Cloud Practice

#71 (Accuracy: 100% / 3 votes)

A company is automating a process and is moving the process from on premises to AWS. The company is using an AWS CodePipeline pipeline.

Before publishing the code, the company wants to create and implement test suites when the pipeline is running. The pipeline should publish the code only after the pipeline passes all the checks.

Which solution will implement this functionality with the LEAST operational overhead?

A. Create a custom test action for CodePipeline. Host the job worker on the on-premises server.
B. Use AWS CodeBuild and include the test checks. When the test checks clear, use AWS CodeDeploy to deploy and publish the code.
C. Create a custom test action for CodePipeline. Host the job worker on an Amazon EC2 instance to run the testing request.
D. Write test cases. Test the test cases locally before pushing the code changes to the version control.

#72 (Accuracy: 100% / 2 votes)

A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours.

How can the developer implement encryption at rest for data within the Kinesis Streams?

A. Enable SSL connections to Kinesis.
B. Use Amazon Kinesis Consumer Library.
C. Encrypt the data once it is at rest with a Lambda function.
D. Enable server-side encryption in Kinesis Streams.

#73 (Accuracy: 100% / 3 votes)

A developer has an application that pushes files from an on-premises local server to an Amazon S3 bucket. The application uses an AWS access key and a secret key that are stored on the server for authentication. The application calls AWS Security Token Service (AWS STS) to assume a role with access to perform the S3 PUT operation to upload the file.

The developer is migrating the server to an Amazon EC2 instance. The EC2 instance is configured with an IAM instance profile in the same AWS account that owns the S3 bucket.

What is the MOST secure solution for the developer to use to migrate the automation code?

A. Remove the code that calls the STS AssumeRole operation. Use the same access key and secret key from the server to access the S3 bucket.
B. Remove the access key and the secret key. Use the STS AssumeRole operation to add permissions to access the S3 bucket.
C. Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Use an IAM instance profile role that grants access to the S3 bucket.
D. Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Create a new access key and secret key. Use the new keys to access the S3 bucket.

#74 (Accuracy: 100% / 2 votes)

A developer is using AWS Amplify Hosting to build and deploy an application. The developer is receiving an increased number of bug reports from users. The developer wants to add end-to-end testing to the application to eliminate as many bugs as possible before the bugs roach production.

Which solution should the developer implement to meet these requirements?

A. Run the amplify add test command in the Amplify CLI.
B. Create unit tests in the application. Deploy the unit tests by using the amplify push command in the Amplify CLI.
C. Add a test phase to the amplify.yml build settings for the application.
D. Add a test phase to the aws-exports.js file for the application.

#75 (Accuracy: 100% / 3 votes)

A developer is preparing a containerized application for deployment to AWS Lambda. The developer wants to build and optimize the container images to reduce duplicate work and improve build, deploy, and update times.

Which combination of steps should the developer take to meet these requirements? (Choose two.)

A. Use an AWS provided base image.
B. Use the smallest compatible third-party base image.
C. Build frequently changing layers in the imago first, followed by stable layers.
D. Store images for functions with large layers in the same Amazon Elastic Container Registry (Amazon ECR) repository.
E. Maximize the number of layers in the built image.

#76 (Accuracy: 92% / 5 votes)

A developer is troubleshooting an Amazon API Gateway API. Clients are receiving HTTP 400 response errors when the clients try to access an endpoint of the API.

How can the developer determine the cause of these errors?

A. Create an Amazon Kinesis Data Firehose delivery stream to receive API call logs from API Gateway. Configure Amazon CloudWatch Logs as the delivery stream’s destination.
B. Turn on AWS CloudTrail Insights and create a trail. Specify the Amazon Resource Name (ARN) of the trail for the stage of the API.
C. Turn on AWS X-Ray for the API stage. Create an Amazon CloudWatch Logs log group. Specify the Amazon Resource Name (ARN) of the log group for the API stage.
D. Turn on execution logging and access logging in Amazon CloudWatch Logs for the API stage Create a CloudWatch Logs log group. Specify the Amazon Resource Name (ARN) of the log group for the API stage.

#77 (Accuracy: 100% / 4 votes)

A developer has an application container, an AWS Lambda function, and an Amazon Simple Queue Service (Amazon SQS) queue. The Lambda function uses the SQS queue as an event source. The Lambda function makes a call to a third-party machine learning API when the function is invoked. The response from the third-party API can take up to 60 seconds to return.

The Lambda function’s timeout value is currently 65 seconds. The developer has noticed that the Lambda function sometimes processes duplicate messages from the SQS queue.

What should the developer do to ensure that the Lambda function does not process duplicate messages?

A. Configure the Lambda function with a larger amount of memory.
B. Configure an increase in the Lambda function's timeout value.
C. Configure the SQS queue’s delivery delay value to be greater than the maximum time it takes to call the third-party API.
D. Configure the SQS queue’s visibility timeout value to be greater than the maximum time it takes to call the third-party API.

#78 (Accuracy: 100% / 3 votes)

A developer is implementing an AWS Lambda function that will be invoked when an object is uploaded to Amazon S3. The developer wants to test the Lambda function in a local development machine before publishing the function to a production AWS account.

Which solution will meet these requirements with the LEAST operational overhead?

A. Upload an object to Amazon S3 by using the aws s3api put-object CLI command. Wait for the local Lambda invocation from the S3 event.
B. Create a sample JSON text file for a put object S3 event. Invoke the Lambda function locally. Use the aws lambda invoke CLI command with the JSON file and Lambda function name as arguments.
C. Use the sam local start-lambda CLI command to start Lambda. Use the sam local generate-event s3 put CLI command to create the Lambda test JSON file. Use the sam local invoke CLI command with the JSON file as the argument to invoke the Lambda function.
D. Create a JSON string for the put object S3 event. In the AWS Management Console, use the JSON string to create a test event for the local Lambda function. Perform the test.

#79 (Accuracy: 100% / 4 votes)

A company deployed an application as a set of microservices that run on Amazon Elastic Container Service (Amazon ECS) behind an Application Load Balancer (ALB). The performance of the microservices has started to degrade for a specific set of user requests. The company needs to gain deeper insight into the request behavior that is associated with the performance degradation.

Which process will meet this requirement?

A. Create a Docker image that runs the AWS X-Ray daemon. Run the image alongside the microservices in Amazon ECS. Use the X-Ray console to view requests to the microservices.
B. Perform distributed tracing based on the ALB's built-in traffic request metrics.
C. Use Amazon CloudWatch to collect metrics and logs from Amazon ECS. Perform distributed tracing based on the ECS metrics and logs.
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to capture the ECS metrics and logs. Use the EventBridge console to view the requests to the microservices.

#80 (Accuracy: 100% / 4 votes)

A developer is building an application on Amazon EC2. The developer encountered an “Access Denied” error on some of the API calls to AWS services while testing. The developer needs to modify permissions that have been already given to the instance.

How can these requirements be met with minimal changes and minimum downtime?

A. Make a new IAM role with the needed permissions. Stop the instance. Attach the new IAM role to the instance. Start the instance.
B. Delete the existing IAM role. Attach a new IAM role with the needed permissions.
C. Stop the instance. Update the attached IAM role adding the needed permissions. Start the instance.
D. Update the attached IAM role adding the needed permissions.

There are 237 results