我的视频blog地址 http://www.lofter.com/blog/cloudrivers

Certified Developer Associate 2019 -- 2

A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service run different versions for testing purposes.
What would be the BEST way to accomplish this?

  • A. Use an x-Version header to denote which version is being called and pass that header to the Lambda function(s)
  • B. Create an API Gateway Lambda authorizer to route API clients to the correct API version
  • C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)
  • D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context

A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?

  • A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
  • B. Create a model that requires the credentials, then grant API Gateway access to the authentication table
  • C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
  • D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table
 

An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?

  • A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
  • B. Create an RDS Read Replica and direct all read traffic to the replica.
  • C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
  • D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic. 

Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? (Choose two.)

  • A. Upload an html page named welcome.html to their S3 bucket
  • B. Create a welcome subfolder in their S3 bucket
  • C. Set the Index Document property to welcome.html
  • D. Move the index.html page to a welcome subfolder
  • E. Set the Error Document property to welcome.html

What type of block cipher does Amazon S3 offer for server side encryption?

  • A. Triple DES
  • B. Advanced Encryption Standard
  • C. Blowfish
  • D. RC5

If an application is storing hourly log files from thousands of instances from a high traffic web site, which naming scheme would give optimal performance on S3?

  • A. Sequential
  • B. instanceID_log-HH-DD-MM-YYYY
  • C. instanceID_log-YYYY-MM-DD-HH
  • D. HH-DD-MM-YYYY-log_instanceID
  • E. YYYY-MM-DD-HH-log_instanceID
 

Which of the following statements about SQS is true?

  • A. Messages will be delivered exactly once and messages will be delivered in First in, First out order
  • B. Messages will be delivered exactly once and message delivery order is indeterminate
  • C. Messages will be delivered one or more times and messages will be delivered in First in, First out order
  • D. Messages will be delivered one or more times and message delivery order is indeterminate
 

A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? (Choose two.)

  • A. The application authenticates against LDAP. The application then calls the IAM Security Service to login to IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the appropriate S3 bucket.
  • B. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the appropriate S3 bucket.
  • C. The application authenticates against IAM Security Token Service using the LDAP credentials. The application uses those temporary AWS security credentials to access the appropriate S3 bucket.
  • D. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
  • E. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credentials. The application calls the identity broker to get AWS
 

Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?

  • A. Set the imaging queue visibility Timeout attribute to 20 seconds
  • B. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
  • C. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
  • D. Set the DelaySeconds parameter of a message to 20 seconds

Which statements about DynamoDB are true? (Choose two.)

  • A. DynamoDB uses a pessimistic locking model
  • B. DynamoDB uses optimistic concurrency control
  • C. DynamoDB uses conditional writes for consistency
  • D. DynamoDB restricts item access during reads
  • E. DynamoDB restricts item access during writes
 

You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this.
You advise them to:

  • A. Bulk upload the device tokens contained in a CSV file via the AWS Management Console.
  • B. Let the push notification service (e.g. Amazon Device Messaging) handle the registration.
  • C. Implement a token vending service to handle the registration.
  • D. Call the CreatePlatformEndPoint API function to register multiple device tokens.
 
 
 

You are writing to a DynamoDB table and receive the following exception:"
ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.
What could be an explanation for this?

  • A. You haven't provisioned enough DynamoDB storage instances
  • B. You're exceeding your capacity on a particular Range Key
  • C. You're exceeding your capacity on a particular Hash Key
  • D. You're exceeding your capacity on a particular Sort Key
  • E. You haven't configured DynamoDB Auto Scaling triggers
 
 

Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing
Facebook account and the game will record player data and scoring information directly to a DynamoDB table.
What is the most secure approach for signing requests to the DynamoDB API?

  • A. Create an IAM user with access credentials that are distributed with the mobile app to sign the requests
  • B. Distribute the AWS root account access credentials with the mobile app to sign the requests
  • C. Request temporary security credentials using web identity federation to sign the requests
  • D. Establish cross account access between the mobile app and the DynamoDB table to sign the requests
 
 

A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time.
How much write throughput is required for the target table?

  • A. 1 write capacity unit
  • B. 10 write capacity units
  • C. 60 write capacity units
  • D. 600 write capacity units
  • E. 3600 write capacity units
 

Company C has recently launched an online commerce site for bicycles on AWS. They have a "Product"
DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details.
Which approach below provides the least impact to provisioned throughput on the "Product" table?

  • A. Serialize the image and store it in multiple DynamoDB tables
  • B. Create an "Images" DynamoDB table to store the Image with a foreign key constraint to the "Product" table
  • C. Add an image data type to the "Product" table to store the images in binary format
  • D. Store the images in Amazon S3 and add an S3 URL pointer to the "Product" table item for each image
 
 

In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?

  • A. 5xx HTTP response code
  • B. 200 HTTP response code
  • C. 306 HTTP response code
  • D. 4xx HTTP response code
 
 

Which DynamoDB limits can be raised by contacting AWS support? (Choose two.)

  • A. The number of hash keys per account
  • B. The maximum storage used per account
  • C. The number of tables per account
  • D. The number of local secondary indexes per account
  • E. The number of provisioned throughput units per account
 

When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?

  • A. Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue
  • B. Retrieve the message with an increased visibility timeout, delete the message from the queue, process the message
  • C. Retrieve the message with increased DelaySeconds, process the message, delete the message from the queue
  • D. Retrieve the message with increased DelaySeconds, delete the message from the queue, process the

Company A has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.
How can Company A provide only paid subscribers the ability to download a premier content file in the S3 bucket?

  • A. Apply a bucket policy that grants anonymous users to download the content from the S3 bucket
  • B. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download
  • C. Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects
  • D. Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors
 

Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?

  • A. User ID, where the application has many different users.
  • B. Status Code where most status codes are the same
  • C. Device ID, where one is by far more popular than all the others.
  • D. Game Type, where there are three possible game types
 

An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours.
Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E".
Which table configuration will result in the lowest impact on provisioned throughput for this query?

  • A. Configure the table to have a hash index on the name attribute, and a range index on the office identifier
  • B. Configure the table to have a range index on the name attribute, and a hash index on the office identifier
  • C. Configure a hash index on the name attribute and no range index
  • D. Configure a hash index on the office Identifier attribute and no range index

Which of the following is chosen as the default region when making an API call with an AWS SDK?

  • A. ap-northeast-1
  • B. us-west-2
  • C. us-east-1
  • D. eu-west-1
  • E. us-central-1
 

Which of the following statements about SWF are true? (Choose three.)

  • A. SWF tasks are assigned once and never duplicated
  • B. SWF requires an S3 bucket for workflow storage
  • C. SWF workflow executions can last up to a year
  • D. SWF triggers SNS notifications on task assignment
  • E. SWF uses deciders and workers to complete tasks
  • F. SWF requires at least 1 EC2 instance per domain

How can you secure data at rest on an EBS volume?

  • A. Attach the volume to an instance using EC2's SSL interface.
  • B. Write the data randomly instead of sequentially.
  • C. Use an encrypted file system on top of the BBS volume.
  • D. Encrypt the volume using the S3 server-side encryption service.
  • E. Create an IAM policy that restricts read and write access to the volume.
posted @ 2019-10-11 21:02  Michael云擎  阅读(306)  评论(0编辑  收藏  举报
我的视频blog地址 http://www.lofter.com/blog/cloudrivers