AWS Lambda Knowledge Check - Modules 7-13 PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document contains a knowledge check for modules 7-13, focusing on AWS Lambda, covering topics like Lambda characteristics, constraints, API Gateway invocation. It includes questions, each followed by multiple choice answers.
Full Transcript
**Module 7** - Which statement describes a characteristic of AWS Lambda? - Lambda runs code only when it is activated by an event and uses only the compute resources that are needed - A developer\'s method and configuration options for ensuring high availability with...
**Module 7** - Which statement describes a characteristic of AWS Lambda? - Lambda runs code only when it is activated by an event and uses only the compute resources that are needed - A developer\'s method and configuration options for ensuring high availability with Lambda are similar to their approach with Amazon Elastic Compute Cloud (Amazon EC2) - Lambda functions run in on-demand, temporary environments, and the developer controls when new environments are created or shut down - A developer must write Lamba functions that use one of the runtimes that the Lambda service provides - Which constraint cannot be modified? - Function timeout - Reserved concurrency - Burst quota - Regional quota - Which option describes how Amazon API Gateway invokes AWS Lambda? - API Gateway directly invokes a function with a synchronous invocation - Lambda processes API Gateway requests asynchronously and retries each request up to two times - Lambda uses an even source mapping and polls API Gateway for requests - API Gateway directly invokes a function and retries the request until it succeeds of expires - Which actions require permissions that are defined in the AWS Lambda execution role? (Select Two) - A Lambda function writes to an Amazon DynamoDB table - An object that is written to an Amazon Simple Storage Service (Amazon S3) bucket initiates invocation of a Lambda function - Lambda polls an Amazon Simple Queue Service (Amazon SQS) queue for messages that initiate invocation of a Lambda function - A message that is posted to an Amazon Simple Notification Service (Amazon SNS) topic initiates invocation of a Lambda function - Which statement about the function handler in an AWS Lambda function is true? - The function handler is the entry point that Lambda calls to start running the Lambda function - The function handler method might take an event object or a context object - The event object provides information about the event that invoked the Lambda function. It must be a predefined object that an AWS service generates - The context object provides runtime information, and the developer must create a context object that matches the runtime that was selected for the function - Which issue might be addressed by adding provisioned concurrency to an AWS Lambda function? - Another Lambda function runs in the same account and Region. It sometimes spikes and consumes all available concurrency, causing the function to fail - An application that uses the Lambda function responds slowly for the first few users who sign in each day. Lambda metrics show higher latency for those initial requests - A legacy backend system fails intermittently when the developer connects to it. To avoid extra costs, they want to reduce the function's wait time when the backend fails - The developer wants more visibility into transactions that use the Lambda function to identify bottlenecks - Which AWS Lambda configuration setting might a developer use to manage function errors when configuring an Amazon Simple Notification Service (Amazon SNS) topic as the event source for a Lambda function? (Select Two) - State machines - File systems - Destinations - Virtual private cloud - Asynchronous invocations - A zipped deployment package including code and custom libraries is 75MB in size. Which AWS Lambda deployment option should be used? - Copy the code into the Lambda console editor to create and deploy the function - Upload a.zip file from an integrated development environment (IDE) to load the deployment package directly into the Lambda console - Upload the deployment package to an Amazon Simple Storage Service (Amazon S3) bucket, and specify the bucket name and object key on the Lambda console - Upload the deployment package to an Amazon Elastic Block Store (Amazon EBS) volume, and use the File Systems configuration to reference it - A function's Amazon Resource Name (ARN) is as follows:\ arn:aws:lambda:aws-region:acct-id:function:helloworld:PROD\ \ Which statement about this function is correct, based on its ARN? - This ARN will invoke the immutable PROD version of the function - This ARN will invoke the version of the function that is currently associated with the PROD alias - This ARN will invoke the function and include the AWS Lambda layer that is named PROD - This ARN will deploy the helloworld function into the PROD account - Users of a serverless application have reported errors that occur when they try to retrieve order information. Assuming that AWS X-Ray is enabled, what is the first step the developer might take in X-Ray to start troubleshooting the reported issues so quickly? - Drill down into the most recent traces to look for errors - Search for metadata that is related to the users who are reporting issues - Add annotations that the developer can use to start grouping and filtering traces - Use the service map to visually locate errors across the application **Module 8** - Which option describes a benefit that led the shipping industry and the software industry to use containers? - Infrastructure providers can create strong dependencies between their platform and the types of containers that they choose to work with - The abstraction of details of what's being "shipped" increases the agility of a system - Increased visibility into the details of what's being "shipped helps each point in the system to provide the right type of support - The ability to use nonstandard types of containers give producers flexibility - Which options are components of a container? (Select Two) - Host server - Runtime engine - Operating system - Application code - Virtual machine - Which statement about Docker containers is true? - A container is a runnable instance of an image - A container registry is a template to launch containers - A container image is a writeable template - A container layer is a thin read-only layer that is associated with a running container - Which Docker CLI command creates a container named my\_app\_1 from the image node\_app? - Docker run --name my\_app\_1 node\_app - Docker build --tag my\_app\_1 - Docker exec -it my\_app\_1 sh - Docker images my\_app\_1 from node\_app - Which statement about a Dockerfile is true? - A Dockerfile is a YAML file that provides instructions to create a container image - Each instruction in a Docker file creates a read-only layer in the image - If a developer changes the Dockerfile and rebuilds the image, all layers of the image must be rebuilt - Developers cannot use the Dockerfile to run scripts that would run after the container is instantiated - A developer wants to migrate a monolithic shopping website to a microservice-based application. Which option reflects a reason to choose containers? - Each container can use the language and technology that are best suited for the service - Containerized components are not isolated, so the application will evolve as a singular system - Containers are well-suited to designs that avoid the use of temporary resources - containers separate your dependencies and libraries into their own objects - A developer recently built a proof-of-concept application using containers, and the business owner wants to roll it out to production. Which option reflects a primary reason that the developer might use a container orchestration service? - To schedule container starts and stops and determine where to place containers - To base their containers on third-party images - To remove the requirements to use a container registry - To receive automated recommendations about how to improve their application code to run on containers - Which statement about the Amazon Elastic Container Service (Amazon ECS) is true? - Amazon ECS is highly scalable container orchestration service that supports Docker containers - Amazon ECS requires the use of the Amazon Elastic Container Registry (Amazon ECR) for container images - Amazon ECS supports launching containers in Amazon EC2 or AWS Lambda - With Amazon ECS, you can deploy applications to containers even if they have not been architected specifically to run on containers - What is the name for a logical collected of AWS Elastic Beanstalk components, which is conceptually similar to a folder? - Environment - Platform - Application - Environment tier - A developer wants to do canary testing on a new deployment. Which AWS Elastic Beanstalk deployment policy option should the developer use? - Immutable - Rolling with batch - Traffic Splitting - Blue/Green **Module 9** - An architect suggests that the developers implement caching on an existing application to address performance issues. Which option describes factors that the developers should consider when they decide where to add caching? - Avoid caching for data queries that are slow and expensive to run - Review the data and is access patterns. Data that changes rapidly but is infrequently accessed should be cached - Consider the tolerance for stale data in each context where the data is used - Add as much caching in as many places as you can as early in development as possible - A developer has determined that an in-memory key-value store would improve performance of their application's queries. They want to keep the solution as simple as possible and need to support read replicas. Which option should they choose? - Amazon ElastiCache for Memcached - Amazon ElastiCache for Redis - Amazon CloudFront Functions - Lambda\@Edge - Amazon ElastiCache is being added to an application to improve response times and alleviate database pressure. The backend database for the application is an Amazon Relational Database Service (Amazon RDS) database. Which task would be the responsibility of the application developer? - Applying software patches to the cache instances - Writing code to check the health of the cluster before writing to the cache - Writing code that looks for the requested data in the cache and, if the data is not found, requests it from the origin - Write code to integrate the cache with the Amazon RDS instances that it will be reading from - Which statement about Amazon ElastiCache is true? - A node is a variable-size chunk of secure, network-attached RAM - Your application connects to an ElastiCache node by using a unique address called an endpoint - With the Memcached engine, data is partitioned across shards in a cluster - Every node within a cluster must run the same cache engine, but the nodes can run on different instance types - A developer has been asked to address complaints from customers in the London area about the performance of a web-based application that is hosted in New York. Which option might the developer implement? - Use Amazon CloudFront to replicate the application code on Amazon Elastic Compute Cloud (Amazon EC2) instances in the London Region - Set up a CloudFront distribution that can serve static content from edge locations that are closer to UK users - Set up a CloudFront regional edge location in the London Region - Set up one CloudFront edge location in New York and one in London - A developer has been asked to increase the cache hit ratio for their Amazon CloudFront distribution. Which option should they try? - Include only the minimum necessary values in the cache key - Decrease the maximum time to live (TTL) setting in a cache policy - Decrease the max-age setting in a file's Cache-Control header - Increase the cache hit setting in a cache policy - Which statement about Amazon CloudFront cache file expiration is true? - Each file in the cache automatically expires after 24hrs, and you cannot modify this setting - After a file expires, the next time the edge location gets a user requestion for the file, CloudFront forwards the request to the origin server - When the origin receives a request, the origin send the latest version of the file regardless of whether it is the same as the expired version in the cache - You can control cache file duration with CloudFront cache policy settings through Cache-Control settings in the origin file headers. However, you cannot combine these options - Which use case suggests the use of Amazon CloudFront Functions? - A function that redirects the viewer to a different URL and adds custom response header - A function that uses a third-party library - A function that requires network access to use external services for processing - A function that requires access to the body of HTTP requests - Which statement reflects a benefit of lazy loading as a caching strategy? - Lazy loading avoids filling up the cache with data that is not requested - With lazy loading, data in the cache never becomes stale - With lazy loading, every write involves two trips -- a write to the cache and a write to the database -- which adds latency to the process - Lazy loading might result in cache churn. The cache might be updated often if certain records are updated repeatedly - A developer has been asked whether caching might improve the performance of their online bidding application. How should they answer this question? - Caching probably will not yield much performance improvement for this type of application - Caching might improve performance by reducing the number of hits to the backend database. However, caching cannot improve performance issues that occur between client and the web server - Using different types of caching at each application layer might improve both the frontend and backend performance - Caching might greatly improve performance if the application is compute heavy, but if the application is read heavy, a cache will not provide much benefit**\ ** **Module 10** - Which option describes how a message queue processes messages? - The queue polls producers for new messages - Consumers poll the queue for messages - The queue broadcasts messages to consumers - Consumers notify the queue when a message has been successfully processed. The queue configuration determines whether the message should be available to other consumers - Which option describes how publish/subscribe (pub/sub) messaging works? - Producers send messages to subscribers - Subscribers poll topics for new messages - When a topic receives a new message, the topic sends the message to the first subscriber who responds to a notification - A new topic message is pushed out to all topic subscribers - A developer wants to add an Amazon Simple Queue Service (Amazon SQS) queue to decouple incoming order requests from a backend database. Which Amazon SQS operations might be part of this update? - Use the SendMessage operation with the QueueURL mapped to the database endpoint to put messages on the queue - Use the ReceiveMessage operation with MaxNumberOfMessages set to 5 to retrieve - Use the DeleteMessage operation to change the visibility of the message as soon as the ReceiptHandle is received - Use the ReceiveMessage operation with the WaitTimeSeconds parameter set to 0 to reduce the number of empty requests - A tester reports that Amazon Simple Queue Service (Amazon SQS) messages are being processed more than once. The developer finds that processing servers are not completing as quickly as expected, and messages are made available to other consumers before the prior consumer deletes them. Which option might reduce occurrences of this issue? - Increase the visibility timeout - Increase maxReceiveCount - Increase MaxNumberOfMessages - Increase the number of producers on the queue - For an order-processing application that uses an Amazon Simple Queue Service (Amazon SQS) queue, a developer finds that an older version of the client generates order records that fail the backend process. The failures cause a bottleneck on the queue. How might the developer reduce the impact of the failed records? - Increase the visibility timeout and set a high value for MaxNumberOfMessages - Add a dead-letter queue and set a low maxReceiveCount - Use long polling and set a high wait time - Change the queue type from standard to First-In-First-Out (FIFO) and set a high throughput rate - Which statement about Amazon Simple Queue Service (Amazon SQS) polling options is true? - By default, when you make a ReceiveMessage API call, Amazon SQS performs long polling - When long polling is configured, WaitTimeSeconds is set to 0 - When short polling is configured, Amazon SQS queries all of its servers - When short polling is configured, Amazon SQS samples a subset of its servers - Which statement about Amazon Simple Notification Service (Amazon SNS) is true? - An SNS is a logical access point, which acts as a communication channel - A publisher can only send messages to topics that they have created - By default, different subscribers to a topic receive different messages - Amazon SNS defines a single delivery policy, which is applied to all delivery protocols - An Amazon Simple Notification Service (Amazon SNS) topic receives messages about orders. An AWS Lambda function that processes canceled orders is subscribed to the topic. How might the developer reduce costs by only invoking the Lambda function for canceled orders? - Put an Amazon Simple Queue Service (Amazon SQS) queue in front of the Lambda function - Separate the new order and cancel order messages to be sent by two different publishers - Set up a filter policy so that the Lambda function subscription only receives cancel order messages - Use the ConfirmSubscription operation to limit which messages the Lambda function receives - A developer needs to build a custom application to put customer application log records onto an Amazon Kinesis data stream. What should they use to build the application? - Use the Kinesis API - Use the Kinesis Producer Library (KPL) - Use the Kinesis Client Library (KCL) - Use the Amazon Kinesis Data Analytics - Which statement about Amazon Kinesis Data Streams is true? - When a record is added to the stream, the record is available until a consumer deletes is - The data records in a data stream are distributed into shards - A standard data stream can have one consumer. With the enhanced fanout option, you can add multiple consumers - A stream consumer must delete the records that it processes successfully **Module 11** - Which scenario suggest the need for a task coordination service such as AWS Step Functions? - A website that serves static content is expanding its reach to a global audience - A serverless application must run a series of AWS Lambda functions that are dependent on each other - A monolithic application that is written in Java is updating its technology stack - A reporting application must update its calculation logic to provide more analytical data to business users - Which statement describes a benefit of using AWS Step Functions for an application? - Step Functions integrates with state machines so that developers can transition between their Step Functions workflow and their state machine workflow - Step Functions can be configured with Amazon EC2 Auto Scaling to scale up and scale down - Step Functions can be define by using either Python or Node.js - Developers can use Step Functions to build visual workflows - What is the role of the Task state type in AWS Step Functions? - Task states are used to stop a failed workflow - Task states perform a unit of work - Task states provide branching logic - Task states tell the state machine the order to perform the steps in - An application that processes order returns must complete different steps depending on whether the return is within 30 days of purchase. Which AWS Step Functions state could a developer use to implement this logic? - Parallel - Task - Choice - Wait - An application that processes order returns must run the same AWS Lambda function for each item in an order. Which AWS Step Functions state could a developer use to implement this logic? - Parallel - Pass - Map - Task - Which statement is true for both Succeed states and Fail states? - Succeed states and Fail states do not include the Next field - The End field is not required because Succeed states and Fail states are not terminal states - The Type field is optional for Succeed states and Fail states - The End field is required because Succeed states and Fail states are terminal states - An application that processes order returns must run two independent audit checks. When both checks are successfully completed, the return authorization step is run. Which AWS Step Functions state could a developer use to implement this logic? - Parallel - Task - Choice - Wait - How is a taskToken used in an AWS Step Functions use case that includes a manual approval step? - A taskToken is generated when the workflow hits a Wait state. The taskToken tracks how long the workflow has been waiting for a task to finish - A taskToken is used to transition between each state in the workflow and is define in the Next field - A taskToken is returned as part of a call to the GetActivityTask action and is used when calling the SendTaskSuccess action to associate a result with a task - A taskToken is an output of the Success state in a synchronous Step Functions Express workflow. A taskToken is used to confirm success of al tasks - Which use case is a good fit for AWS Step Functions Express workflows? - All workflows in the application must be auditable up to 90 days after a completed run - The workflow requires a step that will run an application that is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance - The workflow takes between 30mins and 1hr to run - The workflow must support a very high rate of events that come from Internet of Things (IoT) devices - Which statement about AWS Step Functions is true? - A developer can use Amazon API Gateway to associate their Step Functions APIs with methods in an API Gateway API - Step Functions has quotas at the account level regarding - Step Functions must be created in the visual editor on the Step Functions console but can be edited with the AWS SDKs - A developer can use the Describe API action to get a summary of all the state machines and the number of times that each has been run Module 12 - Which statement about creating secure connections is true? - Both Secure Socket Layers (SSL) and Transport Layer Security (TLS) are standards that AWS developed for secure communications - SSL uses certificates to establish website identity, but TLS does not - Both SSL and TLS encrypt network communications between connected resources - SSL is a newer version of TLS. Both are used to establish the identify of websites - Which step in the secure connection process is the responsibility of the certificate authority (CA)? - Issue a certificate - Verify whether the certificate is from a trusted source - Send an encrypted session key - Send a certificate and public key to the client - Which statement about AWS Certificate Manager (ACM) is true? - ACM can provision public certificates, but for private certificates, developers must produce their own certificate and connect it to ACM - ACM manages certificate renewals for both public and private certificates - ACM costs are based on the number of active public certificates in an AWS account - A developer must configure a load balancer to use ACM certificates - Which statement reflects a best practice for security credentials - Only share access keys between users in the same AWS account - Use AWS Identity and Access Management (IAM) roles to retrieve temporary security credentials - If there are unencrypted access keys, embed them in code that is available only to developers but not accessible to users - Do not allow programmatic authentication to AWS services - What is the primary difference between AWS Security Token Service (AWS STS) authentication by federated users and AWS STS authentication by AWS Identity and Access Management (IAM) users? - With federated users, the application calls an identity broker, but this step is skipped with IAM users - With federated users, the first authentication is made against an IdP. With IAM users, the first authentication is made against IAM - With federated users, the second authentication is made against an IdP. With IAM users, the second authentication is made against IAM - With federated users, applications use the temporary security credentials and token to make requests to an AWS service. No token is necessary with IAM users - A developer has been asked to investigate how website files have been deleted from an Amazon Simple Storage Service (Amazon S3) bucket. Which approach should they take? - Use AWS CloudTrail to search for information about delete object events on the S3 bucket - Use AWS Security Token Service (AWS STS) to block deletions from S3 buckets - Use AWS Identity and Access Management (IAM) to search for users who have used their delete permissions on the S3 bucket - Use the AWS STS GetSessionToken API call to retrieve information about users who deleted files from the S3 bucket - A developer has been to add a sign-up and sign-in service to their application. Which Amazon Cognito feature should they use? - Amazon Cognito identity pool - Amazon Cognito user pool - Amazon Cognito Lambda trigger - Amazon Cognito access token - A developer has been asked to reduce the security risk of users who sign in to their application with username and password pairs that they use on other websites. Which Amazon Cognito user pool feature might the developer configure? - Identity tokens - Phone and email verification - Adaptive authentication - Compromised credentials check - Which statement about Amazon Cognito identity pools is true? - With an identity pool, users can obtain temporary, limited-privilege AWS credentials to access other AWS services - Identity pools replace the need for a third party identity provider - When using Amazon Cognito identity pools, a user would not also use Amazon Cognito user pools - Identity pools provide sign-up and sign-in functionality for mobile apps - A developer plans to use Amazon Cognito user pools with Amazon API Gateway. Which step is part of the user pool authentication flow with API Gateway? - A mobile app sends a request to API Gateway, and API Gateway gets JSON Web Tokens (JWTs) from the user pool - A mobile app user authenticates with a user pool, and the user pool returns JWTs to the app - The user pool validates the tokens against the identity pool - Amazon Cognito invokes the API after successfully validating the permissions Module 13 - Which option describes the philosophy of DevOps? - DevOps is about teaching development and operations teams to use the same set of tools to shorten testing and deployment cycles - DevOps is about removing barriers between development and operations functions to optimize productivity and reliability - DevOps culture is reflected in the idea of "Processes over people," which means that, with strong processes, any team member can perform any task - DevOps culture is reflected in the idea that tight coupling leads to tighter parity between development, test, and production environments - How are DevOps practices reflected in the software development lifecycle for cloud architectures? - Every phase of the software development lifecycle is automated - Developers can use continuous integration to merge code into their local repository and connect to the test environment for authentic test scenarios - With continuous delivery, developers can deploy code without the need for continuous monitoring - Infrastructure tools compare local development environments to test environments and staging environments, and report on environmental differences so that the operations team can ensure parity - How might a developer use AWS CodePipeLine in their continuous integration and continuous deployment (CI/CD) process? - Compile source code, run tests, and produce software packages that are ready to deploy - Host Git-based repositories and provide source control - Deploy to a variety of compute services - Automate the steps that are required to release software based on a release model that the developer defines - Which statement about continuous integration and continuous delivery/deployment (CI/CD) is true? - Continuous deployment reduces the risk of production bugs, but it might increase the time that it takes to deliver new features - Continuous integration requires teams to write automated tests - Continuous delivery extends all the way to production deployment without human intervention - Continuous deployment extends from check-in through production, but some manual intervention occurs after code is checked in and before that code is released to customers - A developer wants to use infrastructure as code for their Java-based web application on AWS. Which task might be part of their work? - Create an Amazon Elastic Compute Cloud (Amazon EC2) instance by using AWS CodeBuild, and use AWS CodeDeploy to automatically push the application to the EC2 instance - Create a Java AWS CloudFormation template that defines the application and database layers for the application - Create an AWS CloudFormation template with a Resources section that defines the AWS resources for the application - Use AWS CodePipeLine to create a pipeline that automates the complete release of the application - A developer wants to use a single AWS CloudFormation template for both the test and production environments. Which of the template might they use to support this approach? - Use the Transform section to define the variables that must be changed for each environment during stack creation or update - Use the Format Version section to define the parameters to be passed for each environment during stack creation or update - Use the Outputs section to define each environment that the template should create during stack creation or update - Use the Conditions section to control whether certain resources are created during stack create or update - Which statement about AWS CloudFormation stacks is true? - Deleting a stack deletes its CloudFormation template but does not delete any resources that the most recent deployment created - A CloudFormation stack is a unit of deployment - An existing stack must be deleted before deploying an updated template to modify the resource parameters of that stack - CloudFormation has some quotas that are related to the resources define in each stack, but no quotas are related to the number of stacks themselves - A developer is building their first serverless application on AWS. What must they think about differently with respect to deploying the application? - They can't replicate the production environment locally in the same way that they might with a server-based deployment - They can't use AWS CloudFormation for infrastructure as code to deploy the application - The steps to connect to the AWS Lambda server for debugging are different than those to connect to a traditional server - Serverless development tools are not integrated with other AWS development tools that are used in the deployment pipeline - How does an AWS Serverless Application Model (AWS SAM) template differ from an AWS CloudFormation template? - AWS SAM templates are written in the same language as the AWS Lambda runtime that is used in the functions that are being deployed - The Globals section is found only in AWS SAM templates - The Resources section in an AWS SAM template may only contain serverless resources - The Transform declaration is not required for AWS SAM templates - The following lines are in the Resources section of an AWS Serverless Application Model (AWS SAM) template. What would these lines create?\ Resources:\ Orders:\ Type: AWS::Serverless::SimpleTable - An AWS Lambda function that is named Orders and is connected to an Amazon DynamoDB table - An Amazon DynamoDB table that is called Orders - An API GET method that reads from the Orders table - A MySQL table that is called Orders