new stream records. You can enable DynamoDB Streams on a table to create an event that invokes an AWS Lambda function.
Reference: Tutorial: Process New Items with DynamoDB Streams and Lambda.
Category: Monitoring

 
 
 

Q88: A company is migrating the create, read, update, and delete (CRUD) functionality of an existing Java web application to AWS Lambda. Which minimal code refactoring is necessary for the CRUD operations to run in the Lambda function?
A. Implement a Lambda handler function.
B. Import an AWS X-Ray package.
C. Rewrite the application code in Python.
D. Add a reference to the Lambda execution role.


Answer: A.
Notes: Every Lambda function needs a Lambda-specific handler. Specifics of authoring vary between runtimes, but all runtimes share a common programming model that defines the interface between your code and the runtime code. You tell the runtime which method to run by defining a handler in the function configuration. The runtime runs that method. Next, the runtime passes in objects to the handler that contain the invocation event and context, such as the function name and request ID.
Reference: Getting started with Lambda.
Category: Refactoring

Top

Q89: A company plans to use AWS log monitoring services to monitor an application that runs on premises. Currently, the application runs on a recent version of Ubuntu Server and outputs the logs to a local file. Which combination of steps should a developer perform to accomplish this goal? (Select TWO.)
A. Update the application code to include calls to the agent API for log collection.
B. Install the Amazon Elastic Container Service (Amazon ECS) container agent on the server.
C. Install the unified Amazon CloudWatch agent on the server.
D. Configure the long-term AWS credentials on the server to enable log collection by the agent.
E. Attach an IAM role to the server to enable log collection by the agent.


Answer: C. D.
Notes: The unified CloudWatch agent needs to be installed on the server. Ubuntu Server 18.04 is one of the many supported operating systems. When you install the unified CloudWatch agent on an on-premises server, you will specify a named profile that contains the credentials of the IAM user.
Reference: Collecting metrics and logs from Amazon EC2 instances and on-premises servers with the CloudWatch agent.
Category: Monitoring

Q90: A developer wants to monitor invocations of an AWS Lambda function by using Amazon CloudWatch Logs. The developer added a number of print statements to the function code that write the logging information to the stdout stream. After running the function, the developer does not see any log data being generated. Why does the log data NOT appear in the CloudWatch logs?
A. The log data is not written to the stderr stream.
B. Lambda function logging is not automatically enabled.
C. The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.
D. The Lambda function outputs the logs to an Amazon S3 bucket.


Answer: C.
Notes: The function needs permission to call CloudWatch Logs. Update the execution role to grant the permission. You can use the managed policy of AWSLambdaBasicExecutionRole.
Reference: Troubleshoot execution issues in Lambda.
Category: Monitoting

Q91: Which of the following are best practices you should implement into ongoing deployments of your application? (Select THREE.)

A. Use stage variables to manage secrets across environments
B. Create account-specific AWS SAM templates for each environment
C. Use an AutoPublish alias
D. Use traffic shifting with pre- and post-deployment hooks
E. Test throughout the pipeline


Answer: C. D. E.
Notes: Use an AutoPublish alias, Use traffic shifting with pre- and post-deployment hooks, Test throughout the pipeline
Reference: https://enoumen.com/2019/06/23/aws-solution-architect-associate-exam-prep-facts-and-summaries-questions-and-answers-dump/

Q92: You are handing off maintenance of your new serverless application to an incoming team lead. Which recommendations would you make? (Select THREE.)

A. Keep up to date with the quotas and payload sizes for each AWS service you are using

B. Analyze production access patterns to identify potential improvements

C. Design your services to extend their life as long as possible

D. Minimize changes to your production application

E. Compare the value of using the latest first-class integrations versus using Lambda between AWS services


Answer: A. B. D.

Notes: Keep up to date with the quotas and payload sizes for each AWS service you are using, 

2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump.

Welcome to AWS Certified Developer Associate Exam Preparation:

Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates

2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump
AWS Developer Associate DVA-C01 Exam Prep
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

What is the AWS Certified Developer Associate Exam?

This AWS Certified Developer-Associate Examination is intended for individuals who perform a Developer role. It validates an examinee’s ability to:

  • Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
  • Demonstrate proficiency in developing, deploying, and debugging cloud-based applications by using AWS

Recommended general IT knowledge
The target candidate should have the following:
– In-depth knowledge of at least one high-level programming language
– Understanding of application lifecycle management
– The ability to write code for serverless applications
– Understanding of the use of containers in the development process

Recommended AWS knowledge
The target candidate should be able to do the following:

  • Use the AWS service APIs, CLI, and software development kits (SDKs) to write applications
  • Identify key features of AWS services
  • Understand the AWS shared responsibility model
  • Use a continuous integration and continuous delivery (CI/CD) pipeline to deploy applications on AWS
  • Use and interact with AWS services
  • Apply basic understanding of cloud-native applications to write code
  • Write code by using AWS security best practices (for example, use IAM roles instead of secret and access keys in the code)
  • Author, maintain, and debug code modules on AWS

What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
– Design architectures (for example, distributed system, microservices)
– Design and implement CI/CD pipelines

  • Administer IAM users and groups
  • Administer Amazon Elastic Container Service (Amazon ECS)
  • Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)
  • Understand compliance and licensing

Exam content
Response types
There are two types of questions on the exam:
– Multiple choice: Has one correct response and three incorrect responses (distractors)
– Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that will affect your score.

Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results
The AWS Certified Developer – Associate (DVA-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.

Domain 1: Deployment 22%
Domain 2: Security 26%
Domain 3: Development with AWS Services 30%
Domain 4: Refactoring 10%
Domain 5: Monitoring and Troubleshooting 12%

Domain 1: Deployment
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
–  Commit code to a repository and invoke build, test and/or deployment actions
–  Use labels and branches for version and release management
–  Use AWS CodePipeline to orchestrate workflows against different environments
–  Apply AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeStar, and AWS
CodeDeploy for CI/CD purposes
–  Perform a roll back plan based on application deployment policy

1.2 Deploy applications using AWS Elastic Beanstalk.
–  Utilize existing supported environments to define a new application stack
–  Package the application
–  Introduce a new application version into the Elastic Beanstalk environment
–  Utilize a deployment policy to deploy an application version (i.e., all at once, rolling, rolling with batch, immutable)
–  Validate application health using Elastic Beanstalk dashboard
–  Use Amazon CloudWatch Logs to instrument application logging

1.3 Prepare the application deployment package to be deployed to AWS.
–  Manage the dependencies of the code module (like environment variables, config files and static image files) within the package
–  Outline the package/container directory structure and organize files appropriately
–  Translate application resource requirements to AWS infrastructure parameters (e.g., memory, cores)

1.4 Deploy serverless applications.
–  Given a use case, implement and launch an AWS Serverless Application Model (AWS SAM) template
–  Manage environments in individual AWS services (e.g., Differentiate between Development, Test, and Production in Amazon API Gateway)

Domain 2: Security
2.1 Make authenticated calls to AWS services.
–  Communicate required policy based on least privileges required by application.
–  Assume an IAM role to access a service
–  Use the software development kit (SDK) credential provider on-premises or in the cloud to access AWS services (local credentials vs. instance roles)

2.2 Implement encryption using AWS services.
– Encrypt data at rest (client side; server side; envelope encryption) using AWS services
–  Encrypt data in transit

2.3 Implement application authentication and authorization.
– Add user sign-up and sign-in functionality for applications with Amazon Cognito identity or user pools
–  Use Amazon Cognito-provided credentials to write code that access AWS services.
–  Use Amazon Cognito sync to synchronize user profiles and data
–  Use developer-authenticated identities to interact between end user devices, backend
authentication, and Amazon Cognito

Domain 3: Development with AWS Services
3.1 Write code for serverless applications.
– Compare and contrast server-based vs. serverless model (e.g., micro services, stateless nature of serverless applications, scaling serverless applications, and decoupling layers of serverless applications)
– Configure AWS Lambda functions by defining environment variables and parameters (e.g., memory, time out, runtime, handler)
– Create an API endpoint using Amazon API Gateway
–  Create and test appropriate API actions like GET, POST using the API endpoint
–  Apply Amazon DynamoDB concepts (e.g., tables, items, and attributes)
–  Compute read/write capacity units for Amazon DynamoDB based on application requirements
–  Associate an AWS Lambda function with an AWS event source (e.g., Amazon API Gateway, Amazon CloudWatch event, Amazon S3 events, Amazon Kinesis)
–  Invoke an AWS Lambda function synchronously and asynchronously

3.2 Translate functional requirements into application design.
– Determine real-time vs. batch processing for a given use case
– Determine use of synchronous vs. asynchronous for a given use case
– Determine use of event vs. schedule/poll for a given use case
– Account for tradeoffs for consistency models in an application design

Domain 4: Refactoring
4.1 Optimize applications to best use AWS services and features.
 Implement AWS caching services to optimize performance (e.g., Amazon ElastiCache, Amazon API Gateway cache)
 Apply an Amazon S3 naming scheme for optimal read performance

4.2 Migrate existing application code to run on AWS.
– Isolate dependencies
– Run the application as one or more stateless processes
– Develop in order to enable horizontal scalability
– Externalize state

Domain 5: Monitoring and Troubleshooting

5.1 Write code that can be monitored.
– Create custom Amazon CloudWatch metrics
– Perform logging in a manner available to systems operators
– Instrument application source code to enable tracing in AWS X-Ray

5.2 Perform root cause analysis on faults found in testing or production.
– Interpret the outputs from the logging mechanism in AWS to identify errors in logs
– Check build and testing history in AWS services (e.g., AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline) to identify issues
– Utilize AWS services (e.g., Amazon CloudWatch, VPC Flow Logs, and AWS X-Ray) to locate a specific faulty component

Which key tools, technologies, and concepts might be covered on the exam?

The following is a non-exhaustive list of the tools and technologies that could appear on the exam.
This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:
– Analytics
– Application Integration
– Containers
– Cost and Capacity Management
– Data Movement
– Developer Tools
– Instances (virtual machines)
– Management and Governance
– Networking and Content Delivery
– Security
– Serverless

AWS services and features

Analytics:
– Amazon Elasticsearch Service (Amazon ES)
– Amazon Kinesis
Application Integration:
– Amazon EventBridge (Amazon CloudWatch Events)
– Amazon Simple Notification Service (Amazon SNS)
– Amazon Simple Queue Service (Amazon SQS)
– AWS Step Functions

Compute:
– Amazon EC2
– AWS Elastic Beanstalk
– AWS Lambda

Containers:
– Amazon Elastic Container Registry (Amazon ECR)
– Amazon Elastic Container Service (Amazon ECS)
– Amazon Elastic Kubernetes Services (Amazon EKS)

Database:
– Amazon DynamoDB
– Amazon ElastiCache
– Amazon RDS

Developer Tools:
– AWS CodeArtifact
– AWS CodeBuild
– AWS CodeCommit
– AWS CodeDeploy
– Amazon CodeGuru
– AWS CodePipeline
– AWS CodeStar
– AWS Fault Injection Simulator
– AWS X-Ray

Management and Governance:
– AWS CloudFormation
– Amazon CloudWatch

Networking and Content Delivery:
– Amazon API Gateway
– Amazon CloudFront
– Elastic Load Balancing

Security, Identity, and Compliance:
– Amazon Cognito
– AWS Identity and Access Management (IAM)
– AWS Key Management Service (AWS KMS)

Storage:
– Amazon S3

Out-of-scope AWS services and features

The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this list because they are assumed to be irrelevant.
Out-of-scope AWS services and features include the following:
– AWS Application Discovery Service
– Amazon AppStream 2.0
– Amazon Chime
– Amazon Connect
– AWS Database Migration Service (AWS DMS)
– AWS Device Farm
– Amazon Elastic Transcoder
– Amazon GameLift
– Amazon Lex
– Amazon Machine Learning (Amazon ML)
– AWS Managed Services
– Amazon Mobile Analytics
– Amazon Polly

– Amazon QuickSight
– Amazon Rekognition
– AWS Server Migration Service (AWS SMS)
– AWS Service Catalog
– AWS Shield Advanced
– AWS Shield Standard
– AWS Snow Family
– AWS Storage Gateway
– AWS WAF
– Amazon WorkMail
– Amazon WorkSpaces

To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

Top

AWS Certified Developer – Associate Practice Questions And Answers Dump

Q0: Your application reads commands from an SQS queue and sends them to web services hosted by your
partners. When a partner’s endpoint goes down, your application continually returns their commands to the queue. The repeated attempts to deliver these commands use up resources. Commands that can’t be delivered must not be lost.
How can you accommodate the partners’ broken web services without wasting your resources?

  • A. Create a delay queue and set DelaySeconds to 30 seconds
  • B. Requeue the message with a VisibilityTimeout of 30 seconds.
  • C. Create a dead letter queue and set the Maximum Receives to 3.
  • D. Requeue the message with a DelaySeconds of 30 seconds.
2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump
AWS Developer Associates DVA-C01 PRO
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 


C. After a message is taken from the queue and returned for the maximum number of retries, it is
automatically sent to a dead letter queue, if one has been configured. It stays there until you retrieve it for forensic purposes.

Reference: Amazon SQS Dead-Letter Queues


Top

Q1: A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently.
What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. The AWS Documentation mentions the following:

DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

Q2: You are creating a DynamoDB table with the following attributes:

  • PurchaseOrderNumber (partition key)
  • CustomerID
  • PurchaseDate
  • TotalPurchaseValue

One of your applications must retrieve items from the table to calculate the total value of purchases for a
particular customer over a date range. What secondary index do you need to add to the table?

  • A. Local secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • B. Local secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute
  • C. Global secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • D. Global secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute


C. The query is for a particular CustomerID, so a Global Secondary Index is needed for a different partition
key. To retrieve only the desired date range, the PurchaseDate must be the sort key. Projecting the
TotalPurchaseValue into the index provides all the data needed to satisfy the use case.

Reference: AWS DynamoDB Global Secondary Indexes

Difference between local and global indexes in DynamoDB

    • Global secondary index — an index with a hash and range key that can be different from those on the table. A global secondary index is considered “global” because queries on the index can span all of the data in a table, across all partitions.
    • Local secondary index — an index that has the same hash key as the table, but a different range key. A local secondary index is “local” in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key.
    • Local Secondary Indexes still rely on the original Hash Key. When you supply a table with hash+range, think about the LSI as hash+range1, hash+range2.. hash+range6. You get 5 more range attributes to query on. Also, there is only one provisioned throughput.
    • Global Secondary Indexes defines a new paradigm – different hash/range keys per index.
      This breaks the original usage of one hash key per table. This is also why when defining GSI you are required to add a provisioned throughput per index and pay for it.
    • Local Secondary Indexes can only be created when you are creating the table, there is no way to add Local Secondary Index to an existing table, also once you create the index you cannot delete it.
    • Global Secondary Indexes can be created when you create the table and added to an existing table, deleting an existing Global Secondary Index is also allowed.

Throughput :

  • Local Secondary Indexes consume throughput from the table. When you query records via the local index, the operation consumes read capacity units from the table. When you perform a write operation (create, update, delete) in a table that has a local index, there will be two write operations, one for the table another for the index. Both operations will consume write capacity units from the table.
  • Global Secondary Indexes have their own provisioned throughput, when you query the index the operation will consume read capacity from the index, when you perform a write operation (create, update, delete) in a table that has a global index, there will be two write operations, one for the table another for the index*.


Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

AWS Developer Associate DVA-C01 Exam Prep
AWS Developer Associate DVA-C01 Exam Prep
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q3: When referencing the remaining time left for a Lambda function to run within the function’s code you would use:

  • A. The event object
  • B. The timeLeft object
  • C. The remains object
  • D. The context object


D. The context object.

Reference: AWS Lambda


Top

Q4: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context
D. event, context
def handler_name(event, context):

return some_value

Reference: AWS Lambda Function Handler in Python

Top

Q5: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda Deployment Package

Top

Q6: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime

C. Function code and libraries not included within the runtime

Reference: AWS Lambda Deployment Package in PowerShell

Top

Q7: You are attempting to SSH into an EC2 instance that is located in a public subnet. However, you are currently receiving a timeout error trying to connect. What could be a possible cause of this connection issue?

  • A. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic, but does not have an outbound rule that allows SSH traffic.
  • B. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND has an outbound rule that explicitly denies SSH traffic.
  • C. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND the associated NACL has both an inbound and outbound rule that allows SSH traffic.
  • D. The security group associated with the EC2 instance does not have an inbound rule that allows SSH traffic AND the associated NACL does not have an outbound rule that allows SSH traffic.


D. Security groups are stateful, so you do NOT have to have an explicit outbound rule for return requests. However, NACLs are stateless so you MUST have an explicit outbound rule configured for return request.

Reference: Comparison of Security Groups and Network ACLs

AWS Security Groups and NACL


Top

Q8: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.

Reference: AWS Network Address Translation Gateway


Top

Q9: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.

Reference: AWS Autoscalling


Top

Q10: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda

Top

Q11: You’re writing a script with an AWS SDK that uses the AWS API Actions and want to create AMIs for non-EBS backed AMIs for you. Which API call should occurs in the final process of creating an AMI?

  • A. RegisterImage
  • B. CreateImage
  • C. ami-register-image
  • D. ami-create-image

A. It is actually – RegisterImage. All AWS API Actions will follow the capitalization like this and don’t have hyphens in them.

Reference: API RegisterImage

Top

Q12: When dealing with session state in EC2-based applications using Elastic load balancers which option is generally thought of as the best practice for managing user sessions?

  • A. Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information
  • B. Permenantly assigning users to specific instances and always routing their traffic to those instances
  • C. Using Application-generated cookies to tie a user session to a particular instance for the cookie duration
  • D. Using Elastic Load Balancer generated cookies to tie a user session to a particular instance

Top

Q13: Which API call would best be used to describe an Amazon Machine Image?

  • A. ami-describe-image
  • B. ami-describe-images
  • C. DescribeImage
  • D. DescribeImages

D. In general, API actions stick to the PascalCase style with the first letter of every word capitalized.

Reference: API DescribeImages

Top

Q14: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

  • A. Autoscaling requires using Amazon EBS-backed instances
  • B. Virtual Private Cloud requires EBS backed instances
  • C. Amazon EBS-backed instances can be stopped and restarted without losing data
  • D. Instance-store backed instances can be stopped and restarted without losing data

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

C. Instance-store backed images use “ephemeral” storage (temporary). The storage is only available during the life of an instance. Rebooting an instance will allow ephemeral data stay persistent. However, stopping and starting an instance will remove all ephemeral storage.

Reference: What is the difference between EBS and Instance Store?

Top

Q15: After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called Toto.pem) you try and SSH into your IP address (54.1.132.33) using the following command.
ssh -i my_key.pem ec2-user@52.2.222.22
However you receive the following error.
@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@
What is the most probable reason for this and how can you fix it?

  • A. You do not have root access on your terminal and need to use the sudo option for this to work.
  • B. You do not have enough permissions to perform the operation.
  • C. Your key file is encrypted. You need to use the -u option for unencrypted not the -i option.
  • D. Your key file must not be publicly viewable for SSH to work. You need to modify your .pem file to limit permissions.

D. You need to run something like: chmod 400 my_key.pem

Reference:

Top

Q16: You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you need to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. However, you are unsure if changing the instance state in any of the aforementioned ways will cause you to lose data stored on the EBS volume. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1?

  • A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used.
  • B. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost.
  • C. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used.
  • D. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.

D. The question states that an EBS-backed root device is mounted at /dev/sda1, and EBS volumes maintain information regardless of the instance state. If it was instance store, this would be a different answer.

Reference: AWS Root Device Storage

Top

Q17: EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:

  • A. Can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
  • B. Can only be used to launch EC2 instances in the same country as the AMI is stored
  • C. Can only be used to launch EC2 instances in the same AWS region as the AMI is stored
  • D. Can be used to launch EC2 instances in any AWS region

C. AMIs are only available in the region they are created. Even in the case of the AWS-provided AMIs, AWS has actually copied the AMIs for you to different regions. You cannot access an AMI from one region in another region. However, you can copy an AMI from one region to another

Reference: https://aws.amazon.com/amazon-linux-ami/

Top

Q18: Which of the following statements is true about the Elastic File System (EFS)?

  • A. EFS can scale out to meet capacity requirements and scale back down when no longer needed
  • B. EFS can be used by multiple EC2 instances simultaneously
  • C. EFS cannot be used by an instance using EBS
  • D. EFS can be configured on an instance before launch just like an IAM role or EBS volumes

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

A. and B.

Reference: https://aws.amazon.com/efs/

Top

Q19: IAM Policies, at a minimum, contain what elements?

  • A. ID
  • B. Effects
  • C. Resources
  • D. Sid
  • E. Principle
  • F. Actions

B. C. and F.

Effect – Use Allow or Deny to indicate whether the policy allows or denies access.

Resource – Specify a list of resources to which the actions apply.

Action – Include a list of actions that the policy allows or denies.

Id, Sid aren’t required fields in IAM Policies. But they are optional fields

Reference: AWS IAM Access Policies

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q20: What are the main benefits of IAM groups?

  • A. The ability to create custom permission policies.
  • B. Assigning IAM permission policies to more than one user at a time.
  • C. Easier user/policy management.
  • D. Allowing EC2 instances to gain access to S3.

B. and C.

A. is incorrect: This is a benefit of IAM generally or a benefit of IAM policies. But IAM groups don’t create policies, they have policies attached to them.

Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

 

Top

Q21: What are benefits of using AWS STS?

  • A. Grant access to AWS resources without having to create an IAM identity for them
  • B. Since credentials are temporary, you don’t have to rotate or revoke them
  • C. Temporary security credentials can be extended indefinitely
  • D. Temporary security credentials can be restricted to a specific region

Top

Q22: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios:

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q23: A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application which needs to handle thousands of requests. Currently the dev environment is running on a t1 micro instance. How can the Developer change the EC2 instance type to m4.large?

  • A. Use CloudFormation to migrate the Amazon EC2 instance type of the environment from t1 micro to m4.large.
  • B. Create a saved configuration file in Amazon S3 with the instance type as m4.large and use the same during environment creation.
  • C. Change the instance type to m4.large in the configuration details page of the Create New Environment page.
  • D. Change the instance type value for the environment to m4.large by using update autoscaling group CLI command.

B. The Elastic Beanstalk console and EB CLI set configuration options when you create an environment. You can also set configuration options in saved configurations and configuration files. If the same option is set in multiple locations, the value used is determined by the order of precedence.
Configuration option settings can be composed in text format and saved prior to environment creation, applied during environment creation using any supported client, and added, modified or removed after environment creation.
During environment creation, configuration options are applied from multiple sources with the following precedence, from highest to lowest:

  • Settings applied directly to the environment – Settings specified during a create environment or update environment operation on the Elastic Beanstalk API by any client, including the AWS Management Console, EB CLI, AWS CLI, and SDKs. The AWS Management Console and EB CLI also applyrecommended values for some options that apply at this level unless overridden.
  • Saved Configurations
    Settings for any options that are not applied directly to the
    environment are loaded from a saved configuration, if specified.
  • Configuration Files (.ebextensions)– Settings for any options that are not applied directly to the
    environment, and also not specified in a saved configuration, are loaded from configuration files in the .ebextensions folder at the root of the application source bundle.

     

    Configuration files are executed in alphabetical order. For example,.ebextensions/01run.configis executed before.ebextensions/02do.config.

  • Default Values– If a configuration option has a default value, it only applies when the option is not set at any of the above levels.

If the same configuration option is defined in more than one location, the setting with the highest precedence is applied. When a setting is applied from a saved configuration or settings applied directly to the environment, the setting is stored as part of the environment’s configuration. These settings can be removed with the AWS CLI or with the EB CLI
.
Settings in configuration files are not applied
directly to the environment and cannot be removed without modifying the configuration files and deploying a new application version.If a setting applied with one of the other methods is removed, the same setting will be loaded from configuration files in the source bundle.

Reference: Managing ec2 features – Elastic beanstalk

Q24: What statements are true about Availability Zones (AZs) and Regions?

  • A. There is only one AZ in each AWS Region
  • B. AZs are geographically separated inside a region to help protect against natural disasters affecting more than one at a time.
  • C. AZs can be moved between AWS Regions based on your needs
  • D. There are (almost always) two or more AZs in each AWS Region

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B and D.

Reference: AWS global infrastructure/

Top

Q25: An AWS Region contains:

  • A. Edge Locations
  • B. Data Centers
  • C. AWS Services
  • D. Availability Zones


B. C. D. Edge locations are actually distinct locations that don’t explicitly fall within AWS regions.

Reference: AWS Global Infrastructure


Top

Q26: Which read request in DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful?

  • A. Eventual Consistent Reads
  • B. Conditional reads for Consistency
  • C. Strongly Consistent Reads
  • D. Not possible


C. This is provided very clearly in the AWS documentation as shown below with regards to the read consistency for DynamoDB. Only in Strong Read consistency can you be guaranteed that you get the write read value after all the writes are completed.

Reference: https://aws.amazon.com/dynamodb/faqs/


Top

Q27: You’ ve been asked to move an existing development environment on the AWS Cloud. This environment consists mainly of Docker based containers. You need to ensure that minimum effort is taken during the migration process. Which of the following step would you consider for this requirement?

  • A. Create an Opswork stack and deploy the Docker containers
  • B. Create an application and Environment for the Docker containers in the Elastic Beanstalk service
  • C. Create an EC2 Instance. Install Docker and deploy the necessary containers.
  • D. Create an EC2 Instance. Install Docker and deploy the necessary containers. Add an Autoscaling Group for scalability of the containers.


B. The Elastic Beanstalk service is the ideal service to quickly provision development environments. You can also create environments which can be used to host Docker based containers.

Reference: Create and Deploy Docker in AWS


Top

Q28: You’ve written an application that uploads objects onto an S3 bucket. The size of the object varies between 200 – 500 MB. You’ve seen that the application sometimes takes a longer than expected time to upload the object. You want to improve the performance of the application. Which of the following would you consider?

  • A. Create multiple threads and upload the objects in the multiple threads
  • B. Write the items in batches for better performance
  • C. Use the Multipart upload API
  • D. Enable versioning on the Bucket

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 


C. All other options are invalid since the best way to handle large object uploads to the S3 service is to use the Multipart upload API. The Multipart upload API enables you to upload large objects in parts. You can use this API to upload new large objects or make a copy of an existing object. Multipart uploading is a three-step process: You initiate the upload, you upload the object parts, and after you have uploaded all the parts, you complete the multipart upload. Upon receiving the complete multipart upload request, Amazon S3 constructs the object from the uploaded parts, and you can then access the object just as you would any other object in your bucket.

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html


Top

Q29: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?

  • A. 6000
  • B. 10
  • C. 3600
  • D. 600

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B. When you mention the write capacity of a table in Dynamo DB, you mention it as the number of 1KB writes per second. So in the above question, since the write is happening every minute, we need to divide the value of 600 by 60, to get the number of KB writes per second. This gives a value of 10.

You can specify the Write capacity in the Capacity tab of the DynamoDB table.

Reference: AWS working with tables

Q30: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context


D. event, context def handler_name(event, context):

return some_value
Reference: AWS Lambda Function Handler in Python

Top

Q31: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda Deployment Package

Top

Q32: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime


C. Function code and libraries not included within the runtime
Reference: AWS Lambda Deployment Package in PowerShell

Top

Q33: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.
Reference: AWS Network Address Translation Gateway

Top

Q34: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.
Reference: AWS Autoscalling

Top

Q30: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

Answer:


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda

Top

Q31: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this?

  • A. Lazy loading
  • B. Write-through
  • C. Error retries
  • D. Exponential backoff

Answer:


Answer – A
Whenever your application requests data, it first makes the request to the ElastiCache cache. If the data exists in the cache and is current, ElastiCache returns the data to your application. If the data does not exist in the cache, or the data in the cache has expired, your application requests data from your data store which returns the data to your application. Your application then writes the data received from the store to the cache so it can be more quickly retrieved next time it is requested. All other options are incorrect.
Reference: Caching Strategies

Top

Q32: A developer is writing an application that will run on Ec2 instances and read messages from SQS queue. The nessages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages?

  • A. Use long polling
  • B. Set a custom visibility timeout
  • C. Use short polling
  • D. Implement exponential backoff


Answer – A Long polling will help insure that the applications make less requests for messages in a shorter period of time. This is more cost effective. Since the messages are only going to be available after 15 seconds and we don’t know exacly when they would be available, it is better to use Long Polling.
Reference: Amazon SQS Long Polling

Top

Q33: You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With new Lambda function working as per expectation which of the following will shift traffic from original Lambda function to new Lambda function in the shortest time frame?

  • A. Canary10Percent5Minutes
  • B. Linear10PercentEvery10Minutes
  • C. Canary10Percent15Minutes
  • D. Linear10PercentEvery1Minute


Answer – A
With Canary Deployment Preference type, Traffic is shifted in two intervals. With Canary10Percent5Minutes, 10 percent of traffic is shifted in the first interval while remaining all traffic is shifted after 5 minutes.
Reference: Gradual Code Deployment

Top

Q34: You are using AWS SAM templates to deploy a serverless application. Which of the following resource will embed application from Amazon S3 buckets?

  • A. AWS::Serverless::Api
  • B. AWS::Serverless::Application
  • C. AWS::Serverless::Layerversion
  • D. AWS::Serverless::Function


Answer – B
AWS::Serverless::Application resource in AWS SAm template is used to embed application frm Amazon S3 buckets.
Reference: Declaring Serverless Resources

Top

Q35: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?

  • A. Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
  • B. Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
  • C. Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
  • D. Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.


Answer – D
With Envelope Encryption, unencrypted data is encrypted using plaintext Data key. This Data is further encrypted using plaintext Master key. This plaintext Master key is securely stored in AWS KMS & known as Customer Master Keys.
Reference: AWS Key Management Service Concepts

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q36: You are developing an application that will be comprised of the following architecture –

  1. A set of Ec2 instances to process the videos.
  2. These (Ec2 instances) will be spun up by an autoscaling group.
  3. SQS Queues to maintain the processing messages.
  4. There will be 2 pricing tiers.

How will you ensure that the premium customers videos are given more preference?

  • A. Create 2 Autoscaling Groups, one for normal and one for premium customers
  • B. Create 2 set of Ec2 Instances, one for normal and one for premium customers
  • C. Create 2 SQS queus, one for normal and one for premium customers
  • D. Create 2 Elastic Load Balancers, one for normal and one for premium customers.


Answer – C
The ideal option would be to create 2 SQS queues. Messages can then be processed by the application from the high priority queue first.<br? The other options are not the ideal options. They would lead to extra costs and also extra maintenance.
Reference: SQS

Top

Q37: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?

  • A. CustomerID
  • B. CustomerName
  • C. Location
  • D. Age


Answer- A
Use high-cardinality attributes. These are attributes that have distinct values for each item, like e-mailid, employee_no, customerid, sessionid, orderid, and so on..
Use composite attributes. Try to combine more than one attribute to form a unique key.
Reference: Choosing the right DynamoDB Partition Key

Top

Q38: A developer is making use of AWS services to develop an application. He has been asked to develop the application in a manner to compensate any network delays. Which of the following two mechanisms should he implement in the application?

  • A. Multiple SQS queues
  • B. Exponential backoff algorithm
  • C. Retries in your application code
  • D. Consider using the Java sdk.


Answer- B. and C.
In addition to simple retries, each AWS SDK implements exponential backoff algorithm for better flow control. The idea behind exponential backoff is to use progressively longer waits between retries for consecutive error responses. You should implement a maximum delay interval, as well as a maximum number of retries. The maximum delay interval and maximum number of retries are not necessarily fixed values, and should be set based on the operation being performed, as well as other local factors, such as network latency.
Reference: Error Retries and Exponential Backoff in AWS

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q39: An application is being developed that is going to write data to a DynamoDB table. You have to setup the read and write throughput for the table. Data is going to be read at the rate of 300 items every 30 seconds. Each item is of size 6KB. The reads can be eventual consistent reads. What should be the read capacity that needs to be set on the table?

  • A. 10
  • B. 20
  • C. 6
  • D. 30


Answer – A

Since there are 300 items read every 30 seconds , that means there are (300/30) = 10 items read every second.
Since each item is 6KB in size , that means , 2 reads will be required for each item.
So we have total of 2*10 = 20 reads for the number of items per second
Since eventual consistency is required , we can divide the number of reads(20) by 2 , and in the end we get the Read Capacity of 10.

Reference: Read/Write Capacity Mode


Top

Q40: You are in charge of deploying an application that will be hosted on an EC2 Instance and sit behind an Elastic Load balancer. You have been requested to monitor the incoming connections to the Elastic Load Balancer. Which of the below options can suffice this requirement?

  • A. Use AWS CloudTrail with your load balancer
  • B. Enable access logs on the load balancer
  • C. Use a CloudWatch Logs Agent
  • D. Create a custom metric CloudWatch lter on your load balancer


Answer – B
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
Reference: Access Logs for Your Application Load Balancer

Top

Q41: A static web site has been hosted on a bucket and is now being accessed by users. One of the web pages javascript section has been changed to access data which is hosted in another S3 bucket. Now that same web page is no longer loading in the browser. Which of the following can help alleviate the error?

  • A. Enable versioning for the underlying S3 bucket.
  • B. Enable Replication so that the objects get replicated to the other bucket
  • C. Enable CORS for the bucket
  • D. Change the Bucket policy for the bucket to allow access from the other bucket


Answer – C

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

Cross-Origin Resource Sharing: Use-case Scenarios The following are example scenarios for using CORS:

Scenario 1: Suppose that you are hosting a website in an Amazon S3 bucket named website as described in Hosting a Static Website on Amazon S3. Your users load the website endpoint http://website.s3-website-us-east-1.amazonaws.com. Now you want to use JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket, website.s3.amazonaws.com. A browser would normally block JavaScript from allowing those requests, but with CORS you can configure your bucket to explicitly enable cross-origin requests from website.s3-website-us-east-1.amazonaws.com.

Scenario 2: Suppose that you want to host a web font from your S3 bucket. Again, browsers require a CORS check (also called a preight check) for loading web fonts. You would configure the bucket that is hosting the web font to allow any origin to make these requests.

Reference: Cross-Origin Resource Sharing (CORS)


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q42: Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below

  • A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URL for the appropriate content.
  • B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
  • C. Authenticate your users at the application level, and use AWS Security Token Service (STS)to grant token-based authorization to S3 objects.
  • D. Authenticate your users at the application level, and send an SMS token message to the user. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.


Answer- C
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). The token can then be used to grant access to the objects in S3.
You can then provides access to the objects based on the key values generated via the user id.

Reference: The AWS Security Token Service (STS)


Top

Q43: Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements.

  • A. Publish your data to CloudWatch Logs, and congure your application to Autoscale to handle the load on demand.
  • B. Publish your log data to an Amazon S3 bucket.  Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is congured to pull down your log les stored an Amazon S3
  • C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is congured to process your logging data.
  • D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.

Answer:


Answer – C
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as application logs, website clickstreams, IoT telemetry data, and more into your databases, data lakes and data warehouses, or build your own real-time applications using this data.
Reference: Amazon Kinesis

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q44: You’ve been instructed to develop a mobile application that will make use of AWS services. You need to decide on a data store to store the user sessions. Which of the following would be an ideal data store for session management?

  • A. AWS Simple Storage Service
  • B. AWS DynamoDB
  • C. AWS RDS
  • D. AWS Redshift

Answer:


Answer – B
DynamoDB is a alternative solution which can be used for storage of session management. The latency of access to data is less , hence this can be used as a data store for session management
Reference: Scalable Session Handling in PHP Using Amazon DynamoDB

Top

Q45: Your application currently interacts with a DynamoDB table. Records are inserted into the table via the application. There is now a requirement to ensure that whenever items are updated in the DynamoDB primary table , another record is inserted into a secondary table. Which of the below feature should be used when developing such a solution?

  • A. AWS DynamoDB Encryption
  • B. AWS DynamoDB Streams
  • C. AWS DynamoDB Accelerator
  • D. AWSTable Accelerator


Answer – B
DynamoDB Streams Use Cases and Design Patterns This post describes some common use cases you might encounter, along with their design options and solutions, when migrating data from relational data stores to Amazon DynamoDB. We will consider how to manage the following scenarios:

  • How do you set up a relationship across multiple tables in which, based on the value of an item from one table, you update the item in a second table?
  • How do you trigger an event based on a particular transaction?
  • How do you audit or archive transactions?
  • How do you replicate data across multiple tables (similar to that of materialized views/streams/replication in relational data stores)?

Relational databases provide native support for transactions, triggers, auditing, and replication. Typically, a transaction in a database refers to performing create, read, update, and delete (CRUD) operations against multiple tables in a block. A transaction can have only two states—success or failure. In other words, there is no partial completion. As a NoSQL database, DynamoDB is not designed to support transactions. Although client-side libraries are available to mimic the transaction capabilities, they are not scalable and cost-effective. For example, the Java Transaction Library for DynamoDB creates 7N+4 additional writes for every write operation. This is partly because the library holds metadata to manage the transactions to ensure that it’s consistent and can be rolled back before commit. You can use DynamoDB Streams to address all these use cases. DynamoDB Streams is a powerful service that you can combine with other AWS services to solve many similar problems. When enabled, DynamoDB Streams captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores the information for up to 24 hours. Applications can access a series of stream records, which contain an item change, from a DynamoDB stream in near real time. AWS maintains separate endpoints for DynamoDB and DynamoDB Streams. To work with database tables and indexes, your application must access a DynamoDB endpoint. To read and process DynamoDB Streams records, your application must access a DynamoDB Streams endpoint in the same Region. All of the other options are incorrect since none of these would meet the core requirement.
Reference: DynamoDB Streams Use Cases and Design Patterns


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q46: An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB , and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors?

  • A. Large Page size
  • B. Reduced page size
  • C. Parallel Scans
  • D. Sequential scans

Answer – B
When you scan your table in Amazon DynamoDB, you should follow the DynamoDB best practices for avoiding sudden bursts of read activity. You can use the following technique to minimize the impact of a scan on a table’s provisioned throughput. Reduce page size Because a Scan operation reads an entire page (by default, 1 MB), you can reduce the impact of the scan operation by setting a smaller page size. The Scan operation provides a Limit parameter that you can use to set the page size for your request. Each Query or Scan request that has a smaller page size uses fewer read operations and creates a “pause” between each request. For example, suppose that each item is 4 KB and you set the page size to 40 items. A Query request would then consume only 20 eventually consistent read operations or 40 strongly consistent read operations. A larger number of smaller Query or Scan operations would allow your other critical requests to succeed without throttling.
Reference1: Rate-Limited Scans in Amazon DynamoDB

Reference2: Best Practices for Querying and Scanning Data


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q47: Which of the following is correct way of passing a stage variable to an HTTP URL ? (Select TWO.)

  • A. http://example.com/${}/prod
  • B. http://example.com/${stageVariables.}/prod
  • C. http://${stageVariables.}.example.com/dev/operation
  • D. http://${stageVariables}.example.com/dev/operation
  • E. http://${}.example.com/dev/operation
  • F. http://example.com/${stageVariables}/prod


Answer – B. and C.
A stage variable can be used as part of HTTP integration URL as in following cases, ·         A full URI without protocol ·         A full domain ·         A subdomain ·         A path ·         A query string In the above case , option B & C displays stage variable as a path & sub-domain.
Reference: Amazon API Gateway Stage Variables Reference

Top

Q48: Your company is planning on creating new development environments in AWS. They want to make use of their existing Chef recipes which they use for their on-premise configuration for servers in AWS. Which of the following service would be ideal to use in this regard?

  • A. AWS Elastic Beanstalk
  • B. AWS OpsWork
  • C. AWS Cloudformation
  • D. AWS SQS


Answer – B
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments All other options are invalid since they cannot be used to work with Chef recipes for configuration management.
Reference: AWS OpsWorks

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q49: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

  • A. Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
  • B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
  • C. Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
  • D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.


Answer – C
With web identity federation, you don’t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don’t have to embed and distribute long-term security credentials with your application. Option A is invalid since Roles cannot be assigned to S3 buckets Options B and D are invalid since the AWS Access keys should not be used
Reference: About Web Identity Federation

Top

Q50: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?

  • A. Cognito Data
  • B. Cognito Events
  • C. Cognito Streams
  • D. Cognito Callbacks


Answer – C
Amazon Cognito Streams gives developers control and insight into their data stored in Amazon Cognito. Developers can now configure a Kinesis stream to receive events as data is updated and synchronized. Amazon Cognito can push each dataset change to a Kinesis stream you own in real time. All other options are invalid since you should use Cognito Streams
Reference:

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q51: You’ve developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC. Choose 2 answers from the options given below

  • A. Ensure that the subnet ID’s are mentioned when conguring the Lambda function
  • B. Ensure that the NACL ID’s are mentioned when conguring the Lambda function
  • C. Ensure that the Security Group ID’s are mentioned when conguring the Lambda function
  • D. Ensure that the VPC Flow Log ID’s are mentioned when conguring the Lambda function


Answer: A and C.
AWS Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPCspecific configuration information that includes VPC subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC.
Reference: Configuring a Lambda Function to Access Resources in an Amazon VPC

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q52: You’ve currently been tasked to migrate an existing on-premise environment into Elastic Beanstalk. The application does not make use of Docker containers. You also can’t see any relevant environments in the beanstalk service that would be suitable to host your application. What should you consider doing in this case?

  • A. Migrate your application to using Docker containers and then migrate the app to the Elastic Beanstalk environment.
  • B. Consider using Cloudformation to deploy your environment to Elastic Beanstalk
  • C. Consider using Packer to create a custom platform
  • D. Consider deploying your application using the Elastic Container Service


Answer – C
Elastic Beanstalk supports custom platforms. A custom platform is a more advanced customization than a Custom Image in several ways. A custom platform lets you develop an entire new platform from scratch, customizing the operating system, additional software, and scripts that Elastic Beanstalk runs on platform instances. This flexibility allows you to build a platform for an application that uses a language or other infrastructure software, for which Elastic Beanstalk doesn’t provide a platform out of the box. Compare that to custom images, where you modify an AMI for use with an existing Elastic Beanstalk platform, and Elastic Beanstalk still provides the platform scripts and controls the platform’s software stack. In addition, with custom platforms you use an automated, scripted way to create and maintain your customization, whereas with custom images you make the changes manually over a running instance. To create a custom platform, you build an Amazon Machine Image (AMI) from one of the supported operating systems—Ubuntu, RHEL, or Amazon Linux (see the flavor entry in Platform.yaml File Format for the exact version numbers)—and add further customizations. You create your own Elastic Beanstalk platform using Packer, which is an open-source tool for creating machine images for many platforms, including AMIs for use with Amazon EC2. An Elastic Beanstalk platform comprises an AMI configured to run a set of software that supports an application, and metadata that can include custom configuration options and default configuration option settings.
Reference: AWS Elastic Beanstalk Custom Platforms

Top

Q53: Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.

  • A. 10
  • B. 160
  • C. 155
  • D. 16


Answer – B.
Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.
Reference: Read/Write Capacity Mode

Top

Top

Q54: Which AWS Service can be used to automatically install your application code onto EC2, on premises systems and Lambda?

  • A. CodeCommit
  • B. X-Ray
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q55: Which AWS service can be used to compile source code, run tests and package code?

  • A. CodePipeline
  • B. CodeCommit
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy Answer: B.

Reference: AWS CodeBuild


Top

Q56: How can your prevent CloudFormation from deleting your entire stack on failure? (Choose 2)

  • A. Set the Rollback on failure radio button to No in the CloudFormation console
  • B. Set Termination Protection to Enabled in the CloudFormation console
  • C. Use the –disable-rollback flag with the AWS CLI
  • D. Use the –enable-termination-protection protection flag with the AWS CLI

Answer: A. and C.

Reference: Protecting a Stack From Being Deleted

Top

Q57: Which of the following practices allows multiple developers working on the same application to merge code changes frequently, without impacting each other and enables the identification of bugs early on in the release process?

  • A. Continuous Integration
  • B. Continuous Deployment
  • C. Continuous Delivery
  • D. Continuous Development

Answer: A

Reference: What is Continuous Integration?

Top

Q58: When deploying application code to EC2, the AppSpec file can be written in which language?

  • A. JSON
  • B. JSON or YAML
  • C. XML
  • D. YAML

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q59: Part of your CloudFormation deployment fails due to a mis-configuration, by defaukt what will happen?

  • A. CloudFormation will rollback only the failed components
  • B. CloudFormation will rollback the entire stack
  • C. Failed component will remain available for debugging purposes
  • D. CloudFormation will ask you if you want to continue with the deployment

Answer: B

Reference: Troubleshooting AWS CloudFormation


Top

Q60: You want to receive an email whenever a user pushes code to CodeCommit repository, how can you configure this?

  • A. Create a new SNS topic and configure it to poll for CodeCommit eveents. Ask all users to subscribe to the topic to receive notifications
  • B. Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository.
  • C. Configure Notifications in the console, this will create a CloudWatch events rule to send a notification to a SNS topic which will trigger an email to be sent to the user.
  • D. Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository.

Answer: C

Reference: Getting Started with Amazon SNS


Top

Q61: Which AWS service can be used to centrally store and version control your application source code, binaries and libraries

  • A. CodeCommit
  • B. CodeBuild
  • C. CodePipeline
  • D. ElasticFileSystem

Answer: A

Reference: AWS CodeCommit


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q62: You are using CloudFormation to create a new S3 bucket, which of the following sections would you use to define the properties of your bucket?

  • A. Conditions
  • B. Parameters
  • C. Outputs
  • D. Resources

Answer: D

Reference: Resources


Top

Q63: You are deploying a number of EC2 and RDS instances using CloudFormation. Which section of the CloudFormation template would you use to define these?

  • A. Transforms
  • B. Outputs
  • C. Resources
  • D. Instances

Answer: C.
The Resources section defines your resources you are provisioning. Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack. Transforms is used to reference code located in S3.
Reference: Resources

Top

Q64: Which AWS service can be used to fully automate your entire release process?

  • A. CodeDeploy
  • B. CodePipeline
  • C. CodeCommit
  • D. CodeBuild

Answer: B.
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates

Reference: AWS CodePipeline


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q65: You want to use the output of your CloudFormation stack as input to another CloudFormation stack. Which sections of the CloudFormation template would you use to help you configure this?

  • A. Outputs
  • B. Transforms
  • C. Resources
  • D. Exports

Answer: A.
Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack.
Reference: CloudFormation Outputs

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q66: You have some code located in an S3 bucket that you want to reference in your CloudFormation template. Which section of the template can you use to define this?

  • A. Inputs
  • B. Resources
  • C. Transforms
  • D. Files

Answer: C.
Transforms is used to reference code located in S3 and also specififying the use of the Serverless Application Model (SAM) for Lambda deployments.
Reference: Transforms

Top

Q67: You are deploying an application to a number of Ec2 instances using CodeDeploy. What is the name of the file
used to specify source files and lifecycle hooks?

  • A. buildspec.yml
  • B. appspec.json
  • C. appspec.yml
  • D. buildspec.json

Answer: C.

Reference: CodeDeploy AppSpec File Reference

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q68: Which of the following approaches allows you to re-use pieces of CloudFormation code in multiple templates, for common use cases like provisioning a load balancer or web server?

  • A. Share the code using an EBS volume
  • B. Copy and paste the code into the template each time you need to use it
  • C. Use a cloudformation nested stack
  • D. Store the code you want to re-use in an AMI and reference the AMI from within your CloudFormation template.

Answer: C.

Reference: Working with Nested Stacks

Top

Q69: In the CodeDeploy AppSpec file, what are hooks used for?

  • A. To reference AWS resources that will be used during the deployment
  • B. Hooks are reserved for future use
  • C. To specify files you want to copy during the deployment.
  • D. To specify, scripts or function that you want to run at set points in the deployment lifecycle

Answer: D.
The ‘hooks’ section for an EC2/On-Premises deployment contains mappings that link deployment lifecycle event hooks to one or more scripts.

Reference: AppSpec ‘hooks’ Section

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q70: Which command can you use to encrypt a plain text file using CMK?

  • A. aws kms-encrypt
  • B. aws iam encrypt
  • C. aws kms encrypt
  • D. aws encrypt

Answer: C.
aws kms encrypt –key-id 1234abcd-12ab-34cd-56ef-1234567890ab –plaintext fileb://ExamplePlaintextFile –output text –query CiphertextBlob > C:\Temp\ExampleEncryptedFile.base64

Reference: AWS CLI Encrypt

Top

Q72: Which of the following is an encrypted key used by KMS to encrypt your data

  • A. Custmoer Mamaged Key
  • B. Encryption Key
  • C. Envelope Key
  • D. Customer Master Key

Answer: C.
Your Data key also known as the Enveloppe key is encrypted using the master key.This approach is known as Envelope encryption.
Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key.

Reference: Envelope Encryption

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q73: Which of the following statements are correct? (Choose 2)

  • A. The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
  • B. The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
  • C. The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
  • D. The Customer MasterKey is used to encrypt and decrypt plain text files.

Answer: A. and B.

Reference: AWS Key Management Service Concepts

Top

Q74: Which of the following statements is correct in relation to kMS/ (Choose 2)

  • A. KMS Encryption keys are regional
  • B. You cannot export your customer master key
  • C. You can export your customer master key.
  • D. KMS encryption Keys are global

Answer: A. and B.

Reference: AWS Key Management Service FAQs

Q75:  A developer is preparing a deployment package for a Java implementation of an AWS Lambda function. What should the developer include in the deployment package? (Select TWO.)
A. Compiled application code
B. Java runtime environment
C. References to the event sources
D. Lambda execution role
E. Application dependencies


Answer: C. E.
Notes: To create a Lambda function, you first create a Lambda function deployment package. This package is a .zip or .jar file consisting of your code and any dependencies.
Reference: Lambda deployment packages.

Q76: A developer uses AWS CodeDeploy to deploy a Python application to a fleet of Amazon EC2 instances that run behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. What should the developer include in the CodeDeploy deployment package?
A. A launch template for the Amazon EC2 Auto Scaling group
B. A CodeDeploy AppSpec file
C. An EC2 role that grants the application access to AWS services
D. An IAM policy that grants the application access to AWS services


Answer: B.
Notes: The CodeDeploy AppSpec (application specific) file is unique to CodeDeploy. The AppSpec file is used to manage each deployment as a series of lifecycle event hooks, which are defined in the file.
Reference: CodeDeploy application specification (AppSpec) files.
Category: Deployment

Q76: A company is working on a project to enhance its serverless application development process. The company hosts applications on AWS Lambda. The development team regularly updates the Lambda code and wants to use stable code in production. Which combination of steps should the development team take to configure Lambda functions to meet both development and production requirements? (Select TWO.)

A. Create a new Lambda version every time a new code release needs testing.
B. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready unqualified Amazon Resource Name (ARN) version. Point the Development alias to the $LATEST version.
C. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to the production-ready qualified Amazon Resource Name (ARN) version. Point the Development alias to the variable LAMBDA_TASK_ROOT.
D. Create a new Lambda layer every time a new code release needs testing.
E. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready Lambda layer Amazon Resource Name (ARN). Point the Development alias to the $LATEST layer ARN.


Answer: A. B.
Notes: Lambda function versions are designed to manage deployment of functions. They can be used for code changes, without affecting the stable production version of the code. By creating separate aliases for Production and Development, systems can initiate the correct alias as needed. A Lambda function alias can be used to point to a specific Lambda function version. Using the functionality to update an alias and its linked version, the development team can update the required version as needed. The $LATEST version is the newest published version.
Reference: Lambda function versions.

For more information about Lambda layers, see Creating and sharing Lambda layers.

For more information about Lambda function aliases, see Lambda function aliases.

Category: Deployment

Q77: Each time a developer publishes a new version of an AWS Lambda function, all the dependent event source mappings need to be updated with the reference to the new version’s Amazon Resource Name (ARN). These updates are time consuming and error-prone. Which combination of actions should the developer take to avoid performing these updates when publishing a new Lambda version? (Select TWO.)
A. Update event source mappings with the ARN of the Lambda layer.
B. Point a Lambda alias to a new version of the Lambda function.
C. Create a Lambda alias for each published version of the Lambda function.
D. Point a Lambda alias to a new Lambda function alias.
E. Update the event source mappings with the Lambda alias ARN.


Answer: B. E.
Notes: A Lambda alias is a pointer to a specific Lambda function version. Instead of using ARNs for the Lambda function in event source mappings, you can use an alias ARN. You do not need to update your event source mappings when you promote a new version or roll back to a previous version.
Reference: Lambda function aliases.
Category: Deployment

Q78:  A company wants to store sensitive user data in Amazon S3 and encrypt this data at rest. The company must manage the encryption keys and use Amazon S3 to perform the encryption. How can a developer meet these requirements?
A. Enable default encryption for the S3 bucket by using the option for server-side encryption with customer-provided encryption keys (SSE-C).
B. Enable client-side encryption with an encryption key. Upload the encrypted object to the S3 bucket.
C. Enable server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Upload an object to the S3 bucket.
D. Enable server-side encryption with customer-provided encryption keys (SSE-C). Upload an object to the S3 bucket.


Answer: D.
Notes: When you upload an object, Amazon S3 uses the encryption key you provide to apply AES-256 encryption to your data and removes the encryption key from memory.
Reference: Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).

Category: Security

Q79: A company is developing a Python application that submits data to an Amazon DynamoDB table. The company requires client-side encryption of specific data items and end-to-end protection for the encrypted data in transit and at rest. Which combination of steps will meet the requirement for the encryption of specific data items? (Select TWO.)

A. Generate symmetric encryption keys with AWS Key Management Service (AWS KMS).
B. Generate asymmetric encryption keys with AWS Key Management Service (AWS KMS).
C. Use generated keys with the DynamoDB Encryption Client.
D. Use generated keys to configure DynamoDB table encryption with AWS managed customer master keys (CMKs).
E. Use generated keys to configure DynamoDB table encryption with AWS owned customer master keys (CMKs).


Answer: A. C.
Notes: When the DynamoDB Encryption Client is configured to use AWS KMS, it uses a customer master key (CMK) that is always encrypted when used outside of AWS KMS. This cryptographic materials provider returns a unique encryption key and signing key for every table item. This method of encryption uses a symmetric CMK.
Reference: Direct KMS Materials Provider.
Category: Deployment

Q80: A company is developing a REST API with Amazon API Gateway. Access to the API should be limited to users in the existing Amazon Cognito user pool. Which combination of steps should a developer perform to secure the API? (Select TWO.)
A. Create an AWS Lambda authorizer for the API.
B. Create an Amazon Cognito authorizer for the API.
C. Configure the authorizer for the API resource.
D. Configure the API methods to use the authorizer.
E. Configure the authorizer for the API stage.


Answer: B. D.
Notes: An Amazon Cognito authorizer should be used for integration with Amazon Cognito user pools. In addition to creating an authorizer, you are required to configure an API method to use that authorizer for the API.
Reference: Control access to a REST API using Amazon Cognito user pools as authorizer.
Category: Security

Q81: A developer is implementing a mobile app to provide personalized services to app users. The application code makes calls to Amazon S3 and Amazon Simple Queue Service (Amazon SQS). Which options can the developer use to authenticate the app users? (Select TWO.)
A. Authenticate to the Amazon Cognito identity pool directly.
B. Authenticate to AWS Identity and Access Management (IAM) directly.
C. Authenticate to the Amazon Cognito user pool directly.
D. Federate authentication by using Login with Amazon with the users managed with AWS Security Token Service (AWS STS).
E. Federate authentication by using Login with Amazon with the users managed with the Amazon Cognito user pool.


Answer: C. E.
Notes: The Amazon Cognito user pool provides direct user authentication. The Amazon Cognito user pool provides a federated authentication option with third-party identity provider (IdP), including amazon.com.
Reference: Adding User Pool Sign-in Through a Third Party.
Category: Security

Question: A company is implementing several order processing workflows. Each workflow is implemented by using AWS Lambda functions for each task. Which combination of steps should a developer follow to implement these workflows? (Select TWO.)
A. Define a AWS Step Functions task for each Lambda function.
B. Define a AWS Step Functions task for each workflow.
C. Write code that polls the AWS Step Functions invocation to coordinate each workflow.
D. Define an AWS Step Functions state machine for each workflow.
E. Define an AWS Step Functions state machine for each Lambda function.
Answer: A. D.
Notes: Step Functions is based on state machines and tasks. A state machine is a workflow. Tasks perform work by coordinating with other AWS services, such as Lambda. A state machine is a workflow. It can be used to express a workflow as a number of states, their relationships, and their input and output. You can coordinate individual tasks with Step Functions by expressing your workflow as a finite state machine, written in the Amazon States Language.
ReferenceText: Getting Started with AWS Step Functions.
ReferenceUrl: https://aws.amazon.com/step-functions/getting-started/
Category: Development

Welcome to AWS Certified Developer Associate Exam Preparation: Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates

AWS Developer Associate DVA-C01 Exam Prep
AWS Developer Associate DVA-C01 Exam Prep
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

What is the AWS Certified Developer Associate Exam?

This AWS Certified Developer-Associate Examination is intended for individuals who perform a Developer role. It validates an examinee’s ability to:

  • Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
  • Demonstrate proficiency in developing, deploying, and debugging cloud-based applications by using AWS

Recommended general IT knowledge
The target candidate should have the following:
– In-depth knowledge of at least one high-level programming language
– Understanding of application lifecycle management
– The ability to write code for serverless applications
– Understanding of the use of containers in the development process

Recommended AWS knowledge
The target candidate should be able to do the following:

  • Use the AWS service APIs, CLI, and software development kits (SDKs) to write applications
  • Identify key features of AWS services
  • Understand the AWS shared responsibility model
  • Use a continuous integration and continuous delivery (CI/CD) pipeline to deploy applications on AWS
  • Use and interact with AWS services
  • Apply basic understanding of cloud-native applications to write code
  • Write code by using AWS security best practices (for example, use IAM roles instead of secret and access keys in the code)
  • Author, maintain, and debug code modules on AWS

What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
– Design architectures (for example, distributed system, microservices)
– Design and implement CI/CD pipelines

  • Administer IAM users and groups
  • Administer Amazon Elastic Container Service (Amazon ECS)
  • Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)
  • Understand compliance and licensing

Exam content
Response types
There are two types of questions on the exam:
– Multiple choice: Has one correct response and three incorrect responses (distractors)
– Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that will affect your score.

Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results
The AWS Certified Developer – Associate (DVA-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.

Domain 1: Deployment 22%
Domain 2: Security 26%
Domain 3: Development with AWS Services 30%
Domain 4: Refactoring 10%
Domain 5: Monitoring and Troubleshooting 12%

Domain 1: Deployment
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
–  Commit code to a repository and invoke build, test and/or deployment actions
–  Use labels and branches for version and release management
–  Use AWS CodePipeline to orchestrate workflows against different environments
–  Apply AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeStar, and AWS
CodeDeploy for CI/CD purposes
–  Perform a roll back plan based on application deployment policy

1.2 Deploy applications using AWS Elastic Beanstalk.
–  Utilize existing supported environments to define a new application stack
–  Package the application
–  Introduce a new application version into the Elastic Beanstalk environment
–  Utilize a deployment policy to deploy an application version (i.e., all at once, rolling, rolling with batch, immutable)
–  Validate application health using Elastic Beanstalk dashboard
–  Use Amazon CloudWatch Logs to instrument application logging

1.3 Prepare the application deployment package to be deployed to AWS.
–  Manage the dependencies of the code module (like environment variables, config files and static image files) within the package
–  Outline the package/container directory structure and organize files appropriately
–  Translate application resource requirements to AWS infrastructure parameters (e.g., memory, cores)

1.4 Deploy serverless applications.
–  Given a use case, implement and launch an AWS Serverless Application Model (AWS SAM) template
–  Manage environments in individual AWS services (e.g., Differentiate between Development, Test, and Production in Amazon API Gateway)

Domain 2: Security
2.1 Make authenticated calls to AWS services.
–  Communicate required policy based on least privileges required by application.
–  Assume an IAM role to access a service
–  Use the software development kit (SDK) credential provider on-premises or in the cloud to access AWS services (local credentials vs. instance roles)

2.2 Implement encryption using AWS services.
– Encrypt data at rest (client side; server side; envelope encryption) using AWS services
–  Encrypt data in transit

2.3 Implement application authentication and authorization.
– Add user sign-up and sign-in functionality for applications with Amazon Cognito identity or user pools
–  Use Amazon Cognito-provided credentials to write code that access AWS services.
–  Use Amazon Cognito sync to synchronize user profiles and data
–  Use developer-authenticated identities to interact between end user devices, backend
authentication, and Amazon Cognito

Domain 3: Development with AWS Services
3.1 Write code for serverless applications.
– Compare and contrast server-based vs. serverless model (e.g., micro services, stateless nature of serverless applications, scaling serverless applications, and decoupling layers of serverless applications)
– Configure AWS Lambda functions by defining environment variables and parameters (e.g., memory, time out, runtime, handler)
– Create an API endpoint using Amazon API Gateway
–  Create and test appropriate API actions like GET, POST using the API endpoint
–  Apply Amazon DynamoDB concepts (e.g., tables, items, and attributes)
–  Compute read/write capacity units for Amazon DynamoDB based on application requirements
–  Associate an AWS Lambda function with an AWS event source (e.g., Amazon API Gateway, Amazon CloudWatch event, Amazon S3 events, Amazon Kinesis)
–  Invoke an AWS Lambda function synchronously and asynchronously

3.2 Translate functional requirements into application design.
– Determine real-time vs. batch processing for a given use case
– Determine use of synchronous vs. asynchronous for a given use case
– Determine use of event vs. schedule/poll for a given use case
– Account for tradeoffs for consistency models in an application design

Domain 4: Refactoring
4.1 Optimize applications to best use AWS services and features.
 Implement AWS caching services to optimize performance (e.g., Amazon ElastiCache, Amazon API Gateway cache)
 Apply an Amazon S3 naming scheme for optimal read performance

4.2 Migrate existing application code to run on AWS.
– Isolate dependencies
– Run the application as one or more stateless processes
– Develop in order to enable horizontal scalability
– Externalize state

Domain 5: Monitoring and Troubleshooting

5.1 Write code that can be monitored.
– Create custom Amazon CloudWatch metrics
– Perform logging in a manner available to systems operators
– Instrument application source code to enable tracing in AWS X-Ray

5.2 Perform root cause analysis on faults found in testing or production.
– Interpret the outputs from the logging mechanism in AWS to identify errors in logs
– Check build and testing history in AWS services (e.g., AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline) to identify issues
– Utilize AWS services (e.g., Amazon CloudWatch, VPC Flow Logs, and AWS X-Ray) to locate a specific faulty component

Which key tools, technologies, and concepts might be covered on the exam?

The following is a non-exhaustive list of the tools and technologies that could appear on the exam.
This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:
– Analytics
– Application Integration
– Containers
– Cost and Capacity Management
– Data Movement
– Developer Tools
– Instances (virtual machines)
– Management and Governance
– Networking and Content Delivery
– Security
– Serverless

AWS services and features

Analytics:
– Amazon Elasticsearch Service (Amazon ES)
– Amazon Kinesis
Application Integration:
– Amazon EventBridge (Amazon CloudWatch Events)
– Amazon Simple Notification Service (Amazon SNS)
– Amazon Simple Queue Service (Amazon SQS)
– AWS Step Functions

Compute:
– Amazon EC2
– AWS Elastic Beanstalk
– AWS Lambda

Containers:
– Amazon Elastic Container Registry (Amazon ECR)
– Amazon Elastic Container Service (Amazon ECS)
– Amazon Elastic Kubernetes Services (Amazon EKS)

Database:
– Amazon DynamoDB
– Amazon ElastiCache
– Amazon RDS

Developer Tools:
– AWS CodeArtifact
– AWS CodeBuild
– AWS CodeCommit
– AWS CodeDeploy
– Amazon CodeGuru
– AWS CodePipeline
– AWS CodeStar
– AWS Fault Injection Simulator
– AWS X-Ray

Management and Governance:
– AWS CloudFormation
– Amazon CloudWatch

Networking and Content Delivery:
– Amazon API Gateway
– Amazon CloudFront
– Elastic Load Balancing

Security, Identity, and Compliance:
– Amazon Cognito
– AWS Identity and Access Management (IAM)
– AWS Key Management Service (AWS KMS)

Storage:
– Amazon S3

Out-of-scope AWS services and features

The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this list because they are assumed to be irrelevant.
Out-of-scope AWS services and features include the following:
– AWS Application Discovery Service
– Amazon AppStream 2.0
– Amazon Chime
– Amazon Connect
– AWS Database Migration Service (AWS DMS)
– AWS Device Farm
– Amazon Elastic Transcoder
– Amazon GameLift
– Amazon Lex
– Amazon Machine Learning (Amazon ML)
– AWS Managed Services
– Amazon Mobile Analytics
– Amazon Polly

– Amazon QuickSight
– Amazon Rekognition
– AWS Server Migration Service (AWS SMS)
– AWS Service Catalog
– AWS Shield Advanced
– AWS Shield Standard
– AWS Snow Family
– AWS Storage Gateway
– AWS WAF
– Amazon WorkMail
– Amazon WorkSpaces

To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

Top

AWS Certified Developer – Associate Practice Questions And Answers Dump

Q0: Your application reads commands from an SQS queue and sends them to web services hosted by your
partners. When a partner’s endpoint goes down, your application continually returns their commands to the queue. The repeated attempts to deliver these commands use up resources. Commands that can’t be delivered must not be lost.
How can you accommodate the partners’ broken web services without wasting your resources?

  • A. Create a delay queue and set DelaySeconds to 30 seconds
  • B. Requeue the message with a VisibilityTimeout of 30 seconds.
  • C. Create a dead letter queue and set the Maximum Receives to 3.
  • D. Requeue the message with a DelaySeconds of 30 seconds.
AWS Developer Associates DVA-C01 PRO
AWS Developer Associates DVA-C01 PRO
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 


C. After a message is taken from the queue and returned for the maximum number of retries, it is
automatically sent to a dead letter queue, if one has been configured. It stays there until you retrieve it for forensic purposes.

Reference: Amazon SQS Dead-Letter Queues


Top

Q1: A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently.
What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. The AWS Documentation mentions the following:

DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

Q2: You are creating a DynamoDB table with the following attributes:

  • PurchaseOrderNumber (partition key)
  • CustomerID
  • PurchaseDate
  • TotalPurchaseValue

One of your applications must retrieve items from the table to calculate the total value of purchases for a
particular customer over a date range. What secondary index do you need to add to the table?

  • A. Local secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • B. Local secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute
  • C. Global secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
    TotalPurchaseValue attribute
  • D. Global secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
    TotalPurchaseValue attribute


C. The query is for a particular CustomerID, so a Global Secondary Index is needed for a different partition
key. To retrieve only the desired date range, the PurchaseDate must be the sort key. Projecting the
TotalPurchaseValue into the index provides all the data needed to satisfy the use case.

Reference: AWS DynamoDB Global Secondary Indexes

Difference between local and global indexes in DynamoDB

    • Global secondary index — an index with a hash and range key that can be different from those on the table. A global secondary index is considered “global” because queries on the index can span all of the data in a table, across all partitions.
    • Local secondary index — an index that has the same hash key as the table, but a different range key. A local secondary index is “local” in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key.
    • Local Secondary Indexes still rely on the original Hash Key. When you supply a table with hash+range, think about the LSI as hash+range1, hash+range2.. hash+range6. You get 5 more range attributes to query on. Also, there is only one provisioned throughput.
    • Global Secondary Indexes defines a new paradigm – different hash/range keys per index.
      This breaks the original usage of one hash key per table. This is also why when defining GSI you are required to add a provisioned throughput per index and pay for it.
    • Local Secondary Indexes can only be created when you are creating the table, there is no way to add Local Secondary Index to an existing table, also once you create the index you cannot delete it.
    • Global Secondary Indexes can be created when you create the table and added to an existing table, deleting an existing Global Secondary Index is also allowed.

Throughput :

  • Local Secondary Indexes consume throughput from the table. When you query records via the local index, the operation consumes read capacity units from the table. When you perform a write operation (create, update, delete) in a table that has a local index, there will be two write operations, one for the table another for the index. Both operations will consume write capacity units from the table.
  • Global Secondary Indexes have their own provisioned throughput, when you query the index the operation will consume read capacity from the index, when you perform a write operation (create, update, delete) in a table that has a global index, there will be two write operations, one for the table another for the index*.


Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

AWS Developer Associate DVA-C01 Exam Prep
AWS Developer Associate DVA-C01 Exam Prep
 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q3: When referencing the remaining time left for a Lambda function to run within the function’s code you would use:

  • A. The event object
  • B. The timeLeft object
  • C. The remains object
  • D. The context object


D. The context object.

Reference: AWS Lambda


Top

Q4: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context
D. event, context
def handler_name(event, context):

return some_value

Reference: AWS Lambda Function Handler in Python

Top

Q5: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda Deployment Package

Top

Q6: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime

C. Function code and libraries not included within the runtime

Reference: AWS Lambda Deployment Package in PowerShell

Top

Q7: You are attempting to SSH into an EC2 instance that is located in a public subnet. However, you are currently receiving a timeout error trying to connect. What could be a possible cause of this connection issue?

  • A. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic, but does not have an outbound rule that allows SSH traffic.
  • B. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND has an outbound rule that explicitly denies SSH traffic.
  • C. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND the associated NACL has both an inbound and outbound rule that allows SSH traffic.
  • D. The security group associated with the EC2 instance does not have an inbound rule that allows SSH traffic AND the associated NACL does not have an outbound rule that allows SSH traffic.


D. Security groups are stateful, so you do NOT have to have an explicit outbound rule for return requests. However, NACLs are stateless so you MUST have an explicit outbound rule configured for return request.

Reference: Comparison of Security Groups and Network ACLs

AWS Security Groups and NACL


Top

Q8: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.

Reference: AWS Network Address Translation Gateway


Top

Q9: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.

Reference: AWS Autoscalling


Top

Q10: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

D. From a zip file in AWS S3 or uploaded directly from elsewhere

Reference: AWS Lambda

Top

Q11: You’re writing a script with an AWS SDK that uses the AWS API Actions and want to create AMIs for non-EBS backed AMIs for you. Which API call should occurs in the final process of creating an AMI?

  • A. RegisterImage
  • B. CreateImage
  • C. ami-register-image
  • D. ami-create-image

A. It is actually – RegisterImage. All AWS API Actions will follow the capitalization like this and don’t have hyphens in them.

Reference: API RegisterImage

Top

Q12: When dealing with session state in EC2-based applications using Elastic load balancers which option is generally thought of as the best practice for managing user sessions?

  • A. Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information
  • B. Permenantly assigning users to specific instances and always routing their traffic to those instances
  • C. Using Application-generated cookies to tie a user session to a particular instance for the cookie duration
  • D. Using Elastic Load Balancer generated cookies to tie a user session to a particular instance

Top

Q13: Which API call would best be used to describe an Amazon Machine Image?

  • A. ami-describe-image
  • B. ami-describe-images
  • C. DescribeImage
  • D. DescribeImages

D. In general, API actions stick to the PascalCase style with the first letter of every word capitalized.

Reference: API DescribeImages

Top

Q14: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

  • A. Autoscaling requires using Amazon EBS-backed instances
  • B. Virtual Private Cloud requires EBS backed instances
  • C. Amazon EBS-backed instances can be stopped and restarted without losing data
  • D. Instance-store backed instances can be stopped and restarted without losing data

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

C. Instance-store backed images use “ephemeral” storage (temporary). The storage is only available during the life of an instance. Rebooting an instance will allow ephemeral data stay persistent. However, stopping and starting an instance will remove all ephemeral storage.

Reference: What is the difference between EBS and Instance Store?

Top

Q15: After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called Toto.pem) you try and SSH into your IP address (54.1.132.33) using the following command.
ssh -i my_key.pem ec2-user@52.2.222.22
However you receive the following error.
@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@
What is the most probable reason for this and how can you fix it?

  • A. You do not have root access on your terminal and need to use the sudo option for this to work.
  • B. You do not have enough permissions to perform the operation.
  • C. Your key file is encrypted. You need to use the -u option for unencrypted not the -i option.
  • D. Your key file must not be publicly viewable for SSH to work. You need to modify your .pem file to limit permissions.

D. You need to run something like: chmod 400 my_key.pem

Reference:

Top

Q16: You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you need to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. However, you are unsure if changing the instance state in any of the aforementioned ways will cause you to lose data stored on the EBS volume. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1?

  • A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used.
  • B. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost.
  • C. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used.
  • D. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.

D. The question states that an EBS-backed root device is mounted at /dev/sda1, and EBS volumes maintain information regardless of the instance state. If it was instance store, this would be a different answer.

Reference: AWS Root Device Storage

Top

Q17: EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:

  • A. Can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
  • B. Can only be used to launch EC2 instances in the same country as the AMI is stored
  • C. Can only be used to launch EC2 instances in the same AWS region as the AMI is stored
  • D. Can be used to launch EC2 instances in any AWS region

C. AMIs are only available in the region they are created. Even in the case of the AWS-provided AMIs, AWS has actually copied the AMIs for you to different regions. You cannot access an AMI from one region in another region. However, you can copy an AMI from one region to another

Reference: https://aws.amazon.com/amazon-linux-ami/

Top

Q18: Which of the following statements is true about the Elastic File System (EFS)?

  • A. EFS can scale out to meet capacity requirements and scale back down when no longer needed
  • B. EFS can be used by multiple EC2 instances simultaneously
  • C. EFS cannot be used by an instance using EBS
  • D. EFS can be configured on an instance before launch just like an IAM role or EBS volumes

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

A. and B.

Reference: https://aws.amazon.com/efs/

Top

Q19: IAM Policies, at a minimum, contain what elements?

  • A. ID
  • B. Effects
  • C. Resources
  • D. Sid
  • E. Principle
  • F. Actions

B. C. and F.

Effect – Use Allow or Deny to indicate whether the policy allows or denies access.

Resource – Specify a list of resources to which the actions apply.

Action – Include a list of actions that the policy allows or denies.

Id, Sid aren’t required fields in IAM Policies. But they are optional fields

Reference: AWS IAM Access Policies

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q20: What are the main benefits of IAM groups?

  • A. The ability to create custom permission policies.
  • B. Assigning IAM permission policies to more than one user at a time.
  • C. Easier user/policy management.
  • D. Allowing EC2 instances to gain access to S3.

B. and C.

A. is incorrect: This is a benefit of IAM generally or a benefit of IAM policies. But IAM groups don’t create policies, they have policies attached to them.

Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

 

Top

Q21: What are benefits of using AWS STS?

  • A. Grant access to AWS resources without having to create an IAM identity for them
  • B. Since credentials are temporary, you don’t have to rotate or revoke them
  • C. Temporary security credentials can be extended indefinitely
  • D. Temporary security credentials can be restricted to a specific region

Top

Q22: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?

  • A. Amazon DynamoDB auto scaling
  • B. Amazon DynamoDB cross-region replication
  • C. Amazon DynamoDB Streams
  • D. Amazon DynamoDB Accelerator


D. DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications. DAX addresses three core scenarios:

  1. As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds.
  2. DAX reduces operational and application complexity by providing a managed service that is API-compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
  3. For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.

Reference: AWS DAX


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q23: A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application which needs to handle thousands of requests. Currently the dev environment is running on a t1 micro instance. How can the Developer change the EC2 instance type to m4.large?

  • A. Use CloudFormation to migrate the Amazon EC2 instance type of the environment from t1 micro to m4.large.
  • B. Create a saved configuration file in Amazon S3 with the instance type as m4.large and use the same during environment creation.
  • C. Change the instance type to m4.large in the configuration details page of the Create New Environment page.
  • D. Change the instance type value for the environment to m4.large by using update autoscaling group CLI command.

B. The Elastic Beanstalk console and EB CLI set configuration options when you create an environment. You can also set configuration options in saved configurations and configuration files. If the same option is set in multiple locations, the value used is determined by the order of precedence.
Configuration option settings can be composed in text format and saved prior to environment creation, applied during environment creation using any supported client, and added, modified or removed after environment creation.
During environment creation, configuration options are applied from multiple sources with the following precedence, from highest to lowest:

  • Settings applied directly to the environment – Settings specified during a create environment or update environment operation on the Elastic Beanstalk API by any client, including the AWS Management Console, EB CLI, AWS CLI, and SDKs. The AWS Management Console and EB CLI also applyrecommended values for some options that apply at this level unless overridden.
  • Saved Configurations
    Settings for any options that are not applied directly to the
    environment are loaded from a saved configuration, if specified.
  • Configuration Files (.ebextensions)– Settings for any options that are not applied directly to the
    environment, and also not specified in a saved configuration, are loaded from configuration files in the .ebextensions folder at the root of the application source bundle.

     

    Configuration files are executed in alphabetical order. For example,.ebextensions/01run.configis executed before.ebextensions/02do.config.

  • Default Values– If a configuration option has a default value, it only applies when the option is not set at any of the above levels.

If the same configuration option is defined in more than one location, the setting with the highest precedence is applied. When a setting is applied from a saved configuration or settings applied directly to the environment, the setting is stored as part of the environment’s configuration. These settings can be removed with the AWS CLI or with the EB CLI
.
Settings in configuration files are not applied
directly to the environment and cannot be removed without modifying the configuration files and deploying a new application version.If a setting applied with one of the other methods is removed, the same setting will be loaded from configuration files in the source bundle.

Reference: Managing ec2 features – Elastic beanstalk

Q24: What statements are true about Availability Zones (AZs) and Regions?

  • A. There is only one AZ in each AWS Region
  • B. AZs are geographically separated inside a region to help protect against natural disasters affecting more than one at a time.
  • C. AZs can be moved between AWS Regions based on your needs
  • D. There are (almost always) two or more AZs in each AWS Region

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B and D.

Reference: AWS global infrastructure/

Top

Q25: An AWS Region contains:

  • A. Edge Locations
  • B. Data Centers
  • C. AWS Services
  • D. Availability Zones


B. C. D. Edge locations are actually distinct locations that don’t explicitly fall within AWS regions.

Reference: AWS Global Infrastructure


Top

Q26: Which read request in DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful?

  • A. Eventual Consistent Reads
  • B. Conditional reads for Consistency
  • C. Strongly Consistent Reads
  • D. Not possible


C. This is provided very clearly in the AWS documentation as shown below with regards to the read consistency for DynamoDB. Only in Strong Read consistency can you be guaranteed that you get the write read value after all the writes are completed.

Reference: https://aws.amazon.com/dynamodb/faqs/


Top

Q27: You’ ve been asked to move an existing development environment on the AWS Cloud. This environment consists mainly of Docker based containers. You need to ensure that minimum effort is taken during the migration process. Which of the following step would you consider for this requirement?

  • A. Create an Opswork stack and deploy the Docker containers
  • B. Create an application and Environment for the Docker containers in the Elastic Beanstalk service
  • C. Create an EC2 Instance. Install Docker and deploy the necessary containers.
  • D. Create an EC2 Instance. Install Docker and deploy the necessary containers. Add an Autoscaling Group for scalability of the containers.


B. The Elastic Beanstalk service is the ideal service to quickly provision development environments. You can also create environments which can be used to host Docker based containers.

Reference: Create and Deploy Docker in AWS


Top

Q28: You’ve written an application that uploads objects onto an S3 bucket. The size of the object varies between 200 – 500 MB. You’ve seen that the application sometimes takes a longer than expected time to upload the object. You want to improve the performance of the application. Which of the following would you consider?

  • A. Create multiple threads and upload the objects in the multiple threads
  • B. Write the items in batches for better performance
  • C. Use the Multipart upload API
  • D. Enable versioning on the Bucket

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 


C. All other options are invalid since the best way to handle large object uploads to the S3 service is to use the Multipart upload API. The Multipart upload API enables you to upload large objects in parts. You can use this API to upload new large objects or make a copy of an existing object. Multipart uploading is a three-step process: You initiate the upload, you upload the object parts, and after you have uploaded all the parts, you complete the multipart upload. Upon receiving the complete multipart upload request, Amazon S3 constructs the object from the uploaded parts, and you can then access the object just as you would any other object in your bucket.

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html


Top

Q29: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?

  • A. 6000
  • B. 10
  • C. 3600
  • D. 600

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

B. When you mention the write capacity of a table in Dynamo DB, you mention it as the number of 1KB writes per second. So in the above question, since the write is happening every minute, we need to divide the value of 600 by 60, to get the number of KB writes per second. This gives a value of 10.

You can specify the Write capacity in the Capacity tab of the DynamoDB table.

Reference: AWS working with tables

Q30: What two arguments does a Python Lambda handler function require?

  • A. invocation, zone
  • B. event, zone
  • C. invocation, context
  • D. event, context


D. event, context def handler_name(event, context):

return some_value
Reference: AWS Lambda Function Handler in Python

Top

Q31: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only via SFTP
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda Deployment Package

Top

Q32: A Lambda deployment package contains:

  • A. Function code, libraries, and runtime binaries
  • B. Only function code
  • C. Function code and libraries not included within the runtime
  • D. Only libraries not included within the runtime


C. Function code and libraries not included within the runtime
Reference: AWS Lambda Deployment Package in PowerShell

Top

Q33: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?

  • A. Create and assign EIP to each instance
  • B. Create and attach a second IGW to the VPC.
  • C. Create and utilize a NAT Gateway
  • D. Connect to a VPN


C. You can use a network address translation (NAT) gateway in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.
Reference: AWS Network Address Translation Gateway

Top

Q34: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?

  • A. Security Groups
  • B. Route Tables
  • C. Elastic Load Balancer
  • D. Auto Scaling


D. Auto scaling is designed specifically with elasticity in mind. Auto scaling allows for the increase and decrease of compute power based on demand, thus creating elasticity in the architecture.
Reference: AWS Autoscalling

Top

Q30: Lambda allows you to upload code and dependencies for function packages:

  • A. Only from a directly uploaded zip file
  • B. Only from a directly uploaded zip file
  • C. Only from a zip file in AWS S3
  • D. From a zip file in AWS S3 or uploaded directly from elsewhere

Answer:


D. From a zip file in AWS S3 or uploaded directly from elsewhere
Reference: AWS Lambda

Top

Q31: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this?

  • A. Lazy loading
  • B. Write-through
  • C. Error retries
  • D. Exponential backoff

Answer:


Answer – A
Whenever your application requests data, it first makes the request to the ElastiCache cache. If the data exists in the cache and is current, ElastiCache returns the data to your application. If the data does not exist in the cache, or the data in the cache has expired, your application requests data from your data store which returns the data to your application. Your application then writes the data received from the store to the cache so it can be more quickly retrieved next time it is requested. All other options are incorrect.
Reference: Caching Strategies

Top

Q32: A developer is writing an application that will run on Ec2 instances and read messages from SQS queue. The nessages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages?

  • A. Use long polling
  • B. Set a custom visibility timeout
  • C. Use short polling
  • D. Implement exponential backoff


Answer – A Long polling will help insure that the applications make less requests for messages in a shorter period of time. This is more cost effective. Since the messages are only going to be available after 15 seconds and we don’t know exacly when they would be available, it is better to use Long Polling.
Reference: Amazon SQS Long Polling

Top

Q33: You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With new Lambda function working as per expectation which of the following will shift traffic from original Lambda function to new Lambda function in the shortest time frame?

  • A. Canary10Percent5Minutes
  • B. Linear10PercentEvery10Minutes
  • C. Canary10Percent15Minutes
  • D. Linear10PercentEvery1Minute


Answer – A
With Canary Deployment Preference type, Traffic is shifted in two intervals. With Canary10Percent5Minutes, 10 percent of traffic is shifted in the first interval while remaining all traffic is shifted after 5 minutes.
Reference: Gradual Code Deployment

Top

Q34: You are using AWS SAM templates to deploy a serverless application. Which of the following resource will embed application from Amazon S3 buckets?

  • A. AWS::Serverless::Api
  • B. AWS::Serverless::Application
  • C. AWS::Serverless::Layerversion
  • D. AWS::Serverless::Function


Answer – B
AWS::Serverless::Application resource in AWS SAm template is used to embed application frm Amazon S3 buckets.
Reference: Declaring Serverless Resources

Top

Q35: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?

  • A. Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
  • B. Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
  • C. Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
  • D. Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.


Answer – D
With Envelope Encryption, unencrypted data is encrypted using plaintext Data key. This Data is further encrypted using plaintext Master key. This plaintext Master key is securely stored in AWS KMS & known as Customer Master Keys.
Reference: AWS Key Management Service Concepts

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q36: You are developing an application that will be comprised of the following architecture –

  1. A set of Ec2 instances to process the videos.
  2. These (Ec2 instances) will be spun up by an autoscaling group.
  3. SQS Queues to maintain the processing messages.
  4. There will be 2 pricing tiers.

How will you ensure that the premium customers videos are given more preference?

  • A. Create 2 Autoscaling Groups, one for normal and one for premium customers
  • B. Create 2 set of Ec2 Instances, one for normal and one for premium customers
  • C. Create 2 SQS queus, one for normal and one for premium customers
  • D. Create 2 Elastic Load Balancers, one for normal and one for premium customers.


Answer – C
The ideal option would be to create 2 SQS queues. Messages can then be processed by the application from the high priority queue first.<br? The other options are not the ideal options. They would lead to extra costs and also extra maintenance.
Reference: SQS

Top

Q37: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?

  • A. CustomerID
  • B. CustomerName
  • C. Location
  • D. Age


Answer- A
Use high-cardinality attributes. These are attributes that have distinct values for each item, like e-mailid, employee_no, customerid, sessionid, orderid, and so on..
Use composite attributes. Try to combine more than one attribute to form a unique key.
Reference: Choosing the right DynamoDB Partition Key

Top

Q38: A developer is making use of AWS services to develop an application. He has been asked to develop the application in a manner to compensate any network delays. Which of the following two mechanisms should he implement in the application?

  • A. Multiple SQS queues
  • B. Exponential backoff algorithm
  • C. Retries in your application code
  • D. Consider using the Java sdk.


Answer- B. and C.
In addition to simple retries, each AWS SDK implements exponential backoff algorithm for better flow control. The idea behind exponential backoff is to use progressively longer waits between retries for consecutive error responses. You should implement a maximum delay interval, as well as a maximum number of retries. The maximum delay interval and maximum number of retries are not necessarily fixed values, and should be set based on the operation being performed, as well as other local factors, such as network latency.
Reference: Error Retries and Exponential Backoff in AWS

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q39: An application is being developed that is going to write data to a DynamoDB table. You have to setup the read and write throughput for the table. Data is going to be read at the rate of 300 items every 30 seconds. Each item is of size 6KB. The reads can be eventual consistent reads. What should be the read capacity that needs to be set on the table?

  • A. 10
  • B. 20
  • C. 6
  • D. 30


Answer – A

Since there are 300 items read every 30 seconds , that means there are (300/30) = 10 items read every second.
Since each item is 6KB in size , that means , 2 reads will be required for each item.
So we have total of 2*10 = 20 reads for the number of items per second
Since eventual consistency is required , we can divide the number of reads(20) by 2 , and in the end we get the Read Capacity of 10.

Reference: Read/Write Capacity Mode


Top

Q40: You are in charge of deploying an application that will be hosted on an EC2 Instance and sit behind an Elastic Load balancer. You have been requested to monitor the incoming connections to the Elastic Load Balancer. Which of the below options can suffice this requirement?

  • A. Use AWS CloudTrail with your load balancer
  • B. Enable access logs on the load balancer
  • C. Use a CloudWatch Logs Agent
  • D. Create a custom metric CloudWatch lter on your load balancer


Answer – B
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
Reference: Access Logs for Your Application Load Balancer

Top

Q41: A static web site has been hosted on a bucket and is now being accessed by users. One of the web pages javascript section has been changed to access data which is hosted in another S3 bucket. Now that same web page is no longer loading in the browser. Which of the following can help alleviate the error?

  • A. Enable versioning for the underlying S3 bucket.
  • B. Enable Replication so that the objects get replicated to the other bucket
  • C. Enable CORS for the bucket
  • D. Change the Bucket policy for the bucket to allow access from the other bucket


Answer – C

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

Cross-Origin Resource Sharing: Use-case Scenarios The following are example scenarios for using CORS:

Scenario 1: Suppose that you are hosting a website in an Amazon S3 bucket named website as described in Hosting a Static Website on Amazon S3. Your users load the website endpoint http://website.s3-website-us-east-1.amazonaws.com. Now you want to use JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket, website.s3.amazonaws.com. A browser would normally block JavaScript from allowing those requests, but with CORS you can configure your bucket to explicitly enable cross-origin requests from website.s3-website-us-east-1.amazonaws.com.

Scenario 2: Suppose that you want to host a web font from your S3 bucket. Again, browsers require a CORS check (also called a preight check) for loading web fonts. You would configure the bucket that is hosting the web font to allow any origin to make these requests.

Reference: Cross-Origin Resource Sharing (CORS)


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q42: Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below

  • A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URL for the appropriate content.
  • B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
  • C. Authenticate your users at the application level, and use AWS Security Token Service (STS)to grant token-based authorization to S3 objects.
  • D. Authenticate your users at the application level, and send an SMS token message to the user. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.


Answer- C
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). The token can then be used to grant access to the objects in S3.
You can then provides access to the objects based on the key values generated via the user id.

Reference: The AWS Security Token Service (STS)


Top

Q43: Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements.

  • A. Publish your data to CloudWatch Logs, and congure your application to Autoscale to handle the load on demand.
  • B. Publish your log data to an Amazon S3 bucket.  Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is congured to pull down your log les stored an Amazon S3
  • C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is congured to process your logging data.
  • D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.

Answer:


Answer – C
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as application logs, website clickstreams, IoT telemetry data, and more into your databases, data lakes and data warehouses, or build your own real-time applications using this data.
Reference: Amazon Kinesis

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q44: You’ve been instructed to develop a mobile application that will make use of AWS services. You need to decide on a data store to store the user sessions. Which of the following would be an ideal data store for session management?

  • A. AWS Simple Storage Service
  • B. AWS DynamoDB
  • C. AWS RDS
  • D. AWS Redshift

Answer:


Answer – B
DynamoDB is a alternative solution which can be used for storage of session management. The latency of access to data is less , hence this can be used as a data store for session management
Reference: Scalable Session Handling in PHP Using Amazon DynamoDB

Top

Q45: Your application currently interacts with a DynamoDB table. Records are inserted into the table via the application. There is now a requirement to ensure that whenever items are updated in the DynamoDB primary table , another record is inserted into a secondary table. Which of the below feature should be used when developing such a solution?

  • A. AWS DynamoDB Encryption
  • B. AWS DynamoDB Streams
  • C. AWS DynamoDB Accelerator
  • D. AWSTable Accelerator


Answer – B
DynamoDB Streams Use Cases and Design Patterns This post describes some common use cases you might encounter, along with their design options and solutions, when migrating data from relational data stores to Amazon DynamoDB. We will consider how to manage the following scenarios:

  • How do you set up a relationship across multiple tables in which, based on the value of an item from one table, you update the item in a second table?
  • How do you trigger an event based on a particular transaction?
  • How do you audit or archive transactions?
  • How do you replicate data across multiple tables (similar to that of materialized views/streams/replication in relational data stores)?

Relational databases provide native support for transactions, triggers, auditing, and replication. Typically, a transaction in a database refers to performing create, read, update, and delete (CRUD) operations against multiple tables in a block. A transaction can have only two states—success or failure. In other words, there is no partial completion. As a NoSQL database, DynamoDB is not designed to support transactions. Although client-side libraries are available to mimic the transaction capabilities, they are not scalable and cost-effective. For example, the Java Transaction Library for DynamoDB creates 7N+4 additional writes for every write operation. This is partly because the library holds metadata to manage the transactions to ensure that it’s consistent and can be rolled back before commit. You can use DynamoDB Streams to address all these use cases. DynamoDB Streams is a powerful service that you can combine with other AWS services to solve many similar problems. When enabled, DynamoDB Streams captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores the information for up to 24 hours. Applications can access a series of stream records, which contain an item change, from a DynamoDB stream in near real time. AWS maintains separate endpoints for DynamoDB and DynamoDB Streams. To work with database tables and indexes, your application must access a DynamoDB endpoint. To read and process DynamoDB Streams records, your application must access a DynamoDB Streams endpoint in the same Region. All of the other options are incorrect since none of these would meet the core requirement.
Reference: DynamoDB Streams Use Cases and Design Patterns


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q46: An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB , and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors?

  • A. Large Page size
  • B. Reduced page size
  • C. Parallel Scans
  • D. Sequential scans

Answer – B
When you scan your table in Amazon DynamoDB, you should follow the DynamoDB best practices for avoiding sudden bursts of read activity. You can use the following technique to minimize the impact of a scan on a table’s provisioned throughput. Reduce page size Because a Scan operation reads an entire page (by default, 1 MB), you can reduce the impact of the scan operation by setting a smaller page size. The Scan operation provides a Limit parameter that you can use to set the page size for your request. Each Query or Scan request that has a smaller page size uses fewer read operations and creates a “pause” between each request. For example, suppose that each item is 4 KB and you set the page size to 40 items. A Query request would then consume only 20 eventually consistent read operations or 40 strongly consistent read operations. A larger number of smaller Query or Scan operations would allow your other critical requests to succeed without throttling.
Reference1: Rate-Limited Scans in Amazon DynamoDB

Reference2: Best Practices for Querying and Scanning Data


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q47: Which of the following is correct way of passing a stage variable to an HTTP URL ? (Select TWO.)

  • A. http://example.com/${}/prod
  • B. http://example.com/${stageVariables.}/prod
  • C. http://${stageVariables.}.example.com/dev/operation
  • D. http://${stageVariables}.example.com/dev/operation
  • E. http://${}.example.com/dev/operation
  • F. http://example.com/${stageVariables}/prod


Answer – B. and C.
A stage variable can be used as part of HTTP integration URL as in following cases, ·         A full URI without protocol ·         A full domain ·         A subdomain ·         A path ·         A query string In the above case , option B & C displays stage variable as a path & sub-domain.
Reference: Amazon API Gateway Stage Variables Reference

Top

Q48: Your company is planning on creating new development environments in AWS. They want to make use of their existing Chef recipes which they use for their on-premise configuration for servers in AWS. Which of the following service would be ideal to use in this regard?

  • A. AWS Elastic Beanstalk
  • B. AWS OpsWork
  • C. AWS Cloudformation
  • D. AWS SQS


Answer – B
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments All other options are invalid since they cannot be used to work with Chef recipes for configuration management.
Reference: AWS OpsWorks

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q49: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

  • A. Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
  • B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
  • C. Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
  • D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.


Answer – C
With web identity federation, you don’t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don’t have to embed and distribute long-term security credentials with your application. Option A is invalid since Roles cannot be assigned to S3 buckets Options B and D are invalid since the AWS Access keys should not be used
Reference: About Web Identity Federation

Top

Q50: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?

  • A. Cognito Data
  • B. Cognito Events
  • C. Cognito Streams
  • D. Cognito Callbacks


Answer – C
Amazon Cognito Streams gives developers control and insight into their data stored in Amazon Cognito. Developers can now configure a Kinesis stream to receive events as data is updated and synchronized. Amazon Cognito can push each dataset change to a Kinesis stream you own in real time. All other options are invalid since you should use Cognito Streams
Reference:

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q51: You’ve developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC. Choose 2 answers from the options given below

  • A. Ensure that the subnet ID’s are mentioned when conguring the Lambda function
  • B. Ensure that the NACL ID’s are mentioned when conguring the Lambda function
  • C. Ensure that the Security Group ID’s are mentioned when conguring the Lambda function
  • D. Ensure that the VPC Flow Log ID’s are mentioned when conguring the Lambda function


Answer: A and C.
AWS Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPCspecific configuration information that includes VPC subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC.
Reference: Configuring a Lambda Function to Access Resources in an Amazon VPC

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q52: You’ve currently been tasked to migrate an existing on-premise environment into Elastic Beanstalk. The application does not make use of Docker containers. You also can’t see any relevant environments in the beanstalk service that would be suitable to host your application. What should you consider doing in this case?

  • A. Migrate your application to using Docker containers and then migrate the app to the Elastic Beanstalk environment.
  • B. Consider using Cloudformation to deploy your environment to Elastic Beanstalk
  • C. Consider using Packer to create a custom platform
  • D. Consider deploying your application using the Elastic Container Service


Answer – C
Elastic Beanstalk supports custom platforms. A custom platform is a more advanced customization than a Custom Image in several ways. A custom platform lets you develop an entire new platform from scratch, customizing the operating system, additional software, and scripts that Elastic Beanstalk runs on platform instances. This flexibility allows you to build a platform for an application that uses a language or other infrastructure software, for which Elastic Beanstalk doesn’t provide a platform out of the box. Compare that to custom images, where you modify an AMI for use with an existing Elastic Beanstalk platform, and Elastic Beanstalk still provides the platform scripts and controls the platform’s software stack. In addition, with custom platforms you use an automated, scripted way to create and maintain your customization, whereas with custom images you make the changes manually over a running instance. To create a custom platform, you build an Amazon Machine Image (AMI) from one of the supported operating systems—Ubuntu, RHEL, or Amazon Linux (see the flavor entry in Platform.yaml File Format for the exact version numbers)—and add further customizations. You create your own Elastic Beanstalk platform using Packer, which is an open-source tool for creating machine images for many platforms, including AMIs for use with Amazon EC2. An Elastic Beanstalk platform comprises an AMI configured to run a set of software that supports an application, and metadata that can include custom configuration options and default configuration option settings.
Reference: AWS Elastic Beanstalk Custom Platforms

Top

Q53: Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.

  • A. 10
  • B. 160
  • C. 155
  • D. 16


Answer – B.
Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.
Reference: Read/Write Capacity Mode

Top

Top

Q54: Which AWS Service can be used to automatically install your application code onto EC2, on premises systems and Lambda?

  • A. CodeCommit
  • B. X-Ray
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q55: Which AWS service can be used to compile source code, run tests and package code?

  • A. CodePipeline
  • B. CodeCommit
  • C. CodeBuild
  • D. CodeDeploy


Answer: D

Reference: AWS CodeDeploy Answer: B.

Reference: AWS CodeBuild


Top

Q56: How can your prevent CloudFormation from deleting your entire stack on failure? (Choose 2)

  • A. Set the Rollback on failure radio button to No in the CloudFormation console
  • B. Set Termination Protection to Enabled in the CloudFormation console
  • C. Use the –disable-rollback flag with the AWS CLI
  • D. Use the –enable-termination-protection protection flag with the AWS CLI

Answer: A. and C.

Reference: Protecting a Stack From Being Deleted

Top

Q57: Which of the following practices allows multiple developers working on the same application to merge code changes frequently, without impacting each other and enables the identification of bugs early on in the release process?

  • A. Continuous Integration
  • B. Continuous Deployment
  • C. Continuous Delivery
  • D. Continuous Development

Answer: A

Reference: What is Continuous Integration?

Top

Q58: When deploying application code to EC2, the AppSpec file can be written in which language?

  • A. JSON
  • B. JSON or YAML
  • C. XML
  • D. YAML

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q59: Part of your CloudFormation deployment fails due to a mis-configuration, by defaukt what will happen?

  • A. CloudFormation will rollback only the failed components
  • B. CloudFormation will rollback the entire stack
  • C. Failed component will remain available for debugging purposes
  • D. CloudFormation will ask you if you want to continue with the deployment

Answer: B

Reference: Troubleshooting AWS CloudFormation


Top

Q60: You want to receive an email whenever a user pushes code to CodeCommit repository, how can you configure this?

  • A. Create a new SNS topic and configure it to poll for CodeCommit eveents. Ask all users to subscribe to the topic to receive notifications
  • B. Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository.
  • C. Configure Notifications in the console, this will create a CloudWatch events rule to send a notification to a SNS topic which will trigger an email to be sent to the user.
  • D. Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository.

Answer: C

Reference: Getting Started with Amazon SNS


Top

Q61: Which AWS service can be used to centrally store and version control your application source code, binaries and libraries

  • A. CodeCommit
  • B. CodeBuild
  • C. CodePipeline
  • D. ElasticFileSystem

Answer: A

Reference: AWS CodeCommit


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q62: You are using CloudFormation to create a new S3 bucket, which of the following sections would you use to define the properties of your bucket?

  • A. Conditions
  • B. Parameters
  • C. Outputs
  • D. Resources

Answer: D

Reference: Resources


Top

Q63: You are deploying a number of EC2 and RDS instances using CloudFormation. Which section of the CloudFormation template would you use to define these?

  • A. Transforms
  • B. Outputs
  • C. Resources
  • D. Instances

Answer: C.
The Resources section defines your resources you are provisioning. Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack. Transforms is used to reference code located in S3.
Reference: Resources

Top

Q64: Which AWS service can be used to fully automate your entire release process?

  • A. CodeDeploy
  • B. CodePipeline
  • C. CodeCommit
  • D. CodeBuild

Answer: B.
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates

Reference: AWS CodePipeline


Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q65: You want to use the output of your CloudFormation stack as input to another CloudFormation stack. Which sections of the CloudFormation template would you use to help you configure this?

  • A. Outputs
  • B. Transforms
  • C. Resources
  • D. Exports

Answer: A.
Outputs is used to output user defines data relating to the reources you have built and can also used as input to another CloudFormation stack.
Reference: CloudFormation Outputs

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q66: You have some code located in an S3 bucket that you want to reference in your CloudFormation template. Which section of the template can you use to define this?

  • A. Inputs
  • B. Resources
  • C. Transforms
  • D. Files

Answer: C.
Transforms is used to reference code located in S3 and also specififying the use of the Serverless Application Model (SAM) for Lambda deployments.
Reference: Transforms

Top

Q67: You are deploying an application to a number of Ec2 instances using CodeDeploy. What is the name of the file
used to specify source files and lifecycle hooks?

  • A. buildspec.yml
  • B. appspec.json
  • C. appspec.yml
  • D. buildspec.json

Answer: C.

Reference: CodeDeploy AppSpec File Reference

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q68: Which of the following approaches allows you to re-use pieces of CloudFormation code in multiple templates, for common use cases like provisioning a load balancer or web server?

  • A. Share the code using an EBS volume
  • B. Copy and paste the code into the template each time you need to use it
  • C. Use a cloudformation nested stack
  • D. Store the code you want to re-use in an AMI and reference the AMI from within your CloudFormation template.

Answer: C.

Reference: Working with Nested Stacks

Top

Q69: In the CodeDeploy AppSpec file, what are hooks used for?

  • A. To reference AWS resources that will be used during the deployment
  • B. Hooks are reserved for future use
  • C. To specify files you want to copy during the deployment.
  • D. To specify, scripts or function that you want to run at set points in the deployment lifecycle

Answer: D.
The ‘hooks’ section for an EC2/On-Premises deployment contains mappings that link deployment lifecycle event hooks to one or more scripts.

Reference: AppSpec ‘hooks’ Section

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q70: Which command can you use to encrypt a plain text file using CMK?

  • A. aws kms-encrypt
  • B. aws iam encrypt
  • C. aws kms encrypt
  • D. aws encrypt

Answer: C.
aws kms encrypt –key-id 1234abcd-12ab-34cd-56ef-1234567890ab –plaintext fileb://ExamplePlaintextFile –output text –query CiphertextBlob > C:\Temp\ExampleEncryptedFile.base64

Reference: AWS CLI Encrypt

Top

Q72: Which of the following is an encrypted key used by KMS to encrypt your data

  • A. Custmoer Mamaged Key
  • B. Encryption Key
  • C. Envelope Key
  • D. Customer Master Key

Answer: C.
Your Data key also known as the Enveloppe key is encrypted using the master key.This approach is known as Envelope encryption.
Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key.

Reference: Envelope Encryption

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Q73: Which of the following statements are correct? (Choose 2)

  • A. The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
  • B. The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
  • C. The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
  • D. The Customer MasterKey is used to encrypt and decrypt plain text files.

Answer: A. and B.

Reference: AWS Key Management Service Concepts

Top

 
 

Q74: Which of the following statements is correct in relation to kMS/ (Choose 2)

  • A. KMS Encryption keys are regional
  • B. You cannot export your customer master key
  • C. You can export your customer master key.
  • D. KMS encryption Keys are global

Answer: A. and B.

Reference: AWS Key Management Service FAQs

Q75:  A developer is preparing a deployment package for a Java implementation of an AWS Lambda function. What should the developer include in the deployment package? (Select TWO.)
A. Compiled application code
B. Java runtime environment
C. References to the event sources
D. Lambda execution role
E. Application dependencies


Answer: C. E.
Notes: To create a Lambda function, you first create a Lambda function deployment package. This package is a .zip or .jar file consisting of your code and any dependencies.
Reference: Lambda deployment packages.

Q76: A developer uses AWS CodeDeploy to deploy a Python application to a fleet of Amazon EC2 instances that run behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. What should the developer include in the CodeDeploy deployment package?
A. A launch template for the Amazon EC2 Auto Scaling group
B. A CodeDeploy AppSpec file
C. An EC2 role that grants the application access to AWS services
D. An IAM policy that grants the application access to AWS services


Answer: B.
Notes: The CodeDeploy AppSpec (application specific) file is unique to CodeDeploy. The AppSpec file is used to manage each deployment as a series of lifecycle event hooks, which are defined in the file.
Reference: CodeDeploy application specification (AppSpec) files.
Category: Deployment

Q76: A company is working on a project to enhance its serverless application development process. The company hosts applications on AWS Lambda. The development team regularly updates the Lambda code and wants to use stable code in production. Which combination of steps should the development team take to configure Lambda functions to meet both development and production requirements? (Select TWO.)

A. Create a new Lambda version every time a new code release needs testing.
B. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready unqualified Amazon Resource Name (ARN) version. Point the Development alias to the $LATEST version.
C. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to the production-ready qualified Amazon Resource Name (ARN) version. Point the Development alias to the variable LAMBDA_TASK_ROOT.
D. Create a new Lambda layer every time a new code release needs testing.
E. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready Lambda layer Amazon Resource Name (ARN). Point the Development alias to the $LATEST layer ARN.


Answer: A. B.
Notes: Lambda function versions are designed to manage deployment of functions. They can be used for code changes, without affecting the stable production version of the code. By creating separate aliases for Production and Development, systems can initiate the correct alias as needed. A Lambda function alias can be used to point to a specific Lambda function version. Using the functionality to update an alias and its linked version, the development team can update the required version as needed. The $LATEST version is the newest published version.
Reference: Lambda function versions.

For more information about Lambda layers, see Creating and sharing Lambda layers.

For more information about Lambda function aliases, see Lambda function aliases.

Category: Deployment

Q77: Each time a developer publishes a new version of an AWS Lambda function, all the dependent event source mappings need to be updated with the reference to the new version’s Amazon Resource Name (ARN). These updates are time consuming and error-prone. Which combination of actions should the developer take to avoid performing these updates when publishing a new Lambda version? (Select TWO.)
A. Update event source mappings with the ARN of the Lambda layer.
B. Point a Lambda alias to a new version of the Lambda function.
C. Create a Lambda alias for each published version of the Lambda function.
D. Point a Lambda alias to a new Lambda function alias.
E. Update the event source mappings with the Lambda alias ARN.


Answer: B. E.
Notes: A Lambda alias is a pointer to a specific Lambda function version. Instead of using ARNs for the Lambda function in event source mappings, you can use an alias ARN. You do not need to update your event source mappings when you promote a new version or roll back to a previous version.
Reference: Lambda function aliases.
Category: Deployment

Q78:  A company wants to store sensitive user data in Amazon S3 and encrypt this data at rest. The company must manage the encryption keys and use Amazon S3 to perform the encryption. How can a developer meet these requirements?
A. Enable default encryption for the S3 bucket by using the option for server-side encryption with customer-provided encryption keys (SSE-C).
B. Enable client-side encryption with an encryption key. Upload the encrypted object to the S3 bucket.
C. Enable server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Upload an object to the S3 bucket.
D. Enable server-side encryption with customer-provided encryption keys (SSE-C). Upload an object to the S3 bucket.


Answer: D.
Notes: When you upload an object, Amazon S3 uses the encryption key you provide to apply AES-256 encryption to your data and removes the encryption key from memory.
Reference: Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).

Category: Security

Q79: A company is developing a Python application that submits data to an Amazon DynamoDB table. The company requires client-side encryption of specific data items and end-to-end protection for the encrypted data in transit and at rest. Which combination of steps will meet the requirement for the encryption of specific data items? (Select TWO.)

A. Generate symmetric encryption keys with AWS Key Management Service (AWS KMS).
B. Generate asymmetric encryption keys with AWS Key Management Service (AWS KMS).
C. Use generated keys with the DynamoDB Encryption Client.
D. Use generated keys to configure DynamoDB table encryption with AWS managed customer master keys (CMKs).
E. Use generated keys to configure DynamoDB table encryption with AWS owned customer master keys (CMKs).


Answer: A. C.
Notes: When the DynamoDB Encryption Client is configured to use AWS KMS, it uses a customer master key (CMK) that is always encrypted when used outside of AWS KMS. This cryptographic materials provider returns a unique encryption key and signing key for every table item. This method of encryption uses a symmetric CMK.
Reference: Direct KMS Materials Provider.
Category: Deployment

Q80: A company is developing a REST API with Amazon API Gateway. Access to the API should be limited to users in the existing Amazon Cognito user pool. Which combination of steps should a developer perform to secure the API? (Select TWO.)
A. Create an AWS Lambda authorizer for the API.
B. Create an Amazon Cognito authorizer for the API.
C. Configure the authorizer for the API resource.
D. Configure the API methods to use the authorizer.
E. Configure the authorizer for the API stage.


Answer: B. D.
Notes: An Amazon Cognito authorizer should be used for integration with Amazon Cognito user pools. In addition to creating an authorizer, you are required to configure an API method to use that authorizer for the API.
Reference: Control access to a REST API using Amazon Cognito user pools as authorizer.
Category: Security

Q81: A developer is implementing a mobile app to provide personalized services to app users. The application code makes calls to Amazon S3 and Amazon Simple Queue Service (Amazon SQS). Which options can the developer use to authenticate the app users? (Select TWO.)
A. Authenticate to the Amazon Cognito identity pool directly.
B. Authenticate to AWS Identity and Access Management (IAM) directly.
C. Authenticate to the Amazon Cognito user pool directly.
D. Federate authentication by using Login with Amazon with the users managed with AWS Security Token Service (AWS STS).
E. Federate authentication by using Login with Amazon with the users managed with the Amazon Cognito user pool.


Answer: C. E.
Notes: The Amazon Cognito user pool provides direct user authentication. The Amazon Cognito user pool provides a federated authentication option with third-party identity provider (IdP), including amazon.com.
Reference: Adding User Pool Sign-in Through a Third Party.
Category: Security

 
 

Q82: A company is implementing several order processing workflows. Each workflow is implemented by using AWS Lambda functions for each task. Which combination of steps should a developer follow to implement these workflows? (Select TWO.)
A. Define a AWS Step Functions task for each Lambda function.
B. Define a AWS Step Functions task for each workflow.
C. Write code that polls the AWS Step Functions invocation to coordinate each workflow.
D. Define an AWS Step Functions state machine for each workflow.
E. Define an AWS Step Functions state machine for each Lambda function.


Answer: A. D.
Notes: Step Functions is based on state machines and tasks. A state machine is a workflow. Tasks perform work by coordinating with other AWS services, such as Lambda. A state machine is a workflow. It can be used to express a workflow as a number of states, their relationships, and their input and output. You can coordinate individual tasks with Step Functions by expressing your workflow as a finite state machine, written in the Amazon States Language.
Reference: Getting Started with AWS Step Functions.

Category: Development

Q83: A company is migrating a web service to the AWS Cloud. The web service accepts requests by using HTTP (port 80). The company wants to use an AWS Lambda function to process HTTP requests. Which application design will satisfy these requirements?
A. Create an Amazon API Gateway API. Configure proxy integration with the Lambda function.
B. Create an Amazon API Gateway API. Configure non-proxy integration with the Lambda function.
C. Configure the Lambda function to listen to inbound network connections on port 80.
D. Configure the Lambda function as a target in the Application Load Balancer target group.


Answer: D.
Notes: Elastic Load Balancing supports Lambda functions as a target for an Application Load Balancer. You can use load balancer rules to route HTTP requests to a function, based on the path or the header values. Then, process the request and return an HTTP response from your Lambda function.
Reference: Using AWS Lambda with an Application Load Balancer.
Category: Development

Q84: A company is developing an image processing application. When an image is uploaded to an Amazon S3 bucket, a number of independent and separate services must be invoked to process the image. The services do not have to be available immediately, but they must process every image. Which application design satisfies these requirements?
A. Configure an Amazon S3 event notification that publishes to an Amazon Simple Queue Service (Amazon SQS) queue. Each service pulls the message from the same queue.
B. Configure an Amazon S3 event notification that publishes to an Amazon Simple Notification Service (Amazon SNS) topic. Each service subscribes to the same topic.
C. Configure an Amazon S3 event notification that publishes to an Amazon Simple Queue Service (Amazon SQS) queue. Subscribe a separate Amazon Simple Notification Service (Amazon SNS) topic for each service to an Amazon SQS queue.
D. Configure an Amazon S3 event notification that publishes to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe a separate Simple Queue Service (Amazon SQS) queue for each service to the Amazon SNS topic.


Answer: D.
Notes: Each service can subscribe to an individual Amazon SQS queue, which receives an event notification from the Amazon SNS topic. This is a fanout architectural implementation.
Reference: Common Amazon SNS scenarios.
Category: Development

Q85: A developer wants to implement Amazon EC2 Auto Scaling for a Multi-AZ web application. However, the developer is concerned that user sessions will be lost during scale-in events. How can the developer store the session state and share it across the EC2 instances?
A. Write the sessions to an Amazon Kinesis data stream. Configure the application to poll the stream.
B. Publish the sessions to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe each instance in the group to the topic.
C. Store the sessions in an Amazon ElastiCache for Memcached cluster. Configure the application to use the Memcached API.
D. Write the sessions to an Amazon Elastic Block Store (Amazon EBS) volume. Mount the volume to each instance in the group.


Answer: C.
Notes: ElastiCache for Memcached is a distributed in-memory data store or cache environment in the cloud. It will meet the developer’s requirement of persistent storage and is fast to access.
Reference: What is Amazon ElastiCache for Memcached?

Category: Development

 
 
 

Q86: A developer is integrating a legacy web application that runs on a fleet of Amazon EC2 instances with an Amazon DynamoDB table. There is no AWS SDK for the programming language that was used to implement the web application. Which combination of steps should the developer perform to make an API call to Amazon DynamoDB from the instances? (Select TWO.)
A. Make an HTTPS POST request to the DynamoDB API endpoint for the AWS Region. In the request body, include an XML document that contains the request attributes.
B. Make an HTTPS POST request to the DynamoDB API endpoint for the AWS Region. In the request body, include a JSON document that contains the request attributes.
C. Sign the requests by using AWS access keys and Signature Version 4.
D. Use an EC2 SSH key to calculate Signature Version 4 of the request.
E. Provide the signature value through the HTTP X-API-Key header.


Answer: B. C.
Notes: The HTTPS-based low-level AWS API for DynamoDB uses JSON as a wire protocol format. When you send HTTP requests to AWS, you sign the requests so that AWS can identify who sent them. Requests are signed with your AWS access key, which consists of an access key ID and secret access key. AWS supports two signature versions: Signature Version 4 and Signature Version 2. AWS recommends the use of Signature Version 4.
Reference: Signing AWS API requests.
Category: Development

Q87: A developer has written several custom applications that read and write to the same Amazon DynamoDB table. Each time the data in the DynamoDB table is modified, this change should be sent to an external API. Which combination of steps should the developer perform to accomplish this task? (Select TWO.)
A. Configure an AWS Lambda function to poll the stream and call the external API.
B. Configure an event in Amazon EventBridge (Amazon CloudWatch Events) that publishes the change to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) data stream.
C. Create a trigger in the DynamoDB table to publish the change to an Amazon Kinesis data stream.
D. Deliver the stream to an Amazon Simple Notification Service (Amazon SNS) topic and subscribe the API to the topic.
E. Enable DynamoDB Streams on the table.


Answer: A. E.
Notes: If you enable DynamoDB Streams on a table, you can associate the stream Amazon Resource Name (ARN) with an Lambda function that you write. Immediately after an item in the table is modified, a new record appears in the table’s stream. Lambda polls the stream and invokes your Lambda function synchronously when it detects new stream records. You can enable DynamoDB Streams on a table to create an event that invokes an AWS Lambda function.
Reference: Tutorial: Process New Items with DynamoDB Streams and Lambda.
Category: Monitoring

 
 
 

Q88: A company is migrating the create, read, update, and delete (CRUD) functionality of an existing Java web application to AWS Lambda. Which minimal code refactoring is necessary for the CRUD operations to run in the Lambda function?
A. Implement a Lambda handler function.
B. Import an AWS X-Ray package.
C. Rewrite the application code in Python.
D. Add a reference to the Lambda execution role.


Answer: A.
Notes: Every Lambda function needs a Lambda-specific handler. Specifics of authoring vary between runtimes, but all runtimes share a common programming model that defines the interface between your code and the runtime code. You tell the runtime which method to run by defining a handler in the function configuration. The runtime runs that method. Next, the runtime passes in objects to the handler that contain the invocation event and context, such as the function name and request ID.
Reference: Getting started with Lambda.
Category: Refactoring

Top

Q89: A company plans to use AWS log monitoring services to monitor an application that runs on premises. Currently, the application runs on a recent version of Ubuntu Server and outputs the logs to a local file. Which combination of steps should a developer perform to accomplish this goal? (Select TWO.)
A. Update the application code to include calls to the agent API for log collection.
B. Install the Amazon Elastic Container Service (Amazon ECS) container agent on the server.
C. Install the unified Amazon CloudWatch agent on the server.
D. Configure the long-term AWS credentials on the server to enable log collection by the agent.
E. Attach an IAM role to the server to enable log collection by the agent.


Answer: C. D.
Notes: The unified CloudWatch agent needs to be installed on the server. Ubuntu Server 18.04 is one of the many supported operating systems. When you install the unified CloudWatch agent on an on-premises server, you will specify a named profile that contains the credentials of the IAM user.
Reference: Collecting metrics and logs from Amazon EC2 instances and on-premises servers with the CloudWatch agent.
Category: Monitoring

Q90: A developer wants to monitor invocations of an AWS Lambda function by using Amazon CloudWatch Logs. The developer added a number of print statements to the function code that write the logging information to the stdout stream. After running the function, the developer does not see any log data being generated. Why does the log data NOT appear in the CloudWatch logs?
A. The log data is not written to the stderr stream.
B. Lambda function logging is not automatically enabled.
C. The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.
D. The Lambda function outputs the logs to an Amazon S3 bucket.


Answer: C.
Notes: The function needs permission to call CloudWatch Logs. Update the execution role to grant the permission. You can use the managed policy of AWSLambdaBasicExecutionRole.
Reference: Troubleshoot execution issues in Lambda.
Category: Monitoting

Q91: Which of the following are best practices you should implement into ongoing deployments of your application? (Select THREE.)

A. Use stage variables to manage secrets across environments
B. Create account-specific AWS SAM templates for each environment
C. Use an AutoPublish alias
D. Use traffic shifting with pre- and post-deployment hooks
E. Test throughout the pipeline


Answer: C. D. E.
Notes: Use an AutoPublish alias, Use traffic shifting with pre- and post-deployment hooks, Test throughout the pipeline
Reference: https://enoumen.com/2019/06/23/aws-solution-architect-associate-exam-prep-facts-and-summaries-questions-and-answers-dump/

Q92: You are handing off maintenance of your new serverless application to an incoming team lead. Which recommendations would you make? (Select THREE.)

A. Keep up to date with the quotas and payload sizes for each AWS service you are using

B. Analyze production access patterns to identify potential improvements

C. Design your services to extend their life as long as possible

D. Minimize changes to your production application

E. Compare the value of using the latest first-class integrations versus using Lambda between AWS services


Answer: A. B. D.

Notes: Keep up to date with the quotas and payload sizes for each AWS service you are using, 
Reference: https://enoumen.com/2019/06/23/aws-solution-architect-associate-exam-prep-facts-and-summaries-questions-and-answers-dump/

Q93: You are handing off maintenance of your new serverless application to an incoming team lead. Which recommendations would you make? (Select THREE.)

A. Keep up to date with the quotas and payload sizes for each AWS service you are using

B. Analyze production access patterns to identify potential improvements

C. Design your services to extend their life as long as possible

D. Minimize changes to your production application

E. Compare the value of using the latest first-class integrations versus using Lambda between AWS services


Answer: A. B. D.
Notes: Keep up to date with the quotas and payload sizes for each AWS service you are using. Analyze production access patterns to identify potential improvements. Minimize changes to your production application

Reference: https://enoumen.com/2019/06/23/aws-solution-architect-associate-exam-prep-facts-and-summaries-questions-and-answers-dump/

Q94: Your application needs to connect to an Amazon RDS instance on the backend. What is the best recommendation to the developer whose function must read from and write to the Amazon RDS instance?

A. Initialize the number of connections you want outside of the handler

B. Use the database TTL setting to clean up connections

C. Use reserved concurrency to limit the number of concurrent functions that would try to write to the database

D. Use the database proxy feature to provide connection pooling for the functions


Answer: D.
Notes: Use the database proxy feature to provide connection pooling for the functions

Reference: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/automating-updates-to-serverless-apps.html

 

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

Question 95: A developer reports that a third-party library they need cannot be shared in the Lambda invocation environment. Which suggestion would you make?

A. Decrease the deployment package size

B. Set a provisioned concurrency of one so that the library doesn’t need to be shared across environments

C. Use reserved concurrency for the function that needs to use the library

D. Load the third-party library onto an Amazon EFS volume


Answer: D
Notes: Load the third-party library onto an Amazon EFS volume

Reference: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/automating-updates-to-serverless-apps.html

AWS Certified Developer Associate exam: Whitepapers

AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers for the AWS Certified Developer – Associate Exam.

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Online Training and Labs for AWS Certified Developer Associates Exam

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Top

AWS Developer Associates Jobs

Top

AWS Certified Developer-Associate Exam info and details, How To:

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

The AWS Certified Developer Associate exam is a multiple choice, multiple answer exam. Here is the Exam Overview:

  • Certification Name: AWS Certified Developer Associate.
  • Prerequisites for the Exam: None.
  • Exam Pattern: Multiple Choice Questions
  • The AWS Certified Developer-Associate Examination (DVA-C01) is a pass or fail exam. The examination is scored against a minimum standard established by AWS professionals guided by certification industry best practices and guidelines.
  • Your results for the examination are reported as a score from 100 – 1000, with a minimum passing score of 720.
  • Exam fees: US $150
  • Exam Guide on AWS Website
  • Available languages for tests: English, Japanese, Korean, Simplified Chinese
  • Read AWS whitepapers
  • Register for certification account here.
  • Prepare for Certification Here

  • Exam Content Outline

    Domain % of Examination
    Domain 1: Deployment (22%)
    1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
    1.2 Deploy applications using Elastic Beanstalk.
    1.3 Prepare the application deployment package to be deployed to AWS.
    1.4 Deploy serverless applications    		 22%
    Domain 2: Security (26%)
    2.1 Make authenticated calls to AWS services.
    2.2 Implement encryption using AWS services.
    2.3 Implement application authentication and authorization.    		 26%
    Domain 3: Development with AWS Services (30%)
    3.1 Write code for serverless applications.
    3.2 Translate functional requirements into application design.
    3.3 Implement application design into application code.
    3.4 Write code that interacts with AWS services by using APIs, SDKs, and AWS CLI.    		 30%
    Domain 4: Refactoring
    4.1 Optimize application to best use AWS services and features.
    4.2 Migrate existing application code to run on AWS.    		 10%
    Domain 5: Monitoring and Troubleshooting (10%)
    5.1 Write code that can be monitored.
    5.2 Perform root cause analysis on faults found in testing or production.    		 10%
    TOTAL 100%

Top

AWS Certified Developer Associate exam: Additional Information for reference

Below are some useful reference links that would help you to learn about AWS Certified Developer Associate Exam.

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Other Relevant and Recommended AWS Certifications

AWS Certification Exams Roadmap
AWS Certification Exams Roadmap

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

Top

Other AWS Facts and Summaries and Questions/Answers Dump

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

AWS Certified Developer Associate exam: Whitepapers

AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers for the AWS Certified Developer – Associate Exam.

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Online Training and Labs for AWS Certified Developer Associates Exam

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Top

AWS Developer Associates Jobs

Top

AWS Certified Developer-Associate Exam info and details, How To:

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

The AWS Certified Developer Associate exam is a multiple choice, multiple answer exam. Here is the Exam Overview:

  • Certification Name: AWS Certified Developer Associate.
  • Prerequisites for the Exam: None.
  • Exam Pattern: Multiple Choice Questions
  • The AWS Certified Developer-Associate Examination (DVA-C01) is a pass or fail exam. The examination is scored against a minimum standard established by AWS professionals guided by certification industry best practices and guidelines.
  • Your results for the examination are reported as a score from 100 – 1000, with a minimum passing score of 720.
  • Exam fees: US $150
  • Exam Guide on AWS Website
  • Available languages for tests: English, Japanese, Korean, Simplified Chinese
  • Read AWS whitepapers
  • Register for certification account here.
  • Prepare for Certification Here

  • Exam Content Outline

    Domain % of Examination
    Domain 1: Deployment (22%)
    1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
    1.2 Deploy applications using Elastic Beanstalk.
    1.3 Prepare the application deployment package to be deployed to AWS.
    1.4 Deploy serverless applications    		 22%
    Domain 2: Security (26%)
    2.1 Make authenticated calls to AWS services.
    2.2 Implement encryption using AWS services.
    2.3 Implement application authentication and authorization.    		 26%
    Domain 3: Development with AWS Services (30%)
    3.1 Write code for serverless applications.
    3.2 Translate functional requirements into application design.
    3.3 Implement application design into application code.
    3.4 Write code that interacts with AWS services by using APIs, SDKs, and AWS CLI.    		 30%
    Domain 4: Refactoring
    4.1 Optimize application to best use AWS services and features.
    4.2 Migrate existing application code to run on AWS.    		 10%
    Domain 5: Monitoring and Troubleshooting (10%)
    5.1 Write code that can be monitored.
    5.2 Perform root cause analysis on faults found in testing or production.    		 10%
    TOTAL 100%

Top

Load balancing EC2 Instances in an Autoscaling Group By Neal Davis

 

In this AWS tutorial, we are going to discuss how we can make the best use of AWS services to build a highly scalable, and fault tolerant configuration of EC2 instances. The use of Load Balancers and Auto Scaling Groups falls under a number of best practices in AWS, including Performance Efficiency, Reliability and high availability.

Before we dive into this hands-on tutorial on how exactly we can build this solution, let’s have a brief recap on what an Auto Scaling group is, and what a Load balancer is.

Autoscaling group (ASG)

An Autoscaling group (ASG) is a logical grouping of instances which can scale up and scale down depending on pre-configured settings. By setting Scaling policies of your ASG, you can choose how many EC2 instances are launched and terminated based on your application’s load. You can do this based on manual, dynamic, scheduled or predictive scaling.

Elastic Load Balancer (ELB)

An Elastic Load Balancer (ELB) is a name describing a number of services within AWS designed to distribute traffic across multiple EC2 instances in order to provide enhanced scalability, availability, security and more. The particular type of Load Balancer we will be using today is an Application Load Balancer (ALB). The ALB is a Layer 7 Load Balancer designed to distribute HTTP/HTTPS traffic across multiple nodes – with added features such as TLS termination, Sticky Sessions and Complex routing configurations.

Getting Started

First of all, we open our AWS management console and head to the EC2 management console.

We scroll down on the left-hand side and select ‘Launch Templates’. A Launch Template is a configuration template which defines the settings for EC2 instances launched by the ASG.

Under Launch Templates, we will select “Create launch template”.

We specify the name ‘MyTestTemplate’ and use the same text in the description.

Under the ‘Auto Scaling guidance’ box, tick the box which says ‘Provide guidance to help me set up a template that I can use with EC2 Auto Scaling’ and scroll down to launch template contents.

When it comes to choosing our AMI (Amazon Machine Image) we can choose the Amazon Linux 2 under ‘Quick Start’.

The Amazon Linux 2 AMI is free tier eligible, and easy to use for our demonstration purposes.

Next, we select the ‘t2.micro’ under instance types, as this is also free tier eligible.

Under Network Settings, we create a new Security Group called ExampleSG in our default VPC, allowing HTTP access to everyone. It should look like this.

AWS Certified Developer Associate exam: Additional Information for reference

Below are some useful reference links that would help you to learn about AWS Certified Developer Associate Exam.

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Other Relevant and Recommended AWS Certifications

AWS Certification Exams Roadmap
AWS Certification Exams Roadmap

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

Top

Other AWS Facts and Summaries and Questions/Answers Dump

AWS Developer Associate DVA-C01 Exam Prep

 
 
 

AWS Certifications Breaking News and Top Stories

  • Having a hard time following documentation for deploying inferencing endpoints
    by /u/maxiedaniels

    I’ve been playing around with lambda, sagemaker, (badly) attempting to try Inferentia2, but I keep hitting major roadblocks. I feel like the official docs and tutorials make a lot of jumps and don’t explain things, and as someone who hasn’t explored this world of development much, it’s overwhelming. Does anybody have any guides they like online that go through examples up these services, maybe a YouTube series, etc? Looking for examples that show the entire process of setting up things on AWS. submitted by /u/maxiedaniels [link] [comments]

  • aws re:play // open it to the general public again please
    by /u/steuned

    i enjoyed Intersect Festival in 2019, and was entirely looking forward to 2020 (needless to say, that didn't end up happening) but it is a damn shame that 2022 has returned to being reserved for re:invent attendees only submitted by /u/steuned [link] [comments]

  • How do you signout of all sessions in the console?
    by /u/Bearmop

    My client account got hacked. I have immediately changed password and added 2FA, but I am worry the hacker is still logged into the GUI console. Is there anyway to invalidate all active sessions? submitted by /u/Bearmop [link] [comments]

  • Securing Your Connection with Site-to-Site VPN on AWS
    by /u/adbertram

    Hey guys, Goodness Chris-Ugari just wrote a new blog post you may enjoy on the ATA blog. "Securing Your Connection with Site-to-Site VPN on AWS" Summary: Make sure that you stay secure with a site-to-site VPN on AWS and share resources securely between networks in this ATA Learning tutorial! https://adamtheautomator.com/site-to-site-vpn-on-aws/ submitted by /u/adbertram [link] [comments]

  • CloudFront CDN Domain Integration Query
    by /u/vInfuze

    Hey brains trust, just trying to implement CloudFront *correctly* for an externally hosted site - lets call this cdn.com. Current environment: DNS - Route53 CloudFront distribution pointing to -> cdn.com (with an AWS SSL attached in the deployment) Website Hosting - outside of AWS ​ Have now set up distribution as above and going to cdn.cloudfront.net will successfully redirect to cdn.com. I am now trying to have the CDN route directly via cdn.com not via the cloudfront URL. ​ With this said, my first thought would be to update the A record(s) to point to cdn.cloudfront.net but then the cloudfront deployment which already points to cdn.com will find itself NOT the IP of the host server that is currently the A record. ​ Am I missing something here? Or is this not a valid use case of CloudFront? (given the actual site/content is not an S3 bucket). An idea would be to have the website redirect you when you go to cdn.com back to -> cdn.cloudfront.net which would then redirect you to cdn.com ??? ​ Any ideas appreciated, thank you. submitted by /u/vInfuze [link] [comments]

  • NLB Target groups
    by /u/supr91

    Can you explain this to me in simple terms? Request Routing and IP Addresses in a NLB: If you specify targets using an instance ID, traffic is routed to instances using the primary private IP address specified in the primary network interface for the instance. The load balancer rewrites the destination IP address from the data packet before forwarding it to the target instance. If you specify targets using IP addresses, you can route traffic to an instance using any private IP address from one or more network interfaces. This enables multiple applications on an instance to use the same port. Note that each network interface can have its security group. The load balancer rewrites the destination IP address before forwarding it to the target. Should I expect such questions in the AWS SAA-C03 exam? submitted by /u/supr91 [link] [comments]

  • Why doesn't RDS allow you to set a value to DBName for SQL Server?
    by /u/manlymatt83

    For all other types -- MySQL, MariaDB, Postgres -- you can set the parameter DBName to a value, and this database will exist when the host comes online. For SQL Server, you have to create the database manually with a CREATE DATABASE. Just curious why this is. Is this just something they never implemented or is there something specific with SQL Server & RDS that makes this a sane choice? submitted by /u/manlymatt83 [link] [comments]

  • Error transitioning from "Ok" to "Warning" in AWS Elastic Beanstalk when instances scale
    by /u/kisinad

    Why does my AWS Elastic Beanstalk environment transition from "Ok" to "Warning" when I have multiple instances running, but not when there is only one instance? I received the following error message: "Environment health has transitioned from Ok to Warning. Application update completed 21 seconds ago and took 18 seconds. 1 out of 1 instances are impacted. See instance health for details." Anyone experienced this kind of behavior? submitted by /u/kisinad [link] [comments]

  • Was my SES (or AWS account) just hacked?
    by /u/Kitten-Smuggler

    I'm a bit of a full stack development newb, but over the last few months I've been learning while building a little B2B site. I took the last few weeks off from this project and today received an email about my SES account being under review with 6K emails sent in 24-hours with a high bounce rate. At most I've sent about 30 SES emails, and all have been to my personal accounts for testing purposes. I quickly destroyed my old API access key (which had full permissions for the sake of making development easy - whoops) and created a new one, and also locked down my website so that nobody can access it without an admin username and password. I made sure to not have my .env file uploaded to Github (its not - and the repo is private anyway) and I also made sure to only use the key as environment variables in both the frontend (Amplify) and the backend (Beanstalk). I'm still at a bit of a loss for how this happened, and am not 100% certain it was my API key that leaked, but looking at the logs it does seem that the 'AdministratorAccess' permission for this API key user account was accessed recently, specifically pointing to SES. So I guess my questions here are: What can I do to better track down the root cause and avoid this in the future? Has anyone else ever experienced an SES hijack like this? It appears that the sender was targeting french email addresses with what I presume are fake Amazon bills. How did the hacker now to target SES specifically? submitted by /u/Kitten-Smuggler [link] [comments]

  • SAP-C02 Trying to understand SCPs
    by /u/titan1978

    Background So for some reason I'm really having a hard time with Service Conrtol Policies. For a very small reason - most of the tutors start with explaining that the ROOT always gets FullAWSAccess -> Which apparently you cannot remove (?). I tried creating an AWS Organization in my personal and could verify this. Which means all child OUs and Accounts would inherit FullAWSAccess. They then go on to explain two strategies : BlockList and AllowList BlockList They try to explain with this example by indicating everything is allowed EXCEPT dynamodb! { "Statement": [ { "Sid": "AllowAllActions", "Effect: "Allow", "Action": "*", "Resource": "*" }, { "Sid": "DenyDynamoDB", "Effect: "Deny", "Action": "dynamodb:*", "Resource": "*" } ] } Question: Why would you need to provide the first Allow block if you already have inherited the FullAWSAccess ​ AllowList They try to explain with this example indicating ONLY ec2 is allowed and nothing else! { "Statement": [ { "Sid": "AllowAllActions", "Effect: "Allow", "Action": "ec2:*", "Resource": "*" } ] } Question: On the same lines as the previous question - is my assumption here correct that since EVERY child inherits the FullAWSAccess that this SCP works to limit EC2 only because of the intersection set of FullAWSAccess and this SCP? submitted by /u/titan1978 [link] [comments]

  • Should i do SysOps cert
    by /u/CompetitiveJudge4761

    I already have dev associate cert, i was wondering what kind of person should go for sys ops certification. Im interested in Devops. submitted by /u/CompetitiveJudge4761 [link] [comments]

  • NLB Target groups
    by /u/supr91

    Can you explain this to me in simple terms? Request Routing and IP Addresses in a NLB: If you specify targets using an instance ID, traffic is routed to instances using the primary private IP address specified in the primary network interface for the instance. The load balancer rewrites the destination IP address from the data packet before forwarding it to the target instance. If you specify targets using IP addresses, you can route traffic to an instance using any private IP address from one or more network interfaces. This enables multiple applications on an instance to use the same port. Note that each network interface can have its security group. The load balancer rewrites the destination IP address before forwarding it to the target. submitted by /u/supr91 [link] [comments]

  • Can I train my own model to improve the accuracy of AWS rekognition's text detection?
    by /u/YiMuInNZ

    Hi all, I am using AWS rekognition to detect text(number) in images. But the result is a bit low accurate. Can I train it and improve its accuracy? submitted by /u/YiMuInNZ [link] [comments]

  • How to manage Sagemaker inference endpoint dependencies
    by /u/seicaratteri

    Hello there! I am creating a pytorch realtime inference endpoint using sagemaker. My folder structure is as following: endpoint |_code |_inference.py |_requirements.txt |_model.pt I am using a base docker image provided by AWS (----.dkr.ecr.us-east-1.amazonaws.com/pytorch-inference:1.8.1-gpu-py36) which includes the pytorch version I need. The problem is, the python version is 3.6, and I would need it to be 3.8 because when I add other dependencies in the requirements.txtfile, for example the imageiolibrary, the endpoint fails to launch because the library doesn't work with a python version below 3.8. What is the best practice in this case for managing complex dependencies, where I need a custom python version, coupled with specific libraries versions? Should I create another docker image that has the libraries I need and the python version I require? If so, can I extend the base image to install python3.8, eg: ``` FROM ----.dkr.ecr.us-east-1.amazonaws.com/pytorch-inference:1.8.1-gpu-py36 RUN apt-get update && \ apt-get install -y software-properties-common && \ add-apt-repository -y ppa:deadsnakes/ppa && \ apt-get update && \ apt install -y python3.8 ``` If I would then push this image to ECR and use it for inference, would it run torchserve and spin up everything needed for inference? Or do I have to add these commands to the dockerfile myself? I'm a bit confused on how to manages this and would really appreciate some guidance! Thank you so much! submitted by /u/seicaratteri [link] [comments]

  • Oracle SQL Developer Web
    by /u/bubbahewitt

    Have a team requesting local Orcale SQL Developer client installs to connect to a remote database. See that SQL Dev Web is an option. Anyone using this? Would it replace the need for local installs? Can I SSO this bad boy? submitted by /u/bubbahewitt [link] [comments]

  • Redefining Cloud Architecture: The Lambda vs. Fargate Debate in Asynchronous Processing and API Services
    by /u/WentBackInTime

    Hi everybody, Today, I had a rather lengthy and annoying discussion with our certified AWS cloud architect about designing our architecture, and I need to vent about it. Right now, we are running different services consisting of Lambdas processing asynchronous events by being subscribed to the Event Bus (EventBridge) and Lambdas being connected to a REST gateway. Our "microservices" communicate with each other using REST and IAM authentication. We also have one "orchestrator" publishing our API to the public, secured with Cognito. Overall, our serverless platform works okay, but it is rather slow. Triggering multiple Lambdas to load data can be slow for the customer, especially because our application has a rather low and predictable load on our API Lambdas. Therefore, we have a lot of cold starts. It is still acceptable because our services are designed well, so they mostly work independently. On the other hand, using Lambdas for asynchronous processing has been really great and fits perfectly for our spikes (only asynchronous!). With new requirements, we are in the process of redesigning a lot of core parts. From the development side, we want to keep using Lambdas for our asynchronous processes but replace our API parts with gRPC services running on Fargate. We enjoy the API-first principle, the code generation, and overall the more efficient communication between services. Also, we plan to use gRPC directly with our new native apps, which seems like a perfect use case for gRPC. Today, our AWS architect pointed out that using containers is rather old-fashioned and we should stay away from Fargate since Lambda is the standard and is doing everything perfectly. But I feel like for our use case, it is not the correct tool, at least for the API parts. It does not really support HTTP 2.0 and service-to-service communication feels rather awkward. What do you guys think? I would like to hear some opinions. Thanks submitted by /u/WentBackInTime [link] [comments]

  • Open source IAM-as-code through IAMbic
    by /u/Securiy

    Hello everyone! We are working on an open-source IAM-as-code solution called IAMbic, and recently added AWS Service Control Policy support (AWS guardrails, typically used for compliance). IAMbic represents your IAM in Git as YAML Files (called iambic templates). An example repository of templates managed by IAMbic is here. The goal is that you can download IAMbic, and go from your cloud to code in ~10 minutes without needing to write any code. Any changes you make (via clicking in the cloud console, running `terraform apply`, etc) are captured by IAMbic and updated in Git, so you have a running Git history of all IAM changes over time, and Git is an eventually consistent, reliable source of truth for permissions. IAMbic templates are bi-directional, so when you want to start managing identities in IAMbic (like cookie-cutter engineering IAM roles or AWS SSO permission sets), You go through a GitOps workflow, get approval, and instruct IAMbic to apply the changes. We have some examples in our IAMOps Philosophy docs. If you want resources to be solely managed by IAMbic, you can instruct IAMbic to prevent drift on these resources. You can also declaratively define temporary access or permissions in the format (Like: "I want userA to have access to the Salesforce app in Okta for 12 hours" or "I want to have S3 permissions to BucketA on the engineering role on the prod AWS account until DATE"). We're really looking for feedback because we want this to be a compelling solution. What are your thoughts? How can we make this better? submitted by /u/Securiy [link] [comments]

  • IAM user with double ARNS?
    by /u/awstroubler

    ​ See attached Funny thing today, an EKS Cluster not accessible. Somehow, the map users was pointing to a regular arn `arn:aws:iam::ACCOUNT_ID:user/USERNAME` as it should be It broke. Checked everything, then we noticed the "IAM USER" says (regular iam user, no federation) "Arn": "arn:aws:iam::XXXX:user/arn:aws:iam::XXXX:user/username" what is going on? in theory you can't create an user with double ARN. But here it is? In addition to that, exporting `VDZH` credentials returns `RIFO,` we tested multiple ccomputers and the cloudshell itself, so no ~/.aws are in between tests Anything I am missing? ​ https://preview.redd.it/y9fjaae7n23b1.png?width=1340&format=png&auto=webp&s=3defe6d068def1d43eb1b77b3cda81502d6c19bb https://preview.redd.it/w6kuhce7n23b1.png?width=918&format=png&auto=webp&s=a8be0798c09bd0e4c442e2b449f0b2f7d9155b2f https://preview.redd.it/axwywve7n23b1.png?width=1466&format=png&auto=webp&s=6a6a5b1439c2279dbd3cc3327311302ef42d96cc submitted by /u/awstroubler [link] [comments]

  • Best SSO for AWS??
    by /u/AtlAWSConsultant

    Guys, I'm tasked with unifying all my clients AWS accounts into something coherent and using SSO. They use Auth0 for authentication with their web app. But they use Google Apps internally. What approach should I take? I've used JumpCloud at a couple stops, but I've never been the one to set it up. What's the easiest path? Does that path also overlap with most secure? Thank you in advance. submitted by /u/AtlAWSConsultant [link] [comments]

  • Yet another R53 hosted zones question, plus domain registration question
    by /u/TheLightingGuy

    Looking at moving our domains away from Network Solutions and likely Godaddy in the future. right now in both, our domains are pointing at AWS Route53 nameservers. My question is, when we transfer our domains to R53, once they transfer, do we need to do anything else? I couldn't find anything about if we have preexisting hosted zones, although my google-fu is lacking today. Also, Does anyone have any reliability experience as far as AWS domain registration goes? Not only does Network Solutions drive me up a wall with their support because there's things I just can't access without their support, I also can't justify the price increase of now $45/yr, according to the email I got a few hours ago, for each of our domains. submitted by /u/TheLightingGuy [link] [comments]

  • Why is the AWS CLI finding EC2 instances that no longer exist?
    by /u/LemonAncient1950

    Here's the specific snippet: aws resourcegroupstaggingapi get-resources \ --tag-filters \ Key=app,Values=$app_name \ Key=env,Values=$env \ Key=isBastion,Values=true \ --resource-type-filters ec2:instance \ --query 'ResourceTagMappingList[].ResourceARN' \ --output text It currently returns 2 ARNs, but when I open the AWS console and check EC2 instance list, there's only 1 instance with the specified tags. For a little more context, both instance ARNs correspond to a single AWS CDK BastionHostLinux resource. I deployed it once and then changed the logical id and deployed it again. My intention was to delete and re-create the instance because I updated the user data. This worked as expected except the old instance is still showing up when I try to find the new instance. I've tried clearing the AWS CLI cache, but ~/.aws/cli/cache doesn't exist which makes me think it's not a caching issue. Any help understanding what's going on here is much appreciated. I can get around this issue by changing the query to ResourceTagMappingList[-1].ResourceARN, but I'd prefer to find the root cause. Thanks! submitted by /u/LemonAncient1950 [link] [comments]

  • AWS CCP or CSA-Associate
    by /u/Arath0nGam3rz

    I am Azure certified (AZ-900, AZ-204, SC-900). Regarding AWS, I am also familiar with AWS concepts and have completed the Labs + Cloud Quest. I have a question between CCP (Cloud Certified Practitioner) & CSA (Solution Architect - Associate). Is it worth investing to clear CCP or should I practice more and appear for CSA-ASSOCIATE ? submitted by /u/Arath0nGam3rz [link] [comments]

  • Using a dedicated account for Savings Plan purchases?
    by /u/ThrowRAsincethen

    Hi All- my organization is going through account clean up and as a result, we are creating a brand new Organization. Here is the scenario: Organization A is current org. It contains a management account that was not built to best practices and has various environments commingled together (test, dev, prod, etc) within the account. The end goal is to split these environments in to their own individual accounts in new Organization B. Org A management account has a savings plan that will expire in a month. We do not want to have a gap in savings plan coverage. If we created a dedicated account in Org A for solely savings plan purchase and coverage, once we are ready and all workloads moved to their new accounts in Org B, could we then move this account with the Savings plan also to Org B? I’m assuming as long as savings plans sharing is enabled we should not have any gaps? submitted by /u/ThrowRAsincethen [link] [comments]

  • Passed DVA-C02 Test
    by /u/730salt

    I passed the DVA-C02 test! Thanks to this community for guiding me to the right study resources, and a special shoutout to u/TheNaturalZA for personally recommending the TD practice tests to me. I was inspired to take the test after reading "The Chaos Machine" by Max Fisher. The book explores the history of centralized social media platforms and their impact on society in general. One paragraph around the middle of the book highlights the importance of cloud computing, particularly AWS, in providing tech companies with a uniquely low barrier to entry compared to other industries. This motivated me to become more proficient in cloud computing platforms, as it aligns with a major economic force rather than being just a passing trend in my field. This was my approach: I have been a professional software engineer for almost 4 years, with about 10 years of coding experience. However, my hands-on experience with AWS is limited to working with Secrets Manager on a single project for a week. To prepare, I watched Maarek's DVA-C02 course and took handwritten notes, which took me nearly 2 months to complete. With only a week left before the test, I took the practice test included in the course, but it turned out to be outdated. So for further study, I purchased TD's practice tests and created index cards based on questions and solutions that I was unfamiliar with or that frequently appeared. I took the first 4 tests in Review Mode to understand the solutions and create index cards. Creating index cards solely based on lecture notes was challenging, as the material didn't accurately reflect the distribution of question types. A practice exam that closely matched the current test format proved to be more effective in identifying specific topics and creating corresponding index cards. Thanks again to this community for all the help! submitted by /u/730salt [link] [comments]

  • Looking for advise
    by /u/Corndogdragon1000

    Hello, looking to get into entry-level IT and leaning more towards working with cloud I’m currently doing my CompTia a+ as I heard that’s a good place to start getting as a first certificate. If I were to do cloud certificates what would a general path be and how difficult is it to land a job with 0 IT experience? Also should I continue the path for comptia Net+ and Sec+ or can I branch off to cloud right after a+? submitted by /u/Corndogdragon1000 [link] [comments]

  • Finding cloudtrail data when I think the problem is VPC S3 endpoint gateway policy?
    by /u/dghah

    My EC2 image builder pipeline is failing at step #1 because the script can't download the TOE bootstrap script from an AWS owned S3 bucket URI The URL that is fetched is this: https://ec2imagebuilder-toe-eu-central-1-prod.s3.eu-central-1.amazonaws.com/bootstrap_scripts/bootstrap.sh The response is pretty blunt: <Error><Code>AccessDenied</Code><Message>Access Denied</Message> This VPC had an S3 endpoint with a policy that blocked access to non Org owned S3 buckets which I learned the hard way when CloudFormation waitcondition signals failed because the wait signal is sent via an AWS owned S3 bucket So with that in mind after seeing this access denied error I had the ops team update the S3 endpoint policy so now it looks like this: { "Sid": "EnableNonOrgOwnedBucketAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::ec2imagebuilder-toe-eu-central-1-prod/", "arn:aws:s3:::cloudformation-waitcondition-eu-central-1/" ] } But even with that change I'm still getting access denied when curl tries to fetch https://ec2imagebuilder-toe-eu-central-1-prod.s3.eu-central 1.amazonaws.com/bootstrap_scripts/bootstrap.sh when inside Ec2 image builder pipeline ​ My issue is I can't find "proof" that the S3 endpoint policy is the root cause here. I've tried searching CloudTrails for event sources coming from VPCEndpoints, VPCEndpointService, S3 etc etc. and can't find any proof of my access Any tips or tricks on debugging errors that are not coming from IAM but from things like a VPC endpoint policy? The only thing I can think of is that my ARN is missing the "/*" wildcard that you normally see in IAM s3 policies. But I'd like to have "proof" before I ask the ops folk to update the policy again submitted by /u/dghah [link] [comments]

  • Build a CI/CD Pipeline for a Lambda-based Application
    by /u/labouardy

    submitted by /u/labouardy [link] [comments]

  • Passed SAA-C03 on first attempt
    by /u/TheHeretik66

    Hello everyone, So I passed the test today and got it from the first attempt. I am a solution architect but only started using cloud technology during the last year. I have almost 14 years of experience, initially as a backend developer but later as a software/solution architect. I want to point out some facts: - A cloud guru is not outdated - Maareks course is over stretched and goes beyond the scope of the exam - did a couple a tutorial dojo practice exams and they were both similar to the real exam and to ACG practice exams. Just make sure you actually understand services by themselves and then how they fit together, and how best to combine them for the optimal solution. And when I say optimal solution, I mean paying attention to the real goal of the architecture, is it cost optimization? Or performance? Pay attention to keywords. That’s about it, good luck everyone. submitted by /u/TheHeretik66 [link] [comments]

  • So if you get multiple certifications do you let your boss know after each one.
    by /u/HeyHeyMyRotten

    So If you pass say the Associate Architect and then a couple of months later you pass a Professional or Specialty exam do you let your boss know you passed another one. submitted by /u/HeyHeyMyRotten [link] [comments]

  • Earn a 50% discount code toward your AWS Certified Solutions Architect - Associate exam
    by /u/InformalCoach

    AWS Certified Solutions Architect - Associate (amazon.com) submitted by /u/InformalCoach [link] [comments]

  • ECS cannot mount EFS
    by /u/surpyc

    I am create one ECS Service and try to mount EFS but i get this error I allow everything from SG EFS and ECS outgoing. ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-xxxxx.efs.us-xxx.amazonaws.com" - check that your file system ID is correct, and ensure that the VPC has an EFS mount target for this file system ID. See https://docs.aws.amazon.com/console/efs/mount-dns-name for more detail. Attempting to lookup mount target ip address using botocore. Failed to import necessary dependency botocore, please install botocore first. : unsuccessful EFS utils command execution; code: 1 ​ submitted by /u/surpyc [link] [comments]

  • Cloudfront and Google Domains
    by /u/maximeridius

    I am trying to set up my website with a custom domain registered with Google Domains. The site is deployed to a Lambda function which is the origin for a Cloudfront distribution as documented here https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html#concept_lambda_function_url. However, it's been 24 hours and I am still getting DNS_PROBE_FINISHED_NXDOMAIN when I visit try and navigate to www.mysite.com so I believe my set up is incorrect, also I have no experience doing this and limited understand. I was hoping somebody could have a look over my settings and tell me if they see anything wrong. I've used different 3 letter prefixes like abc to distinguish between the different strings while keeping them anonymised, the number of x's that follow isn't necessarily accurate. I have been issued a certificate from AWS Certificate Manager which has CNAME name _abcxxxxxxxxxxxxxxx.www.mysite.com. and CNAME value _defxxxxxxxxxxxxxxx.ghixxxxx.acm-validations.aws. My Cloudfront distrubtion has the following settings: Distribution domain name: jklxxxxxx.cloudfront.net Description: - Price class: Use all edge locations (best performance) Supported HTTP versions: HTTP/2, HTTP/1.1, HTTP/1.0 AWS WAF: CreatedByCloudFront-xxxxx-xxxx-xxxx-xxxxx-xxxxxxxx (WAFv2) Alternate domain names: - Custom SSL certificate: www.mysite.com (has little green tick next to it) Security policy: TLSv1.2_2021 Standard logging: Off Cookie logging: Off Default root object: - I have two My Google Domains DNS records, the first is: Host name: _abcxxxxxxxxxxxxxxx.www.mysite.com Type: CNAME TTL: 1 minute Data: _defxxxxxxxxxxxxxxx.ghixxxxx.acm-validations.aws. The second is: Host name: www.mysite.com Type: CNAME TTL: 1 minute Data: https://jklxxxxxx.cloudfront.net. submitted by /u/maximeridius [link] [comments]

  • MS SQL Server RDS, Backup / Restore disk space issue
    by /u/bithereumza

    Hi, I have a very wierd issue on SQL Server Standard 2019 RDS, we've taken a backup of our on-premises database, but when we try and restore the backup from S3, we get the following error: [2023-05-30 09:15:22.377] Aborted the task because of a task failure or a concurrent RESTORE_DB request. [2023-05-30 09:15:22.453] Task has been aborted [2023-05-30 09:15:22.457] There is not enough space on the disk to perform restore database operation. Then as a test I installed SQL Server express 2019 locally and restored the backup without issue, I also confirmed the size of the database, by running the scripts on the troubleshooting page: ​ SELECT DB_NAME(database_id) AS DatabaseName, Name AS Logical_Name, Physical_Name, (size*8)/1024/1024 SizeGB FROM sys.master_files WHERE DB_NAME(database_id) = '[DB_NAME]' GO ​ Database SizeGB = 7 Log SizeGB = 0 ​ My RDS configuration is Allocated storage = 75GB, Maximum Storage threshold = 125 GB. ​ If I goto Monitoring FreeStorageSpace = 79.5GB and FreeLocalStoragePercent is 20. ​ I don't know what to do anymore, I've also tried rebooting the RDS, this worked before on the same instance, the dev dropped the database and tried a new restore, I don't know if there might be something I should run to clean up, anyone have any ideas, please? submitted by /u/bithereumza [link] [comments]

  • My humble open source template+script to deploy stable-diffusion on EC2 fully handsfree
    by /u/marcoleongdev

    ​ Handsfree-stable-diffusion CloudFormation template I have recently open-sourced a template+script for deploying SD on EC2 fully automated. Handsfree-stable-diffusion is a CloudFormation template+script for deploying Stable Diffusion webui - fully hands-free. I originally created this script because my ancient 2014 laptop is impossible to run stable-diffusion in any meaningful way. This script enables me to explore stable diffusion and keep the cost very low by deploying and removing all the resources anytime. I believe by open-sourcing this template+script, it can benefit some of you brothers and sisters who are lack of a fancy GPU but love to explore stable diffusion. Why this script? Instance configuration to find the right GPU, AMI and driver can be a lengthly process, I have done the chore and figured out the right combination to create this template+script Installing dependencies often requires one to babysit the CLI, the script fully automates the process The Github link: https://github.com/MarcoLeongDev/handsfree-stable-diffusion This is my first attempt to open source something, please be kind and roast me softly (?) Any feedback is welcome welcome the repo of the technique used in the CFN and scripting. submitted by /u/marcoleongdev [link] [comments]

  • Recertify coupon
    by /u/anonarwhal

    Hello there, Quick question. I have a 50% off coupon I got when I got certified few years ago. Now, this coupon expires by the end of the month. Does anybody know if I book an exam before the end of the month for a future date, let’s say 2 months from now, if that will work? Or do I have to take the exam also before the coupon expires? Cheers! submitted by /u/anonarwhal [link] [comments]

  • Passed SAA-C03 yesterday
    by /u/coldgin37

    I took the SAA-C03 exam yesterday and got my results this morning, passed on my 1st attempt with an 838. I have 20+ years experience in IT in various roles (sysadmin, systems integrator, solution architect) and worked with multiple technologies in my career. I prepared for the exam with Stephane Maarek Udemy course, practice exams plus reading aws documentation. I took to the time to understand the reasoning behind the correct answer to the questions. I studied approximately for 3 months (150hrs) in the evenings in my free time. Exam day: I had flagged approx. 20 questions for review with 40 min to spare after completing the 1st pass. The wording of some questions left a lot to be desired, had to make assumptions on whether to prioritize cost, performance or HA in answer. Some questions were extremely easy while others had to be read multiple times to filter out the "noise". Tips: Become familiar with the key words in the questions, they will point you to the obvious answer. If you are unsure of an answer, flag it, and move on. If you are lucky there may be a similar question in the exam that will help you chose the correct answer when you come back to it. ​ Good luck to all. submitted by /u/coldgin37 [link] [comments]

  • S3 Glacier instant retrieval Fee with range bytes request
    by /u/UnrealUserID

    Hello, I didn't find my answer with the AWS documentation. I have a bucket that stores about 800TB of data at the GIR class, each file is about 2GB in size. Currently I need to extract about 100MB per file, how will it be charged? (whole 2GB file or just the part retrieved) submitted by /u/UnrealUserID [link] [comments]

  • Devops Partner
    by /u/Brief_Ambition5704

    Hey looking to get into devops and wanted to know if anybody else is starting out want to study together or someone already in devops and would like to mentor.. submitted by /u/Brief_Ambition5704 [link] [comments]

  • free question coupon dump for the new DevOps Exam (DOP-C02)
    by /u/Complex-Mongoose1123

    hi, here is a free coupon for the new version of the exam. https://www.udemy.com/course/aws-devops-engineer-professional-practice-exams-dop-c02/?couponCode=FREEQUESTIONS if the link doesn't work then at the checkout apply "FREEQUESTIONS" coupon and you will get 100% discount 🙂 ps: its only for 1000 person that was the max number ​ HAPPY LEARNING submitted by /u/Complex-Mongoose1123 [link] [comments]

  • Best sandbox environment to learn AWS
    by /u/kunjaan

    Hello Can you please recommend a good site that provides sandbox environments to practice AWS? Thanks! submitted by /u/kunjaan [link] [comments]

  • Passed SAA-C03
    by /u/HeyHeyMyRotten

    Got a 760 and I spent 45 minutes taking the test including rating the test. I studied for 3 weeks basically using the Stéphane Maarek PDF. Just read through it 4 times. I did a Neal Davis practice exam with a co-worker and combined we got 85 percent I did Stéphane Maarek practice exam which I got somewhere around 50 percent. I doubted some of the answers even being right. I would definitely not bother with these. I took 3 Tutorial Dojo exams the first one time and the other 2 in review mode. I think the scores were 54,68, and 72. I can't stress how much I hated these tests. The questions are very difficult to read. And while I might have learned something taking them nothing I learned was on the exam. For example Guard Duty there were a bunch of questions on that on Dojo's tests. Nothing on the test. Question about how to pull 12000 message from FIFO queue on Dojo test nothing related to that on exam. Question on Dojo about if you promote a RDS instance in Multi AZ what happens. Nothing on test. If I could do something over I would not have taken these tests. They just stressed me out, Gave me headaches and made me hate studying. On the real test the questions were easy to read. I would say there were 10 questions were very easy and were answered without any thought. Most of the rest were easy to narrow down to 2 choices. I think the only question I wasn't prepared for was the Kubernetes one. So I think Maarek's slides are great and the only thing other than Kubernetes related questions you would need to prepare for. I got a question that answer was either GPS2 or GPS3. I know the answer was the second one of these mentioned in Maarek's slides. But I assumed he would mention GPS2 before GPS3. So I got that one wrong. I am a developer with 25 years experience and have spent a year and a half in AWS as developer and migrated Oracle and NO-SQL database to the cloud. I think I might do the database specialty next. submitted by /u/HeyHeyMyRotten [link] [comments]

  • Passed the AWS SAP C02 exam
    by /u/FredjaSlave

    Only used Adrian Cantrill’s AWS Certified Solutions Architect - Professional course. It is well put together and with all the tips given, you can answer most of the questions. Questions were mostly related to the migration services (most of the questions), hybrid connections, Organizations, S3, CloudFront, and Route 53. submitted by /u/FredjaSlave [link] [comments]

  • Solutions Architect Learning Plan - Earn a Learning Badge
    by /u/Chris_Creatives

    Has anyone here tried taking exams after going through this free course in AWS Skills builder? Is it enough to pass the exams without paying any additional course? And is the badge they offer good as the one issued when you pass the exam? submitted by /u/Chris_Creatives [link] [comments]

  • AWS Projects for a Rookie
    by /u/Mohannd-sh

    Hello, I've been watching stephane maarek AWS Certified Solutions Architect Associate Courses, I already learned about ( EC2, IAM, ASG, EDS, Route 53, S3, IAM Roles, and CloudFront) but I feel that I am forgotten everything, so before I continue the course is there is any projects I can do with this services? so I can enhance my understanding submitted by /u/Mohannd-sh [link] [comments]

  • Pearson free retake first attempt fail.
    by /u/KMohsoe

    Edited: Now we just need to wail reply mail from Pearson VUE. How long do I have to wait to get the Pearson VUE second chance retake promo code email if the first attempt fails? They offer that "you will be eligible for an automatic free retake of that same exam". Now I reschedule the same exam SAA-C03 but it's not free of charge. Anyone you know please could you share with me. https://preview.redd.it/s4lex3hqdo2b1.png?width=786&format=png&auto=webp&s=ab367bb6b46618899b42f620ebb89131bc741753 submitted by /u/KMohsoe [link] [comments]

  • Passed AWS CCP! First cloud cert unlocked.
    by /u/mnfwt89

    Passed with a 822, all within 30 mins. No prior AWS or cloud experience. Preparation for the exam consisted of looking up the exam objectives.pdf and reading the relevant product info repeatedly on the AWS website. During the exam, just match the keywords in the question to the closest product available. It was non technical and rather straightforward. TLDR: rote memorisation of exam objectives over a week to pass. submitted by /u/mnfwt89 [link] [comments]

  • Are there any certification which are more on demands than others?
    by /u/Human-Light6049

    Hi everyone, I am just curious if you have seen if there are any certifications that are more popular than others. I wanted to get the Data Analytics speciality, but I have seen that there are more and more Data Analysts as time goes by. So I am intrigued if I should go into one of the Cloud Security specializations to grow in a Market that is not that is not overflowed with competition. Or if you recommend me another path to choose like the Database Speciality or maybe SAP on AWS speciality since I have worked also as a Data Engineer in my current job. Many thanks in advanced. 🙂 submitted by /u/Human-Light6049 [link] [comments]

  • Passed CLOUD PRACTITIONER
    by /u/magepker728

    Took it yesterday(Saturday) at one of my closest testing center and passed on my first attempt with 35 minutes still left lol. submitted by /u/magepker728 [link] [comments]

  • Failed my First Attempt AWS SAA CO3
    by /u/Sa1ntS1nner

    Hello, Feeling sad because i did not passed my first attempt at the exam. Scored 708. I want to retake the exam around august or first week of september. Might need some advice if I should just focus on taking on practice test and also some sources of additional practice exams. I had already finished stephane mareeks practice exam. For tutorial i had only taken 3 review mode questions. If you guys have some idea where can i get more additional exam questions that i can try to grind. Thank you. submitted by /u/Sa1ntS1nner [link] [comments]

  • Passed SAA-C03 on first attempt yesterday.
    by /u/paracletus__

    tl;dr: junior full stack dev with 1 year of experience; passed SAA-C03 using mainly Cantrill and Tutorials Dojo. My Background I've been working for about a year as Junior Full Stack Developer in a small start-up. I've transitioned from another career after completing a four-month bootcamp and this is my first job in the Tech world.I use the MERN stack but our infrastructure is in AWS and I constantly interact with it via the SDK for JavaScript. Being a tiny company, you get to wear a lot of different hats: recently I had to devise a few small solutions using services like Lambda, DynamoDB, S3, SQS and EventBridge. It definitely helped me in answering some questions about decoupling and integrations.I also obtained the Cloud Practitioner cert little over a year ago, shortly before landing the job. Study Materials Adrian Cantrill I first started by completing his Tech Fundamentals course (which is free). I strongly suggest you do the same, regardless of whether you have experience in IT or not. It filled some important gaps and opened a new world for me. It got me into looking into CompTIA certs and I actually managed to study and obtain my first CompTIA cert while preparing for the SAA-C03. I then dived into the SAA-C03 course and worked through it until I reached 100% completion. The course is long and in-depth, as it should be. I took notes and made flashcards as I went along - I mainly used Notion and Quizlet (although I have now switched back to Anki) Stéphane Maarek I could have progressed immediately to the Tutorials Dojo exams, but decided to complete Stéphane's course to consolidate certain concepts. Bought it on Udemy. The course is not massively long and I watched it at 1.5x or 2x speed most of the time. I also think it touches upon a few services that weren't mentioned previously, which was helpful. Jon Bonso's exams on Tutorials Dojo I wish I started doing these much earlier, but I only began about one or two weeks ago. I only had time to complete the six exams in the Timed Mode set. They were a massive help and allowed me find and fill so many gaps in my knowledge. They also mentioned some services that I had never heard before. I wouldn't have been able to pass the exam without them. Process As already mentioned, I went through the material taking notes and making flashcards. As I work full time, I studied early mornings and late evenings and also dedicated most weekends to it. I took a few breaks in between, so as not to burnout. I started at some point in late February-early March, so the whole process took around three months. Exam I took the exam at a test centre. The questions set I got revolved mostly around stuff VPC, SQS, S3, DynamoDB, Aurora, RDS, EBS, Storage Gateway, DataSync, NAT Gateway, Egress-Only Gateway etc. I didn't get anything too "obscure".My standard approach to exams is: "Quickly" go through the questions and answer the most obvious ones. Flag all the other ones for review. Go through the flagged ones, reading them more than once if necessary, scan carefully for keywords which should help you boil it down to the one right answer. Occasionally, you will be left with two likely answers. If you don't feel confident, pick one anyway and do not unflag the question. Do a final round of all the questions you left unflagged. At this point, if you still can't pick one with confidence, choose randomly as you still have a 50/50 chance of getting it right. Should you still have time and mental stamina left, do a quick final review of all the answers before submitting the exam. I was able to obtain an additional 30 minutes accommodation due to English not being my first language, but by the time I had completed point 3 I was completely fried and just wanted to get it over with. I submitted the exam with about 29 minutes left. The result came through after about 24 hours, to my great relief. General considerations in no particular order I think the Cantrill - Tutorials Dojo combo is all you need, but feel free to choose whatever courses you feel suits you best. We're all different and all these creators have poured hours into their work. Make sure you do hands-on labs and build projects, particularly if your day-to-day job doesn't involve AWS. Ultimately, you're studying for real life skills, the certification is just the cherry on top. Don't just cram and then forget after the exam (although some stuff does indeed just require rote memorisation). Develop a solid study method. As obvious as it sounds, many people still go into these things kind of haphazardly. The more you practice intentionally, the better you'll get at it. For example, during this run, I realised that "digital" notes don't really work for me, I have to write things down to remember them. Typing just doesn't seem to have the same effect (apparently, there's some research on this as well). Don't wait too long to start doing practice exams. Tutorials Dojo allows you to practice on specific topics, so you could complete the VPC section in Adrian's course and then immediately start testing yourself on it (besides your flashcards practice) on TD. It's just an idea, but this way, by the time you finish the course, your knowledge will be rock solid. I can't think of anything else right now, but if you have any questions, please don't hesitate to ask. Ultimate, thanks to everyone on this thread for the motivation and knowledge shared. Let's go get this. submitted by /u/paracletus__ [link] [comments]

 

Reference: https://enoumen.com/2019/06/23/aws-solution-architect-associate-exam-prep-facts-and-summaries-questions-and-answers-dump/

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

AWS Certified Developer Associate exam: Whitepapers

AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers for the AWS Certified Developer – Associate Exam.

Top

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Online Training and Labs for AWS Certified Developer Associates Exam

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 

Top

AWS Developer Associates Jobs

Top

AWS Certified Developer-Associate Exam info and details, How To:

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:

 
#AWS #Developer #AWSCloud #DVAC01 #AWSDeveloper #AWSDev #Djamgatech
 
 
 
 
 
 

The AWS Certified Developer Associate exam is a multiple choice, multiple answer exam. Here is the Exam Overview:

  • Certification Name: AWS Certified Developer Associate.
  • Prerequisites for the Exam: None.
  • Exam Pattern: Multiple Choice Questions
  • The AWS Certified Developer-Associate Examination (DVA-C01) is a pass or fail exam. The examination is scored against a minimum standard established by AWS professionals guided by certification industry best practices and guidelines.
  • Your results for the examination are reported as a score from 100 – 1000, with a minimum passing score of 720.
  • Exam fees: US $150
  • Exam Guide on AWS Website
  • Available languages for tests: English, Japanese, Korean, Simplified Chinese
  • Read AWS whitepapers
  • Register for certification account here.
  • Prepare for Certification Here

  • Exam Content Outline

    Domain % of Examination
    Domain 1: Deployment (22%)
    1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
    1.2 Deploy applications using Elastic Beanstalk.
    1.3 Prepare the application deployment package to be deployed to AWS.
    1.4 Deploy serverless applications    		 22%
    Domain 2: Security (26%)
    2.1 Make authenticated calls to AWS services.
    2.2 Implement encryption using AWS services.
    2.3 Implement application authentication and authorization.    		 26%
    Domain 3: Development with AWS Services (30%)
    3.1 Write code for serverless applications.
    3.2 Translate functional requirements into application design.
    3.3 Implement application design into application code.
    3.4 Write code that interacts with AWS services by using APIs, SDKs, and AWS CLI.    		 30%
    Domain 4: Refactoring
    4.1 Optimize application to best use AWS services and features.
    4.2 Migrate existing application code to run on AWS.    		 10%
    Domain 5: Monitoring and Troubleshooting (10%)
    5.1 Write code that can be monitored.
    5.2 Perform root cause analysis on faults found in testing or production.    		 10%
    TOTAL 100%

Top

AWS Certified Developer Associate exam: Additional Information for reference

Below are some useful reference links that would help you to learn about AWS Certified Developer Associate Exam.

Top

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with