Software Architecture and Security Policies Quiz

Questions and Answers

PDF Questions PDF Answers

Which of the following software architectural interaction styles is the most decoupled?

RESTful

RPC

Message driven

Event-driven (correct)

If a policy explicitly denies a privilege to a role:

Privileges cannot be explicitly denied.

They are denied by default.

The privilege will always be denied. (correct)

The privilege will be denied unless there is another later policy that permits. (correct)

Order the following disaster recovery items based on how they would commonly be implemented over time:

Fully working low-capacity standby on AWS = 1 Add a hot standby in a second AWS Availability Zone or region = 2 Back up (to Amazon S3) and restore = 3 Pilot Light on AWS for quick recovery = 4

Preventing DDoS attacks is the sole responsibility of the customer.

False

Which of the following would probably not be a good use case for a NoSQL database?

Secondary indexes for data stored with hex hashes in Amazon S3

Amazon SQS guarantees that the order in which messages are received is the order in which they will be delivered.

False

What AWS service can reduce coupling between Web Servers and Application Servers in a single VPC?

Internal ELB

What is the benefit of using a dead-letter queue?

It separates unsuccessfully processed messages from unprocessed messages so they can be inspected.

Which statement is the best example of a circumstance where an Amazon Elastic Compute Cloud (Amazon EC2) instance could be replaced effectively with an AWS Lambda function?

A small instance that is notified when an Amazon DynamoDB table is updated, and responds with API calls to DynamoDB.

Your organization maintains a successful online retail website. Which solution will provide a cost-effective strategy to accommodate the traffic growth and demand?

Create Auto Scaling groups for the web and application instances and configure both internal and external ELB load balancers to distribute traffic between instances.

When automated backups are turned on for your DB instance, Amazon RDS automatically performs a full daily snapshot of your data.

True

When creating a new AWS account, it is good practice to (select all that apply):

Enable MFA.

What is the primary benefit of putting a cache in front of your Amazon Relational Database Service (Amazon RDS) instance?

Increased speed of reads from your database.

The most important difference between AWS KMS and AWS CloudHSM is:

AWS CloudHSM gives you total control over your keys.

What does the visibility timeout feature of Amazon SQS do?

Prevents multiple consumers from processing the same message at the same time.

Study Notes

Software Architectural Interaction Styles

• Event-driven interaction style is the most decoupled compared to RPC, RESTful, and message-driven styles.

Policy and Privilege Management

• An explicit denial of a privilege to a role ensures that the privilege is always denied.
• Privileges can be denied by default but must be explicitly permitted to be granted.

Disaster Recovery Implementation Order

• Typical implementation order for disaster recovery: backups to Amazon S3, Pilot Light on AWS, fully working low-capacity standby on AWS, and adding a hot standby in a second AWS Availability Zone or region.

DDoS Attack Responsibility

• Customers have shared responsibility for preventing DDoS attacks and are not solely responsible.

NoSQL Database Use Cases

• Secondary indexes for data in hex hashes stored in Amazon S3 may not be a good use case for NoSQL. Customer orders, lookup tables, and scoreboards are better suited for NoSQL.

Amazon SQS Message Delivery

• Amazon SQS does not guarantee that the order of received messages matches their order of delivery.

Reducing Coupling in VPC

• Internal ELB (Elastic Load Balancer) can effectively reduce coupling between Web Servers and Application Servers within a single VPC.

Benefits of a Dead-Letter Queue

• Dead-letter queues separate unsuccessfully processed messages, allowing for inspection and easier debugging without interfering with unprocessed messages.

AWS Lambda vs. EC2

• AWS Lambda is effective for small instances that respond to DynamoDB updates via API calls, offering a more scalable and cost-effective solution compared to traditional EC2 instances.

Handling Traffic Growth in Online Retail

• Implementing Auto Scaling groups for web and application instances, along with internal and external ELB load balancers, provides a cost-effective strategy to manage fluctuating traffic demand.

Amazon RDS Automated Backups

• Amazon RDS automatically conducts full daily snapshots and records transaction logs for your database instance when automated backups are enabled.

Best Practices for New AWS Accounts

• Upon creating a new AWS account, best practices include not using the root account for administration, deleting root user access keys, enabling MFA (Multi-Factor Authentication), and creating an IAM user with Administrator access.

Benefits of Caching with Amazon RDS

• Caching in front of Amazon RDS primarily increases the speed of reads from the database, improving application performance.

Differences Between AWS KMS and CloudHSM

• The key distinction between AWS KMS and AWS CloudHSM is that CloudHSM grants total control over encryption keys, while KMS offers AWS Cloud Trail integration.

Amazon SQS Visibility Timeout

• The visibility timeout feature in Amazon SQS prevents multiple consumers from simultaneously processing the same message, ensuring orderly processing.

Description

Test your knowledge on software architectural interaction styles and security policies with this quiz. You will tackle questions related to decoupling in architectural styles and the implications of policy settings on privileges. Each scenario challenges your understanding of critical concepts.