AWS Certified Developer – Associate QUIZ SET 3 Author: CloudVikas Published Date: 1 March 2020 Welcome to AWS Certified Developer - Associate QUIZ SET 3. Please enter your email details to get QUIZ Details on your email id. Click on Next Button to proceed. Email 1. ######QUESTION#########Justin is a Developer consultant working on several client projects using cloud technology and spending less time managing resources and more time focusing on applications is a priority. Justin created AWS CloudFormation templates that are reusable by taking advantage of input parameters to name resources based on client names. He would like to save his templates on the cloud, which storage option should he choose?EBSS32. What does Cognito use to create unique identities for users and authenticate them with Web ID providers?User PoolsIAM UsersIdentity PoolsIAM Groups3. Which of the following are provided by AWS to allow you to easily assign IAM permissions to your users based on pre-defined common use cases?Custom PolicyCommon PolicyManaged PolicyInline Policy4. Which of the following correctly describes a Customer Managed Policy? (Choose 2) It can be assigned to multiple users, groups or roles in your account It is created and administered by AWS It is managed by you The policy will be deleted if you delete the user, group or role it is associated with5. Which of the following features of IAM allows you to have your users Authenticate using Facebook, Google or Amazon?Multi-Factor AuthenticationWeb Identity FederationThe IAM HTTPS APIAWS Single Sign-On (SSO)6. What does Cognito use to manage sign-up and sign-in functionality for mobile and web applications?IAM UsersIAM GroupsUser PoolsIdentity Pools7. ######QUESTION#########John is a developer working on AWS Lambda functions that are triggered by Amazon API Gateway and would like to perform testing for new API versions. Which of the following features will accomplish this task?Mapping TemplatesCanary Deployment8. Which AWS services are tied to a region, such as (select three) AWS IAM AWS CloudFront AWS EC2 AWS DynamoDB AWS Lambda9. When you update your application versions, AWS Elastic Beanstalk performs an in-place update and your application becomes unavailable to users for a short period of time. Instead, you would like to redirect traffic to the new version using a DNS switch. Which deployment method will allow you to do this?rolling with additional batchesblue/green10. ######QUESTION#########Thomas created an Auto Scaling group to work with an Application Load Balancer. The scaling group is configured with a minimum size value of 5, a maximum value of 20 and a desired capacity value of 10. One of the 10 EC2 instances has been reported as unhealthy. Which of the following actions will take place?The ASG will terminate the EC2 InstanceThe ASG will detach the EC2 instance from the group, and leave it running11. What is the name of the service that allows users to use their social media account to gain temporary access to the AWS platform?Web Confederation ServicesWeb Identity FederationFacebook Sign-In ServiceActive Directory Authentication Services12. Which of the following services can be used to securely store confidential information like credentials and license codes so that they can be accessed by EC2 instances?DynamoDBIAMSystems Manager Parameter StoreKMS13. Amazon Cognito provides Web Identity Federation with which of the following features? (Choose 2) Single sign-on for Active Directory users Multi-Factor Authentication Synchronization of user data across multiple device types Sign-up and sign-in to your applications14. Which of the following is a benefit of using CloudFormation Infrastructure as Code Cost Productivity Separation of Concerns Don’t re-invent the wheel15. Which of the following statements is not true for SNS?SNS Messages can be retrieved at a later dateMessages are sent to all subscribers16. How can you allow a user from one AWS account to access and manage resources in another AWS account?Configure cross-origin resource sharingConfigure web identity federationConfigure cross-account accessConfigure Cognito17. Which of the following applies to an AWS Managed Policy? (Choose 3) You can change the default permissions defined in the policy It can be assigned to multiple users, groups or roles AWS occasionally updates the permissions defined in an AWS managed policy It is available for use by any AWS account It can only be assigned to a single user, group or role in your account18. ######QUESTION#########Thomas is working in a security company, the company is requiring all developers to perform server-side encryption with customer-provided encryption keys when performing operations in AWS S3. Developers should write software with C# using the AWS SDK and implement the requirement in the PUT, GET, Head and Copy operations. Which of the following encryption methods meets this requirement?SSE-CClient Side Encryption19. ######QUESTION#########Jack is working in a cloud company , he is responsible for an application that runs on multiple Amazon EC2 instances. In front of the instances is an Internet-facing load balancer that takes requests from clients over the internet and distributes them to the EC2 instances. A health check is configured to ping the index.html page found in the root directory for the health status. When accessing the website via the internet visitors of the website receive timeout errors. What should be checked first to resolve the issue?Security GroupsIAM Roles20. As AWS Developer ,You have to retrieve some items from a DynamoDB table using the primary key. What API call will provide better performance? Query GetItem Your Team lead is developing a business intelligence application that performs analytics and your team lead wants to integrate it with a fully managed data warehouse service. What AWS DB platform is suitable for your case?RedshiftRDS21. Amazon Cognito is recommended for which use case?Anonymous access to AWS resourcesSecure storage of database connection stringsWeb Identity Federation for mobile applicationsIdentity Federation with Active Directory22. Which statement best describes IAM?IAM allows you to manage users' passwords only. AWS staff must create new users for your organization. This is done by raising a ticket.IAM stands for Improvised Application Management, and it allows you to deploy and manage applications in the AWS Cloud.IAM allows you to manage permissions for AWS resources only.IAM allows you to manage users, groups, and roles and their corresponding level of access to the AWS Platform.23. ######QUESTION#########Ben is working in a e-commerce company, he needs to improve its software delivery process and is moving away from the waterfall methodology. He decided that every application should be built using the best CI/CD practices and every application should be packaged and deployed as a Docker container. The Docker images should be stored in ECR and pushed with AWS CodePipeline and AWS CodeBuild. When he attempt to do this, the last step fails with an authorization issue. What is the most likely issue?The ECR repository is stale, you must delete and re-create itThe IAM permissions are wrong for the CodeBuild service24. You are working on a mobile phone app for an online retailer that stores customer data in DynamoDB. You would like to allow new users to sign-up using their Facebook credentials. What is the recommended approach?Embed encrypted AWS credentials into the application code, so that the application can access DynamoDB on the user's behalf.After the user has authenticated with Facebook, allow them to download encrypted AWS credentials to their device so that the mobile app can access DynamoDBAfter the user has successfully logged in to Facebook and received an authentication token, Cognito should be used to exchange the token for temporary access to DynamoDBWrite your own custom code which allows the user to log in via Facebook and receive an authentication token, then calls the AssumeRoleWithWebIdentity API and exchanges the authentication tokens for temporary access to DynamoDB25. A company has AWS Lambda functions where each is invoked by other AWS services such as Amazon Kinesis Data Firehose, Amazon API Gateway, Amazon Simple Storage Service or Amazon CloudWatch Events. What all functions have in common is that they all process heavy workloads such as big data analysis, large file processing, and statistical computations. What should you do to improve the performance of your AWS Lambda functions without changing your code?Increase the RAM assigned to your functionIncrease the instance type for your functions26. You are a developer working at a cloud company that embraces serverless. You have performed your initial deployment and would like to work towards adding API Gateway stages and associate them with existing deployments. Your stages will include prod, test, and dev and will match AWS Lambda function aliases. Which of the following features must you add to achieve this? Stage Variables,Lambda AliasesLambda Versions,Lambda X-Ray integration27. ######QUESTION#########John is working in a company , the company is new to cloud computing and would like to host a static HTML5 website on the cloud and be able to access it via domain www.mycompany.com. John created a bucket in Amazon Simple Storage Service (S3), enabled website hosting and set the index.html as the default page. Finally, he create an Alias record in Amazon Route 53 that points to the S3 website endpoint of your S3 bucket. When he test the domain www.mycompany.com you get the following error: 'HTTP response code 403 (Access Denied)'. What can he do to resolve this error?Create an IAM roleCreate a bucket policy28. ######QUESTION#########Jack is assigned to a project that requires the use of the AWS CLI to build a project with AWS CodeBuild. His project's root directory includes the buildspec.yml file to run build commands and would like to build artifacts encrypted. Which of the following will accomplish this?Specify a KMS key to useUse an AWS Lambda Hook29. ######QUESTION#########Which of the following option is correct?"Kinesis Stream" : Kinesis data streams can continuously capture gigabytes of data per second from hundreds of thousands of sources such as website clickstreams, database event streams, financial transactions, social media feeds, IT logs, and location-tracking events."SNS" - SNS is appropriate for flexible message delivery over multiple transport protocols"SQS" - Amazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components"Lambda" - AWS Lambda makes it easy to execute code in response to events, such as changes to Amazon S3 buckets, updates to an Amazon DynamoDB table, or custom events generated by your applications or devices. Not suitable in this scenarioall of them30. ######QUESTION#########`John is working in a cloud company that has a cloud system in AWS with components that send and receive messages using SQS queues. While reviewing the system he see that it processes a lot of information and would like to be aware of any limits of the system. Which of the following is the maximum number of messages that can be stored in an SQS queue?no limit1000031. When would you use an Inline Policy over a Managed Policy?When you want to manage the policy yourselfTo add IAM permissions for common use cases like giving your DBAs full access to DynamoDBTo add permissions that are only ever intended to be used for a single user in your accountTo add IAM permissions that can be applied to multiple AWS accounts that you own32. Which of the following tools can you use to monitor CPU utilization metrics for your EC2 instances?X-RayCloudTrailCloudWatchIt can only be assigned to a single user, group or role in your accountCloudFormation33. In mobile company,You are developing a new mobile application to share photos, which AWS technology can you use to ensure your users have a seamless experience across all their devices?Web Identity FederationMulti-Factor AuthenticationCognitoIAM34. ######QUESTION#########When Jacob's company first created an AWS account, he began with a single sign-in principal called a root user account that had complete access to all AWS services and resources. What should he do to adhere to best practices for using the root user account?It should be accessible using the access_key_id and secret_access_key_idIt should be accessible by one admin only after enabling Multi-factor authentication35. You are a Developer working with AWS CloudFormation templates. Your templates provision a VPC with one subnet and would like other stacks to use the output value of the subnet created. What must you do to provide this information to another stack?ExportExpose36. When using Web Identity Federation to allow a user to access an AWS service (such as an S3 bucket), which of the following is the correct order of steps?A user logs in to the AWS platform using their Facebook credentials. AWS authenticate with Facebook to check the credentials. Temporary Security Access is granted to AWS.A user makes the AssumeRoleWithWebIdentity API Call. The user is then redirected to Facebook to authenticate. Once authenticated, the user is given an ID token. The user is then granted temporary access to the AWS platform.Users cannot use Facebook credentials to access the AWS platform.A user authenticates with Facebook first. They are then given an ID token by Facebook, which they can then trade for temporary security credentials.37. You are a DynamoDB developer for an aerospace company that requires you to write 6 objects per second of 4.5KB in size each. What write capacity unit is needed for your project?301038. Which of the following correctly describes an Inline Policy? (Choose 2) It is embedded in a user, group or role The policy will be deleted if you delete the user, group or role it is associated with You cannot change the permissions defined in the policy It can be attached to multiple users and groups within your AWS account39. ######QUESTION#########Jack is working on a web application front end consists of 5 EC2 instances behind an Application Load Balancer. You have configured your web application to capture the IP address of the client making requests. When viewing the data captured you notice that every IP address being captured is the same, which also happens to be the IP address of the Application Load Balancer. What should you do to identify the true IP address of the client?Look into the X-Forwarded-Proto header in the backendLook into the X-Forwarded-For header in the backend40. ######QUESTION#########Tom is working for a small organization that does not have a database administrator and are needing to install a database on the cloud quickly to support an accounting application used by thousands of users. The application will act as a backend and will perform (CRUD) operations such as create, read, update and delete as well as inner joins. Which database is best suited for this scenario?RedshiftRDS1 out of Author: CloudVikas