On This Page
On this page you can find 50 random questions.
To get prepared for exam you can use cloud-exam-prepare.com
Q1 - Q10
You are developing an API in Amazon API Gateway that several mobile applications will use to interface with a back end service in AWS being written by another developer. You can use a(n)____ integration for your API methods to develop and test your client applications before the other developer has completed work on the back end.
- HTTP proxy
- AWS service proxy
- Lambda function
Amazon API Gateway supports mock integrations for API methods.
You are creating multiple resources using multiple CloudFormation templates. One of the resources (Resource B) needs the ARN value of another resource (resource A) before it is created.
What steps can you take in this situation? (Choose 2 answers)
- Use a template to first create Resource A with the ARN as an output value.
- Use a template to create Resource B and reference the ARN of Resource A using Fn::GetAtt.
- Hard code the ARN value output from creating Resource A into the second template.
- Just create Resource B.
A company with global users is using a content delivery network service to ensure low latency for all customers. The company has several applications that require similar cache behavior.
Which API command can a developer use to ensure cache storage consistency with minimal duplication?
- CreateReusableDelegationSet with Route 53
- CreateStackSet with CloudFormation
- CreateGlobalReplicationGroup with ElastiCache
- CreateCachePolicy with CloudFront
You are creating a few test functions to demonstrate the ease of developing serverless applications. You want to use the command line to deploy AWS Lambda functions, an Amazon API Gateway, and Amazon DynamoDB tables.
What is the easiest way to develop these simple applications?
- Install AWS SAM CLI and run “sam init [options]” with the templates’ data.
- Use AWS step function visual workflow and insert your templates in the states
- Save your template in the Serverless Application Repository and use AWS SAM
AWS SAM - AWS Serverless Application Model
What will happen if you delete an unused custom deployment configuration in AWS CodeDeploy?
- You will no longer be able to associate the deleted deployment configuration with new deployments and new deployment groups.
- Nothing will happen, as the custom deployment configuration was unused.
- All deployment groups associated with the custom deployment configuration will also be deleted.
- All deployments associated with the custom deployment configuration will be terminated.
Can delete only if unused.
What happens when you delete a deployment group with the AWS CLI in AWS CodeDeploy?
- All details associated with that deployment group will be moved from AWS CodeDeploy to AWS OpsWorks.
- The instances used in the deployment group will change.
- All details associated with that deployment group will also be deleted from AWS CodeDeploy.
- The instances that were participating in the deployment group will run once again.
If you delete a deployment group, all details associated with that deployment group will also be deleted from CodeDeploy. The instances used in the deployment group will remain unchanged. This action cannot be undone.
You are configuring a Jenkins project that is installed on an Amazon EC2 instance running a Windows operating system. You want this Jenkins project to integrate with AWS CodePipeline.
Which actions should you take to make this function perform correctly? (2 answers)
- Restart all Amazon EC2 instances that are running a Windows operating system.
- Provide the IAM user credentials to integrate AWS CodePipeline.
- Fill out the required fields for your proxy host.
- Modify the PATH variable to include the directory where you installed Jenkins on all Amazon EC2 instance that are running a Windows operating system.
You are deploying Multi-Factor Authentication (MFA) on Amazon Cognito. You have set the verification message to be by SMS. However, during testing, you do not receive the MFA SMS on your device.
What action will best solve this issue?
- Use AWS Lambda to send the time-based one-time password by SMS
- Increase the complexity of the password
- Create and assign a role with a policy that enables Cognito to send SMS messages to users
- Create and assign a role with a policy that enables Cognito to send Email messages to users
A developer is adding sign-up and sign-in functionality to an application. The application is required to make an API call to a custom analytics solution to log user sign-in events
Which combination of actions should the developer take to satisfy these requirements? (Select TWO.)
- Use Amazon Cognito to provide the sign-up and sign-in functionality
- Use AWS IAM to provide the sign-up and sign-in functionality
- Configure an AWS Config rule to make the API call triggered by the post-authentication event
- Invoke an Amazon API Gateway method to make the API call triggered by the post-authentication event
- Execute an AWS Lambda function to make the API call triggered by the post-authentication event
Amazon Cognito adds user sign-up, sign-in, and access control to web and mobile applications quickly and easily. Users can also create an AWS Lambda function to make an API call to a custom analytics solution and then trigger that function with an Amazon Cognito post authentication trigger.
A developer is designing a web application that allows the users to post comments and receive in a real-time feedback.
Which architectures meet these requirements? (Select TWO.)
- Create an AWS AppSync schema and corresponding APIs. Use an Amazon DynamoDB table as the data store.
- Create a WebSocket API in Amazon API Gateway. Use an AWS Lambda function as the backend and an Amazon DynamoDB table as the data store
- Create an AWS Elastic Beanstalk application backed by an Amazon RDS database. Configure the application to allow long-lived TCP/IP sockets.
- Create a GraphQL endpoint in Amazon API Gateway. Use an Amazon DynamoDB table as the data store.
- Enable WebSocket on Amazon CloudFront. Use an AWS Lambda function as the origin and an Amazon Aurora DB cluster as the data store
AWS AppSync simplifies application development by letting users create a flexible API to securely access, manipulate, and combine data from one or more data sources. AWS AppSync is a managed service that uses GraphQL to make it easy for applications to get the exact data they need.
AWS AppSync allows users to build scalable applications, including those requiring real-time updates, on a range of data sources, including Amazon DynamoDB. In Amazon API Gateway, users can create a WebSocket API as a stateful frontend for an AWS service (such as AWS Lambda or DynamoDB) or for an HTTP endpoint.
The WebSocket API invokes the backend based on the content of the messages it receives from client applications. Unlike a REST API, which receives and responds to requests, a WebSocket API supports two-way communication between client applications and the backend.
Q11 - Q20
You are asked to establish a baseline for normal Amazon ECS performance in your environment by measuring performance at various times and under different load conditions. To establish a baseline, Amazon recommends that you should at a minimum monitor the CPU and ____ for your Amazon ECS clusters and the CPU and ____ metrics for your Amazon ECS services.
- memory reservation and utilization; concurrent connections
- memory utilization; memory reservation and utilization
- concurrent connections; memory reservation and utilization
- memory reservation and utilization; memory utilization
What is one reason that AWS does not recommend that you configure your ElastiCache so that it can be accessed from outside AWS?
- The metrics reported by CloudWatch are more difficult to report.
- Security concerns and network latency over the public internet.
- The ElastiCache cluster becomes more prone to failures.
- The performance of the ElastiCache cluster is no longer controllable.
Elasticache is a service designed to be used internally to your VPC. External access is discouraged due to the latency of Internet traffic and security concerns. However, if external access to ElastiCache is required for test or development purposes, it can be done through a VPN.
You are building a web application that will run in an AWS ElasticBeanstalk environment. You need to add and configure an Amazon ElastiCache cluster into the environment immediately after the application is deployed.
What is the most efficient method to ensure that the cluster is deployed immediately after the EB application is deployed?
- Use the AWS Management Console to create and configure the cluster.
- Create a cron job to schedule the cluster deployment using the aws cloudformation deploy command
- Create a configuration file with the
.configextension and place it into the
.ebextensionsfolder in the application package.
- Build an AWS Lambda function that polls to the ElasticBeanstalk environment deployments and create and configure the Amazon ElastiCache cluster.
Emily is building a web application using AWS ElasticBeanstalk. The application uses static images like icons, buttons and logos. Emily is looking for a way to serve these static images in a performant way that will not disrupt user sessions.
Which of the following options would meet this requirement?
- Use an Amazon Elastic File System (EFS) volume to serve the static image files.
- Configure the AWS ElasticBeanstalk proxy server to serve the static image files.
- Use an Amazon S3 bucket to serve the static image files.
- Use an Amazon Elastic Block Store (EBS) volume to serve the static image files.
An Amazon S3 bucket would work, but the AWS ElasticBeanstalk proxy server would need to route the requests to the static files to a different place anytime they need to be shown.
A company is providing services to many downstream consumers. Each consumer may connect to one or more services. This has resulted in complex architecture that is difficult to manage and does not scale well. The company needs a single interface to manage these services to consumers
Which AWS service should be used to refactor this architecture?
Which load balancer would you use for services which use HTTP or HTTPS traffic?
What are possible target groups for ALB (Application Load Balancer)?
- EC2 tasks
- ECS instances
- Lambda functions
- Private IP Addresses
Your would like to optimize the performance of their web application by routing inbound traffic to api.mysite.com to Compute Optimized EC2 instances and inbound traffic to mobile.mysite.com to Memory Optimized EC2 instances.
Which solution below would be best to implement for this?
- Enable X-Forwarded For on the web servers and use a Classic Load Balancer
- Configure proxy servers to forward the traffic to the correct instances
- Use Classic Load Balancer with path-based routing rules to forward the traffic to the correct instances
- Use Application Load Balancer with host-based routing rules to forward the traffic to the correct instances
Application Load Balancer with host-based routing rules
A company uses Amazon DynamoDB for managing and tracking orders. DynamoDB table is partitioned based on the order date. The company receives a huge increase in orders during a sales event, causing DynamoDB writes to throttle, and the consumed throughput is below the provisioned throughput.
According to AWS best practices, how can this issue be resolved with MINIMAL costs?
- Create a new Dynamo DB table for every order date
- Add a random number suffix to the partition key values
- Add a global secondary index to the DynamoDB table
- Increase the read and write capacity units of the DynamoDB table
A randomizing strategy can greatly improve write throughput. But it’s difficult to read a specific item because you don’t know which suffix value was used when writing the item.
A food delivery company is building a feature that requests reviews from customers after their orders are delivered. The solution should be a short-running process that can message customers simultaneously at various contact points including email, text, and mobile push notifications.
Which approach best meets these requirements?
- Use EventBridge with Kinesis Data Streams to send messages.
- Use a Step Function to send SQS messages.
- Use Lambda function to send SNS messages.
- Use AWS Batch and SNS to send messages.
Q21 - Q30
What is Chaos Engineering?
Chaos engineering is the process of stressing an application in testing or production environments by creating disruptive events, such as server outages or API throttling, observing how the system responds, and implementing improvements.
Chaos engineering helps teams create the real-world conditions needed to uncover the hidden issues, monitoring blind spots, and performance bottlenecks that are difficult to find in distributed systems.
It starts with analyzing the steady-state behavior, building an experiment hypothesis (e.g., terminating x number of instances will lead to x% more retries), executing the experiment by injecting fault actions, monitoring roll back conditions, and addressing the weaknesses.
A client has contracted you to review their existing AWS environment and recommend and implement best practice changes. You begin by reviewing existing users and Identity Access Management. You found out improvements that can be made with the use of the root account and Identity Access Management.
What are the best practice guidelines for use of the root account?
- Never use the root account.
- Use the root account only to create administrator accounts.
- Use the root account to create your first IAM user and then lock away the root account.
- Use the root account to create all other accounts, and share the root account with one backup administrator.
Veronika is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list stems are sent as query string parameters in the method request.
How should Veronika convert the query string parameters to arguments for the Lambda function?
- Enable request validation
- Include the Amazon Resource Name (ARN) of the Lambda function
- Change the integration type
- Create a mapping template
Your organization has an AWS setup and planning to build Single Sign-On for users to authenticate with on-premise Microsoft Active Directory Federation Services (ADFS) and let users log in to the AWS console using AWS STS Enterprise Identity Federation.
Which of the following services do you need to call from AWS STS service after you authenticate with your on-premise?
Alice is building a mobile application. She planned to use Multi-Factor Authentication (MFA) when accessing some AWS resources.
Which of the following APIs will be leveraged to provide temporary security credentials?
You built a data analysis application to collect and process real-time data from smart meters. Amazon Kinesis Data Streams is the backbone of your design. You received an alert that a few shards are hot.
What steps will you take to keep a strong performance?
- Remove the hot shards
- Merge the hot shards
- Split the hot shards
- Increase the shard capacity
Jasmin needs to perform ad-hoc business analytics queries on well-structured dat1. Data comes in constantly at a high velocity. Jasmin’s team can understand SQL.
What AWS service(s) should Jasmin look to first?
RedShift supports ad-hoc queries over well-structured data using a SQL-compliant wire protocol
Key rotation is an important concept of key management. How does Key Management Service (KMS) implement key rotation?
- KMS supports manual Key Rotation only; you can create new keys any time you want and all data will be re-encrypted with the new key.
- KMS creates new cryptographic material for your KMS keys every rotation period, and uses the new keys for any upcoming encryption; it also maintains old keys to be able to decrypt data encrypted with those keys.
- Key rotation is the process of synchronizing keys between configured regions; KMS will synchronize key changes in near-real time once keys are changed.
- Key rotation is supported through the re-importing of new KMS keys; once you import a new key all data keys will be re-encrypted with the new KMS key.
When you enable automatic key rotation for a customer-managed KMS key, AWS KMS generates new cryptographic material for the KMS key every year. AWS KMS also saves the KMS key’s older cryptographic material so it can be used to decrypt data that it has encrypted.
Alan is managing an environment with regulation and compliance requirements that mandate encryption at rest and in transit. The environment covers multiple accounts (Management, Development, and Production) and at some point in time, Alan might need to move encrypted snapshots and AMIs with encrypted volumes across accounts.
Which statements are true with regard to this scenario? (Choose 2 answers)
- Create Master keys in management account and assign Development and Production accounts as users of these keys, then any media encrypted using these keys can be shared between the three accounts.
- Can share AMIs with encrypted volumes across accounts, even with the use of custom encryption keys.
- Make encryption keys for development and production accounts then anything encrypted using these keys can be moved across accounts.
- You can not move encrypted snapshots across accounts if data migration is required some third-party tools must be used.
Q31 - Q40
When working with a published version of the AWS Lambda function, you should note that the _____.
- Use the AWS Management Console to create and configure the cluster.
- Create a cron job to schedule the cluster deployment using the
_aws cloudformation deploy_command
- Create a configuration file with the .config extension and place it into the .ebextensions folder in the application package.
- Build an AWS Lambda function that polls to the ElasticBeanstalk environment deployments and create and configure the Amazon ElastiCache cluster.
A Developer wants access to the log data of an application running on an EC2 instance available to systems administrators.
Which of the following enables monitoring of the metric in Amazon CloudWatch?
- Retrieve the log data from AWS CloudTrail using the LookupEvents API Call
- Retrieve the log data from CloudWatch using the GetMetricData API call
- Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install the application
- Install the Amazon CloudWatch logs agent on the EC2 instance that the application is running on
A developer is building a streamlined development process for Lambda functions related to S3 storage. The developer needs a consistent, reusable code blueprint that can be easily customized to manage Lambda function definition and deployment, the S3 events to be managed and the Identity Access Management (IAM) policies definition.
Which of the following AWS solutions offers is best suited for this objective?
- AWS Software Development Kits (SDKs)
- AWS Serverless Application Model (SAM) templates
- AWS Systems Manager
- AWS Step Functions
Explain RDS Multi Availability Zone
- RDS multi AZ used mainly for disaster recovery purposes
- There is an RDS master instance and in another AZ an RDS standby instance
- The data is synced synchronously between them
- The user, application is accessing one DNS name and where there is a failure with the master instance, the DNS name moves to the standby instance, so the failover done automatically
Developer wants to implement a more fine-grained control of developers S3 buckets by restricting access to S3 buckets on a case-by-case basis using S3 bucket policies.
Which methods of access control can developer implement using S3 bucket policies? (Choose 3 answers)
- Control access based on the time of day
- Control access based on IP Address
- Control access based on Active Directory group
- Control access based on CIDR block
CIDRs - A set of Classless Inter-Domain Routings
1, 2, 4
To ensure that an encryption key was not corrupted in transit, Elastic Transcoder uses a(n) ____ digest of the decryption key as a checksum.
MD5 digest (or checksum)
Dan is responsible for supporting your company’s AWS infrastructure, consisting of multiple EC2 instances running in a VPC, DynamoDB, SQS, and S3. You are working on provisioning a new S3 bucket, which will ultimately contain sensitive data.
What are two separate ways to ensure data is encrypted in-flight both into and out of S3? (Choose 2 answers)
- Use the encrypted SSL/TLS endpoint.
- Enable encryption in the bucket policy.
- Encrypt it on the client-side before uploading.
- Set the server-side encryption option on upload.
In a move toward using microservices, a company’s Management team has asked all Development teams to build their services so that API requests depend only on that services data store. One team is building a Payments service that has its own database. The service floods data that originates in the Accounts database. Both are using Amazon DynamoDB.
What approach will result in the simplest, decoupled, and reliable method to get near-real-time updates from the Accounts database?
- Use Amazon Glue to perform frequent updates from the Accounts database to the Payments database
- Use Amazon Kinesis Data Firehose to deliver all changes from the Accounts database to the Payments database.
- Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.
- Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.
Which options are supported notification methods? (Choose 3 answers)
- HTTP or HTTPS POST notifications
- Email using SMTP or plain text
- Kinesis Stream
- Invoking of a Lambda function
Which endpoint is considered to be best practice when analyzing data within a Configuration Stream of AWS Config?
Q41 - Q50
A developer is adding a feedback form to a website. Upon user submission, the form should create a discount code, email the user the code and display a message on the website that tells the user to check their email. The developer wants to use separate Lambda functions to manage these processes and use a Step Function to orchestrate the interactions with minimal custom scripting.
Which of the following Step Function workflows can be used to meet requirements?
You joined an application monitoring team. Your role focuses on finding system performance and bottlenecks in Lambda functions and providing specific solutions. Another teammate focuses on auditing the systems.
Which AWS service will be your main tool?
AWS X-Ray provides graphs of system performance and identifies bottlenecks
Which steps should be taken to accomplish the task using the AWS Management Console?
- Select a new load balancer type before running the deployment.
- Update the application code in the existing deployment.
- Deploy the new version of the application code to the environment.
- Create a new environment with the same configurations except for the load balancer type.
- Deploy the same application versions as used in the original environment.
- Run the Swap-environment-cnames action.
- Clone the existing environment, changing the associated load balancer type.
- Deploy the same application version as used in the original environment.
- Run the Swap-environment-cnames action.
- Edit the environment definitions in the existing deployment.
- Change the associated load balancer type according to the requirements.
- Rebuild the environment with the new load balancer type.
A developer is deploying an application that will store files in an Amazon S3 bucket. The files must be encrypted at rest. The developer wants to automatically replicate the files to an S3 bucket in a different AWS Region for disaster recovery.
How can the developer accomplish this task with the LEAST amount of configuration?
- Encrypt the files by using server-side encryption with S3 managed encryption keys (SSE-S3). Enable S3 bucket replication.
- Encrypt the files by using server-side encryption (SSE) with an AWS Key Management Service (AWS KMS) customer master key (CMK). Enable S3 bucket replication.
- Use the s3 sync command to sync the files to the S3 bucket in the other Region.
- Configure an S3 Lifecycle configuration to automatically transfer files to the S3 bucket in the other Region.
A serverless application is using AWS Step Functions to process data and save it to a database. The application needs to validate some data with an external service before saving the dat1. The application will call the external service from an AWS Lambda function, and the external service will take a few hours to validate the dat1. The external service will respond to a webhook when the validation is complete.
A developer needs to pause the Step Functions workflow and wait for the response from the external service.
What should the developer do to meet this requirement?
- Use the
.waitForTaskTokenoption in the Lambda function task state. Pass the token in the body.
- Use the
.waitForTaskTokenoption in the Lambda function task state. Pass the invocation request.
- Call the Lambda function in synchronous mode. Wait for the external service to complete the processing.
- Call the Lambda function in asynchronous mode. Use the Wait state until the external service completes the processing.
A company has an application that writes files to an Amazon S3 bucket. Whenever there is a new file, an S3 notification event invokes an AWS Lambda function to process the file. The Lambda function code works as expected. However, when a developer checks the Lambda function logs, the developer finds that multiple invocations occur for every file.
What is causing the duplicate entries?
- The S3 bucket name is incorrectly specified in the application and is targeting another S3 bucket.
- The Lambda function did not run correctly, and Lambda retried the invocation with a delay.
- Amazon S3 is delivering the same event multiple times.
- The application stopped intermittently and then resumed, splitting the logs into multiple smaller files.
An AWS Lambda function accesses two Amazon DynamoDB tables. A developer wants to improve the performance of the Lambda function by identifying bottlenecks in the function.
How can the developer inspect the timing of the DynamoDB API calls?
- Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics
- Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs
- Limit Lambda to no more than five concurrent invocations. Monitor from the Lambda console.
- Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service.
A developer deployed an application to an Amazon EC2 instance. The application needs to know the public IPv4 address of the instance. How can the application find this information?
- Query the instance metadata from http://169.254.169.254/latest/meta-data/.
- Query the instance user data from http://169.254.169.254/latest/user-data/.
- Query the Amazon Machine Image (AMI) information from http://169.254 169.254/latest/meta-data/ami/.
- Check the hosts file of the operating system.
A developer is creating a serverless application that uses an AWS Lambda function The developer will use AWS CloudFormation to deploy the application. The application will write logs to Amazon CloudWatch Logs. The developer has created a log group in a CloudFormation template for the application to use. The developer needs to modify the CloudFormation template to make the name of the log group available to the application at runtime.
Which solution will meet this requirement?
- Use the
AWS::Includetransform in CloudFormation to provide the log group’s name to the application.
- Pass the log group’s name to the application in the user data section of the CloudFormation template
- Use the CloudFormation template’s Mappings section to specify the log group’s name for the application.
- Pass the log group’s Amazon Resource Name (ARN) as an environment variable to the Lambda function.
A developer needs to use the AWS CLI on an on-premises development server temporarily to access AWS services while performing maintenance. The developer needs to authenticate to AWS with their identity for several hours.
What is the MOST secure way to call AWS CLI commands with the developer’s IAM identity?
- Specify the developer’s IAM access key ID and secret access key as parameters for each CLI command.
- Run the AWS configure CLI command. Provide the developer’s IAM access key ID and secret access key.
- Specify the developer’s IAM profile as a parameter for each CLI command.
- Run the get-session-token CLI command with the developer’s IAM user. Use the returned credentials to call the CLI.
Q51 - Q60
A developer notices timeouts from the AWS CLI when the developer runs list commands.
What should the developer do to avoid these timeouts?
- Use the
--page-sizeparameter to request a smaller number of items.
- Use shorthand syntax to separate the list by a single space.
- Use the yaml-stream output for faster viewing of large datasets.
- Use quotation marks around strings to enclose data structure.
A company is planning to use AWS CodeDeploy to deploy an application to Amazon Elastic Container Service (Amazon ECS). During the deployment of a new version of the application, the company initially must expose only 10% of live traffic to the new version of the deployed application. Then, after 15 minutes elapse, the company must route all the remaining live traffic to the new version of the deployed application.
Which CodeDeploy predefined configuration will meet these requirements?
- CodeDeployDefault.ECSLinear10PercentEvery1 Minutes
A microservices application is deployed across multiple containers in Amazon Elastic Container Service (Amazon ECS). To improve performance, a developer wants to capture trace information between the microservices and visualize the microservices architecture.
Which solution will meet these requirements?
- Build the container from the amazon/aws-xray-daemon base image. Use the AWS X-Ray SDK to instrument the application.
- Install the Amazon CloudWatch agent on the container image. Use the CloudWatch SDK to publish custom metrics from each of the microservices.
- Install the AWS X-Ray daemon on each of the ECS instances.
- Configure AWS CloudTrail data events to capture the traffic between the microservices.
A company is running an application on Amazon Elastic Container Service (Amazon ECS). When the company deploys a new version of the application, the company initially needs to expose 10% of live traffic to the new version. After a period of time, the company needs to immediately route all the remaining live traffic to the new version.
Which ECS deployment should the company use to meet these requirements?
- Rolling update
- Blue/green with canary
- Blue/green with all at once
- Blue/green with linear