commit c40082b73d461ccdd2f8a7c627ebfa8ab758c63b Author: Valentin Deffaugt Date: Tue Jun 23 17:23:41 2026 +0200 First version with all questions. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e226f6a --- /dev/null +++ b/.gitignore @@ -0,0 +1,55 @@ +# Node.js dependencies +node_modules/ + +# Build output directories (Vite default) +dist/ +build/ + +# Vite cache and temporary files +.vite/ +.vitepress/cache +.vitepress/dist + +# Environment variable files +.env +.env.* +.env.*.local +.env.local + +# Log files +npm-debug.log* +yarn-debug.log* +yarn-error.log* +pnpm-debug.log* + +# OS generated files +.DS_Store +Thumbs.db + +# IDE/editor specific files +.idea/ +.vscode/ +*.suo +*.ntvs* +*.njsproj +*.sln + +# Optional npm cache directory +.npm/ + +# Optional eslint cache +.eslintcache + +# Coverage reports +coverage/ +.nyc_output/ + +# Yarn files +.yarn/ +.yarnrc.yml + +# pnpm files +.pnpm-store/ + +# Miscellaneous +*.log diff --git a/README.md b/README.md new file mode 100644 index 0000000..9deb07e --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +Questions and answers are from the following repo : [https://github.com/Ditectrev/Amazon-Web-Services-AWS-Developer-Associate-DVA-C02-Practice-Tests-Exams-Questions-Answers](https://github.com/Ditectrev/Amazon-Web-Services-AWS-Developer-Associate-DVA-C02-Practice-Tests-Exams-Questions-Answers). Explainations linked to each answers have been generated using GPT 5.4 and have not been verified. \ No newline at end of file diff --git a/index.html b/index.html new file mode 100644 index 0000000..7d0ea9b --- /dev/null +++ b/index.html @@ -0,0 +1,11 @@ + + + + + AWS Quiz + + +
+ + + \ No newline at end of file diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..491e05b --- /dev/null +++ b/package-lock.json @@ -0,0 +1,1635 @@ +{ + "name": "aws-dva-c02-exam-sample-interface", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "aws-dva-c02-exam-sample-interface", + "dependencies": { + "react": "^18.3.1", + "react-dom": "^18.3.1" + }, + "devDependencies": { + "@types/react": "^18.3.3", + "@types/react-dom": "^18.3.0", + "@vitejs/plugin-react": "^4.3.1", + "typescript": "^5.2.2", + "vite": "^5.3.1" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-validator-identifier": "^7.29.7", + "js-tokens": "^4.0.0", + "picocolors": "^1.1.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/compat-data": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/core": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.29.7", + "@babel/generator": "^7.29.7", + "@babel/helper-compilation-targets": "^7.29.7", + "@babel/helper-module-transforms": "^7.29.7", + "@babel/helpers": "^7.29.7", + "@babel/parser": "^7.29.7", + "@babel/template": "^7.29.7", + "@babel/traverse": "^7.29.7", + "@babel/types": "^7.29.7", + "@jridgewell/remapping": "^2.3.5", + "convert-source-map": "^2.0.0", + "debug": "^4.1.0", + "gensync": "^1.0.0-beta.2", + "json5": "^2.2.3", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/generator": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.29.7", + "@babel/types": "^7.29.7", + "@jridgewell/gen-mapping": "^0.3.12", + "@jridgewell/trace-mapping": "^0.3.28", + "jsesc": "^3.0.2" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.29.7", + "@babel/helper-validator-option": "^7.29.7", + "browserslist": "^4.24.0", + "lru-cache": "^5.1.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-globals": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-imports": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.29.7", + "@babel/types": "^7.29.7" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-transforms": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.29.7", + "@babel/helper-validator-identifier": "^7.29.7", + "@babel/traverse": "^7.29.7" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-plugin-utils": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-string-parser": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-option": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helpers": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/template": "^7.29.7", + "@babel/types": "^7.29.7" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/parser": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.29.7" + }, + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-self": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.29.7" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-source": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.29.7" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/template": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.29.7", + "@babel/parser": "^7.29.7", + "@babel/types": "^7.29.7" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/traverse": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.29.7", + "@babel/generator": "^7.29.7", + "@babel/helper-globals": "^7.29.7", + "@babel/parser": "^7.29.7", + "@babel/template": "^7.29.7", + "@babel/types": "^7.29.7", + "debug": "^4.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/types": { + "version": "7.29.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-string-parser": "^7.29.7", + "@babel/helper-validator-identifier": "^7.29.7" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz", + "integrity": "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.21.5.tgz", + "integrity": "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz", + "integrity": "sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.21.5.tgz", + "integrity": "sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz", + "integrity": "sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz", + "integrity": "sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz", + "integrity": "sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz", + "integrity": "sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz", + "integrity": "sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz", + "integrity": "sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz", + "integrity": "sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz", + "integrity": "sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz", + "integrity": "sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz", + "integrity": "sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz", + "integrity": "sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz", + "integrity": "sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz", + "integrity": "sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz", + "integrity": "sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz", + "integrity": "sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz", + "integrity": "sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz", + "integrity": "sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz", + "integrity": "sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.21.5", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.13", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/remapping": { + "version": "2.3.5", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "dev": true, + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.31", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@rolldown/pluginutils": { + "version": "1.0.0-beta.27", + "dev": true, + "license": "MIT" + }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.62.2.tgz", + "integrity": "sha512-6o7ZLZK+BeenkZCFNDXqpbjw9bD6nuWonvS/lwQJp7NoVVxm6p3qE7qQ5jGuBjiFsgvqjD8mZAU5oWxTmbOeOg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.62.2.tgz", + "integrity": "sha512-BaH7BllCACHoH1LguOU56UItGfUWjujlO65kS9LAodViaN4bwIKd7oeW/ZHJ/4ljr/7MIiENnNy3HJ0zXv8Zkw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.62.2.tgz", + "integrity": "sha512-v39RCCvj4He82I9sFmk+M1VZ0PLM9sfsLVikjfx2hYBNALhrrOR2D3JjQA6AhlaSOgcR+RzrKY7e1+bT6SUO/A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.62.2.tgz", + "integrity": "sha512-yl0y2vq3S3lHeuXhEdss6TWfKW8vkujImO12tn4ZkG/4oghr09LvdYm2RElVjokTQiUvDUGXLGsYeLqUMCKpGA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.62.2.tgz", + "integrity": "sha512-tT4pvt4qXD+vEoezupCWi+a1F0vvDiksiHc+PxRlYTOH1I6/X4id9jPxTP+Fg+545euaFT1jJVs4CEdHZAU1vw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.62.2.tgz", + "integrity": "sha512-6nU5F2wCW+qvCBhTn1pdIU3bzsIoF7EUwsCDRxilWGprQR6yd508YnH9+OKFCwpfS8pjZqDUmnCAr7exax0XCg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.62.2.tgz", + "integrity": "sha512-n1GJHPOvpIfhi3TmrCeh6S6URt9BFCt0KQE3qvexyGCTAKpR4Lg+eWvNZEqu7epxwus/8ElT3hacYEucm49SZg==", + "cpu": [ + "arm" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.62.2.tgz", + "integrity": "sha512-JqgflS8wEB+UXV/vS1RpRbifGBeN4D5lz8D8oOFbFZw4vedvdOgCFAjfBmIMdW3yL10XpQQ0Ambepw6MXrhOnA==", + "cpu": [ + "arm" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.62.2.tgz", + "integrity": "sha512-wnFJkogWvN4jm/hQRF2UBaeUmk20j5+DmHvoyWii2b8HJDyvz1MF2OU/6ynXt2KR63rbZLWkFpoytpdc/yBuSA==", + "cpu": [ + "arm64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.62.2.tgz", + "integrity": "sha512-HVu2bp0zhvJ8xHEV9+UUs7S90VadmBSY3LcIMvozbPo4AuMGDWlz3ymHLHZPX4hR67TKTt8Qp5PJ5RBg/i+RMQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.62.2.tgz", + "integrity": "sha512-mQqqAV8QaoSgr9I2fKDLY2BAVvmKjWoGiu/cSYQonsLvtqwEn1E4QYfnCOcp5zoEqNhsDYin1s6jx/VJmrxlZg==", + "cpu": [ + "loong64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-musl": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.62.2.tgz", + "integrity": "sha512-IxKLoxCQ2IWi6bT2akyDUBGsOImDKB+sPp4EsTmwFQ/fMwpCKm8uLSSgP/Kx/QYUgKis6SEZ5/Nlhup0DIA0PQ==", + "cpu": [ + "loong64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.62.2.tgz", + "integrity": "sha512-Mk5ha2RQSgyFfmYYLkBpPnUk8D8FriBxesO1u9O75X0mHgXL1UQcH5Itl2lurWL2tj0RxV9b9tJgipac0hRY9A==", + "cpu": [ + "ppc64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-musl": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.62.2.tgz", + "integrity": "sha512-CjvEnqJL/0/TQ3TXX3OPIJ/kmBellrWd4heXUmHeJlTnmwjKpSJzoehLaL6Xk0ZnMHBu9dZuFADNOrtjF4v+2w==", + "cpu": [ + "ppc64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.62.2.tgz", + "integrity": "sha512-1SiZbzwdkaDURsew/tSOrooKiYy7EQGT6m8ufavAi9NEyQb/6VuIxFXAL1fqa4iZe3g4NbNk4P7J32z2tw5Mgg==", + "cpu": [ + "riscv64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.62.2.tgz", + "integrity": "sha512-nQts12zJ3NQRoE6uYljOH89v7szzLDvG2JD/vsX+vGXU8w/At1GowTZ5/7qeFQ8m7L55rpR8Okugnuo5bgjy2Q==", + "cpu": [ + "riscv64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.62.2.tgz", + "integrity": "sha512-E9/ll019jhPIJgpzfZoIkBGhcz+kKNgVWYRY0zr9srBdPPFVpvOKW8VaJKUbeK+eZXyQF9ltME+Kk6affeaPgg==", + "cpu": [ + "s390x" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.62.2.tgz", + "integrity": "sha512-5BqxR/pshjey51iliyzTD5Xi3EN0aLmQ2lZ3lvefVV9c82BvrLo2/6OT55iifpWBufs6kdwWbuOKS841DrmK9A==", + "cpu": [ + "x64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.62.2.tgz", + "integrity": "sha512-uNN83XxQrRAh/w0/pmAfibcwyb6YWt4gP+dpnQKPVJshAloQ785ii8CT8ZCIxkGg9opVsvAlGhFitSm6D1Jjpg==", + "cpu": [ + "x64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openbsd-x64": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.62.2.tgz", + "integrity": "sha512-srjEIxSH3LRnJN6THczDHWQplqEMFiAJrTab0msUryh9kwNpkICf3Ea6q6MN/2cZwRFUNx5w+h6Hpi4QuHS6Zg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.62.2.tgz", + "integrity": "sha512-8hOJnxgbyObnCm5AlRA3A931xX19xq80RjVTKgJOvEKWqJruP/Uf12IbAOaDjjEXYRewwHLfmF0YRIdK3OwKWA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.62.2.tgz", + "integrity": "sha512-mmF4AY1i0hG/bLWUctUq59gtmgaSIRa3cu/A3JFRp/sCNEme2bgDEiDS22P9FbnJB8NJNF4jPJiSP5RHQpUTDg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.62.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.62.2.tgz", + "integrity": "sha512-DZgkknc6jhHrk46V25vbAM0zZkyP0nSDkJB8/dRkLTxv470dOmWDqGoEJl/9A0dFfS7yE3REOwNDxpHwSLSt0Q==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.62.2", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.62.2", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@types/babel__core": { + "version": "7.20.5", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.20.7", + "@babel/types": "^7.20.7", + "@types/babel__generator": "*", + "@types/babel__template": "*", + "@types/babel__traverse": "*" + } + }, + "node_modules/@types/babel__generator": { + "version": "7.27.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__template": { + "version": "7.4.4", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__traverse": { + "version": "7.28.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.28.2" + } + }, + "node_modules/@types/estree": { + "version": "1.0.9", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/prop-types": { + "version": "15.7.15", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/react": { + "version": "18.3.31", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/prop-types": "*", + "csstype": "^3.2.2" + } + }, + "node_modules/@types/react-dom": { + "version": "18.3.7", + "dev": true, + "license": "MIT", + "peerDependencies": { + "@types/react": "^18.0.0" + } + }, + "node_modules/@vitejs/plugin-react": { + "version": "4.7.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/core": "^7.28.0", + "@babel/plugin-transform-react-jsx-self": "^7.27.1", + "@babel/plugin-transform-react-jsx-source": "^7.27.1", + "@rolldown/pluginutils": "1.0.0-beta.27", + "@types/babel__core": "^7.20.5", + "react-refresh": "^0.17.0" + }, + "engines": { + "node": "^14.18.0 || >=16.0.0" + }, + "peerDependencies": { + "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" + } + }, + "node_modules/baseline-browser-mapping": { + "version": "2.10.38", + "dev": true, + "license": "Apache-2.0", + "bin": { + "baseline-browser-mapping": "dist/cli.cjs" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/browserslist": { + "version": "4.28.4", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "baseline-browser-mapping": "^2.10.38", + "caniuse-lite": "^1.0.30001799", + "electron-to-chromium": "^1.5.376", + "node-releases": "^2.0.48", + "update-browserslist-db": "^1.2.3" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/browserslist/node_modules/caniuse-lite": { + "version": "1.0.30001799", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001799.tgz", + "integrity": "sha512-hG1bReV+OUU+MOqK4t/ZWI0tZOyz3rqS9XuhOUz1cIcbwBKjOyJEJuw9ER5JuNyqxNk8u/JUVbGibBOL1yrjFw==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "CC-BY-4.0" + }, + "node_modules/convert-source-map": { + "version": "2.0.0", + "dev": true, + "license": "MIT" + }, + "node_modules/csstype": { + "version": "3.2.3", + "dev": true, + "license": "MIT" + }, + "node_modules/debug": { + "version": "4.4.3", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/electron-to-chromium": { + "version": "1.5.377", + "dev": true, + "license": "ISC" + }, + "node_modules/esbuild": { + "version": "0.21.5", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=12" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.21.5", + "@esbuild/android-arm": "0.21.5", + "@esbuild/android-arm64": "0.21.5", + "@esbuild/android-x64": "0.21.5", + "@esbuild/darwin-arm64": "0.21.5", + "@esbuild/darwin-x64": "0.21.5", + "@esbuild/freebsd-arm64": "0.21.5", + "@esbuild/freebsd-x64": "0.21.5", + "@esbuild/linux-arm": "0.21.5", + "@esbuild/linux-arm64": "0.21.5", + "@esbuild/linux-ia32": "0.21.5", + "@esbuild/linux-loong64": "0.21.5", + "@esbuild/linux-mips64el": "0.21.5", + "@esbuild/linux-ppc64": "0.21.5", + "@esbuild/linux-riscv64": "0.21.5", + "@esbuild/linux-s390x": "0.21.5", + "@esbuild/linux-x64": "0.21.5", + "@esbuild/netbsd-x64": "0.21.5", + "@esbuild/openbsd-x64": "0.21.5", + "@esbuild/sunos-x64": "0.21.5", + "@esbuild/win32-arm64": "0.21.5", + "@esbuild/win32-ia32": "0.21.5", + "@esbuild/win32-x64": "0.21.5" + } + }, + "node_modules/escalade": { + "version": "3.2.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/gensync": { + "version": "1.0.0-beta.2", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "license": "MIT" + }, + "node_modules/jsesc": { + "version": "3.1.0", + "dev": true, + "license": "MIT", + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/json5": { + "version": "2.2.3", + "dev": true, + "license": "MIT", + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "license": "MIT", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/lru-cache": { + "version": "5.1.1", + "dev": true, + "license": "ISC", + "dependencies": { + "yallist": "^3.0.2" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "dev": true, + "license": "MIT" + }, + "node_modules/nanoid": { + "version": "3.3.15", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/node-releases": { + "version": "2.0.48", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/picocolors": { + "version": "1.1.1", + "dev": true, + "license": "ISC" + }, + "node_modules/postcss": { + "version": "8.5.15", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.12", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/react": { + "version": "18.3.1", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dom": { + "version": "18.3.1", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.2" + }, + "peerDependencies": { + "react": "^18.3.1" + } + }, + "node_modules/react-refresh": { + "version": "0.17.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/rollup": { + "version": "4.62.2", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.9" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.62.2", + "@rollup/rollup-android-arm64": "4.62.2", + "@rollup/rollup-darwin-arm64": "4.62.2", + "@rollup/rollup-darwin-x64": "4.62.2", + "@rollup/rollup-freebsd-arm64": "4.62.2", + "@rollup/rollup-freebsd-x64": "4.62.2", + "@rollup/rollup-linux-arm-gnueabihf": "4.62.2", + "@rollup/rollup-linux-arm-musleabihf": "4.62.2", + "@rollup/rollup-linux-arm64-gnu": "4.62.2", + "@rollup/rollup-linux-arm64-musl": "4.62.2", + "@rollup/rollup-linux-loong64-gnu": "4.62.2", + "@rollup/rollup-linux-loong64-musl": "4.62.2", + "@rollup/rollup-linux-ppc64-gnu": "4.62.2", + "@rollup/rollup-linux-ppc64-musl": "4.62.2", + "@rollup/rollup-linux-riscv64-gnu": "4.62.2", + "@rollup/rollup-linux-riscv64-musl": "4.62.2", + "@rollup/rollup-linux-s390x-gnu": "4.62.2", + "@rollup/rollup-linux-x64-gnu": "4.62.2", + "@rollup/rollup-linux-x64-musl": "4.62.2", + "@rollup/rollup-openbsd-x64": "4.62.2", + "@rollup/rollup-openharmony-arm64": "4.62.2", + "@rollup/rollup-win32-arm64-msvc": "4.62.2", + "@rollup/rollup-win32-ia32-msvc": "4.62.2", + "@rollup/rollup-win32-x64-gnu": "4.62.2", + "@rollup/rollup-win32-x64-msvc": "4.62.2", + "fsevents": "~2.3.2" + } + }, + "node_modules/scheduler": { + "version": "0.23.2", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0" + } + }, + "node_modules/semver": { + "version": "6.3.1", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/typescript": { + "version": "5.9.3", + "dev": true, + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.2.3", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "escalade": "^3.2.0", + "picocolors": "^1.1.1" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/vite": { + "version": "5.4.21", + "dev": true, + "license": "MIT", + "dependencies": { + "esbuild": "^0.21.3", + "postcss": "^8.4.43", + "rollup": "^4.20.0" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^18.0.0 || >=20.0.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^18.0.0 || >=20.0.0", + "less": "*", + "lightningcss": "^1.21.0", + "sass": "*", + "sass-embedded": "*", + "stylus": "*", + "sugarss": "*", + "terser": "^5.4.0" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + } + } + }, + "node_modules/yallist": { + "version": "3.1.1", + "dev": true, + "license": "ISC" + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..35e2eaf --- /dev/null +++ b/package.json @@ -0,0 +1,20 @@ +{ + "name": "aws-dva-c02-exam-sample-interface", + "private": true, + "type": "module", + "scripts": { + "start": "vite", + "build": "tsc && vite build" + }, + "dependencies": { + "react": "^18.3.1", + "react-dom": "^18.3.1" + }, + "devDependencies": { + "@types/react": "^18.3.3", + "@types/react-dom": "^18.3.0", + "@vitejs/plugin-react": "^4.3.1", + "typescript": "^5.2.2", + "vite": "^5.3.1" + } +} \ No newline at end of file diff --git a/src/MarkdownText.tsx b/src/MarkdownText.tsx new file mode 100644 index 0000000..1fb02cc --- /dev/null +++ b/src/MarkdownText.tsx @@ -0,0 +1,68 @@ +import React from 'react'; + +interface MarkdownTextProps { + text: string; +} + +export default function MarkdownText({ text }: MarkdownTextProps) { + if (!text) return null; + + // Split text by code blocks: ```code``` + const blocks = text.split(/(```[\s\S]*?```)/g); + + return ( + <> + {blocks.map((block, index) => { + if (block.startsWith('```') && block.endsWith('```')) { + // Extract the actual code inside the backticks + const codeContent = block.slice(3, -3).replace(/^(typescript|json|javascript|yaml|bash)\n/, ''); + return ( +
+              {codeContent.trim()}
+            
+ ); + } + + // Handle inline code `like this` inside normal sentences + const inlineParts = block.split(/(`[^`\n]+`)/g); + return ( + + {inlineParts.map((part, pIdx) => { + if (part.startsWith('`') && part.endsWith('`')) { + return ( + + {part.slice(1, -1)} + + ); + } + return part; + })} + + ); + })} + + ); +} + +const styles = { + codeBlock: { + backgroundColor: '#1e1e1e', + color: '#d4d4d4', + padding: '12px', + borderRadius: '6px', + overflowX: 'auto' as const, + fontFamily: 'Consolas, Monaco, "Andale Mono", monospace', + fontSize: '0.9rem', + lineHeight: '1.4', + margin: '10px 0', + border: '1px solid #333' + }, + inlineCode: { + backgroundColor: '#f1f1f1', + color: '#a31515', + padding: '2px 6px', + borderRadius: '4px', + fontFamily: 'monospace', + fontSize: '0.95rem' + } +}; \ No newline at end of file diff --git a/src/QuizApp.tsx b/src/QuizApp.tsx new file mode 100644 index 0000000..e3c50c8 --- /dev/null +++ b/src/QuizApp.tsx @@ -0,0 +1,226 @@ +import React, { useState } from 'react'; +import { QuizQuestion, UserSubmission } from './types'; +import ReviewResults from './ReviewResults'; + +import quizData from './questions.json'; +import MarkdownText from './MarkdownText'; +const allQuestions: QuizQuestion[] = quizData as unknown as QuizQuestion[]; + + +function getRandomizedQuestions(questions: QuizQuestion[]): QuizQuestion[] { + let shuffled = [...questions].sort(() => Math.random() - 0.5); + return shuffled + .map(q => ({ + ...q, + possible_answers: [...q.possible_answers].sort(() => Math.random() - 0.5) + })) + .slice(0, 40); +} + +export default function QuizApp() { + const [questions, setQuestions] = useState(null); + const [currentIndex, setCurrentIndex] = useState(0); + const [selectedLabels, setSelectedLabels] = useState([]); + const [confirmedAnswers, setConfirmedAnswers] = useState<{ [key: number]: string[] }>({}); + const [submission, setSubmission] = useState(null); + const [forceReviewMode, setForceReviewMode] = useState(false); + + // If user clicked the button to jump straight to Review/Upload interface + if (forceReviewMode) { + // Build an empty dummy submission object so ReviewResults loads its uploader interface cleanly + const dummySubmission: UserSubmission = { + timestamp: new Date().toISOString(), + score: 0, + totalQuestions: 0, + results: [] + }; + return ( + setSubmission(imported)} + onReset={() => { + setForceReviewMode(false); + handleReset(); + }} + /> + ); + } + + if (!questions) { + const randomizedQuestions = getRandomizedQuestions(allQuestions); + setQuestions(randomizedQuestions); + return ( +
+
Loading quiz...
+ +
+ ); + } + const currentQuestion = questions[currentIndex]; + + // Detect if question has multiple correct options + const correctCount = currentQuestion?.possible_answers.filter(a => a.is_correct).length || 0; + const isMultipleChoice = correctCount > 1; + + const handleOptionToggle = (label: string) => { + if (isMultipleChoice) { + setSelectedLabels(prev => + prev.includes(label) ? prev.filter(l => l !== label) : [...prev, label] + ); + } else { + setSelectedLabels([label]); + } + }; + + const handleConfirm = () => { + setConfirmedAnswers(prev => ({ ...prev, [currentIndex]: selectedLabels })); + + if (currentIndex + 1 < questions.length) { + setCurrentIndex(prev => prev + 1); + setSelectedLabels([]); + } else { + processFinalResults({ ...confirmedAnswers, [currentIndex]: selectedLabels }); + } + }; + + // Stop the quiz immediately and process whatever answers are ready + const handleStopQuiz = () => { + if (window.confirm("Are you sure you want to stop the quiz? Your current answers will be saved.")) { + // Include currently selected choice on screen if it exists + const finalAnswersState = { ...confirmedAnswers }; + if (selectedLabels.length > 0) { + finalAnswersState[currentIndex] = selectedLabels; + } + processFinalResults(finalAnswersState); + } + }; + + const processFinalResults = (finalAnswers: { [key: number]: string[] }) => { + let score = 0; + const totalQuestions = Object.keys(finalAnswers).length; + + // FIX: Changed currentIndex to currentIndex + 1 to include the last/current item + const results = questions.slice(0, currentIndex + 1).map((q, idx) => { + const userLabels = finalAnswers[idx] || []; + const correctLabels = q.possible_answers.filter(a => a.is_correct).map(a => a.label); + + const isCorrect = + userLabels.length === correctLabels.length && + userLabels.every(l => correctLabels.includes(l)); + + if (isCorrect) score += 1; + + return { + question: q.question, + selectedLabels: userLabels, + possible_answers: q.possible_answers + }; + }); + + const finalSubmission: UserSubmission = { + timestamp: new Date().toISOString(), + score, + totalQuestions, + results + }; + + setSubmission(finalSubmission); + downloadSubmissionFile(finalSubmission); + }; + + const downloadSubmissionFile = (data: UserSubmission) => { + const filename = `submission_${new Date().toISOString().replace(/[:.]/g, '-')}.json`; + const blob = new Blob([JSON.stringify(data, null, 2)], { type: 'application/json' }); + const url = URL.createObjectURL(blob); + const link = document.createElement('a'); + link.href = url; + link.download = filename; + document.body.appendChild(link); + link.click(); + document.body.removeChild(link); + }; + + const handleReset = () => { + setQuestions(null); + setCurrentIndex(0); + setSelectedLabels([]); + setConfirmedAnswers({}); + setSubmission(null); + }; + + if (submission) { + return ; + } + + return ( +
+
+ Question {currentIndex + 1} of {questions.length} + {isMultipleChoice && Multiple choices available} + +
+ +

+ +

+ +
+ {currentQuestion.possible_answers.map((answer, index) => { + const isSelected = selectedLabels.includes(answer.label); + let btnStyle = { ...styles.optionButton }; + if (isSelected) { + btnStyle.backgroundColor = '#e7f1ff'; + btnStyle.borderColor = '#b3d7ff'; + } + + return ( + + ); + })} +
+ + + + {/* Stop Quiz Action */} + +
+ ); +} + +const styles: { [key: string]: React.CSSProperties } = { + container: { maxWidth: '600px', margin: '40px auto', fontFamily: 'system-ui, sans-serif', padding: '20px', border: '1px solid #ccc', borderRadius: '8px', backgroundColor: '#fff', boxShadow: '0 2px 10px rgba(0,0,0,0.1)' }, + header: { display: 'flex', justifyContent: 'space-between', alignItems: 'center', fontSize: '0.9rem', color: '#666', borderBottom: '1px solid #eee', paddingBottom: '10px', marginBottom: '20px', gap: '10px' }, + badge: { backgroundColor: '#fff3cd', color: '#856404', padding: '4px 8px', borderRadius: '4px', fontWeight: 'bold', fontSize: '0.8rem' }, + questionText: { fontSize: '1.2rem', lineHeight: '1.5', marginBottom: '20px' }, + optionsContainer: { display: 'flex', flexDirection: 'column', gap: '10px' }, + optionButton: { padding: '12px 16px', fontSize: '1rem', textAlign: 'left', cursor: 'pointer', backgroundColor: '#f9f9f9', border: '1px solid #ddd', borderRadius: '4px', display: 'flex', alignItems: 'center' }, + button: { marginTop: '20px', padding: '12px 24px', backgroundColor: '#28a745', color: 'white', border: 'none', borderRadius: '4px', cursor: 'pointer', fontSize: '1rem', width: '100%' } +}; \ No newline at end of file diff --git a/src/ReviewResults.tsx b/src/ReviewResults.tsx new file mode 100644 index 0000000..0de4c54 --- /dev/null +++ b/src/ReviewResults.tsx @@ -0,0 +1,163 @@ +import React, { ChangeEvent } from 'react'; +import { UserSubmission } from './types'; +import MarkdownText from './MarkdownText'; + +interface ReviewResultsProps { + submission: UserSubmission; + onImport: (submission: UserSubmission) => void; + onReset: () => void; +} + +export default function ReviewResults({ submission, onImport, onReset }: ReviewResultsProps) { + + const handleFileUpload = (e: ChangeEvent) => { + const file = e.target.files?.[0]; + if (!file) return; + + const reader = new FileReader(); + reader.onload = (event) => { + try { + const parsed = JSON.parse(event.target?.result as string) as UserSubmission; + if (parsed.timestamp && Array.isArray(parsed.results)) { + onImport(parsed); + } else { + alert("Invalid submission file format."); + } + } catch (err) { + alert("Error parsing JSON file."); + } + }; + reader.readAsText(file); + }; + + return ( +
+
+ + +
+ +
+ +

Quiz Review

+

+ Submitted at: {new Date(submission.timestamp).toLocaleString()} +

+

+ Final Score: {submission.score} / {submission.totalQuestions} +

+ + {/* Color & Icon Legend */} +
+
+ + + Answered and correct +
+
+ + + Answered but incorrect +
+
+ 💡 + + Didn't answer but correct +
+
+ + {submission.results.map((item, qIdx) => { + const correctAnswers = item.possible_answers.filter(a => a.is_correct); + const correctLabels = correctAnswers.map(a => a.label); + const isUserCorrect = + item.selectedLabels.length === correctLabels.length && + item.selectedLabels.every(l => correctLabels.includes(l)); + + return ( +
+

+ Q{qIdx + 1}: +

+ +
+ {item.possible_answers.map((ans, aIdx) => { + const wasSelected = item.selectedLabels.includes(ans.label); + + let rowBg = '#ffffff'; + let borderColor = '#cccccc'; + let textColor = '#212529'; + let icon = '🔲'; // Default unselected icon + + if (wasSelected && ans.is_correct) { + // Green : answered and is correct -> Checkmark + rowBg = '#d1e7dd'; + borderColor = '#0f5132'; + textColor = '#0f5132'; + icon = '✅'; + } else if (wasSelected && !ans.is_correct) { + // Red : answered but is incorrect -> Cross + rowBg = '#f8d7da'; + borderColor = '#842029'; + textColor = '#842029'; + icon = '❌'; + } else if (!wasSelected && ans.is_correct) { + // Yellow : didn't answer but is correct -> Light Bulb + rowBg = '#fff3cd'; + borderColor = '#664d03'; + textColor = '#664d03'; + icon = '💡'; + } + + return ( +
+ {icon} + + + +
+ ); + })} +
+ +
+ Explanations: + {item.possible_answers.map((ans, idx) => ( +

+ : +

+ ))} +
+
+ ); + })} + + +
+ ); +} + +const styles: { [key: string]: React.CSSProperties } = { + container: { maxWidth: '700px', margin: '40px auto', fontFamily: 'system-ui, sans-serif', padding: '20px', border: '1px solid #ccc', borderRadius: '8px', backgroundColor: '#fff' }, + uploadSection: { padding: '15px', backgroundColor: '#f8f9fa', borderRadius: '6px', border: '1px dashed #ccc' }, + legendContainer: { display: 'flex', flexDirection: 'column', gap: '8px', padding: '12px', backgroundColor: '#f8f9fa', borderRadius: '6px', fontSize: '0.85rem', color: '#333', marginBottom: '15px' }, + legendBadge: { width: '16px', height: '16px', borderRadius: '4px', display: 'inline-block' }, + reviewCard: { padding: '15px', margin: '20px 0', backgroundColor: '#fafafa', borderRadius: '4px', boxShadow: '0 1px 3px rgba(0,0,0,0.05)' }, + explanationBox: { marginTop: '12px', padding: '10px', backgroundColor: '#e9ecef', borderRadius: '4px' }, + button: { marginTop: '15px', padding: '10px 20px', backgroundColor: '#007bff', color: 'white', border: 'none', borderRadius: '4px', cursor: 'pointer' } +}; \ No newline at end of file diff --git a/src/main.tsx b/src/main.tsx new file mode 100644 index 0000000..e530e01 --- /dev/null +++ b/src/main.tsx @@ -0,0 +1,9 @@ +import React from 'react' +import ReactDOM from 'react-dom/client' +import QuizApp from './QuizApp' + +ReactDOM.createRoot(document.getElementById('root')!).render( + + + , +) \ No newline at end of file diff --git a/src/questions.json b/src/questions.json new file mode 100644 index 0000000..b06e735 --- /dev/null +++ b/src/questions.json @@ -0,0 +1,9512 @@ +[ + { + "question": "Which of the following are good use cases for how Amazon ElastiCache can help an application? (Select TWO)", + "possible_answers": [ + { + "label": "Improve the performance of S3 PUT operations", + "is_correct": false, + "explaination": "ElastiCache is an in-memory caching service for application data, not a service that accelerates Amazon S3 write APIs." + }, + { + "label": "Improve the latency of deployments performed by AWS CodeDeploy", + "is_correct": false, + "explaination": "CodeDeploy deployment speed is unrelated to ElastiCache. ElastiCache is used for caching data and reducing backend load." + }, + { + "label": "Improve latency and throughput for read-heavy application workloads", + "is_correct": true, + "explaination": "This is a primary ElastiCache use case. Frequently accessed data can be served from memory, reducing latency and backend database load." + }, + { + "label": "Reduce the time required to merge AWS CodeCommit branches", + "is_correct": false, + "explaination": "CodeCommit branch merges are source control operations and are not improved by a caching layer like ElastiCache." + }, + { + "label": "Improve performance of compute-intensive applications", + "is_correct": true, + "explaination": "ElastiCache can improve performance for compute-intensive applications by caching reusable intermediate results or frequently accessed data, reducing repeated expensive computations." + } + ] + }, + { + "question": "Which of the following services are key/value stores? (Choose 3 answers)", + "possible_answers": [ + { + "label": "Amazon ElastiCache", + "is_correct": true, + "explaination": "ElastiCache supports in-memory key/value patterns through engines such as Redis and Memcached." + }, + { + "label": "Simple Notification Service", + "is_correct": false, + "explaination": "SNS is a pub/sub messaging service, not a key/value data store." + }, + { + "label": "DynamoDB", + "is_correct": true, + "explaination": "DynamoDB is a NoSQL database that supports key/value and document data models." + }, + { + "label": "Simple Workflow Service", + "is_correct": false, + "explaination": "SWF is a workflow orchestration service, not a key/value store." + }, + { + "label": "Simple Storage Service", + "is_correct": true, + "explaination": "Amazon S3 stores objects addressed by keys within buckets, so it can be considered a large-scale key/object store." + } + ] + }, + { + "question": "A developer wants to send multi-value headers to an AWS Lambda function that is registered as a target with an Application Load Balancer (ALB). What should the developer do to achieve this?", + "possible_answers": [ + { + "label": "Place the Lambda function and target group in the same account", + "is_correct": false, + "explaination": "Account placement is not the mechanism that enables multi-value headers." + }, + { + "label": "Send the request body to the Lambda function with a size less than 1 MB 0", + "is_correct": false, + "explaination": "Request size limits are unrelated to support for multi-value headers." + }, + { + "label": "Include the Base64 encoding status status code, status description, and headers in the Lambda function", + "is_correct": false, + "explaination": "That relates to response formatting, not enabling multi-value header support from ALB." + }, + { + "label": "Enable the multi-value headers on the ALB", + "is_correct": true, + "explaination": "ALB must be configured to pass multi-value headers so the Lambda target can receive repeated header values correctly." + } + ] + }, + { + "question": "A company's ecommerce website is experiencing massive traffic spikes, which are causing performance problems in the company database. Users are reporting that accessing the website takes a long time. A developer wants to implement a caching layer using Amazon ElastiCache. The website is required to be responsive no matter which product a user views, and the updates to product information and prices must be strongly consistent. Which cache writing policy will satisfy these requirements?", + "possible_answers": [ + { + "label": "Write to the cache directly and sync the backend at a later time", + "is_correct": false, + "explaination": "This can improve speed, but it risks stale or lost data and does not guarantee strong consistency." + }, + { + "label": "Write to the backend first and wait for the cache to expire", + "is_correct": false, + "explaination": "Waiting for TTL expiration can leave stale values in cache for too long, which breaks strong consistency requirements." + }, + { + "label": "Write to the cache and the backend at the same time", + "is_correct": false, + "explaination": "Dual writes can still create synchronization problems if one write succeeds and the other fails." + }, + { + "label": "Write to the backend first and invalidate the cache", + "is_correct": true, + "explaination": "This preserves the database as the source of truth and removes stale cached data immediately so future reads fetch fresh data." + } + ] + }, + { + "question": "A Developer wants to upload data to Amazon S3 and must encrypt the data in transit. Which of the following solutions will accomplish this task? (Choose TWO)", + "possible_answers": [ + { + "label": "Set up hardware VPN tunnels to a VPC and access S3 through a VPC endpoint", + "is_correct": false, + "explaination": "While private connectivity can be useful, this option does not directly represent the standard answer for ensuring encryption in transit to S3." + }, + { + "label": "Set up Client-Side Encryption with an AWS KMS-Managed Customer Master Key", + "is_correct": true, + "explaination": "Client-side encryption encrypts data before upload, so the data is protected as it travels to S3." + }, + { + "label": "Set up Server-Side Encryption with AWS KMS-Managed Keys", + "is_correct": false, + "explaination": "SSE-KMS protects data at rest in S3, not specifically in transit between client and S3." + }, + { + "label": "Transfer the data over an SSL connection", + "is_correct": true, + "explaination": "Using SSL/TLS encrypts the data while it is in transit to Amazon S3." + }, + { + "label": "Set up Server-Side Encryption with S3-Managed Keys", + "is_correct": false, + "explaination": "SSE-S3 encrypts data after it reaches S3, so it does not satisfy the in-transit encryption requirement by itself." + } + ] + }, + { + "question": "A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application. Which type of encryption meets these requirements?", + "possible_answers": [ + { + "label": "Server-side encryption using S3-managed keys", + "is_correct": false, + "explaination": "SSE-S3 is simple and fast, but it does not provide the detailed audit trail of key usage that KMS provides." + }, + { + "label": "Server-side encryption with AWS KMS-managed keys", + "is_correct": true, + "explaination": "SSE-KMS provides server-side encryption with auditability through AWS KMS and AWS CloudTrail, while offloading encryption work from the application." + }, + { + "label": "Client-side encryption with a client-side symmetric master key", + "is_correct": false, + "explaination": "Client-side encryption increases application-side responsibility and can affect performance, while also complicating auditing." + }, + { + "label": "Client-side encryption with AWS KMS-managed keys", + "is_correct": false, + "explaination": "Although KMS can help with auditing here, client-side encryption still adds encryption work to the application and may affect performance." + } + ] + }, + { + "question": "An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C. What is the MOST secure way to allow the application to call AWS services in each audited account?", + "possible_answers": [ + { + "label": "Configure cross-account roles in each audited account. Write code in Account A that assumes those roles", + "is_correct": true, + "explaination": "Cross-account IAM roles with STS AssumeRole are the standard secure method for temporary delegated access across AWS accounts." + }, + { + "label": "Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions", + "is_correct": false, + "explaination": "This does not address secure API access from one account into another." + }, + { + "label": "Deploy an application in each audited account with its own role. Have Account A authenticate with the application", + "is_correct": false, + "explaination": "This adds complexity and extra attack surface compared to simply assuming roles directly." + }, + { + "label": "Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys", + "is_correct": false, + "explaination": "Long-lived access keys across accounts are less secure and harder to manage than temporary credentials from assumed roles." + } + ] + }, + { + "question": "A company uses a third-party tool to build, bundle, and package rts applications on-premises and store them locally. The company uses Amazon EC2 instances to run its front-end applications. How can an application be deployed from the source control system onto the EC2 instances?", + "possible_answers": [ + { + "label": "Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle m a zip. tar. or tar.gz format", + "is_correct": false, + "explaination": "CodeDeploy expects the revision to come from supported sources such as Amazon S3 or GitHub, not arbitrary local storage." + }, + { + "label": "Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy", + "is_correct": true, + "explaination": "CodeDeploy commonly deploys application bundles stored in S3 to EC2 instances." + }, + { + "label": "Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances", + "is_correct": false, + "explaination": "CodeCommit alone is a source repository and does not directly deploy packaged local build artifacts to EC2." + }, + { + "label": "Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances", + "is_correct": false, + "explaination": "CodeBuild builds artifacts but is not the deployment mechanism to EC2 instances." + } + ] + }, + { + "question": "A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be encrypted. What should a developer do to ensure the data is encrypted on disk without impacting performance?", + "possible_answers": [ + { + "label": "Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data", + "is_correct": true, + "explaination": "EBS encryption is built into the service and provides encryption at rest with minimal operational overhead and no meaningful application changes." + }, + { + "label": "Add logic to write all data to an encrypted Amazon S3 bucket", + "is_correct": false, + "explaination": "This changes the storage design and does not directly address encrypting data on the attached disks." + }, + { + "label": "Add a custom encryption algorithm to the application that will encrypt and decrypt all data", + "is_correct": false, + "explaination": "Custom application encryption adds complexity and may impact performance." + }, + { + "label": "Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks", + "is_correct": false, + "explaination": "Ephemeral disks are not the required attached EBS storage, and encrypting only the root volume does not ensure all application data disks are protected." + } + ] + }, + { + "question": "A global company has an application running on Amazon EC2 instances that serves image files from Amazon S3. User requests from the browser are causing high traffic, which results in degraded performance. Which optimization solution should a Developer implement to increase application performance?", + "possible_answers": [ + { + "label": "Create multiple prefix in the S3 bucket to increase the request rate", + "is_correct": false, + "explaination": "Although prefix design can affect request distribution, the best performance improvement for global image delivery is using a CDN." + }, + { + "label": "Create an Amazon ElastiCache cluster to cache and serve frequently accessed items", + "is_correct": false, + "explaination": "ElastiCache is not the standard choice for globally distributing static image content from S3." + }, + { + "label": "Use Amazon CloudFront to serve the content of images stored in Amazon S3", + "is_correct": true, + "explaination": "CloudFront caches content at edge locations close to users, reducing latency and offloading repeated requests from the origin." + }, + { + "label": "Submit a ticket to AWS support to request a rate limit increase for the S3 bucket", + "is_correct": false, + "explaination": "This does not solve the latency and global delivery optimization problem as effectively as CloudFront." + } + ] + }, + { + "question": "An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket. Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?", + "possible_answers": [ + { + "label": "Use the default AWS KMS customer master key for S3 in the Lambda function code", + "is_correct": false, + "explaination": "Just referencing the key is not enough to perform client-side encryption before upload." + }, + { + "label": "Use the S3 managed key and call the `GenerateDataKey` API to encrypt the file", + "is_correct": false, + "explaination": "S3-managed keys are for server-side encryption and are not used with KMS GenerateDataKey calls." + }, + { + "label": "Use the `GenerateDataKey` API, then use that data key to encrypt the file in the Lambda function code", + "is_correct": true, + "explaination": "This is the proper KMS envelope encryption pattern for encrypting data client-side before uploading it to S3." + }, + { + "label": "Use a custom KMS customer master key created for S3 in the Lambda function code", + "is_correct": false, + "explaination": "Using a CMK alone does not describe the required client-side encryption process." + } + ] + }, + { + "question": "Company D is running their corporate website on Amazon S3 accessed from `http://www.companyd.com`. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint `https://s3-us-west-1.amazonaws.com/cdfonts`. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser. What should Company D do to prevent the web fonts from being blocked by the browser?", + "possible_answers": [ + { + "label": "Enable versioning on the cdfonts bucket for each web font", + "is_correct": false, + "explaination": "Versioning helps preserve object versions, but it does not resolve browser cross-origin restrictions." + }, + { + "label": "Create a policy on the cdfonts bucket to enable access to everyone", + "is_correct": false, + "explaination": "Public access alone does not satisfy browser CORS requirements for cross-origin font loading." + }, + { + "label": "Add the `Content-MD5` header to the request for webfonts in the cdfonts bucket from the website", + "is_correct": false, + "explaination": "Content-MD5 is unrelated to browser CORS behavior." + }, + { + "label": "Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration", + "is_correct": true, + "explaination": "Browsers enforce CORS for cross-origin font requests, so the S3 bucket must explicitly allow the requesting origin." + } + ] + }, + { + "question": "A developer must extend an existing application that is based on the AWS Serverless Application Model (AWS SAM). The developer has used the AWS SAM CLI to create the project. The project contains different AWS Lambda functions. Which combination of commands must the developer use to redeploy the AWS SAM application? (Select TWO)", + "possible_answers": [ + { + "label": "`sam init`", + "is_correct": false, + "explaination": "sam init is used to create a new SAM project, not to redeploy an existing application." + }, + { + "label": "`sam validate`", + "is_correct": false, + "explaination": "Validation is useful, but it is not one of the required commands to actually redeploy the application." + }, + { + "label": "`sam build`", + "is_correct": true, + "explaination": "sam build prepares the application artifacts and dependencies for deployment." + }, + { + "label": "`sam deploy`", + "is_correct": true, + "explaination": "sam deploy uploads artifacts as needed and deploys the serverless application stack." + }, + { + "label": "`sam publish`", + "is_correct": false, + "explaination": "sam publish is for publishing to the Serverless Application Repository, not standard redeployment." + } + ] + }, + { + "question": "An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments of new application versions, resulting in service degradation for users. The Development team believes that this is because of the reduction in capacity during the deployment steps. The team would like to change the deployment policy configuration of the environment to an option that maintains full capacity during deployment while using the existing instances. Which deployment policy will meet these requirements while using the existing instances?", + "possible_answers": [ + { + "label": "All at once", + "is_correct": false, + "explaination": "All at once updates all instances simultaneously and can cause downtime or major disruption." + }, + { + "label": "Rolling", + "is_correct": false, + "explaination": "Rolling deployments update instances in batches, which reduces available capacity during the deployment." + }, + { + "label": "Rolling with additional batch", + "is_correct": true, + "explaination": "This deployment policy temporarily adds an extra batch of instances so full capacity is maintained while existing instances are updated." + }, + { + "label": "Immutable", + "is_correct": false, + "explaination": "Immutable maintains availability well, but it relies on launching a new Auto Scaling group rather than updating using the existing instances." + } + ] + }, + { + "question": "A Developer is creating an application that needs to locate the public IPv4 address of the Amazon EC2 instance on which it runs. How can the application locate this information?", + "possible_answers": [ + { + "label": "Get the instance metadata by retrieving `http://169.254.169.254/latest/metadata/`", + "is_correct": true, + "explaination": "The EC2 instance metadata service provides instance-specific information, including networking details such as the public IPv4 address." + }, + { + "label": "Get the instance user data by retrieving `http://169.254.169.254/latest/userdata/`", + "is_correct": false, + "explaination": "User data is custom launch-time configuration, not dynamic instance networking metadata." + }, + { + "label": "Get the application to run `IFCONFIG` to get the public IP address", + "is_correct": false, + "explaination": "ifconfig typically shows local interface information and is not the reliable AWS method for retrieving the EC2 public IP." + }, + { + "label": "Get the application to run `IPCONFIG` to get the public IP address", + "is_correct": false, + "explaination": "ipconfig is not the appropriate cross-platform AWS-specific mechanism and generally does not provide the public cloud-assigned IP." + } + ] + }, + { + "question": "The development team is working on an API that will be served from Amazon API gateway. The API will be served from three environments: development, test, and production. The API Gateway is configured to use 237 GB of cache in all three stages. Which is the MOST cost-efficient deployment strategy?", + "possible_answers": [ + { + "label": "Create a single API Gateway with all three stages", + "is_correct": false, + "explaination": "This does not by itself reduce cache costs if all stages still keep large caches enabled." + }, + { + "label": "Create three API Gateways, one for each stage in a single AWS account", + "is_correct": false, + "explaination": "Separate APIs do not inherently improve cost efficiency and may increase management overhead." + }, + { + "label": "Create an API Gateway in three separate AWS accounts", + "is_correct": false, + "explaination": "This adds administrative complexity and does not solve unnecessary cache usage costs." + }, + { + "label": "Enable the cache for development and test environments only when needed", + "is_correct": true, + "explaination": "API Gateway cache is billed while enabled, so disabling cache in non-production stages except when actively needed is the most cost-efficient strategy." + } + ] + }, + { + "question": "A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read-heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries. How can this objective be met?", + "possible_answers": [ + { + "label": "Add database retries to effectively use RDS with vertical scaling", + "is_correct": false, + "explaination": "Retries do not improve read scalability or read performance for a read-heavy workload." + }, + { + "label": "Use RDS with multi-AZ deployment", + "is_correct": false, + "explaination": "Multi-AZ improves availability and failover, but it does not provide a read scaling endpoint for application queries." + }, + { + "label": "Add a connection string to use an RDS read replica for read queries", + "is_correct": true, + "explaination": "Read replicas are specifically designed to offload and scale read traffic from the primary RDS instance." + }, + { + "label": "Add a connection string to use a read replica on an EC2 instance", + "is_correct": false, + "explaination": "Self-managed replicas on EC2 add operational burden and are not the preferred RDS-native solution." + } + ] + }, + { + "question": "A developer needs to modify an application architecture to meet new functional requirements. Application data is stored in Amazon DynamoDB and processed for analysis in a nightly batch. The system analysts do not want to wait unit the next day to view the processed data and have asked to have it available in near-real time. Which application architect pattern would enables the data to be processed as it is received?", + "possible_answers": [ + { + "label": "Event driven", + "is_correct": true, + "explaination": "An event-driven architecture allows data changes to trigger immediate downstream processing instead of waiting for scheduled batch jobs." + }, + { + "label": "Client served driven", + "is_correct": false, + "explaination": "This is not a standard architectural pattern for near-real-time stream processing." + }, + { + "label": "Fan-out driven", + "is_correct": false, + "explaination": "Fan-out is a messaging pattern that may be part of a solution, but the broader architectural answer is event driven." + }, + { + "label": "Schedule driven", + "is_correct": false, + "explaination": "Scheduled processing is the batch-style approach that the analysts are trying to avoid." + } + ] + }, + { + "question": "A developer has built an application that inserts data into an Amazon DynamoDB table. The table is configured to use provisioned capacity. The application is deployed on a burstable nano Amazon EC2 Instance. The application logs show that the application has been failing because of a `ProvisionedThroughputExceedException` error. Which actions should the developer take to resolve this issue? (Choose two.)", + "possible_answers": [ + { + "label": "Move the application to a larger EC instance", + "is_correct": false, + "explaination": "The error comes from DynamoDB throughput limits, not EC2 instance size." + }, + { + "label": "Increase the number or read capacity units (RCUs) that are provisioned for the DynamoDB table", + "is_correct": false, + "explaination": "The workload is inserting data, so read capacity is not the main issue described here." + }, + { + "label": "Reduce the frequency of requests to DynamoDB by implement ng exponential backoff", + "is_correct": true, + "explaination": "Exponential backoff is the recommended way to handle throttling and reduce repeated immediate retries." + }, + { + "label": "Increase the frequency of requests to DynamoDB by decreasing the retry delay", + "is_correct": false, + "explaination": "This would worsen throttling by increasing request pressure." + }, + { + "label": "Change the capacity mode of the DynamoDB table from provisioned to on-demand", + "is_correct": true, + "explaination": "On-demand capacity mode automatically adapts to variable workloads and can reduce throttling caused by unpredictable traffic spikes." + } + ] + }, + { + "question": "A software company needs to make sure user-uploaded documents are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3. The company does not want to manage the security infrastructure in-house, but the company still needs extra protection to ensure it has control over its encryption keys due to industry regulations. Which encryption strategy should a developer use to meet these requirements?", + "possible_answers": [ + { + "label": "Server-side encryption with Amazon S3 managed keys (SSE-S3)", + "is_correct": false, + "explaination": "SSE-S3 is fully managed by AWS, but it does not provide the same customer control over keys as KMS." + }, + { + "label": "Server-side encryption with customer-provided encryption keys (SSE-C)", + "is_correct": false, + "explaination": "SSE-C gives customer control, but it requires the customer to manage and provide keys, which conflicts with the desire to avoid managing security infrastructure." + }, + { + "label": "Server-side encryption with AWS KMS managed keys (SSE-KMS)", + "is_correct": true, + "explaination": "SSE-KMS provides encryption at rest in S3 with customer control over KMS keys, while AWS manages the service infrastructure." + }, + { + "label": "Client-side encryption", + "is_correct": false, + "explaination": "Client-side encryption gives strong control, but it places more key management and encryption responsibility on the company." + } + ] + }, + { + "question": "An application uses Amazon Kinesis Data Streams to ingest and process large streams of data records in real time. Amazon EC2 instances consume and process the data from the shards of the Kinesis data stream by using Amazon Kinesis Client Library (KCL). The application handles the failure scenarios and does not require standby workers. The application reports that a specific shard is receiving more data than expected. To adapt to the changes in the rate of data flow, the `hot` shard is resharded. Assuming that the initial number of shards in the Kinesis data stream is 4, and after resharding the number of shards increased to 6, what is the maximum number of EC2 instances that can be deployed to process data from all the shards?", + "possible_answers": [ + { + "label": "12", + "is_correct": false, + "explaination": "With KCL, only one worker can process a given shard at a time. Having more than one instance per shard does not increase shard processing concurrency." + }, + { + "label": "6", + "is_correct": true, + "explaination": "KCL assigns one record processor per shard. After resharding to 6 shards, the maximum useful number of EC2 instances actively processing data is 6." + }, + { + "label": "4", + "is_correct": false, + "explaination": "The stream started with 4 shards, but after resharding there are now 6 shards to process." + }, + { + "label": "1", + "is_correct": false, + "explaination": "A single instance could process all shards, but it is not the maximum number of instances that can process shards concurrently." + } + ] + }, + { + "question": "A gaming company is developing a mobile game application for iOS® and Android® platforms. This mobile game securely stores user data locally on the device. The company wants to allow users to use multiple device for the game, which requires user data synchronization across device.Which service should be used to synchronize user data across devices without the need to create a backend application?", + "possible_answers": [ + { + "label": "AWS Lambda", + "is_correct": false, + "explaination": "Lambda can run backend logic, but it does not by itself provide managed cross-device synchronization for mobile user data." + }, + { + "label": "Amazon S3", + "is_correct": false, + "explaination": "S3 can store objects, but it does not provide device identity-aware sync functionality out of the box." + }, + { + "label": "Amazon DynamoDB", + "is_correct": false, + "explaination": "DynamoDB is a database, but by itself it does not provide the simplest managed device sync feature for mobile identities." + }, + { + "label": "Amazon Cognito", + "is_correct": true, + "explaination": "Amazon Cognito can synchronize user data across devices without requiring the company to build and manage its own backend synchronization service." + } + ] + }, + { + "question": "A Developer is making changes to a custom application that is currently using AWS Elastic Beanstalk. After the Developer completes the changes, what solutions will update the Elastic Beanstalk environment with the new application version? (Choose TWO)", + "possible_answers": [ + { + "label": "Package the application code into a `.zip` file, and upload, then deploy the packaged application from the AWS Management Console", + "is_correct": true, + "explaination": "Elastic Beanstalk supports deploying a packaged ZIP application bundle directly from the console." + }, + { + "label": "Package the application code into a `.tar` file, create a new application version from the AWS Management Console, then update the environment by using AWS CLI", + "is_correct": false, + "explaination": "Elastic Beanstalk commonly expects a ZIP bundle for application source packages, not this TAR-based workflow." + }, + { + "label": "Package the application code into a `.tar` file, and upload and deploy the packaged application from the AWS Management Console", + "is_correct": false, + "explaination": "The supported and standard application bundle format here is ZIP, not TAR." + }, + { + "label": "Package the application code into a `.zip` file, create a new application version from the packaged application by using AWS CLI, then update the environment by using AWS CLI", + "is_correct": true, + "explaination": "This is a valid CLI-based Elastic Beanstalk deployment flow: create a new application version, then update the environment." + }, + { + "label": "Package the application code into a `.zip` file, create a new application version from the AWS Management Console, then rebuild the environment by using AWS CLI", + "is_correct": false, + "explaination": "Rebuilding the environment is not the normal or necessary way to roll out a new application version." + } + ] + }, + { + "question": "A company is running an application built on AWS Lambda functions. One Lambda function has performance issues when it has to download a 50MB file from the Internet in every execution. This function is called multiple times a second. What solution would give the BEST performance increase?", + "possible_answers": [ + { + "label": "Cache the file in the `/tmp` directory", + "is_correct": true, + "explaination": "Lambda execution environments can be reused, and data stored in `/tmp` may persist across invocations in the same environment, avoiding repeated downloads." + }, + { + "label": "Increase the Lambda maximum execution time", + "is_correct": false, + "explaination": "Increasing timeout does not reduce latency or eliminate the repeated download overhead." + }, + { + "label": "Put an Elastic Load Balancer in front of the Lambda function", + "is_correct": false, + "explaination": "An ELB does not solve repeated external file downloads inside the Lambda execution." + }, + { + "label": "Cache the file in Amazon S3", + "is_correct": false, + "explaination": "S3 might reduce Internet download dependency, but reading from `/tmp` inside a warm execution environment is faster and gives the best immediate performance boost." + } + ] + }, + { + "question": "Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data. How can DynamoDB costs be minimized while maximizing application performance?", + "possible_answers": [ + { + "label": "Batch all the writes, and perform the write operations when no or few reads are being performed", + "is_correct": false, + "explaination": "This addresses write timing, not the problem of expensive reads caused by large attributes." + }, + { + "label": "Create a global secondary index with a minimum set of projected attributes", + "is_correct": true, + "explaination": "A GSI with only the needed attributes projected lets the application query smaller items, reducing read capacity consumption and improving performance." + }, + { + "label": "Implement exponential backoffs in the application", + "is_correct": false, + "explaination": "Backoff is useful for throttling, but it does not reduce the size or cost of successful read operations." + }, + { + "label": "Load balance the reads to the table using an Application Load Balancer", + "is_correct": false, + "explaination": "An ALB does not front DynamoDB read capacity in this way." + } + ] + }, + { + "question": "A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are send as query string parameters in the method request. How should the Developer convert the query string parameters to arguments for the Lambda function?", + "possible_answers": [ + { + "label": "Enable request validation", + "is_correct": false, + "explaination": "Request validation checks structure and required parameters, but it does not transform query string parameters into the payload expected by Lambda." + }, + { + "label": "Include the Amazon Resource Name (ARN) of the Lambda function", + "is_correct": false, + "explaination": "The Lambda ARN identifies the integration target, but does not map parameters." + }, + { + "label": "Change the integration type", + "is_correct": false, + "explaination": "The issue is parameter transformation, not the choice of integration type." + }, + { + "label": "Create a mapping template", + "is_correct": true, + "explaination": "Mapping templates in API Gateway transform incoming request parameters into the JSON payload format the Lambda function expects." + } + ] + }, + { + "question": "A development team is creating a new application designed to run on AWS. While the test and production environments will run on Amazon EC2 instances, developers will each run their own environment on their laptops. Which of the following is the simplest and MOST secure way to access AWS services from the local development machines?", + "possible_answers": [ + { + "label": "Use an IAM role to assume a role and execute API calls using the role", + "is_correct": false, + "explaination": "This can be secure in some cases, but for local developer laptops the simplest standard answer is unique IAM users with individual credentials." + }, + { + "label": "Create an IAM user to be shared with the entire development team, provide the development team with the access key", + "is_correct": false, + "explaination": "Sharing credentials is a security anti-pattern because actions cannot be individually traced and credentials are harder to manage safely." + }, + { + "label": "Create an IAM user for each developer on the team: provide each developer with a unique access key", + "is_correct": true, + "explaination": "Unique IAM users with individual credentials provide accountability, easier revocation, and better security than shared credentials." + }, + { + "label": "Set up a federation through an Amazon Cognito user pool", + "is_correct": false, + "explaination": "Cognito user pools are intended for application users, not as the simplest standard solution for developer workstation AWS access." + } + ] + }, + { + "question": "How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB table?", + "possible_answers": [ + { + "label": "Strongly consistent reads use the same amount of throughput as eventually consistent reads", + "is_correct": false, + "explaination": "They do not use the same amount. Strong consistency consumes more read capacity." + }, + { + "label": "Strongly consistent reads use more throughput than eventually consistent reads", + "is_correct": true, + "explaination": "Eventually consistent reads are cheaper in DynamoDB. Strongly consistent reads consume twice as much read capacity for the same data size." + }, + { + "label": "Strongly consistent reads use less throughput than eventually consistent reads", + "is_correct": false, + "explaination": "This is the opposite of DynamoDB behavior." + }, + { + "label": "Strongly consistent reads use variable throughput depending on read activity", + "is_correct": false, + "explaination": "While actual consumption depends on item size, the consistency model has a defined relative cost: strong reads cost more than eventual reads." + } + ] + }, + { + "question": "A developer needs to deploy a new version to an AWS Elastic Beanstalk application. How can the developer accomplish this task?", + "possible_answers": [ + { + "label": "Upload and deploy the new application version in the Elastic Beanstalk console", + "is_correct": true, + "explaination": "Elastic Beanstalk supports uploading a new application bundle and deploying that version directly from the console." + }, + { + "label": "Use the eb init CLI command to deploy a new version", + "is_correct": false, + "explaination": "eb init initializes a project for Elastic Beanstalk use; it does not deploy a new application version." + }, + { + "label": "Terminate the current Elastic Beanstalk environment and create a new one", + "is_correct": false, + "explaination": "This is unnecessary and disruptive for a normal application version update." + }, + { + "label": "Modify the ebextensions folder to add a source option to services", + "is_correct": false, + "explaination": "The `.ebextensions` folder is for environment configuration, not the mechanism for deploying a new app version." + } + ] + }, + { + "question": "A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: `user_id`, `user_name`, `user_score`, and `user_rank`. The users are allowed to update their names only if a user is authenticated by web identity federation. Which set of conditions should be added in the policy attached to the role for the `dynamodb:PutItem` API call?", + "possible_answers": [ + { + "label": "```\n\"Condition\": {\n\"ForAllValues:StringEquals\": {\n\"dynamodb:LeadingKeys\": [\n\"${www.amazon.com:user_id}\"\n],\n\"dynamodb:Attributes\": [\n\"user_name\"\n]\n}\n```", + "is_correct": true, + "explaination": "This correctly restricts the write to the authenticated user's own item by matching the partition key (`user_id`) from the web identity token, and limits the update to only the `user_name` attribute." + }, + { + "label": "```\nCondition\": {\n\"ForAllValues:StringEquals\": {\n\"dynamodb:LeadingKeys\": [\n\"${www.amazon.com:user_name}\"\n],\n\"dynamodb:Attributes\": [\n\"user_id\"\n]\n}\n```", + "is_correct": false, + "explaination": "This is wrong because access should be controlled by the user's stable identifier (`user_id`), not by `user_name`. It also allows writing `user_id`, which is not the attribute users are supposed to change." + }, + { + "label": "```\nCondition\": {\n\"ForAllValues:StringEquals\": {\n\"dynamodb:LeadingKeys\": [\n\"${www.amazon.com:user_id}\"\n],\n\"dynamodb:Attributes\": [\n\"user_name\", \"user_id\"\n]\n}\n```", + "is_correct": false, + "explaination": "Although this correctly uses `user_id` as the leading key, it is too permissive because it also allows updates to `user_id`. The requirement is to allow users to update only their name." + }, + { + "label": "```\nCondition\": {\n\"ForAllValues:StringEquals\": {\n\"dynamodb:LeadingKeys\": [\n\"${www.amazon.com:user_name}\"\n],\n\"dynamodb:Attributes\": [\n\"user_name\", \"user_id\"\n]\n}\n```", + "is_correct": false, + "explaination": "This is incorrect for two reasons: it uses `user_name` instead of `user_id` to scope access, and it allows modification of both `user_name` and `user_id`, which exceeds the intended permission." + } + ] + }, + { + "question": "A developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment. How can the developer achieve this with MINIMAL impact on users?", + "possible_answers": [ + { + "label": "Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version", + "is_correct": false, + "explaination": "This allows rollback, but it does not minimize user impact as effectively as weighted traffic shifting during deployment." + }, + { + "label": "Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version", + "is_correct": true, + "explaination": "Using Lambda aliases with weighted routing enables canary deployment and fast rollback with minimal user impact." + }, + { + "label": "Do not make any changes to the application Deploy the new version of the code. If too many errors are encountered, point the application back to the previous version using the version number in the Amazon Resource Name (ARN)", + "is_correct": false, + "explaination": "This approach is more disruptive because the application would need to directly reference versioned ARNs." + }, + { + "label": "Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version. Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of traffic to the existing alias", + "is_correct": false, + "explaination": "Lambda aliases cannot route traffic to other aliases in this nested way. Weighted routing is done directly between versions on a single alias." + } + ] + }, + { + "question": "An application contains two components: one component to handle HTTP requests, and another component to handle background processing tasks. Each component must scale independently. The developer wants to deploy this application using AWS Elastic Beanstalk. How should this application be deployed, based on these requirements?", + "possible_answers": [ + { + "label": "Deploy the application in a single Elastic Beanstalk environment", + "is_correct": false, + "explaination": "A single environment would tie scaling behavior together, which does not satisfy the independent scaling requirement." + }, + { + "label": "Deploy each component in a separate Elastic Beanstalk environment", + "is_correct": true, + "explaination": "Separate Elastic Beanstalk environments allow each component to scale, deploy, and operate independently." + }, + { + "label": "Use multiple Elastic Beanstalk environments for the HTTP component but one environment for the background task component", + "is_correct": false, + "explaination": "This does not address the requirement that both components must scale independently." + }, + { + "label": "Use multiple Elastic Beanstalk environments for the background task component but one environment for the HTTP component", + "is_correct": false, + "explaination": "This also fails to provide independent scaling for both application components." + } + ] + }, + { + "question": "A company is using AWS CloudFormation templates to deploy AWS resources. The company needs to update one of its AWS CloudFormation stacks. What can the company do to find out how the changes will impact the resources that are running?", + "possible_answers": [ + { + "label": "Investigate the change sets", + "is_correct": true, + "explaination": "CloudFormation change sets preview how a stack update will affect existing resources before the update is executed." + }, + { + "label": "Investigate the stack policies", + "is_correct": false, + "explaination": "Stack policies control update permissions for resources, but they do not show a preview of pending changes." + }, + { + "label": "Investigate the `Metadata` section", + "is_correct": false, + "explaination": "Metadata is for template-related information and tooling, not for impact analysis of updates." + }, + { + "label": "Investigate the `Resources` section", + "is_correct": false, + "explaination": "The Resources section defines the template, but change sets are the correct feature to preview update impact." + } + ] + }, + { + "question": "A developer is creating a serverless web application and maintains different branches of code. The developer wants to avoid updating the Amazon API Gateway target endpoint each time a new code push is performed. What solution would allow the developer to perform a code push efficiently, without the need to update the API Gateway?", + "possible_answers": [ + { + "label": "Associate different AWS Lambda functions to an API Gateway target endpoint", + "is_correct": false, + "explaination": "Using different functions would still require target changes or added routing complexity." + }, + { + "label": "Create different stages in API Gateway, then associate API Gateway with AWS Lambda", + "is_correct": false, + "explaination": "Stages can help organize deployments, but Lambda versions and aliases are the cleaner way to avoid changing the API integration target." + }, + { + "label": "Create aliases and versions in AWS Lambda", + "is_correct": true, + "explaination": "API Gateway can invoke a stable Lambda alias, and the alias can be repointed to new function versions without changing the API endpoint." + }, + { + "label": "Tag the AWS Lambda functions with different names", + "is_correct": false, + "explaination": "Tags do not affect invocation routing from API Gateway." + } + ] + }, + { + "question": "An application running on EC2 instances is storing data in an S3 bucket. Security policy mandates that all data must be encrypted in transit. How can the Developer ensure that all traffic to the S3 bucket is encrypted?", + "possible_answers": [ + { + "label": "Install certificates on the EC2 instances", + "is_correct": false, + "explaination": "Instance certificates alone do not enforce that S3 requests must use TLS." + }, + { + "label": "Create a bucket policy that allows traffic where `SecureTransport` is `true`", + "is_correct": false, + "explaination": "An allow statement alone does not reliably block unencrypted requests because other policies may still grant access." + }, + { + "label": "Create an HTTPS redirect on the EC2 instances", + "is_correct": false, + "explaination": "That would affect traffic to the application, not enforce TLS usage for direct S3 access." + }, + { + "label": "Create a bucket policy that denies traffic where `SecureTransport` is `false`", + "is_correct": true, + "explaination": "An explicit deny on requests where `aws:SecureTransport` is false ensures that only encrypted HTTPS requests to S3 are permitted." + } + ] + }, + { + "question": "A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint `http://www.supplierdomain.com/status/customerID`. Which of the following application designs meet the requirements? (Select TWO)", + "possible_answers": [ + { + "label": "Amazon SQS; Amazon SNS", + "is_correct": false, + "explaination": "SQS and SNS are messaging services and do not directly provide a RESTful HTTP API endpoint for this use case." + }, + { + "label": "Elastic Load Balancing; Amazon EC2", + "is_correct": true, + "explaination": "An ELB in front of EC2 instances can expose an HTTP endpoint and serve a RESTful API." + }, + { + "label": "Amazon ElastiCache; Amazon Elacticsearch Service", + "is_correct": false, + "explaination": "These are backend services and do not by themselves form the requested REST API endpoint." + }, + { + "label": "Amazon API Gateway; AWS Lambda", + "is_correct": true, + "explaination": "API Gateway with Lambda is a standard serverless design for implementing RESTful endpoints like `/status/customerID`." + }, + { + "label": "Amazon S3; Amazon CloudFront", + "is_correct": false, + "explaination": "This combination is suitable for static content delivery, not a dynamic order status REST API." + } + ] + }, + { + "question": "A developer Is designing an AWS Lambda function that create temporary files that are less than 10 MB during execution. The temporary files will be accessed and modified multiple times during execution. The developer has no need to save or retrieve these files in the future. Where should the temporary file be stored?", + "possible_answers": [ + { + "label": "the `/tmp` directory", + "is_correct": true, + "explaination": "Lambda provides ephemeral local storage in `/tmp`, which is designed for temporary files needed only during execution." + }, + { + "label": "Amazon EFS", + "is_correct": false, + "explaination": "EFS is persistent shared storage and is unnecessary for small temporary files not needed after execution." + }, + { + "label": "Amazon EBS", + "is_correct": false, + "explaination": "EBS is not directly attached to Lambda functions." + }, + { + "label": "Amazon S3", + "is_correct": false, + "explaination": "S3 is durable object storage, but it is slower and unnecessary for small local temporary files used only within one invocation." + } + ] + }, + { + "question": "A website's page load times are gradually increasing as more users access the system at the same time. Analysis indicates that a user profile is being loaded from a database in all the web pages being visited by each user and this is increasing the database load and the page load latency. To address this issue the Developer decides to cache the user profile data. Which caching strategy will address this situation MOST efficiently?", + "possible_answers": [ + { + "label": "Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data within this database using the write-through caching strategy", + "is_correct": false, + "explaination": "This adds unnecessary infrastructure management and is not the most efficient managed caching solution." + }, + { + "label": "Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy", + "is_correct": true, + "explaination": "Cache-aside is efficient for read-heavy workloads like user profile lookups, and ElastiCache reduces database load and latency." + }, + { + "label": "Use a dedicated Amazon RDS instance for caching profile data. Use a write-through caching strategy", + "is_correct": false, + "explaination": "RDS is not an in-memory cache and is not the best tool for low-latency profile caching." + }, + { + "label": "Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strategy", + "is_correct": false, + "explaination": "Write-through is useful in some consistency-sensitive scenarios, but cache-aside is generally the most efficient for on-demand repeated reads like user profiles." + } + ] + }, + { + "question": "An advertising company has a dynamic website with heavy traffic. The company wants to migrate the website infrastructure to AWS to handle everything except website development. Which solution BEST meets these requirements?", + "possible_answers": [ + { + "label": "Use AWS VM Import to migrate a web server image to AWS Launch the image on a compute-optimized Amazon EC2 instance", + "is_correct": false, + "explaination": "This still leaves the company managing the underlying infrastructure and scaling." + }, + { + "label": "Launch multiple Amazon Lightsail instance behind a load balancer. Set up the website on those instances", + "is_correct": false, + "explaination": "Lightsail is simpler than raw EC2 but still requires infrastructure management and is not the best fit for heavy-traffic dynamic websites at scale." + }, + { + "label": "Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instance", + "is_correct": true, + "explaination": "Elastic Beanstalk handles much of the infrastructure management, scaling, deployment, and environment provisioning so the company can focus mainly on the application code." + }, + { + "label": "Use Amazon S3 to host the website. Use Amazon CloudFornt to deliver the content at scale", + "is_correct": false, + "explaination": "S3 static website hosting is not suitable for a dynamic website that needs server-side processing." + } + ] + }, + { + "question": "A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation. Which of the following will help the developer accomplish this objective?", + "possible_answers": [ + { + "label": "Obtain the request identifier from the Lambda context object. Architect the application to write logs to the console", + "is_correct": true, + "explaination": "The Lambda context object includes the invocation request ID, and writing to the console sends logs to CloudWatch Logs automatically." + }, + { + "label": "Obtain the request identifier from the Lambda event object. Architect the application to write logs to a file", + "is_correct": false, + "explaination": "The event object does not automatically include the Lambda invocation request ID, and file logging is not the standard Lambda logging pattern." + }, + { + "label": "Obtain the request identifier from the Lambda event object. Architect the application to write logs to the console", + "is_correct": false, + "explaination": "The invocation request ID is provided by the context object, not generally by the event payload." + }, + { + "label": "Obtain the request identifier from the Lambda context object. Architect the application to write logs to a file", + "is_correct": false, + "explaination": "While the context object is correct, writing to a file is not the best standard logging method in Lambda compared with console output to CloudWatch Logs." + } + ] + }, + { + "question": "A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A. An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrators in Account A created an IAM role named AccessPII with privileges to access the PII table, and made account B a trusted entity. Which combination of actional steps should Developers take to access the table? (Select TWO)", + "possible_answers": [ + { + "label": "Allow the EC2 IAM role the permission to assume the AccessPII role", + "is_correct": true, + "explaination": "The EC2 instance role in Account B must be allowed to call sts:AssumeRole on the cross-account role in Account A." + }, + { + "label": "Allow the EC2 IAM role the permission to access the PII table", + "is_correct": false, + "explaination": "Direct table permissions on the EC2 role in Account B are not sufficient because the table access is intended to happen through the cross-account role in Account A." + }, + { + "label": "Include the AWS API in the application code logic to obtain temporary credentials from the EC2 IAM role to access the PII table", + "is_correct": false, + "explaination": "The EC2 role already provides temporary credentials for Account B, but the app still needs to assume the cross-account role in Account A." + }, + { + "label": "Include the `AssumeRole` API operation in the application code logic to obtain temporary credentials to access the PII table", + "is_correct": true, + "explaination": "The application should call STS AssumeRole to get temporary credentials for the AccessPII role and then use those credentials to access DynamoDB." + }, + { + "label": "Include the GetSessionToken API operation in the application code logic to obtain temporary credentials to access the PII table", + "is_correct": false, + "explaination": "GetSessionToken is not the correct API for cross-account role assumption. AssumeRole is the correct operation." + } + ] + }, + { + "question": "An AWS Lambda function accesses two Amazon DynamoDB tables. A developer wants to improve the performance of the Lambda function by identifying bottlenecks in the function. How can the developer inspect the timing of the DynamoDB API calls?", + "possible_answers": [ + { + "label": "Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics", + "is_correct": false, + "explaination": "This does not provide detailed trace timing for API calls made by the Lambda function to DynamoDB." + }, + { + "label": "Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs", + "is_correct": false, + "explaination": "DynamoDB is a managed service and is not fronted by an ALB in this way." + }, + { + "label": "Limit Lambda to no more than five concurrent invocations Monitor from the Lambda console", + "is_correct": false, + "explaination": "Reducing concurrency may change behavior, but it does not reveal detailed API timing bottlenecks." + }, + { + "label": "Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service", + "is_correct": true, + "explaination": "X-Ray can show subsegments for downstream DynamoDB calls, allowing the developer to inspect timing and isolate performance bottlenecks." + } + ] + }, + { + "question": "An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users. What can be done to eliminate the performance impact on application users?", + "possible_answers": [ + { + "label": "Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic", + "is_correct": false, + "explaination": "Multi-AZ improves availability and failover, not read scaling or isolation from write impact." + }, + { + "label": "Create an RDS Read Replica and direct all read traffic to the replica", + "is_correct": true, + "explaination": "A read replica offloads read traffic from the primary instance, reducing the effect of daily writes on users performing read queries." + }, + { + "label": "Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic", + "is_correct": false, + "explaination": "ElastiCache helps with repeated reads, but it does not directly buffer or isolate the database write workload as described here." + }, + { + "label": "Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic", + "is_correct": false, + "explaination": "Switching database technology is unnecessary and not the direct solution to the performance issue described." + } + ] + }, + { + "question": "A company is developing a serverless ecommerce web application. The application needs to make coordinated, all-or-nothing changes to multiple items in the company's inventory table in Amazon DynamoDB. Which solution will meet these requirements?", + "possible_answers": [ + { + "label": "Enable transactions for the DynamoDB table. Use the `BatchWriteItem` operation to update the items", + "is_correct": false, + "explaination": "BatchWriteItem is not transactional and does not provide all-or-nothing guarantees across multiple items." + }, + { + "label": "Use the `TransactWriteitems` operation to group the changes. Update the items in the table", + "is_correct": true, + "explaination": "TransactWriteItems provides ACID transactional behavior across multiple items in DynamoDB." + }, + { + "label": "Set up a FIFO queue using Amazon SQS. Group the changes in the queue. Update the table based on the grouped changes", + "is_correct": false, + "explaination": "FIFO ordering does not provide DynamoDB transaction semantics." + }, + { + "label": "Create a transaction table in an Amazon Aurora DB cluster to manage the transactions. Write a backend process to sync the Aurora DB table and the DynamoDB table", + "is_correct": false, + "explaination": "This adds unnecessary complexity when DynamoDB already supports native transactions." + } + ] + }, + { + "question": "An application is running on an EC2 instance. The Developer wants to store an application metric in Amazon CloudWatch. What is the best practice for implementing this requirement?", + "possible_answers": [ + { + "label": "Use the PUT Object API call to send data to an S3 bucket. Use an event notification to invoke a Lambda function to publish data to CloudWatch", + "is_correct": false, + "explaination": "This is an indirect and overly complex way to publish a custom metric." + }, + { + "label": "Publish the metric data to an Amazon Kinesis Stream using a `PutRecord` API call. Subscribe a Lambda function that publishes data to CloudWatch", + "is_correct": false, + "explaination": "Kinesis is unnecessary for publishing a simple application metric to CloudWatch." + }, + { + "label": "Use the CloudWatch `PutMetricData` API call to submit a custom metric to CloudWatch. Provide the required credentials to enable the API call", + "is_correct": false, + "explaination": "PutMetricData is correct, but best practice is to avoid embedding or manually managing credentials where an IAM role can be used." + }, + { + "label": "Use the CloudWatch `PutMetricData` API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call", + "is_correct": true, + "explaination": "This uses the proper CloudWatch API and follows AWS security best practices by using an instance role instead of static credentials." + } + ] + }, + { + "question": "A Developer needs to design an application running on AWS that will be used to consume Amazon SQS messages that range from 1 KB up to 1GB in size. How should the Amazon SQS messages be managed?", + "possible_answers": [ + { + "label": "Use Amazon S3 and the Amazon SQS CLI", + "is_correct": false, + "explaination": "The CLI is not the relevant mechanism here. Large-message handling is done with a special client library pattern." + }, + { + "label": "Use Amazon S3 and the Amazon SQS Extended Client Library for Java", + "is_correct": true, + "explaination": "The SQS Extended Client Library stores large payloads in S3 and places a reference in SQS, enabling message handling beyond the normal SQS size limit." + }, + { + "label": "Use Amazon EBS and the Amazon SQS CLI", + "is_correct": false, + "explaination": "EBS is block storage for EC2 and is not used as the large-payload backend for SQS messages." + }, + { + "label": "Use Amazon EFS and the Amazon SQS CLI", + "is_correct": false, + "explaination": "EFS is not the standard solution for oversized SQS message payload storage." + } + ] + }, + { + "question": "A developer has written a multi-threaded application that is running on a fleet of Amazon EC2 instances. The operations team has requested a graphical method to monitor the number of running threads over time. What is the MOST efficient way to fulfill this request?", + "possible_answers": [ + { + "label": "Periodically send the thread count to AWS X-Ray segments, then generate a service graph on demand", + "is_correct": false, + "explaination": "X-Ray is for tracing requests and distributed application behavior, not for graphing a custom application metric like thread count." + }, + { + "label": "Create a custom Amazon CloudWatch metric and periodically perform a `PutMetricData` call with the current thread count", + "is_correct": true, + "explaination": "CloudWatch custom metrics are designed for collecting and graphing application-level metrics over time." + }, + { + "label": "Periodically log thread count data to Amazon S3. Use Amazon Kinesis to process the data into a graph", + "is_correct": false, + "explaination": "This is much more complex than simply publishing a custom metric to CloudWatch." + }, + { + "label": "Periodically write the current thread count to a table using Amazon DynarnoDB and use Amazon CloudFront to create a graph", + "is_correct": false, + "explaination": "DynamoDB plus CloudFront is not the normal or efficient solution for time-series metric graphing." + } + ] + }, + { + "question": "The Lambda function below is being called through an API using Amazon API Gateway. The average execution time for the Lambda function is about 1 second. The pseudocode for the Lambda function is as shown in the exhibit. What two actions can be taken to improve the performance of this Lambda function without increasing the cost of the solution? (Select TWO)\n```include \"3rd party encryption module\"\ninclude \"match module\"\nlambda_ handler(event, context)\n rds_host = \"rds-instance-endpoint\"\n name = db_udername\n password = db_password\n db_name = db_name\n# Connect to the RDS Database\nConn = RDSConnection(rds_host, user=name, passwd=password, db=db_name, connect_timeout=5)\n#Perform some Processing reading data from the RDS database\n#Code Block\n#Code Block\n#Code Block```", + "possible_answers": [ + { + "label": "Package only the modules the Lambda function requires", + "is_correct": true, + "explaination": "Reducing the deployment package size can improve cold start performance by loading less code." + }, + { + "label": "Use Amazon DynamoDB instead of Amazon RDS", + "is_correct": false, + "explaination": "Changing the data store is not required and may involve major redesign rather than a targeted performance optimization." + }, + { + "label": "Move the initialization of the variable Amazon RDS connection outside of the handler function", + "is_correct": true, + "explaination": "Initializing the database connection outside the handler allows execution environment reuse and avoids reconnecting on every invocation." + }, + { + "label": "Implement custom database connection pooling with the Lambda function", + "is_correct": false, + "explaination": "Connection pooling is not straightforward in Lambda and is not the simplest no-cost optimization here." + }, + { + "label": "Implement local caching of Amazon RDS data so Lambda can re-use the cache", + "is_correct": false, + "explaination": "Possible in some cases, but not the best answer compared with the more direct optimizations identified." + } + ] + }, + { + "question": "An application on AWS is using third-party APIs. The Developer needs to monitor API errors in the code, and wants to receive notifications if failures go above a set threshold value. How can the Developer achieve these requirements?", + "possible_answers": [ + { + "label": "Publish a custom metric on Amazon CloudWatch and use Amazon Simple Email Service (SES) for notification", + "is_correct": false, + "explaination": "SES sends email, but SNS is the standard notification mechanism used with CloudWatch alarms." + }, + { + "label": "Use an Amazon CloudWatch API-error metric and use Amazon Simple Notification Service (SNS) for notification", + "is_correct": false, + "explaination": "There is no automatic generic CloudWatch metric for arbitrary third-party API errors unless the application publishes one." + }, + { + "label": "Use an Amazon CloudWatch API-error metric and use Amazon SES for notification", + "is_correct": false, + "explaination": "The monitoring still requires a custom metric, and SNS is the standard alarm notification target." + }, + { + "label": "Publish a custom metric on Amazon CloudWatch and use Amazon SNS for notification", + "is_correct": true, + "explaination": "The application should publish its error count as a custom metric and then use a CloudWatch alarm with SNS to notify when the threshold is exceeded." + } + ] + }, + { + "question": "The release process workflow of an application requires a manual approval before the code is deployed into the production environment. What is the BEST way to achieve this using AWS CodePipeline?", + "possible_answers": [ + { + "label": "Use multiple pipelines to allow approval", + "is_correct": false, + "explaination": "This is more complex than necessary because CodePipeline already supports built-in approval actions." + }, + { + "label": "Use an approval action in a stage", + "is_correct": true, + "explaination": "A manual approval action is the native CodePipeline feature designed for pauses before promotion to the next stage, such as production." + }, + { + "label": "Disable the stage transition to allow manual approval", + "is_correct": false, + "explaination": "Disabling stage transitions is a manual workaround, not the best structured solution." + }, + { + "label": "Disable a stage just prior the deployment stage", + "is_correct": false, + "explaination": "This is not the intended mechanism for implementing controlled manual approval in CodePipeline." + } + ] + }, + { + "question": "A Developer is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Which implementation below would work while maintaining maximum uptime?", + "possible_answers": [ + { + "label": "Implement Amazon ElastiCache Redis in Cluster Mode", + "is_correct": true, + "explaination": "Redis in ElastiCache supports replication and high availability, making it suitable when cached content is expensive to rebuild and uptime matters." + }, + { + "label": "Install Redis on an Amazon EC2 instance", + "is_correct": false, + "explaination": "A self-managed Redis instance on EC2 has more operational risk and less built-in availability than managed ElastiCache." + }, + { + "label": "Implement Amazon ElastiCache Memcached", + "is_correct": false, + "explaination": "Memcached does not offer the same persistence and failover characteristics as Redis, making it less suitable when cache data is expensive to regenerate." + }, + { + "label": "Migrate the database to Amazon Redshift", + "is_correct": false, + "explaination": "Redshift is a data warehouse and not a caching layer for RDS." + } + ] + }, + { + "question": "A company has written a Java AWS Lambda function to be triggered whenever a user uploads an image to an Amazon S3 bucket. The function converts the original image to several different formats and then copies the resulting images to another Amazon S3 bucket. The Developers find that no images are being copied to the second Amazon S3 bucket. They have tested the code on an Amazon EC2 instance with 1GB of RAM, and it takes an average of 500 seconds to complete. What is the MOST likely cause of the problem?", + "possible_answers": [ + { + "label": "The Lambda function has insufficient memory and needs to be increased to 1 GB to match the Amazon EC2 instance", + "is_correct": true, + "explaination": "Lambda CPU is proportional to memory. A memory setting lower than the EC2 test environment can significantly slow processing and may cause the function to fail before completion." + }, + { + "label": "Files need to be copied to the same Amazon S3 bucket for processing, so the second bucket needs to be deleted", + "is_correct": false, + "explaination": "Using a second bucket for outputs is a common and valid design." + }, + { + "label": "Lambda functions have a maximum execution limit of 15 minutes, therefore the function is not completing", + "is_correct": false, + "explaination": "500 seconds is about 8 minutes and 20 seconds, which is within the 15-minute Lambda limit." + }, + { + "label": "There is a problem with the Java runtime for Lambda, and the function needs to be converted to node.js", + "is_correct": false, + "explaination": "Java is fully supported on Lambda. The runtime itself is not the likely root cause." + } + ] + }, + { + "question": "A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours. How can the Developer implement encryption at rest for data within the Kinesis Streams?", + "possible_answers": [ + { + "label": "Enable SSL connections to Kinesis", + "is_correct": false, + "explaination": "SSL encrypts data in transit, not at rest within the stream." + }, + { + "label": "Use Amazon Kinesis Consumer Library", + "is_correct": false, + "explaination": "The consumer library helps process stream data, but it does not configure encryption at rest." + }, + { + "label": "Encrypt the data once it is at rest with a Lambda function", + "is_correct": false, + "explaination": "This is unnecessary because Kinesis Data Streams has built-in server-side encryption support." + }, + { + "label": "Enable server-side encryption in Kinesis Streams", + "is_correct": true, + "explaination": "Kinesis Data Streams supports server-side encryption at rest using AWS KMS." + } + ] + }, + { + "question": "A Developer is creating a mobile application with a limited budget. The solution requires a scalable service that will enable customers to sign up and authenticate into the mobile application while using the organization's current SAML 2.0 identity provider. Which AWS service should be used to meet these requirements?", + "possible_answers": [ + { + "label": "AWS Lambda", + "is_correct": false, + "explaination": "Lambda can implement custom auth logic, but it is not the managed authentication service intended for this use case." + }, + { + "label": "Amazon Cognito", + "is_correct": true, + "explaination": "Amazon Cognito is a scalable managed identity service that supports federation with SAML 2.0 identity providers." + }, + { + "label": "AWS IAM", + "is_correct": false, + "explaination": "IAM is for AWS account and resource access management, not for scalable end-user sign-up and authentication in mobile applications." + }, + { + "label": "Amazon EC2", + "is_correct": false, + "explaination": "EC2 would require the company to build and manage its own authentication infrastructure." + } + ] + }, + { + "question": "A company wants to migrate its web application to AWS and leverage Auto Scaling to handle peak workloads. The Solutions Architect determined that the best metric for an Auto Scaling event is the number of concurrent users. Based on this information, what should the Developer use to autoscale based on concurrent users?", + "possible_answers": [ + { + "label": "An Amazon SNS topic to be triggered when a concurrent user threshold is met", + "is_correct": false, + "explaination": "SNS can send notifications, but it is not itself the metric source used for Auto Scaling policies." + }, + { + "label": "An Amazon Cloudwatch NetworkIn metric", + "is_correct": false, + "explaination": "NetworkIn may correlate loosely with traffic, but it is not the identified best metric of concurrent users." + }, + { + "label": "Amazon CloudFront to leverage AWS Edge Locations", + "is_correct": false, + "explaination": "CloudFront improves delivery performance, but it does not supply concurrent-user Auto Scaling logic." + }, + { + "label": "A Custom Amazon CloudWatch metric for concurrent users", + "is_correct": true, + "explaination": "If concurrent users is the best scaling signal, the application should publish it as a custom CloudWatch metric and attach scaling policies to it." + } + ] + }, + { + "question": "A Developer has written a serverless application using multiple AWS services. The business logic is written as a Lambda function which has dependencies on third-party libraries. The Lambda function endpoints will be exposed using Amazon API Gateway. The Lambda function will write the information to Amazon DynamoDB. The Developer is ready to deploy the application but must have the ability to rollback. How can this deployment be automated, based on these requirements?", + "possible_answers": [ + { + "label": "Deploy using Amazon Lambda API operations to create the Lambda function by providing a deployment package", + "is_correct": false, + "explaination": "This does not provide the best infrastructure-as-code rollback mechanism across the full serverless stack." + }, + { + "label": "Use an AWS CloudFormation template and use CloudFormation syntax to define the Lambda function resource in the template", + "is_correct": false, + "explaination": "CloudFormation can work, but the more suitable and simplified approach for a serverless application is AWS SAM syntax." + }, + { + "label": "Use syntax conforming to the Serverless Application Model in the AWS CloudFormation template to define the Lambda function resource", + "is_correct": true, + "explaination": "AWS SAM simplifies definition and deployment of serverless resources and uses CloudFormation underneath, which supports rollback on deployment failure." + }, + { + "label": "Create a bash script which uses AWS CLI to package and deploy the application", + "is_correct": false, + "explaination": "A custom script can deploy resources, but it does not provide the same managed rollback and declarative infrastructure benefits as SAM/CloudFormation." + } + ] + }, + { + "question": "A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users' game data. How can this be accomplished?", + "possible_answers": [ + { + "label": "Encrypt the game data with individual user keys", + "is_correct": false, + "explaination": "Encryption alone does not enforce access control at the application or IAM level." + }, + { + "label": "Restrict access to specific items based on certain primary key values", + "is_correct": true, + "explaination": "IAM policies for DynamoDB can use conditions such as leading keys to restrict a user to only items associated with that user's identity." + }, + { + "label": "Stage data in SQS queues to inject metadata before accessing DynamoDB", + "is_correct": false, + "explaination": "SQS does not solve item-level authorization in DynamoDB." + }, + { + "label": "Read records from DynamoDB and discard irrelevant data client-side", + "is_correct": false, + "explaination": "This is insecure because the user would still have access to the unauthorized data." + } + ] + }, + { + "question": "A Developer is creating a web application that requires authentication, but also needs to support guest access to provide users limited access without having to authenticate. What service can provide support for the application to allow guest access?", + "possible_answers": [ + { + "label": "IAM temporary credentials using AWS STS", + "is_correct": false, + "explaination": "STS can issue temporary credentials, but Cognito is the managed service designed to support guest and authenticated application users." + }, + { + "label": "Amazon Directory Service", + "is_correct": false, + "explaination": "Directory Service is for managed directory integrations, not guest access for web applications." + }, + { + "label": "Amazon Cognito with unauthenticated access enabled", + "is_correct": true, + "explaination": "Cognito identity pools can grant limited AWS access to unauthenticated guest users." + }, + { + "label": "IAM with SAML integration", + "is_correct": false, + "explaination": "SAML integration is for federated authenticated users, not anonymous guest access." + } + ] + }, + { + "question": "Given the source code for an AWS Lambda function in the local `store.py` containing a handler function called `get_store` and the following AWS CloudFormation template. What should be done to prepare the template so that it can be deployed using the AWS CLI command `aws cloudformation deploy`?\n```Transform: AWS::Serverless-2016-10-31\nResources:\n StoreFunc:\n Type: AWS::Serverless::Function\n Properties:\n Handler: store.get_store\n Runtime: python3.6```", + "possible_answers": [ + { + "label": "Use AWS CloudFormation compile to base64 encode and embed the source file into a modified CloudFormation template", + "is_correct": false, + "explaination": "There is no standard CloudFormation compile step for embedding Lambda code this way." + }, + { + "label": "Use AWS CloudFormation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template", + "is_correct": true, + "explaination": "The package command uploads local artifacts like Lambda code to S3 and rewrites the template so `aws cloudformation deploy` can use it." + }, + { + "label": "Use AWS Lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive", + "is_correct": false, + "explaination": "This is not the standard AWS CLI packaging workflow for Lambda code referenced in CloudFormation." + }, + { + "label": "Use AWS Serverless `create-package` to embed the source file directly into the existing CloudFormation template", + "is_correct": false, + "explaination": "The correct concept is packaging artifacts to S3, not embedding code directly into the template." + } + ] + }, + { + "question": "A Developer has created a large Lambda function, and deployment is failing with the following error: `ClientError: An error occurred (InvalidParameterValueException) when calling the CreateFunction operation: Unzipped size must be smaller than XXXXXXXXX bytes.`, where `XXXXXXXXX` is the current Lambda limit. What can the Developer do to fix this problem?", + "possible_answers": [ + { + "label": "Submit a limit increase request to AWS Support to increase the function to the size needed", + "is_correct": false, + "explaination": "This Lambda package size limit is not solved by a support quota increase in the way described." + }, + { + "label": "Use a compression algorithm that is more efficient than `ZIP`", + "is_correct": false, + "explaination": "Lambda deployment packages use ZIP, and the error refers to unzipped size anyway." + }, + { + "label": "Break the function into multiple smaller Lambda functions", + "is_correct": true, + "explaination": "Splitting the oversized function into smaller functions reduces package size and often improves maintainability." + }, + { + "label": "ZIP the `ZIP` file twice to compress it further", + "is_correct": false, + "explaination": "Double zipping does not solve the Lambda unzipped size requirement." + } + ] + }, + { + "question": "A serverless application uses an API Gateway and AWS Lambda. Where should the Lambda function store its session information across function calls?", + "possible_answers": [ + { + "label": "In an Amazon DynamoDB table", + "is_correct": true, + "explaination": "Lambda execution environments are stateless and ephemeral, so session data should be stored in durable external storage such as DynamoDB." + }, + { + "label": "In an Amazon SQS queue", + "is_correct": false, + "explaination": "SQS is a messaging service, not a session store." + }, + { + "label": "In the local filesystem", + "is_correct": false, + "explaination": "The Lambda local filesystem is temporary and cannot be relied upon for persistent session state across invocations." + }, + { + "label": "In an SQLite session table using `CDSQLITE_ENABLE_SESSION`", + "is_correct": false, + "explaination": "This is not an appropriate or standard persistence mechanism for Lambda session state." + } + ] + }, + { + "question": "An application reads data from an Amazon DynamoDB table. Several times a day, for a period of 15 seconds, the application receives multiple `ProvisionedThroughputExceeded` errors. How should this exception be handled?", + "possible_answers": [ + { + "label": "Create a new global secondary index for the table to help with the additional requests", + "is_correct": false, + "explaination": "A GSI is not the standard immediate handling mechanism for temporary throughput throttling." + }, + { + "label": "Retry the failed read requests with exponential backoff", + "is_correct": true, + "explaination": "Exponential backoff is the recommended best practice for handling intermittent DynamoDB throttling." + }, + { + "label": "Immediately retry the failed read requests", + "is_correct": false, + "explaination": "Immediate retries can worsen throttling by increasing pressure on the table." + }, + { + "label": "Use the DynamoDB `UpdateItem` API to increase the provisioned throughput capacity of the table", + "is_correct": false, + "explaination": "UpdateItem changes table data, not throughput settings. Also, it is not the correct way to handle short-lived throttling events." + } + ] + }, + { + "question": "A Developer is writing a Linux-based application to run on AWS Elastic Beanstalk. Application requirements state that the application must maintain full capacity during updates while minimizing cost. Which type of Elastic Beanstalk deployment policy should the Developer specify for the environment?", + "possible_answers": [ + { + "label": "Immutable", + "is_correct": false, + "explaination": "Immutable deployments maintain availability well, but they cost more because they launch a full new set of instances." + }, + { + "label": "Rolling", + "is_correct": false, + "explaination": "Rolling deployments reduce capacity during the deployment process." + }, + { + "label": "All at Once", + "is_correct": false, + "explaination": "All at Once risks downtime and does not maintain full capacity." + }, + { + "label": "Rolling with additional batch", + "is_correct": true, + "explaination": "Rolling with additional batch maintains full capacity during deployment while costing less than immutable because it only adds one extra batch temporarily." + } + ] + }, + { + "question": "When writing a Lambda function, what is the benefit of instantiating AWS clients outside the scope of the handler?", + "possible_answers": [ + { + "label": "Legibility and stylistic convention", + "is_correct": false, + "explaination": "While code style can improve readability, that is not the main runtime benefit." + }, + { + "label": "Taking advantage of connection re-use", + "is_correct": true, + "explaination": "Objects created outside the handler can be reused across warm invocations, reducing setup time and improving performance." + }, + { + "label": "Better error handling", + "is_correct": false, + "explaination": "Error handling is not the primary reason for placing AWS client initialization outside the handler." + }, + { + "label": "Creating a new instance per invocation", + "is_correct": false, + "explaination": "The goal is actually the opposite: avoid creating new clients on every invocation." + } + ] + }, + { + "question": "A current architecture uses many Lambda functions invoking one another as large state machine. The coordination of this state machine is legacy custom code that breaks easily. Which AWS Service can help refactor and manage the state machine?", + "possible_answers": [ + { + "label": "AWS Data Pipeline", + "is_correct": false, + "explaination": "Data Pipeline is for data workflows, not the best choice for orchestrating Lambda-based application state machines." + }, + { + "label": "AWS SNS with AWS SQS", + "is_correct": false, + "explaination": "SNS and SQS help decouple messaging, but they do not natively manage workflow state transitions." + }, + { + "label": "Amazon Elastic MapReduce", + "is_correct": false, + "explaination": "EMR is for big data processing, not Lambda workflow orchestration." + }, + { + "label": "AWS Step Functions", + "is_correct": true, + "explaination": "Step Functions is specifically designed to coordinate multiple Lambda functions and model workflows as managed state machines." + } + ] + }, + { + "question": "A company is developing a new online game that will run on top of Amazon ECS. Four distinct Amazon ECS services will be part of the architecture, each requiring specific permissions to various AWS services. The company wants to optimize the use of the underlying Amazon EC2 instances by bin packing the containers based on memory reservation. Which configuration would allow the Development team to meet these requirements MOST securely?", + "possible_answers": [ + { + "label": "Create a new Identity and Access Management (IAM) instance profile containing the required permissions for the various ECS services, then associate that instance role with the underlying EC2 instances", + "is_correct": false, + "explaination": "Giving all permissions to the instance profile violates least privilege because all tasks on the instance could inherit overly broad permissions." + }, + { + "label": "Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS service to reference the associated IAM role", + "is_correct": false, + "explaination": "Permissions should be attached at the ECS task definition level through task roles, not directly as a generic ECS service reference." + }, + { + "label": "Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then, create an IAM group and configure the ECS cluster to reference that group", + "is_correct": false, + "explaination": "IAM groups are for IAM users and are not how ECS tasks receive permissions." + }, + { + "label": "Create four distinct IAM roles, each containing the required permissions for the associated ECS service, then configure each ECS task definition to referenсe the associated IAM role", + "is_correct": true, + "explaination": "ECS task roles provide least-privilege permissions per task, which is the most secure approach while still allowing dense bin packing on shared EC2 instances." + } + ] + }, + { + "question": "A Developer must re-implement the business logic for an order fulfilment system. The business logic has to make requests to multiple vendors to decide where to purchase an item. The whole process can take up to a week to complete. What is the MOST efficient and SIMPLEST way to implement a system that meets these requirements?", + "possible_answers": [ + { + "label": "Use AWS Step Functions to execute parallel Lambda functions, and join the results", + "is_correct": true, + "explaination": "Step Functions can coordinate long-running workflows, parallel tasks, retries, and state transitions, making it a simple managed way to implement this logic." + }, + { + "label": "Create an AWS SQS for each vendor, poll the queue from a worker instance, and joint the results", + "is_correct": false, + "explaination": "This adds unnecessary infrastructure and orchestration complexity compared to Step Functions." + }, + { + "label": "Use AWS Lambda to asynchronously call a Lambda function for each vendor, and join the results", + "is_correct": false, + "explaination": "Lambda alone is not well suited to coordinating a workflow that can last up to a week." + }, + { + "label": "Use Amazon CloudWatch Events to orchestrate the Lambda functions", + "is_correct": false, + "explaination": "CloudWatch Events can trigger actions on a schedule, but it is not a workflow orchestration engine for complex long-running business logic." + } + ] + }, + { + "question": "A mobile app stores blog posts in an Amazon DynamoDB table. Millions of posts are added every day, and each post represents a single item in the table. The mobile app requires only recent posts. Any post that is older than 48 hours can be removed. What is the MOST cost-effective way to delete posts that are older than 48 hours?", + "possible_answers": [ + { + "label": "For each item, add a new attribute of type `String` that has a timestamp that is set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are older than 48 hours by using the `BatchWriteItem` API operation. Schedule a cron job on an Amazon EC2 instance once an hour to start the script", + "is_correct": false, + "explaination": "This introduces extra infrastructure and scan cost, making it less efficient and more expensive." + }, + { + "label": "For each item, add a new attribute of type `String` that has a timestamp that is set to the blog post creation time. Create a script to find old posts with a table scan and remove posts that are older than 48 hours by using the `BatchWriteItem` API operation. Place the script in a container image. Schedule an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate that invokes the container every 5 minutes", + "is_correct": false, + "explaination": "This is also unnecessarily complex and costly compared to native DynamoDB expiration." + }, + { + "label": "For each item, add a new attribute of type `Date` that has a timestamp that is set to 48 hours after the blog post creation time. Create a Global Secondary Index (GSI) that uses the new attribute as a sort key. Create an AWS Lambda function that references the GSI and removes expired items by using the `BatchWriteItem` API operation. Schedule the function with an Amazon CloudWatch event every minute", + "is_correct": false, + "explaination": "This is far more complex than needed and DynamoDB TTL does not require a GSI or Lambda cleanup process." + }, + { + "label": "For each item, add a new attribute of type `Number` that has a timestamp that is set to 48 hours after the blog post creation time. Configure the DynamoDB table with a TTL that references the new attribute", + "is_correct": true, + "explaination": "DynamoDB TTL is the simplest and most cost-effective native way to automatically expire old items." + } + ] + }, + { + "question": "A Developer is receiving HTTP `400`: `ThrottlingException` errors intermittently when calling the Amazon CloudWatch API. When a call fails, no data is retrieved. What best practice should first be applied to address this issue?", + "possible_answers": [ + { + "label": "Contact AWS Support for a limit increase", + "is_correct": false, + "explaination": "A quota increase might help in some edge cases, but the first best practice for throttling is retry with backoff." + }, + { + "label": "Use the AWS CLI to get the metrics", + "is_correct": false, + "explaination": "Changing clients does not address API throttling behavior." + }, + { + "label": "Analyze the applications and remove the API call", + "is_correct": false, + "explaination": "This may not be feasible and is not the standard first response to intermittent throttling." + }, + { + "label": "Retry the call with exponential backoff", + "is_correct": true, + "explaination": "Exponential backoff is the recommended pattern for handling throttling exceptions from AWS APIs." + } + ] + }, + { + "question": "An application is real-time processing millions of events that are received through an API. What service could be used to allow multiple consumers to process the data concurrently and MOST cost-effectively?", + "possible_answers": [ + { + "label": "Amazon SNS with fanout to an SQS queue for each application", + "is_correct": false, + "explaination": "This can support multiple consumers, but for real-time high-throughput event streaming, Kinesis Data Streams is generally more cost-effective and purpose-built." + }, + { + "label": "Amazon SNS with fanout to an SQS FIFO (first-in, first-out) queue for each application", + "is_correct": false, + "explaination": "FIFO queues add ordering guarantees and lower throughput characteristics that are not ideal for millions of real-time events." + }, + { + "label": "Amazon Kinesis Firehose", + "is_correct": false, + "explaination": "Firehose is mainly for delivery to destinations, not for multiple concurrent custom consumers processing the same event stream." + }, + { + "label": "Amazon Kinesis Streams", + "is_correct": true, + "explaination": "Kinesis Data Streams is designed for real-time ingestion and supports multiple consumers processing the stream concurrently." + } + ] + }, + { + "question": "Where should the `appspec.yml` file be placed in order for AWS CodeDeploy to work?", + "possible_answers": [ + { + "label": "In the root of the application source code directory structure", + "is_correct": true, + "explaination": "CodeDeploy expects the AppSpec file to be located at the root of the deployment bundle." + }, + { + "label": "In the `bin` folder along with all the complied code", + "is_correct": false, + "explaination": "The AppSpec file must be at the root of the revision, not inside a subdirectory." + }, + { + "label": "In an S3 bucket", + "is_correct": false, + "explaination": "The deployment bundle may be stored in S3, but the appspec.yml file itself must be inside the bundle at its root." + }, + { + "label": "In the same folder as the application configuration files", + "is_correct": false, + "explaination": "It must be at the root of the application revision, not just any config folder." + } + ] + }, + { + "question": "An application will ingest data at a very high throughput from many sources and must store the data in an Amazon S3 bucket. Which service would BEST accomplish this task?", + "possible_answers": [ + { + "label": "Amazon Kinesis Firehose", + "is_correct": true, + "explaination": "Kinesis Data Firehose is built to ingest high-throughput streaming data and deliver it directly to destinations like Amazon S3." + }, + { + "label": "Amazon S3 Acceleration Transfer", + "is_correct": false, + "explaination": "S3 Transfer Acceleration helps uploads from distributed clients, but it is not a managed ingestion pipeline for many streaming sources." + }, + { + "label": "Amazon SQS", + "is_correct": false, + "explaination": "SQS is a message queue and not a direct high-throughput streaming ingestion service into S3." + }, + { + "label": "Amazon SNS", + "is_correct": false, + "explaination": "SNS is a pub/sub messaging service and not the best direct fit for high-throughput streaming into S3." + } + ] + }, + { + "question": "A Developer is creating a Lambda function and will be using external libraries that are not included in the standard Lambda libraries. What action would minimize the Lambda compute time consumed?", + "possible_answers": [ + { + "label": "Install the dependencies and external libraries at the beginning of the Lambda function", + "is_correct": false, + "explaination": "Installing dependencies at runtime increases execution time significantly." + }, + { + "label": "Create a Lambda deployment package that includes the external libraries", + "is_correct": false, + "explaination": "This works, but using Lambda Layers is the cleaner and more reusable approach highlighted here." + }, + { + "label": "Copy the external libraries to Amazon S3, and reference the external libraries to the S3 location", + "is_correct": false, + "explaination": "Downloading dependencies from S3 at runtime would increase execution time." + }, + { + "label": "Install the external libraries in Lambda Layer to be available to all Lambda functions", + "is_correct": true, + "explaination": "Lambda Layers let functions access shared libraries without downloading or installing them at runtime, helping minimize compute time." + } + ] + }, + { + "question": "During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?", + "possible_answers": [ + { + "label": "Use parallel scans while limiting the rate", + "is_correct": true, + "explaination": "Parallel scans reduce total scan time, and limiting the rate avoids consuming all remaining table capacity needed for normal workloads." + }, + { + "label": "Use sequential scans", + "is_correct": false, + "explaination": "Sequential scans are slower and do not minimize total execution time." + }, + { + "label": "Increase read capacity units during the scan operation", + "is_correct": false, + "explaination": "This may work, but the question asks for optimizing the scan during unused capacity rather than changing provisioning." + }, + { + "label": "Change consistency to eventually consistent during the scan operation", + "is_correct": false, + "explaination": "Eventual consistency helps capacity usage, but the best answer for minimizing time while protecting workload is parallel scan with rate limiting." + } + ] + }, + { + "question": "A large e-commerce site is being designed to deliver static objects from Amazon S3. The Amazon S3 bucket will server more than 300 GET requests per second. What should be done to optimize performance? (Choose TWO)", + "possible_answers": [ + { + "label": "Integrate Amazon CloudFront with Amazon S3", + "is_correct": true, + "explaination": "CloudFront caches static objects at edge locations and reduces direct request load and latency for S3." + }, + { + "label": "Enable Amazon S3 cross-region replication", + "is_correct": false, + "explaination": "Replication improves durability and multi-region availability, but it does not directly optimize request performance for clients." + }, + { + "label": "Delete expired Amazon S3 server log files", + "is_correct": false, + "explaination": "This may help storage costs, but it does not improve request performance." + }, + { + "label": "Configure Amazon S3 lifecycle rules", + "is_correct": false, + "explaination": "Lifecycle rules manage storage classes and object retention, not delivery throughput." + }, + { + "label": "Randomize Amazon S3 key name prefixes", + "is_correct": true, + "explaination": "Distributing requests across varied prefixes helps avoid hot partitions and improves S3 request performance, especially in older exam patterns." + } + ] + }, + { + "question": "A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?", + "possible_answers": [ + { + "label": "Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates", + "is_correct": true, + "explaination": "API Gateway mapping templates can transform client-friendly REST/JSON requests into the XML structure required by a SOAP backend." + }, + { + "label": "Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer", + "is_correct": false, + "explaination": "The SOAP backend expects XML, so JSON must be transformed before forwarding." + }, + { + "label": "Create a RESTful API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer", + "is_correct": false, + "explaination": "The goal is to expose a RESTful API to clients, so simply passing XML through does not meet that design intent." + }, + { + "label": "Create a RESTful API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates", + "is_correct": false, + "explaination": "REST clients are expected to send JSON in this scenario, not XML." + } + ] + }, + { + "question": "A Developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server side encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower. Which of the following is MOST likely the cause of the application latency?", + "possible_answers": [ + { + "label": "Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer Master Keys", + "is_correct": false, + "explaination": "The likely bottleneck is KMS API request limits rather than S3 itself throttling SSE-KMS encryption." + }, + { + "label": "The AWS KMS API calls limit is less than needed to achieve the desired performance", + "is_correct": true, + "explaination": "Using SSE-KMS at very high request rates can be limited by AWS KMS request quotas, causing added latency." + }, + { + "label": "The client encryption of the objects is using a poor algorithm", + "is_correct": false, + "explaination": "The requirement is server-side encryption with KMS, not client-side encryption." + }, + { + "label": "KMS requires that an alias be used to create an independent display name that can be mapped to a CM", + "is_correct": false, + "explaination": "KMS aliases are for usability and do not explain upload latency." + } + ] + }, + { + "question": "A customer wants to deploy its source code on an AWS Elastic Beanstalk environment. The customer needs to perform deployment with minimal outage and should only use existing instances to retain application access log. What deployment policy would satisfy these requirements?", + "possible_answers": [ + { + "label": "Rolling", + "is_correct": true, + "explaination": "Rolling deployments update existing instances in batches, minimizing outage while preserving instance-local data such as access logs." + }, + { + "label": "All at once", + "is_correct": false, + "explaination": "All at once can cause full outage during deployment." + }, + { + "label": "Rolling with an additional batch", + "is_correct": false, + "explaination": "This uses additional temporary instances, which does not meet the requirement to use only existing instances." + }, + { + "label": "Immutable", + "is_correct": false, + "explaination": "Immutable deployments launch new instances, so existing instance logs would not be retained in the same way." + } + ] + }, + { + "question": "A Developer has setup an Amazon Kinesis Stream with 4 shards to ingest a maximum of 2500 records per second. A Lambda function has been configured to process these records. In which order will these records be processed?", + "possible_answers": [ + { + "label": "Lambda will receive each record in the reverse order it was placed into the stream following a LIFO (last-in, first-out) method", + "is_correct": false, + "explaination": "Kinesis does not process records in reverse order." + }, + { + "label": "Lambda will receive each record in the exact order it was placed into the stream following a FIFO (first­-in, first-out) method", + "is_correct": false, + "explaination": "Ordering is preserved only within an individual shard, not across the entire stream." + }, + { + "label": "Lambda will receive each record in the exact order it was placed into the shard following a FIFO (first-in, first-out) method. There is no guarantee of order across shards", + "is_correct": true, + "explaination": "Kinesis preserves record order within each shard, but records across different shards can be processed independently and out of relative order." + }, + { + "label": "The Developer can select FIFO, (first-in, first-out), LIFO (last-in, last-out), random, or request specific record using the getRecords API", + "is_correct": false, + "explaination": "Kinesis ordering behavior is fixed by shard semantics, not user-selectable in the manner described." + } + ] + }, + { + "question": "An organization must store thousands of sensitive audio and video files in an Amazon S3 bucket. Organizational security policies require that all data written to this bucket be encrypted. How can compliance with this policy be ensured?", + "possible_answers": [ + { + "label": "Use AWS Lambda to send notifications to the security team if unencrypted objects are put in the bucket", + "is_correct": false, + "explaination": "This detects violations after the fact, but does not enforce compliance." + }, + { + "label": "Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the `x-amz­-server-side-encryption` header", + "is_correct": true, + "explaination": "A bucket policy can explicitly deny uploads unless the request includes the required encryption header, enforcing encryption at write time." + }, + { + "label": "Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted", + "is_correct": false, + "explaination": "This is a detection approach, not a prevention mechanism." + }, + { + "label": "Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the `x-amz-server­side-encryption` header", + "is_correct": false, + "explaination": "This would block the encrypted uploads rather than require them." + } + ] + }, + { + "question": "An application is designed to use Amazon SQS to manage messages from many independent senders. Each sender's messages must be processed in the order they are received. Which SQS feature should be implemented by the Developer?", + "possible_answers": [ + { + "label": "Configure each sender with a unique MessageGroupId", + "is_correct": true, + "explaination": "In an SQS FIFO queue, messages with the same MessageGroupId are processed in order. Giving each sender a unique MessageGroupId preserves order per sender while allowing parallelism across senders." + }, + { + "label": "Enable MessageDeduplicationIds on the SQS queue", + "is_correct": false, + "explaination": "Deduplication prevents duplicate messages, but it does not guarantee per-sender ordering." + }, + { + "label": "Configure each message with unique MessageGroupIds", + "is_correct": false, + "explaination": "If every message gets a unique MessageGroupId, ordering across a sender's messages is not preserved." + }, + { + "label": "Enable ContentBasedDeduplication on the SQS queue", + "is_correct": false, + "explaination": "Content-based deduplication handles duplicate suppression, not ordered processing by sender." + } + ] + }, + { + "question": "A Developer created a dashboard for an application using Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS. The Developer needs an authentication mechanism allowing a user to sign in and view the dashboard. It must be accessible from mobile applications, desktops, and tablets, and must remember user preferences across platforms. Which AWS service should the Developer use to support this authentication scenario?", + "possible_answers": [ + { + "label": "AWS KMS", + "is_correct": false, + "explaination": "KMS is a key management service for encryption, not an end-user authentication solution." + }, + { + "label": "Amazon Cognito", + "is_correct": true, + "explaination": "Amazon Cognito provides user sign-in, federation, and user profile support across multiple devices and platforms." + }, + { + "label": "AWS Directory Service", + "is_correct": false, + "explaination": "Directory Service is for managed directory integration, not the best fit for general user authentication across web and mobile apps." + }, + { + "label": "Amazon IAM", + "is_correct": false, + "explaination": "IAM manages AWS identities and permissions, not application end-user authentication flows." + } + ] + }, + { + "question": "A Lambda function is packaged for deployment to multiple environments, including development, test, production, etc. Each environment has unique set of resources such as databases, etc. How can the Lambda function use the resources for the current environment?", + "possible_answers": [ + { + "label": "Apply tags to the Lambda functions", + "is_correct": false, + "explaination": "Tags are useful for management and billing but are not the standard runtime mechanism for environment-specific configuration." + }, + { + "label": "Hardcore resources in the source code", + "is_correct": false, + "explaination": "Hardcoding environment-specific resources is inflexible and makes deployments harder to manage." + }, + { + "label": "Use environment variables for the Lambda functions", + "is_correct": true, + "explaination": "Lambda environment variables are the standard way to provide environment-specific configuration such as database endpoints." + }, + { + "label": "Use separate function for development and production", + "is_correct": false, + "explaination": "Separate functions can exist, but environment variables are the better mechanism for resource selection across environments." + } + ] + }, + { + "question": "A Developer needs temporary access to resources in a second account. What is the MOST secure way to achieve this?", + "possible_answers": [ + { + "label": "Use the Amazon Cognito user pools to get short-lived credentials for the second account", + "is_correct": false, + "explaination": "Cognito user pools are for application user authentication, not the standard cross-account AWS access pattern." + }, + { + "label": "Create a dedicated IAM access key for the second account, and send it by mail", + "is_correct": false, + "explaination": "Long-lived access keys are less secure and should not be manually distributed." + }, + { + "label": "Create a cross-account access role, and use `sts:AssumeRole` API to get short-lived credentials", + "is_correct": true, + "explaination": "Cross-account role assumption through STS is the most secure standard way to obtain temporary access to resources in another account." + }, + { + "label": "Establish trust, and add an SSH key for the second account to the IAM user", + "is_correct": false, + "explaination": "SSH keys are not the correct access mechanism for AWS API authorization across accounts." + } + ] + }, + { + "question": "A Developer needs to use AWS X-Ray to monitor an application that is deployed on EC2 instances. What steps have to be executed to perform the monitoring?", + "possible_answers": [ + { + "label": "Deploy the X-Ray SDK with the application and use X-Ray annotation", + "is_correct": false, + "explaination": "Instrumentation is required, but the daemon must also be installed to send data to X-Ray from EC2." + }, + { + "label": "Install the X-Ray daemon and instrument the application code", + "is_correct": true, + "explaination": "On EC2, X-Ray tracing requires both application instrumentation and the X-Ray daemon to collect and send trace segments." + }, + { + "label": "Install the X-Ray daemon and configure it to forward data to Amazon CloudWatch Events", + "is_correct": false, + "explaination": "The X-Ray daemon sends trace data to AWS X-Ray, not to CloudWatch Events." + }, + { + "label": "Deploy the X-Ray SDK with the application and instrument the application code", + "is_correct": false, + "explaination": "Instrumentation alone is not enough on EC2 without the X-Ray daemon." + } + ] + }, + { + "question": "A Developer is creating an Auto Scaling group whose instances need to publish a custom metric to Amazon CloudWatch. Which method would be the MOST secure way to authenticate a CloudWatch PUT request?", + "possible_answers": [ + { + "label": "Create an IAM user with `PutMetricData` permission and put the user credentials in a private repository; have applications pull the credentials as needed", + "is_correct": false, + "explaination": "Storing IAM user credentials in a repository is not a secure best practice." + }, + { + "label": "Create an IAM user with `PutMetricData` permission, and modify the Auto Scaling launch configuration to inject the user credentials into the instance user data", + "is_correct": false, + "explaination": "Injecting long-lived credentials through user data is less secure than using instance roles." + }, + { + "label": "Modify the CloudWatch metric policies to allow the `PutMetricData` permission to instances from the Auto Scaling group", + "is_correct": false, + "explaination": "Permissions are granted through IAM roles and policies, not through a CloudWatch metric policy mechanism like this." + }, + { + "label": "Create an IAM role with `PutMetricData` permission and modify the Auto Scaling launching configuration to launch instances using that role", + "is_correct": true, + "explaination": "Using an EC2 instance profile role is the most secure approach because it avoids static credentials and provides temporary credentials automatically." + } + ] + }, + { + "question": "A Developer is working on an application that tracks hundreds of millions of product reviews in an Amazon DynamoDB table. The records include the data elements shown in the table. Which field, when used as the partition key, would result in the MOST consistent performance using DynamoDB?\n```\nName,Type,Description\nreviewID,Number,16 digit UUID\nstarRating,Number,Integer 1-5 of user rating\ncomment,String,User comment string\nproductID,Number,Product ID being reviewed\n```", + "possible_answers": [ + { + "label": "`starRating`", + "is_correct": false, + "explaination": "Star ratings have low cardinality, which can create hot partitions and uneven workload distribution." + }, + { + "label": "`reviewID`", + "is_correct": true, + "explaination": "A unique, high-cardinality field like reviewID distributes data and traffic evenly across partitions, resulting in more consistent performance." + }, + { + "label": "`comment`", + "is_correct": false, + "explaination": "Comments are unsuitable as partition keys because they are large, unstructured, and not ideal for even access distribution." + }, + { + "label": "`productID`", + "is_correct": false, + "explaination": "Some products are likely far more popular than others, which can lead to uneven access and hot partitions." + } + ] + }, + { + "question": "A development team consists of 10 team members. Similar to a home directory for each team member, the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username `TeamMemberX`, the snippet of the IAM policy looks like this. Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?```\n{\n\"Sid\": \"AllowS3ActionToFolders\",\n\"Effect\": \"Allow\",\n\"Action\": [\"s3:*\"],\n\"Resource\": [\"arn:aws:s3:::company-name/home/TeamMemberX/*\"]\n}\n```", + "possible_answers": [ + { + "label": "Use IAM policy condition", + "is_correct": false, + "explaination": "Conditions can help restrict access, but the generic substitution of the username into the resource path is done with policy variables." + }, + { + "label": "Use IAM policy principal", + "is_correct": false, + "explaination": "Principal identifies who the policy applies to, but does not make the policy path generic by username." + }, + { + "label": "Use IAM policy variables", + "is_correct": true, + "explaination": "IAM policy variables such as `${aws:username}` allow a single generic policy to map each user to their own S3 folder." + }, + { + "label": "Use IAM policy resource", + "is_correct": false, + "explaination": "The resource element defines the target, but policy variables are the feature that makes it dynamic for all users." + } + ] + }, + { + "question": "A company needs to encrypt data at rest, but it wants to leverage an AWS managed service using its own master key. Which of the following AWS service can be used to meet these requirements?", + "possible_answers": [ + { + "label": "SSE with Amazon S3", + "is_correct": false, + "explaination": "SSE-S3 uses Amazon S3-managed keys, not the customer's own managed master key." + }, + { + "label": "SSE with AWS KMS", + "is_correct": true, + "explaination": "SSE-KMS lets the company use a customer-managed KMS key while AWS manages the encryption service infrastructure." + }, + { + "label": "Client-side encryption", + "is_correct": false, + "explaination": "Client-side encryption can use customer-controlled keys, but it does not leverage an AWS-managed encryption service in the same way." + }, + { + "label": "AWS IAM roles and policies", + "is_correct": false, + "explaination": "IAM roles and policies control access, not data encryption at rest." + } + ] + }, + { + "question": "A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles. What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams? (Select TWO)", + "possible_answers": [ + { + "label": "Use the AWS CLI to retrieve the IAM group", + "is_correct": false, + "explaination": "Retrieving an IAM group does not verify whether the role can perform the specific Kinesis action." + }, + { + "label": "Query Amazon EC2 metadata for in-line IAM policies", + "is_correct": false, + "explaination": "Instance metadata provides role credentials, not a direct verification of effective policy permissions in this way." + }, + { + "label": "Request a token from AWS STS, and perform a describe action", + "is_correct": false, + "explaination": "STS may provide credentials, but this is not the clearest verification method compared to the available best-practice options." + }, + { + "label": "Perform a get action using the `--dry-run` argument", + "is_correct": true, + "explaination": "A dry-run style permission check can be used to validate whether the principal is authorized without fully performing the action, where supported." + }, + { + "label": "Validate the IAM role policy with the IAM policy simulator", + "is_correct": true, + "explaination": "The IAM policy simulator is designed to test whether a role is allowed to perform specific AWS API actions." + } + ] + }, + { + "question": "A company wants to implement a continuous integration for its workloads on AWS. The company wants to trigger unit test in its pipeline for commits-on its code repository, and wants to be notified of failure events in the pipeline. How can these requirements be met?", + "possible_answers": [ + { + "label": "Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon SNS to trigger notifications of failure events", + "is_correct": true, + "explaination": "CodeCommit can store the source, CodePipeline can orchestrate CI actions like unit tests, and SNS can notify on failures." + }, + { + "label": "Store the source code in GitHub. Create a CodePipeline to automate unit testing. Use Amazon SES to trigger notifications of failure events", + "is_correct": false, + "explaination": "This could partly work, but SNS is the standard service for pipeline failure notifications and the selected answer aligns best with native AWS CI tooling." + }, + { + "label": "Store the source code on GitHub. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notifications of failure events", + "is_correct": false, + "explaination": "CloudWatch can observe events, but SNS is the direct notification service typically used for pipeline alerts." + }, + { + "label": "Store the source code in AWS CodeCommit. Create a CodePipeline to automate unit testing. Use Amazon CloudWatch to trigger notification of failure events", + "is_correct": false, + "explaination": "CloudWatch is not itself the notification endpoint; SNS is the more appropriate service to send notifications." + } + ] + }, + { + "question": "An application takes 40 seconds to process instructions received in an Amazon SQS message. Assuming the SQS queue is configured with the default `VisibilityTimeout` value, what is the BEST way, upon receiving a message, to ensure that no other instances can retrieve a message that has already been processed or is currently being processed?", + "possible_answers": [ + { + "label": "Use the `ChangeMessageVisibility` API to increase the `VisibilityTimeout`, then use the `DeleteMessage` API to delete the message", + "is_correct": true, + "explaination": "The default SQS visibility timeout is 30 seconds, which is less than the 40-second processing time. Increasing it prevents duplicate processing, and deleting the message after success removes it from the queue." + }, + { + "label": "Use the `DeleteMessage` API call to delete the message from the queue, then call `DeleteQueue` API to remove the queue", + "is_correct": false, + "explaination": "Deleting the queue is unrelated and clearly not appropriate for normal message processing." + }, + { + "label": "Use the `ChangeMessageVisibility` API to decrease the timeout value, then use the `DeleteMessage` API to delete the message", + "is_correct": false, + "explaination": "Decreasing the timeout makes duplicate processing more likely." + }, + { + "label": "Use the `DeleteMessageVisibility` API to cancel the `VisibilityTimeout`, then use the `DeleteMessage` API to delete the message", + "is_correct": false, + "explaination": "There is no `DeleteMessageVisibility` API for this purpose." + } + ] + }, + { + "question": "A Developer is developing an application that manages financial transactions. To improve security, multi-factor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?", + "possible_answers": [ + { + "label": "Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes", + "is_correct": false, + "explaination": "These services can be used in custom implementations, but the managed service purpose-built for this requirement is Cognito." + }, + { + "label": "Amazon Cognito with MFA", + "is_correct": true, + "explaination": "Amazon Cognito user pools support MFA as a built-in authentication feature." + }, + { + "label": "AWS Directory Service", + "is_correct": false, + "explaination": "Directory Service is not the simplest or best managed option for application user MFA flows." + }, + { + "label": "AWS IAM with MFA enabled", + "is_correct": false, + "explaination": "IAM MFA is for AWS account and console/API access, not end-user login to a custom application." + } + ] + }, + { + "question": "A Developer is writing transactions into a DynamoDB table called `SystemUpdates` that has 5 write capacity units. Which option has the highest read throughput?", + "possible_answers": [ + { + "label": "Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size", + "is_correct": true, + "explaination": "Eventually consistent reads consume half the read capacity of strongly consistent reads for the same item size, giving higher effective throughput." + }, + { + "label": "Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size", + "is_correct": false, + "explaination": "Strongly consistent reads provide lower throughput than eventually consistent reads for the same number of RCUs." + }, + { + "label": "Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size", + "is_correct": false, + "explaination": "Although this seems larger numerically, the selected answer follows the given answer key. The exam focus is the consistency model effect: eventual consistency provides the highest effective throughput." + }, + { + "label": "Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size", + "is_correct": false, + "explaination": "Strong consistency consumes more capacity than eventual consistency." + } + ] + }, + { + "question": "A Developer has created an S3 bucket` s3://mycoolapp` and has enabled server across logging that points to the folder `s3://mycoolapp/logs`. The Developer moved 100 KB of Cascading Style Sheets (CSS) documents to the folder `s3://mycoolapp/css`, and then stopped work. When the developer came back a few days later, the bucket was 50 GB. What is the MOST likely cause of this situation?", + "possible_answers": [ + { + "label": "The CSS files were not compressed and S3 versioning was enabled", + "is_correct": false, + "explaination": "This would not explain explosive bucket growth to 50 GB from only 100 KB of CSS." + }, + { + "label": "S3 replication was enabled on the bucket", + "is_correct": false, + "explaination": "Replication duplicates objects, but does not by itself explain runaway growth from access logs." + }, + { + "label": "Logging into the same bucket caused exponential log growth", + "is_correct": true, + "explaination": "If server access logging targets the same bucket, the access log writes themselves can generate additional logs, causing recursive growth." + }, + { + "label": "An S3 lifecycle policy has moved the entire CSS file to S3 Infrequent Access", + "is_correct": false, + "explaination": "Lifecycle transitions change storage class, not total data size in this runaway way." + } + ] + }, + { + "question": "A Developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster. How should the application authenticate with AWS services in production?", + "possible_answers": [ + { + "label": "Configure an ECS task IAM role for the application to use", + "is_correct": true, + "explaination": "An ECS task role is the recommended way to provide temporary AWS credentials to a containerized application in production." + }, + { + "label": "Refactor the application to call AWS STS `AssumeRole` based on an instance role", + "is_correct": false, + "explaination": "This adds unnecessary complexity when ECS task roles already provide the correct least-privilege mechanism." + }, + { + "label": "Configure AWS access `key/secret` access key environment variables with new credentials", + "is_correct": false, + "explaination": "Using static credentials in environment variables is less secure than task roles." + }, + { + "label": "Configure the credentials file with a new access `key/secret` access key", + "is_correct": false, + "explaination": "Storing static keys in the container is not the recommended production pattern." + } + ] + }, + { + "question": "A company is using AWS CodeBuild to compile a website from source code stored in AWS CodeCommit. A recent change to the source code has resulted in the CodeBuild project being unable to successfully compile the website. How should the Developer identify the cause of the failures?", + "possible_answers": [ + { + "label": "Modify the `buildspec.yml` file to include steps to send the output of build commands to Amazon CloudWatch", + "is_correct": false, + "explaination": "CodeBuild already provides build logs, so adding extra logging is unnecessary for initial troubleshooting." + }, + { + "label": "Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration", + "is_correct": false, + "explaination": "X-Ray is not the primary tool for identifying why a build failed to compile." + }, + { + "label": "Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history", + "is_correct": true, + "explaination": "CodeBuild logs show the output of each build phase and are the best place to diagnose compile failures." + }, + { + "label": "Manually re-run the build process on a local machine so that the output can be visualized", + "is_correct": false, + "explaination": "Local reproduction can help later, but the first and most direct place to investigate is the CodeBuild logs." + } + ] + }, + { + "question": "For a deployment using AWS CodeDeploy, what is the run order of the hooks for in-place deployments?", + "possible_answers": [ + { + "label": "Before Install -> Application Stop -> Application Start -> After Install", + "is_correct": false, + "explaination": "This order is incorrect because ApplicationStop occurs before installation lifecycle events." + }, + { + "label": "Application Stop -> Before Install -> After Install -> Application Start", + "is_correct": true, + "explaination": "For an in-place CodeDeploy deployment, the relevant lifecycle ordering begins with ApplicationStop, then BeforeInstall, AfterInstall, and ApplicationStart." + }, + { + "label": "Before Install -> Application Stop -> Validate Service -> Application Start", + "is_correct": false, + "explaination": "This does not follow the correct CodeDeploy lifecycle ordering." + }, + { + "label": "Application Stop -> Before Install -> Validate Service -> Application Start", + "is_correct": false, + "explaination": "AfterInstall must occur before ApplicationStart and ValidateService comes later." + } + ] + }, + { + "question": "A Developer executed a AWS CLI command and received the error shown below. What action should the Developer perform to make this error human-readable?```\nA client error (UnauthorizedOperation) occurred when calling the RunInstances operation:\nYou are not authorized to perform this operation. Encoded authorization failure message:\noGsbAaIV7w1fj8zUqebHUANHzFbmkzILLxyj__y9xwhIHk99U_cUq1FIeZnskWDjQ1wSHStVfdCEyZILGoccGpCiC\nIhORceWF9rRwFTnEcRJ3N9iTrPAE1WHveC5Z54ALPaWlEjHlLg8CaB8d81CKmxQuylCm0r1Bf2fHJRUAyopMvmga\n8o1FmKAl9yn_Z5rI120Q9p5ZIMX28zYM4dTu1cJQUQjosgrEejfiIMYdda817Ooko9H6VmGJX62KfkRa517yE6hhh\n2bIwA6tpyCJy2LWFRTe4bafqAyoqkarhPA4mGiZyWn4gSqbO8o-\nuqSIvWYPweaKGkampa0arcFR4gBD7Ph097WYBkzX9hVjGppLMy4jpXRv\n```", + "possible_answers": [ + { + "label": "Make a call to AWS KMS to decode the message", + "is_correct": false, + "explaination": "Authorization failure messages are not decoded with KMS." + }, + { + "label": "Use the AWS STS `decode-authorization-message` API to decode the message", + "is_correct": true, + "explaination": "STS provides the `DecodeAuthorizationMessage` API specifically for making encoded authorization failure messages readable." + }, + { + "label": "Use an open source decoding library to decode the message", + "is_correct": false, + "explaination": "This AWS-specific encoded authorization message should be decoded using the STS API." + }, + { + "label": "Use the AWS IAM `decode-authorization-message` API to decode this message", + "is_correct": false, + "explaination": "This API is part of AWS STS, not IAM." + } + ] + }, + { + "question": "A Developer uses AWS CodeDeploy to automate application deployment that connects to an external MySQL database. The Developer wants to securely access the encrypted secrets, such as API keys and database passwords. Which of the following solutions would involve the LEAST administrative effort?", + "possible_answers": [ + { + "label": "Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from Amazon EC2 instances", + "is_correct": false, + "explaination": "This works but requires more custom management than using a dedicated secret management service." + }, + { + "label": "Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances", + "is_correct": false, + "explaination": "Instance metadata is not a secret storage mechanism." + }, + { + "label": "Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets from EC2 instances", + "is_correct": false, + "explaination": "This adds complexity and administrative overhead compared to a managed parameter or secret store." + }, + { + "label": "Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances", + "is_correct": true, + "explaination": "Systems Manager Parameter Store securely stores secrets and integrates with IAM, requiring minimal administration." + } + ] + }, + { + "question": "An application stops working with the following error: `The specified bucket does not exist`. Where is the BEST place to start the root cause analysis?", + "possible_answers": [ + { + "label": "Check the Elastic Load Balancer logs for `DeleteBucket` requests", + "is_correct": false, + "explaination": "Elastic Load Balancer logs do not record S3 bucket deletion API calls." + }, + { + "label": "Check the application logs in Amazon CloudWatch Logs for Amazon S3 `DeleteBucket` errors", + "is_correct": false, + "explaination": "Application logs might show downstream errors, but they are not the authoritative source for who deleted a bucket." + }, + { + "label": "Check AWS X-Ray for Amazon S3 `DeleteBucket` alarms", + "is_correct": false, + "explaination": "X-Ray traces application requests and is not the primary source for auditing S3 bucket deletion events." + }, + { + "label": "Check AWS CloudTrail for a `DeleteBucket` event", + "is_correct": true, + "explaination": "CloudTrail records AWS API activity, including S3 bucket deletion events, making it the best place to begin root cause analysis." + } + ] + }, + { + "question": "A Developer will be using the AWS CLI on a local development server to manage AWS services. What can be done to ensure that the CLI uses the Developer's IAM permissions when making commands?", + "possible_answers": [ + { + "label": "Specify the Developer's IAM access key ID and secret access key as parameters for each CLI command", + "is_correct": false, + "explaination": "This would work technically, but it is not the standard or simplest way to configure the CLI." + }, + { + "label": "Run the `aws configure` CLI command, and provide the Developer's IAM access key ID and secret access key", + "is_correct": true, + "explaination": "The AWS CLI uses the configured IAM user's credentials from `aws configure`, so commands will run with that user's permissions." + }, + { + "label": "Specify the Developer's IAM user name and password as parameters for each CLI command", + "is_correct": false, + "explaination": "The AWS CLI authenticates with access keys, not IAM username and password." + }, + { + "label": "Use the Developer's IAM role when making the CLI command", + "is_correct": false, + "explaination": "IAM roles are not directly used from a local server in this generic way unless role assumption is explicitly configured." + } + ] + }, + { + "question": "An application stores images in an S3 bucket. Amazon S3 event notifications are used to trigger a Lambda function that resizes the images. Processing each image takes less than a second. How will AWS Lambda handle the additional traffic?", + "possible_answers": [ + { + "label": "Lambda will scale out to execute the requests concurrently", + "is_correct": true, + "explaination": "AWS Lambda automatically scales horizontally by running multiple concurrent executions in response to event volume." + }, + { + "label": "Lambda will handle the requests sequentially in the order received", + "is_correct": false, + "explaination": "Lambda is not limited to sequential processing for independent S3-triggered events." + }, + { + "label": "Lambda will process multiple images in a single execution", + "is_correct": false, + "explaination": "Each S3 event notification normally triggers an individual Lambda invocation for the corresponding event payload." + }, + { + "label": "Lambda will add more compute to each execution to reduce processing time", + "is_correct": false, + "explaination": "Lambda scales primarily by increasing concurrency, not by automatically increasing compute resources per invocation." + } + ] + }, + { + "question": "A company is building a stock trading application that requires sub-millisecond latency in processing trading requests. Amazon DynamoDB is used to store all the trading data that is used to process each request. After load testing the application, the development team found that due to data retrieval times, the latency requirement is not satisfied. Because of sudden high spikes in the number of requests, DynamoDB read capacity has to be significantly over-provisioned to avoid throttling. What steps should be taken to meet latency requirements and reduce the cost of running the application?", + "possible_answers": [ + { + "label": "Add Global Secondary Indexes for trading data", + "is_correct": false, + "explaination": "GSIs improve query flexibility, but they do not provide the ultra-low read latency cache layer needed here." + }, + { + "label": "Store trading data in Amazon S3 and use Transfer Acceleration", + "is_correct": false, + "explaination": "S3 is not suitable for sub-millisecond request processing of trading data." + }, + { + "label": "Add retries with exponential back-off for DynamoDB queries", + "is_correct": false, + "explaination": "Retries help with throttling but do not reduce latency or remove the need to overprovision reads." + }, + { + "label": "Use DynamoDB Accelerator to cache trading data", + "is_correct": true, + "explaination": "DAX provides in-memory caching for DynamoDB with microsecond to single-digit millisecond reads, helping reduce latency and read capacity costs." + } + ] + }, + { + "question": "A Developer created a Lambda function for a web application backend. When testing the Lambda function from the AWS Lambda console, the Developer can see that the function is being executed, but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes. What could cause this situation?", + "possible_answers": [ + { + "label": "The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs", + "is_correct": false, + "explaination": "Even without custom logging statements, Lambda normally writes START, END, and REPORT lines if permissions are correct." + }, + { + "label": "The Lambda function is missing CloudWatch Logs as a source trigger to send log data", + "is_correct": false, + "explaination": "CloudWatch Logs is not configured as a trigger for Lambda logging. Lambda writes logs there automatically through its execution role." + }, + { + "label": "The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs", + "is_correct": true, + "explaination": "If the Lambda execution role lacks CloudWatch Logs permissions, the function can still run but cannot create log streams or publish log events." + }, + { + "label": "The Lambda function is missing a target CloudWatch Log group", + "is_correct": false, + "explaination": "Lambda creates and uses its log group automatically when permissions are available." + } + ] + }, + { + "question": "A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not availableWhich of the following could create this situation? (Choose TWO)", + "possible_answers": [ + { + "label": "The traces are reaching X-Ray, but the Developer does not have access to view the records", + "is_correct": false, + "explaination": "This could affect visibility in the console, but the more likely deployment-related causes are missing daemon installation and missing write permissions." + }, + { + "label": "The X-Ray daemon is not installed on the EC2 instance", + "is_correct": true, + "explaination": "Applications on EC2 typically send trace data to the local X-Ray daemon, so missing the daemon prevents trace delivery." + }, + { + "label": "The X-Ray endpoint specified in the application configuration is incorrect", + "is_correct": false, + "explaination": "Possible in theory, but the standard required deployment components on EC2 are the daemon and IAM permissions." + }, + { + "label": "The instance role does not have `xray:BatchGetTraces` and `xray:GetTraceGraph` permissions.The instance role does not have `xray:PutTraceSegments` and `xray:PutTelemetryRecords` permissions", + "is_correct": false, + "explaination": "Read permissions are not what the application needs to send traces. The key missing permissions are the write permissions." + }, + { + "label": "The instance role does not have `xray:PutTraceSegments` and `xray:PutTelemetryRecords` permissions", + "is_correct": true, + "explaination": "The EC2 instance role must allow the X-Ray daemon or application to publish trace segments and telemetry to AWS X-Ray." + } + ] + }, + { + "question": "An application has hundreds of users. Each user may use multiple devices to access the application. The Developer wants to assign unique identifiers to these users regardless of the device they use. Which of the following methods should be used to obtain unique identifiers?", + "possible_answers": [ + { + "label": "Create a user table in Amazon DynamoDB as key-value pairs of users and their devices. Use these keys as unique identifiers", + "is_correct": false, + "explaination": "This would require custom identity management and is not the managed identity solution intended for this use case." + }, + { + "label": "Use IAM-generated access key IDs for the users as the unique identifier, but do not store secret keys", + "is_correct": false, + "explaination": "IAM access keys are for AWS principals, not for end-user identity across devices." + }, + { + "label": "Implement developer-authenticated identities by using Amazon Cognito, and get credentials for these identities", + "is_correct": true, + "explaination": "Amazon Cognito developer-authenticated identities provide stable unique identities that can be associated with a user across multiple devices." + }, + { + "label": "Assign IAM users and roles to the users. Use the unique IAM resource ID as the unique identifier", + "is_correct": false, + "explaination": "IAM users are not intended to represent large numbers of application end users." + } + ] + }, + { + "question": "What are the steps to using the AWS CLI to launch a templatized serverless application?", + "possible_answers": [ + { + "label": "Use AWS CloudFormation get-template then CloudFormation execute-change-set", + "is_correct": false, + "explaination": "This does not describe the packaging and deployment workflow needed for serverless templates with local artifacts." + }, + { + "label": "Use AWS CloudFormation validate-template then CloudFormation create-change-set", + "is_correct": false, + "explaination": "Validation and change sets are useful, but the serverless application still needs packaging and deployment." + }, + { + "label": "Use AWS CloudFormation package then CloudFormation deploy", + "is_correct": true, + "explaination": "For templatized serverless applications with local code artifacts, the standard CLI workflow is to package artifacts to S3 and then deploy the stack." + }, + { + "label": "Use AWS CloudFormation create-stack then CloudFormation update-stack", + "is_correct": false, + "explaination": "This does not handle local artifact packaging, which is necessary for many serverless deployments." + } + ] + }, + { + "question": "A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket. After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account. What is the MOST likely cause of this situation?", + "possible_answers": [ + { + "label": "An IAM inline policy is being used on the IAM role", + "is_correct": false, + "explaination": "Whether the role uses inline or managed policies is not the main cause of still having broad access." + }, + { + "label": "An IAM managed policy is being used on the IAM role", + "is_correct": false, + "explaination": "A managed policy on the role would still apply role-based restrictions, but does not explain why the host can still access all buckets." + }, + { + "label": "The AWS CLI is corrupt and needs to be reinstalled", + "is_correct": false, + "explaination": "CLI corruption is not a realistic explanation for the permission behavior described." + }, + { + "label": "The AWS credential provider looks for instance profile credentials last", + "is_correct": true, + "explaination": "If environment variables still contain broader static credentials, the AWS CLI credential provider chain will use them before the instance profile credentials." + } + ] + }, + { + "question": "An application overwrites an object in Amazon S3, and then immediately reads the same object. Why would the application sometimes retrieve the old version of the object?", + "possible_answers": [ + { + "label": "S3 overwrite PUTS are eventually consistent, so the application may read the old object", + "is_correct": true, + "explaination": "Overwrites to existing S3 objects have historically been eventually consistent in exam scenarios, so an immediate read can return the old version." + }, + { + "label": "The application needs to add extra metadata to label the latest version when uploading to Amazon S3", + "is_correct": false, + "explaination": "Extra metadata is not what controls S3 read-after-overwrite behavior." + }, + { + "label": "All S3 PUTS are eventually consistent, so the application may read the old object", + "is_correct": false, + "explaination": "The specific issue in this exam context is overwrite behavior, not all PUT operations in general." + }, + { + "label": "The application needs to explicitly specify latest version when retrieving the object", + "is_correct": false, + "explaination": "Specifying a version only applies if versioning is enabled and does not address the consistency behavior described." + } + ] + }, + { + "question": "An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file. How should the Developer code the application?", + "possible_answers": [ + { + "label": "Use the `KMS Encrypt` API to encrypt the data. Store the encrypted data key and data", + "is_correct": false, + "explaination": "KMS Encrypt is not intended for directly encrypting large video files. Envelope encryption with data keys is the correct approach." + }, + { + "label": "Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data", + "is_correct": false, + "explaination": "This does not provide secure centralized key management or unique managed keys per file." + }, + { + "label": "Use the `KMS GenerateDataKey` API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data", + "is_correct": true, + "explaination": "This is the standard envelope encryption pattern: generate a unique data key per file, use it to encrypt the file, and store the encrypted data key alongside the encrypted data." + }, + { + "label": "Upload the data to an S3 bucket using server side-encryption with an AWS KMS key", + "is_correct": false, + "explaination": "The requirement is to encrypt within the application prior to storage, which implies client-side encryption." + } + ] + }, + { + "question": "A developer is testing an application that invokes an AWS Lambda function asynchronously. During the testing phase, the Lambda function fails to process after two retries. How can the developer troubleshoot the failure?", + "possible_answers": [ + { + "label": "Configure AWS CloudTrail logging to investigate the invocation failures", + "is_correct": false, + "explaination": "CloudTrail logs API activity, but it is not the primary mechanism for capturing failed asynchronous event payloads." + }, + { + "label": "Configure Dead Letter Queues by sending events to Amazon SQS for investigatio", + "is_correct": true, + "explaination": "A dead-letter queue captures failed asynchronous Lambda invocations after retries are exhausted, making troubleshooting easier." + }, + { + "label": "Configure Amazon Simple Workflow Service to process any direct unprocessed events", + "is_correct": false, + "explaination": "SWF is not the standard solution for Lambda async failure troubleshooting." + }, + { + "label": "Configure AWS Config to process any direct unprocessed events", + "is_correct": false, + "explaination": "AWS Config tracks resource configuration changes, not failed Lambda event payloads." + } + ] + }, + { + "question": "A developer is setting up Amazon API Gateway for their company's products. The API will be used by registered developers to query and update their environments. The company wants to limit the amount of requests end users can send for both cost and security reasons. Management wants to offer registered developers the option of buying larger packages that allow for more requests. How can the developer accomplish this with the LEAST amount of overhead management?", + "possible_answers": [ + { + "label": "Enable throttling for the API Gateway stage. Set a value for both the rate and burst capacity. If a registered user chooses a larger package, create a stage for them, adjust the values, and share the new URL with them", + "is_correct": false, + "explaination": "Managing separate stages and URLs per customer would create unnecessary operational overhead." + }, + { + "label": "Set up Amazon CloudWatch API logging in API Gateway. Create a filter based on the user and requestTime fields and create an alarm on this filter. Write an AWS Lambda function to analyze the values and requester information, and respond accordingly. Set up the function as the target for the alarm. If a registered user chooses a larger package, update the Lambda code with the values", + "is_correct": false, + "explaination": "This is an overly complex custom solution compared to built-in API Gateway usage plans." + }, + { + "label": "Enable Amazon CloudWatch metrics for the API Gateway stage. Set up CloudWatch alarms based off the Count metric and the ApiName, Method, Resource, and Stage dimensions to alerts when request rates pass the threshold. Set the alarm action to `Deny`. If a registered user chooses a larger package, create a user-specific alarm and adjust the values", + "is_correct": false, + "explaination": "CloudWatch alarms are not the intended built-in customer throttling and quota mechanism for API Gateway." + }, + { + "label": "Set up a default usage plan, specify values for the rate and burst capacity, and associate it with a stage. If a registered user chooses a larger package, create a custom plan with the appropriate values and associate the plan with the user", + "is_correct": true, + "explaination": "API Gateway usage plans are the native way to apply throttling and quotas per API key with low management overhead." + } + ] + }, + { + "question": "A developer is refactoring a monolithic application. The application takes a POST request and performs several operations. Some of the operations are in parallel while others run sequentially. These operations have been refactored into individual AWS Lambda functions. The POST request will be processed by Amazon API Gateway. How should the developer invoke the Lambda functions in the same sequence using API Gateway?", + "possible_answers": [ + { + "label": "Use Amazon SQS to invoke the Lambda functions", + "is_correct": false, + "explaination": "SQS is useful for decoupling but does not directly orchestrate sequential and parallel workflow logic." + }, + { + "label": "Use an AWS Step Functions activity to run the Lambda functions", + "is_correct": false, + "explaination": "Step Functions activities are not the standard choice for orchestrating Lambda functions in this pattern." + }, + { + "label": "Use Amazon SNS to trigger the Lambda functions", + "is_correct": false, + "explaination": "SNS can fan out messages but does not manage coordinated sequential-plus-parallel execution flow." + }, + { + "label": "Use an AWS Step Functions state machine to orchestrate the Lambda functions", + "is_correct": true, + "explaination": "Step Functions is purpose-built for orchestrating Lambda workflows with both sequential and parallel steps." + } + ] + }, + { + "question": "A company is adding stored value (or gift card) capability to its highly popular casual gaming website. Users need to be able to trade this value for other users' items on the platform. This would require both users' records be updated as a single transaction, or both users' records to be completely rolled back. Which AWS database options can provide the transactional capability required for this new feature? (Choose TWO)", + "possible_answers": [ + { + "label": "Amazon DynamoDB with operations made with the `ConsistentRead` parameter set to `true`", + "is_correct": false, + "explaination": "Strongly consistent reads do not provide transactional multi-item write guarantees." + }, + { + "label": "Amazon ElastiCache for Memcached with operations made within a transaction block", + "is_correct": false, + "explaination": "Memcached is a cache and does not provide transactional database behavior." + }, + { + "label": "Amazon Aurora MySQL with operations made within a transaction block", + "is_correct": true, + "explaination": "Aurora MySQL supports relational transactions and can update multiple records atomically." + }, + { + "label": "Amazon DynamoDB with reads and writes made using `Transact*` operations", + "is_correct": true, + "explaination": "DynamoDB transactional APIs such as `TransactWriteItems` provide ACID semantics across multiple items." + }, + { + "label": "Amazon Redshift with operations made within a transaction block", + "is_correct": false, + "explaination": "Redshift is an analytics data warehouse and not the appropriate transactional store for this feature." + } + ] + }, + { + "question": "A developer is creating an AWS Lambda function that generates a new file each time it runs. Each new file must be checked into an AWS CodeCommit repository hosted in the same AWS account. How should the developer accomplish this?", + "possible_answers": [ + { + "label": "When the Lambda function starts, use the Git CLI to clone the repository. Check the new file into the cloned repository and push the change", + "is_correct": false, + "explaination": "This is heavier than needed and requires bundling Git and managing repository state inside Lambda." + }, + { + "label": "After the new file is created in Lambda, use cURL to invoke the CodeCommit API. Send the file to the repository", + "is_correct": false, + "explaination": "Using raw HTTP calls with cURL is unnecessarily low-level and not the intended managed approach." + }, + { + "label": "Use an AWS SDK to instantiate a CodeCommit client. Invoke the `put_file` method to add the file to the repository", + "is_correct": true, + "explaination": "The AWS SDK provides direct CodeCommit APIs like `put_file`, which is the simplest and most Lambda-friendly way to add a file to a repository." + }, + { + "label": "Upload the new to an Amazon S3 bucket. Create an AWS Step Function to accept S3 events. In the Step Function, add the new file to the repository", + "is_correct": false, + "explaination": "This adds unnecessary services and complexity for a task the Lambda function can perform directly." + } + ] + }, + { + "question": "A developer must ensure that the IAM credentials used by an application in Amazon EC2 are not misused or compromised. What should the developer use to keep user credentials secure?", + "possible_answers": [ + { + "label": "Environment variables", + "is_correct": false, + "explaination": "Environment variables can still expose long-lived credentials and are not the most secure approach." + }, + { + "label": "AWS credentials file", + "is_correct": false, + "explaination": "Storing credentials in a file on the instance is less secure than using a role." + }, + { + "label": "Instance profile credentials", + "is_correct": true, + "explaination": "Instance profiles provide temporary credentials through an IAM role, avoiding stored static secrets on the EC2 instance." + }, + { + "label": "Command line options", + "is_correct": false, + "explaination": "Passing credentials on the command line is insecure and can expose them in process history." + } + ] + }, + { + "question": "A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25,000 users and is growing. Information is pulled from an S3 bucket depending on the user type. Which approaches are recommended to provide access to both user types? (Choose TWO)", + "possible_answers": [ + { + "label": "Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects", + "is_correct": false, + "explaination": "Embedding access keys in application code is insecure and not scalable." + }, + { + "label": "Use S3 bucket policies to restrict read access to specific IAM users", + "is_correct": false, + "explaination": "Creating IAM users at large scale for app users is not the recommended design." + }, + { + "label": "Use Amazon Cognito to provide access using authenticated and unauthenticated roles", + "is_correct": true, + "explaination": "Cognito identity pools can grant different IAM roles to authenticated and guest users, which is ideal for this scenario." + }, + { + "label": "Create a new IAM user for each user and grant read access", + "is_correct": false, + "explaination": "IAM users are not intended for large populations of application end users." + }, + { + "label": "Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) `AssumeRole` action depending on the type of user and provide read access to Amazon S3 using the assumed role", + "is_correct": true, + "explaination": "Assuming different IAM roles through STS is a valid way to provide differentiated temporary access based on user type." + } + ] + }, + { + "question": "A company has 25,000 employees and is growing. The company is creating an application that will be accessible to its employees only. A developer is using Amazon S3 to store images and Amazon RDS to store application data. The company requires that all employee information remain in the legacy Security Assertion Markup Language (SAML) employee directory only and is not interested in mirroring any employee information on AWS. How can the developer provide authorized access for the employees who will be using this application so each employee can access their own application data only?", + "possible_answers": [ + { + "label": "Use Amazon VPC and keep all resources inside the VPC, and use a VPC link for the S3 bucket with the bucket policy", + "is_correct": false, + "explaination": "This does not address employee authentication through SAML or identity-based per-user authorization." + }, + { + "label": "Use Amazon Cognito user pools, federate with the SAML provider, and use user pool groups with an IAM policy", + "is_correct": false, + "explaination": "The requirement says employee information should remain only in the legacy SAML directory and not be mirrored in AWS." + }, + { + "label": "Use an Amazon Cognito identity pool, federate with the SAML provider, and use an IAM condition key with a value for the `cognito-identity.amazonaws.com:sub` variable to grant access to the employees", + "is_correct": true, + "explaination": "An identity pool can federate with the external SAML IdP without mirroring user data and can enforce per-user access using identity-based condition keys." + }, + { + "label": "Create a unique IAM role for each employee and have each employee assume the role to access the application so they can access their personal data only", + "is_correct": false, + "explaination": "Creating a separate IAM role per employee is not scalable for 25,000 users." + } + ] + }, + { + "question": "A company has developed a new serverless application using AWS Lambda functions that will be deployed using the AWS Serverless Application Model (AWS SAM) CLI. Which step should the developer complete prior to deploying the application?", + "possible_answers": [ + { + "label": "Compress the application to a `.zip` file and upload it into AWS Lambda", + "is_correct": false, + "explaination": "Manual upload to Lambda is not the normal SAM deployment workflow." + }, + { + "label": "Test the new AWS Lambda function by first tracing it in AWS X-Ray", + "is_correct": false, + "explaination": "X-Ray testing is optional and unrelated to the prerequisite deployment step." + }, + { + "label": "Bundle the serverless application using a SAM package", + "is_correct": true, + "explaination": "Before deployment, SAM packaging uploads local artifacts and prepares the template for deployment." + }, + { + "label": "Create the application environment using the `eb create my-env` command", + "is_correct": false, + "explaination": "Elastic Beanstalk commands are unrelated to AWS SAM deployments." + } + ] + }, + { + "question": "An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on-premises data center, and the encryption is handled by S3. Which type of encryption should be used?", + "possible_answers": [ + { + "label": "Use server-side encryption with Amazon S3-managed keys", + "is_correct": false, + "explaination": "SSE-S3 uses keys managed by AWS, not keys managed in an on-premises data center." + }, + { + "label": "Use server-side encryption with AWS KMS-managed keys", + "is_correct": false, + "explaination": "SSE-KMS uses AWS KMS keys, not customer-provided on-premises keys." + }, + { + "label": "Use client-side encryption with customer master keys", + "is_correct": false, + "explaination": "This would have the client handle encryption, but the question specifies that S3 must handle the encryption." + }, + { + "label": "Use server-side encryption with customer-provided keys", + "is_correct": true, + "explaination": "SSE-C allows S3 to perform the encryption while the customer retains control of the encryption keys." + } + ] + }, + { + "question": "A development team is working on a mobile app that allows users to upload pictures to Amazon S3. The team expects the app will be used by hundreds of thousands of users during a single event simultaneously. Once the pictures are uploaded, the backend service will scan and parse the pictures for inappropriate content. Which approach is the MOST resilient way to achieve this goal, which also smooths out temporary volume spikes for the backend service?", + "possible_answers": [ + { + "label": "Develop an AWS Lambda function to check the upload folder in the S3 bucket. If new uploaded pictures are detected, the Lambda function will scan and parse them", + "is_correct": false, + "explaination": "Polling S3 is inefficient and less resilient than event-driven processing." + }, + { + "label": "Once a picture is uploaded to Amazon S3, publish the event to an Amazon SQS queue. Use the queue as an event source to trigger an AWS Lambda function. In the Lambda function, scan and parse the picture", + "is_correct": true, + "explaination": "Using S3 events with SQS decouples ingestion from processing, smooths traffic spikes, and provides durable buffering before Lambda processing." + }, + { + "label": "When the user uploads a picture, invoke an API hosted in Amazon API Gateway. The API will invoke an AWS Lambda function to scan and parse the picture", + "is_correct": false, + "explaination": "This lacks the durable buffering needed to absorb huge spikes in uploads." + }, + { + "label": "Create a state machine in AWS Step Functions to check the upload folder in the S3 bucket. If a new picture is detected, invoke an AWS Lambda function to scan and parse it", + "is_correct": false, + "explaination": "This adds unnecessary orchestration and still relies on checking for new objects instead of using direct event-driven buffering." + } + ] + }, + { + "question": "A development team wants to run their container workloads on Amazon ECS. Each application container needs to share data with another container to collect logs and metrics. What should the developer team do to meet these requirements?", + "possible_answers": [ + { + "label": "Create two pod specifications. Make one to include the application container and the other to include the other container. Link the two pods together", + "is_correct": false, + "explaination": "Pods are a Kubernetes concept, not an Amazon ECS construct." + }, + { + "label": "Create two task definitions. Make one to include the application container and the other to include the other container. Mount a shared volume between the two tasks", + "is_correct": false, + "explaination": "Shared volumes are typically defined between containers in the same ECS task, not across separate tasks." + }, + { + "label": "Create one task definition. Specify both containers in the definition. Mount a shared volume between those two containers", + "is_correct": true, + "explaination": "Containers in the same ECS task can share a volume, which is the correct pattern for sidecar-style log and metric collection." + }, + { + "label": "Create a single pod specification. Include both containers in the specification. Mount a persistent volume to both containers", + "is_correct": false, + "explaination": "Again, pods are not part of ECS." + } + ] + }, + { + "question": "An ecommerce startup is preparing for an annual sales event. As the traffic to the company's application increases, the development team wants to be notified when the Amazon EC2 instance's CPU utilization exceeds 80%. Which solution will meet this requirement?", + "possible_answers": [ + { + "label": "Create a custom Amazon CloudWatch alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%", + "is_correct": true, + "explaination": "CloudWatch alarms can monitor EC2 CPUUtilization and send notifications through SNS when a threshold is crossed." + }, + { + "label": "Create a custom AWS Cloud Trail alarm that sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%", + "is_correct": false, + "explaination": "CloudTrail records API activity, not EC2 CPU utilization metrics." + }, + { + "label": "Create a cron job on the EC2 instance that executes the `–describe-instance-information` command on the host instance every 15 minutes and sends the results to an Amazon SNS topic", + "is_correct": false, + "explaination": "This is unnecessarily manual and does not use the built-in monitoring and alarming capabilities of CloudWatch." + }, + { + "label": "Create an AWS Lambda function that queries the AWS CloudTrail logs for the CPUUtilization metric every 15 minutes and sends a notification to an Amazon SNS topic when the CPU utilization exceeds 80%", + "is_correct": false, + "explaination": "CloudTrail does not contain CPU utilization metrics." + } + ] + }, + { + "question": "An application running on Amazon EC2 opens connections to an Amazon RDS SQL Server database. The developer does not want to store the user name and password for the database in the code. The developer would also like to automatically rotate the credentials. What is the MOST secure way to store and access the database credentials?", + "possible_answers": [ + { + "label": "Create an IAM role that has permissions to access the database. Attach the role to the EC2 instance", + "is_correct": false, + "explaination": "An IAM role alone does not store and rotate database usernames and passwords for RDS SQL Server." + }, + { + "label": "Use AWS Secrets Manager to store the credentials. Retrieve the credentials from Secrets Manager as needed", + "is_correct": true, + "explaination": "Secrets Manager is purpose-built for storing, retrieving, and automatically rotating database credentials securely." + }, + { + "label": "Store the credentials in an encrypted text file in an Amazon S3 bucket. Configure the EC2 instance's user data to download the credentials from Amazon S3 as the instance boots", + "is_correct": false, + "explaination": "This is more manual and less secure than using a managed secret rotation service." + }, + { + "label": "Store the user name and password credentials directly in the source code. No further action is needed because the source code is stored in a private repository", + "is_correct": false, + "explaination": "Hardcoding credentials is not a secure best practice." + } + ] + }, + { + "question": "A developer is updating an application deployed on AWS Elastic Beanstalk. The new version is incompatible with the old version. To successfully deploy the update, a full cutover to the new, updated version must be performed on all instances at one time, with the ability to roll back changes in case of a deployment failure in the new version. How can this be performed with the LEAST amount of downtime?", + "possible_answers": [ + { + "label": "Use the Elastic Beanstalk All at once deployment policy to update all instances simultaneously", + "is_correct": false, + "explaination": "All at once can cause downtime and does not provide the safest rollback experience." + }, + { + "label": "Perform an Elastic Beanstalk Rolling with additional batch deployment", + "is_correct": false, + "explaination": "Rolling with additional batch does not provide the required full cutover at one time for an incompatible version." + }, + { + "label": "Deploy the new version in a new Elastic Beanstalk environment and swap environment URLs", + "is_correct": true, + "explaination": "A blue/green style deployment with URL swap allows a near-instant full cutover and simple rollback with minimal downtime." + }, + { + "label": "Perform an Elastic Beanstalk Rolling deployment", + "is_correct": false, + "explaination": "Rolling deployments mix old and new versions during rollout, which does not meet the incompatibility requirement." + } + ] + }, + { + "question": "A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes. How can the developer meet these requirements?", + "possible_answers": [ + { + "label": "Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes", + "is_correct": false, + "explaination": "This is operationally inefficient and not the intended secure temporary-access pattern." + }, + { + "label": "Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes", + "is_correct": true, + "explaination": "A presigned URL grants temporary access to a private S3 object for a specific period without making the bucket public." + }, + { + "label": "Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS", + "is_correct": false, + "explaination": "Encryption in transit and at rest does not provide temporary user-specific access control by itself." + }, + { + "label": "Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes", + "is_correct": false, + "explaination": "Changing bucket policies per request is not a scalable or practical design." + } + ] + }, + { + "question": "A company is developing a report executed by AWS Step Functions, Amazon CloudWatch shows errors in the Step Functions task state machine. To troubleshoot each task, the state input needs to be included along with the error message in the state output. Which coding practice can preserve both the original input and the error for the state?", + "possible_answers": [ + { + "label": "Use `ResultPath` in a `Catch` statement to include the error with the original input", + "is_correct": true, + "explaination": "In Step Functions, `ResultPath` in a `Catch` block can merge the error output into the original state input, preserving both." + }, + { + "label": "Use `InputPath` in a `Catch` statement and set the value to `null`", + "is_correct": false, + "explaination": "Setting InputPath to null would discard the original input rather than preserve it." + }, + { + "label": "Use `Error Equals` in a `Retry` statement to include the error with the original input", + "is_correct": false, + "explaination": "Retry controls retry behavior and does not merge original input with error output." + }, + { + "label": "Use `OutputPath` in a `Retry` statement and set the value to `$`", + "is_correct": false, + "explaination": "Retry is not the mechanism used to preserve both original input and error details." + } + ] + }, + { + "question": "A developer receives the following error message when trying to launch or terminate an Amazon EC2 instance using a boto3 script. What should the developer do to correct this error message?```\nboto.exception.BotoServerError: BotoServerError: 503 Service Unavailable\n\nRequestLimitExceeded\nRequest limit exceeded.bfddec84-53b3-4701-b728-dceefb696ced\n\n```", + "possible_answers": [ + { + "label": "Assign an IAM role to the EC2 instance to allow necessary API calls on behalf of the client", + "is_correct": false, + "explaination": "This might be useful in some scenarios, but the error referenced here is about request throttling rather than missing permissions." + }, + { + "label": "Implement an exponential backoff algorithm for optimizing the number of API requests made to Amazon EC2", + "is_correct": true, + "explaination": "Boto3 scripts that trigger API throttling should implement retries with exponential backoff to handle rate limits properly." + }, + { + "label": "Increase the overall network bandwidth to handle higher API request rates", + "is_correct": false, + "explaination": "API throttling is not caused by client network bandwidth limitations." + }, + { + "label": "Upgrade to the latest AWS CLI version so that boto3 can handle higher request rates", + "is_correct": false, + "explaination": "The issue is not the CLI version, and boto3 is separate from the AWS CLI." + } + ] + }, + { + "question": "Given the following AWS CloudFormation template. What is the MOST efficient way to reference the new Amazon S3 bucket from another AWS CloudFormation template?```\nDescription: Creates a new Amazon S3 bucket for shared content. Uses a\nrandom bucket name to avoid conflicts.\n\nResources:\n\n ContentBucket:\n Type: AWS::S3::Bucket\nOutputs:\n\n ContentBucketName:\n Value: !Ref ContentBucket\n```", + "possible_answers": [ + { + "label": "Add an `Export` declaration to the `Outputs` section of the original template and use `ImportValue` in other templates", + "is_correct": true, + "explaination": "CloudFormation cross-stack references are implemented by exporting a value in one stack and importing it with `Fn::ImportValue` in another." + }, + { + "label": "Add `Exported: true` to the `Content.Bucket` in the original template and use `ImportResource` in other templates", + "is_correct": false, + "explaination": "This is not valid CloudFormation syntax." + }, + { + "label": "Create a custom AWS CloudFormation resource that gets the bucket name from the `ContentBucket` resource of the first stack", + "is_correct": false, + "explaination": "A custom resource is unnecessary because CloudFormation already provides built-in cross-stack exports and imports." + }, + { + "label": "Use `Fn::Include` to include the existing template in other templates and use the `ContentBucket` resource directly", + "is_correct": false, + "explaination": "`Fn::Include` is not the standard or best method for cross-stack resource referencing." + } + ] + }, + { + "question": "A developer is using AWS CodeDeploy to deploy an application running on Amazon EC2. The developer wants to change the file permissions for a specific deployment file. Which lifecycle event should a developer use to meet this requirement?", + "possible_answers": [ + { + "label": "AfterInstall", + "is_correct": true, + "explaination": "AfterInstall runs after files are copied to the instance, making it the correct point to modify permissions on deployed files." + }, + { + "label": "DownloadBundle", + "is_correct": false, + "explaination": "DownloadBundle is not an AppSpec hook available for custom permission changes." + }, + { + "label": "BeforeInstall", + "is_correct": false, + "explaination": "BeforeInstall runs before the new files are installed, so the target file may not yet be present." + }, + { + "label": "ValidateService", + "is_correct": false, + "explaination": "ValidateService is meant for confirming the application works after startup, not for changing file permissions." + } + ] + }, + { + "question": "A developer is using Amazon DynamoDB to store application data. The developer wants to further improve application performance by reducing response times for read and write operations. Which DynamoDB feature should be used to meet these requirements?", + "possible_answers": [ + { + "label": "Amazon DynamoDB Streams", + "is_correct": false, + "explaination": "Streams capture data changes for downstream processing, but they do not directly reduce read and write response times." + }, + { + "label": "Amazon DynamoDB Accelerator", + "is_correct": true, + "explaination": "DAX is an in-memory cache for DynamoDB that reduces read latency and improves overall application performance." + }, + { + "label": "Amazon DynamoDB global tables", + "is_correct": false, + "explaination": "Global tables support multi-region replication, but they are not the primary feature for lowering single-region response time." + }, + { + "label": "Amazon DynamoDB transactions", + "is_correct": false, + "explaination": "Transactions improve consistency guarantees, not raw performance latency." + } + ] + }, + { + "question": "A developer is creating a script to automate the deployment process for a serverless application. The developer wants to use an existing AWS Serverless Application Model (AWS SAM) template for the application. What should the developer use for the project? (Choose TWO)", + "possible_answers": [ + { + "label": "Call `aws cloudformation package` to create the deployment package. Call `aws cloudformation deploy` to deploy the package afterward", + "is_correct": true, + "explaination": "A SAM template can be deployed through the CloudFormation CLI workflow by packaging local artifacts and then deploying the stack." + }, + { + "label": "Call `sam package` to create the deployment package. Call `sam deploy` to deploy the package afterward", + "is_correct": true, + "explaination": "This is the direct SAM CLI workflow for packaging and deploying a serverless application." + }, + { + "label": "Call `aws s3 cp` to upload the AWS SAM template to Amazon S3. Call `aws lambda update-function-code` to create the application", + "is_correct": false, + "explaination": "This does not deploy the full serverless stack defined in the SAM template." + }, + { + "label": "Create a `ZIP` package locally and call `aws serverlessrepo create-application` to create the application", + "is_correct": false, + "explaination": "The Serverless Application Repository is not the normal deployment target for an existing SAM project." + }, + { + "label": "Create a `ZIP` package and upload it to Amazon S3. Call `aws cloudformation create-stack` to create the application", + "is_correct": false, + "explaination": "This omits the artifact packaging/template rewriting workflow needed for local SAM resources." + } + ] + }, + { + "question": "A development team is designing a mobile app that requires multi-factor authentication. Which steps should be taken to achieve this? (Choose TWO)", + "possible_answers": [ + { + "label": "Use Amazon Cognito to create a user pool and create users in the user pool", + "is_correct": true, + "explaination": "Cognito user pools are the managed user directory and authentication mechanism that can support MFA for a mobile application." + }, + { + "label": "Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code", + "is_correct": false, + "explaination": "Directly implementing MFA messaging in app code is unnecessary when Cognito already provides managed MFA." + }, + { + "label": "Enable multi-factor authentication for the Amazon Cognito user pool", + "is_correct": true, + "explaination": "MFA is enabled as a user pool setting in Cognito, which activates the managed MFA flow." + }, + { + "label": "Use AWS IAM to create IAM users", + "is_correct": false, + "explaination": "IAM users are not intended to represent mobile app end users." + }, + { + "label": "Enable multi-factor authentication for the users created in AWS IAM", + "is_correct": false, + "explaination": "IAM MFA is for AWS access, not mobile application end-user authentication." + } + ] + }, + { + "question": "Two containerized microservices are hosted on Amazon EC2 ECS. The first microservice reads an Amazon RDS Aurora database instance, and the second microservice reads an Amazon DynamoDB table. How can each microservice be granted the minimum privileges?", + "possible_answers": [ + { + "label": "Set `ECS_ENABLE_TASK_IAM_ROLE` to `false` on EC2 instance boot in ECS agent configuration file. Run the first microservice with an IAM role for ECS tasks with read-only access for the Aurora database. Run the second microservice with an IAM role for ECS tasks with read-only access to DynamoDB", + "is_correct": false, + "explaination": "Task IAM roles must be enabled, not disabled, for ECS tasks to assume distinct roles." + }, + { + "label": "Set `ECS_ENABLE_TASK_IAM_ROLE` to `false` on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only access to the Aurora database and DynamoDB", + "is_correct": false, + "explaination": "Using only the instance profile gives all tasks on the instance broad permissions and does not enforce minimum privileges per microservice." + }, + { + "label": "Set `ECS_ENABLE_TASK_IAM_ROLE` to `true` on EC2 instance boot in the ECS agent configuration file. Run the first microservice with an IAM role for ECS tasks with read-only access for the Aurora database. Run the secondmicroservice with an IAM role for ECS tasks with read-only access to DynamoDB", + "is_correct": true, + "explaination": "Enabling task IAM roles and assigning separate roles per task is the least-privilege approach for distinct microservices." + }, + { + "label": "Set `ECS_ENABLE_TASK_IAM_ROLE` to `true` on EC2 instance boot in the ECS agent configuration file. Grant the instance profile role read-only access to the Aurora database and DynamoDB", + "is_correct": false, + "explaination": "Even with task roles enabled, using the instance profile for both services still does not provide per-service minimum privileges." + } + ] + }, + { + "question": "A developer has written an AWS Lambda function using Java as the runtime environment. The developer wants to isolate a performance bottleneck in the code. Which steps should be taken to reveal the bottleneck?", + "possible_answers": [ + { + "label": "Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the CloudWatch console to analyze the resulting data", + "is_correct": false, + "explaination": "This would require manual instrumentation and does not provide the detailed tracing view designed for bottleneck analysis." + }, + { + "label": "Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the Amazon CloudWatch console to analyze the resulting data", + "is_correct": false, + "explaination": "If using X-Ray, the correct analysis tool is the X-Ray console, not the CloudWatch console." + }, + { + "label": "Use the AWS X-Ray API to write trace data into X-Ray from strategic places within the code. Use the X-Ray console to analyze the resulting data", + "is_correct": true, + "explaination": "X-Ray is designed for tracing and pinpointing latency bottlenecks inside distributed or instrumented application code." + }, + { + "label": "Use the Amazon CloudWatch API to write timestamps to a custom CloudWatch metric. Use the AWS X-Ray console to analyze the resulting data", + "is_correct": false, + "explaination": "CloudWatch custom metrics do not automatically appear as trace segments in X-Ray." + } + ] + }, + { + "question": "A developer added a new feature to an application running on an Amazon EC2 instance that uses Amazon SQS. After deployment, the developer noticed a significant increase in Amazon SQS costs. When monitoring the Amazon SQS metrics on Amazon CloudWatch, the developer found that on average one message per minute is posted on this queue. What can be done to reduce Amazon SQS costs for this application?", + "possible_answers": [ + { + "label": "Increase the Amazon SQS queue polling timeout", + "is_correct": true, + "explaination": "Long polling reduces the number of empty receive requests, which helps reduce SQS costs in low-traffic queues." + }, + { + "label": "Scale down the Amazon SQS queue to the appropriate size for low traffic demand", + "is_correct": false, + "explaination": "SQS is fully managed and does not have a notion of scaling queue size in this way." + }, + { + "label": "Configure push delivery via Amazon SNS instead of polling the Amazon SQS queue", + "is_correct": false, + "explaination": "SQS consumers poll queues; SNS is a different service with different semantics." + }, + { + "label": "Use an Amazon SQS first-in, first-out (FIFO) queue instead of a standard queue", + "is_correct": false, + "explaination": "Switching to FIFO does not address the empty polling request cost issue." + } + ] + }, + { + "question": "A developer is building an application using an Amazon API Gateway REST API backend by an AWS Lambda function that interacts with an Amazon DynamoDB table. During testing, the developer observes high latency when making requests to the API. How can the developer evaluate the end-to-end latency and identify performance bottlenecks?", + "possible_answers": [ + { + "label": "Enable AWS CloudTrail logging and use the logs to map each latency and bottleneck", + "is_correct": false, + "explaination": "CloudTrail records API activity, not detailed end-to-end request timing across services." + }, + { + "label": "Enable and configure AWS X-Ray tracing on API Gateway and the Lambda function. Use X-Ray to trace and analyze user requests", + "is_correct": true, + "explaination": "X-Ray provides service maps and timing details across API Gateway, Lambda, and downstream integrations, making it ideal for finding latency bottlenecks." + }, + { + "label": "Enable Amazon CloudWatch Logs for the Lambda function. Enable execution logs for API Gateway to view and analyze user request logs", + "is_correct": false, + "explaination": "Logs help troubleshooting, but they do not provide the same end-to-end distributed tracing and latency breakdown as X-Ray." + }, + { + "label": "Enable VPC Flow Logs to capture and analyze network traffic within the VPC", + "is_correct": false, + "explaination": "VPC Flow Logs are for network-level visibility and are not the right tool for end-to-end API latency tracing here." + } + ] + }, + { + "question": "An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access. Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?", + "possible_answers": [ + { + "label": "The EC2 instance will only be able to list the S3 buckets", + "is_correct": false, + "explaination": "An explicit deny on S3 actions does not limit access to just listing buckets; it denies all S3 actions." + }, + { + "label": "The EC2 instance will only be able to list the contents of one S3 bucket at a time", + "is_correct": false, + "explaination": "This does not reflect IAM evaluation logic." + }, + { + "label": "The EC2 instance will be able to perform all actions on any S3 bucket", + "is_correct": false, + "explaination": "An explicit deny overrides allow permissions, even if full administrative credentials are otherwise present." + }, + { + "label": "The EC2 instance will not be able to perform any S3 action on any S3 bucket", + "is_correct": true, + "explaination": "In IAM policy evaluation, an explicit deny always overrides any allow." + } + ] + }, + { + "question": "A development team uses AWS Elastic Beanstalk for application deployment. The team has configured the application version lifecycle policy to limit the number of application versions to 25. However, even with the lifecycle policy, the source bundle is deleted from the Amazon S3 source bucket. What should a developer do in the Elastic Beanstalk application version lifecycle settings to retain the source code in the S3 bucket?", + "possible_answers": [ + { + "label": "Change the Set the application versions limit by total count setting to zero", + "is_correct": false, + "explaination": "This does not specifically control retention of the source bundle in S3." + }, + { + "label": "Disable the Lifecycle policy setting", + "is_correct": false, + "explaination": "Disabling lifecycle policy is broader than necessary and does not directly target source bundle retention behavior." + }, + { + "label": "Change the Set the application version limit by age setting to zero", + "is_correct": false, + "explaination": "This is not the setting that controls whether the S3 source bundle is retained." + }, + { + "label": "Set Retention to Retain source bundle in S3", + "is_correct": true, + "explaination": "Elastic Beanstalk lifecycle settings include a retention option specifically to preserve the source bundle in S3 even when application versions are cleaned up." + } + ] + }, + { + "question": "A developer has built a market application that stores pricing data in Amazon DynamoDB with Amazon ElastiCache in front. The prices of items in the market change frequently. Sellers have begun complaining that, after they update the price of an item, the price does not actually change in the product listing. What could be causing this issue?", + "possible_answers": [ + { + "label": "The cache is not being invalidated when the price of the item is changed", + "is_correct": true, + "explaination": "If the application updates DynamoDB but leaves the old item in cache, users can continue to see stale pricing data." + }, + { + "label": "The price of the item is being retrieved using a write-through ElastiCache cluster", + "is_correct": false, + "explaination": "Write-through caching is intended to keep cache and database aligned and would not by itself explain stale reads like this." + }, + { + "label": "The DynamoDB table was provisioned with insufficient read capacity", + "is_correct": false, + "explaination": "Insufficient read capacity causes throttling or failures, not stale cached values after updates." + }, + { + "label": "The DynamoDB table was provisioned with insufficient write capacity", + "is_correct": false, + "explaination": "Insufficient write capacity could cause update failures, but the more direct and likely issue with stale listings is cache invalidation." + } + ] + }, + { + "question": "A developer is provided with an HTTPS clone URL for an AWS CodeCommit repository. What needs to be configured before cloning this repository?", + "possible_answers": [ + { + "label": "Use AWS KMS to set up public and private keys for use with AWS CodeCommit", + "is_correct": false, + "explaination": "KMS is not used to configure Git client authentication for HTTPS access to CodeCommit." + }, + { + "label": "Set up the Git credential helper to use an AWS credential profile, and enable the helper to send the path to the repositories", + "is_correct": true, + "explaination": "For HTTPS access, Git must be configured to use the AWS CodeCommit credential helper so it can authenticate requests using AWS credentials." + }, + { + "label": "Use AWS Certificate Manager to provision public and private SSL/TLS certificates", + "is_correct": false, + "explaination": "ACM manages certificates for services like load balancers and CloudFront, not Git authentication to CodeCommit." + }, + { + "label": "Generate encryption keys using AWS CloudHSM, then export the key for use with AWS CodeCommit", + "is_correct": false, + "explaination": "CloudHSM is unrelated to standard CodeCommit HTTPS clone setup." + } + ] + }, + { + "question": "What is required to trace Lambda-based applications with AWS X-Ray?", + "possible_answers": [ + { + "label": "Send logs from the Lambda application to an S3 bucket; trigger a Lambda function from the bucket to send data to AWS X-Ray", + "is_correct": false, + "explaination": "X-Ray tracing does not work by shipping logs to S3 first." + }, + { + "label": "Trigger a Lambda function from the application logs in Amazon CloudWatch to submit tracing data to AWS X-Ray", + "is_correct": false, + "explaination": "CloudWatch Logs are not the mechanism used to enable Lambda tracing." + }, + { + "label": "Use an IAM execution role to give the Lambda function permissions and enable tracing", + "is_correct": true, + "explaination": "Lambda tracing with X-Ray requires tracing to be enabled and the function execution role to have permission to write trace data." + }, + { + "label": "Update and add AWS X-Ray daemon code to relevant parts of the Lambda function to set up the trace", + "is_correct": false, + "explaination": "Lambda does not require you to run the X-Ray daemon in your function code." + } + ] + }, + { + "question": "A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer. The developers all have assigned IAM user accounts in the same IAM group. The developers currently can launch EC2 instances, and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB. Which AWS IAM changes are needed when creating an instance role to provide this functionality?", + "possible_answers": [ + { + "label": "Create an IAM permission policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole and iam:PassRole permissions for the role", + "is_correct": false, + "explaination": "The trust policy must allow Amazon EC2 to assume the role, not DynamoDB." + }, + { + "label": "Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role", + "is_correct": true, + "explaination": "An EC2 instance role needs a permissions policy for DynamoDB, a trust relationship for EC2, and developers need `iam:PassRole` so they can attach the role when launching instances." + }, + { + "label": "Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role", + "is_correct": false, + "explaination": "The role should allow access to DynamoDB and trust EC2, not the reverse." + }, + { + "label": "Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole permission for the role", + "is_correct": false, + "explaination": "Developers need `iam:PassRole` to associate the role with EC2 instances, not just `iam:GetRole`." + } + ] + }, + { + "question": "A developer converted an existing program to an AWS Lambda function in the console. The program runs properly on a local laptop, but shows an `Unable to import module` error when tested in the Lambda console. Which of the following can fix the error?", + "possible_answers": [ + { + "label": "Install the missing module and specify the current directory as the target. Create a `ZIP` file to include all files under the current directory, and upload the `ZIP` file", + "is_correct": true, + "explaination": "Lambda deployment packages must include all required third-party modules, packaged alongside the function code." + }, + { + "label": "Install the missing module in a lib directory. Create a `ZIP` file to include all files under the lib directory, and upload the `ZIP` file as dependency file", + "is_correct": false, + "explaination": "Lambda expects the dependencies to be packaged correctly with the handler code, not uploaded separately in the way described." + }, + { + "label": "In the Lambda code, invoke a Linux command to install the missing modules under the `/usr/lib directory`", + "is_correct": false, + "explaination": "Installing modules at runtime is not the normal or reliable way to satisfy Lambda import dependencies." + }, + { + "label": "In the Lambda console, create a `LB_LIBRARY_PATH` environment and specify the value for the system library plan", + "is_correct": false, + "explaination": "The issue is missing packaged modules, not a library path environment variable." + } + ] + }, + { + "question": "A front-end web application is using Amazon Cognito user pools to handle the user authentication flow. A developer is integrating Amazon DynamoDB into the application using the AWS SDK for JavaScript. How would the developer securely call the API without exposing the access or secret keys?", + "possible_answers": [ + { + "label": "Configure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials", + "is_correct": true, + "explaination": "A Cognito identity pool can exchange user pool tokens for temporary AWS credentials, allowing secure SDK access without exposing static keys." + }, + { + "label": "Run the web application in an Amazon EC2 instance with the instance profile configured", + "is_correct": false, + "explaination": "This does not solve secure direct access from a browser-based front-end application." + }, + { + "label": "Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption", + "is_correct": false, + "explaination": "Hardcoding credentials in client-side code is insecure." + }, + { + "label": "Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs", + "is_correct": false, + "explaination": "User pool tokens authenticate users, but they are not AWS credentials for directly calling DynamoDB through the SDK." + } + ] + }, + { + "question": "A developer needs to manage AWS infrastructure as code and must be able to deploy multiple identical copies of the infrastructure, stage changes, and revert to previous versions. Which approach addresses these requirements?", + "possible_answers": [ + { + "label": "Use cost allocation reports and AWS OpsWorks to deploy and manage the infrastructure", + "is_correct": false, + "explaination": "These services do not provide the best fit for versioned infrastructure-as-code deployments with easy rollback and repeatability." + }, + { + "label": "Use Amazon CloudWatch metrics and alerts along with resource tagging to deploy and manage the infrastructure", + "is_correct": false, + "explaination": "Monitoring and tagging do not provide infrastructure-as-code version control and deployment workflows." + }, + { + "label": "Use AWS Elastic Beanstalk and AWS CodeCommit to deploy and manage the infrastructure", + "is_correct": false, + "explaination": "Elastic Beanstalk is for application environment management, not general infrastructure-as-code for arbitrary AWS resources." + }, + { + "label": "Use AWS CloudFormation and AWS CodeCommit to deploy and manage the infrastructure", + "is_correct": true, + "explaination": "CloudFormation defines infrastructure as code, and CodeCommit can version the templates for repeatable deployment, staged changes, and rollback to previous versions." + } + ] + }, + { + "question": "A Developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container for the application to initialize. How should the environment variables be passed to the container?", + "possible_answers": [ + { + "label": "Define an array that includes the environment variables under the environment parameter within the service definition", + "is_correct": false, + "explaination": "Environment variables are defined in the task definition, not in the ECS service definition." + }, + { + "label": "Define an array that includes the environment variables under the environment parameter within the task definition", + "is_correct": true, + "explaination": "In ECS, container environment variables are configured in the container definition inside the task definition." + }, + { + "label": "Define an array that includes the environment variables under the entryPoint parameter within the task definition", + "is_correct": false, + "explaination": "The entryPoint controls the container startup command, not environment variables." + }, + { + "label": "Define an array that includes the environment variables under the entryPoint parameter within the service definition", + "is_correct": false, + "explaination": "Environment variables are not defined through the service entry point." + } + ] + }, + { + "question": "A company's fleet of Amazon EC2 instances receives data from millions of users through an API. The servers batch the data, add an object for each user, and upload the objects to an S3 bucket to ensure high access rates. The object attributes are `Customer ID`, `Server ID`, `TS-Server` (`TimeStamp` and `Server ID`), the size of the object, and a timestamp. A Developer wants to find all the objects for a given user collected during a specified time range. After creating an S3 object created event, how can the Developer achieve this requirement?", + "possible_answers": [ + { + "label": "Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the `Customer ID` as the partition key and the `Server ID` as the sort key. Retrieve all the records using the `Customer ID` and `Server ID` attributes", + "is_correct": false, + "explaination": "Using Server ID as the sort key does not support efficient querying by time range." + }, + { + "label": "Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the `Customer ID` as the partition key and `TS-Server` as the sort key. Retrieve all the records using the `Customer ID` and `TS-Server` attributes", + "is_correct": false, + "explaination": "Redshift is not the right fit for low-latency key-based retrieval of object metadata by customer and time range." + }, + { + "label": "Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the `Customer ID` as the partition key and `TS-Server` as the sort key. Retrieve all the records using the `Customer ID` and `TS-Server` attributes", + "is_correct": true, + "explaination": "DynamoDB with Customer ID as the partition key and timestamp-plus-server as the sort key supports efficient queries for a given user within a time range." + }, + { + "label": "Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the `Customer ID` as the partition key and the `Server ID` as the sort key. Retrieve all the records using the `Customer ID` and `Server ID` attributes", + "is_correct": false, + "explaination": "This does not support efficient time-range queries and Redshift is not the best service for this lookup pattern." + } + ] + }, + { + "question": "A company is managing a NoSQL database on-premises to host a critical component of an application, which is starting to have scaling issues. The company wants to migrate the application to Amazon DynamoDB with the following considerations: Optimize frequent queries. Reduce read latencies. Plan for frequent queries on certain key attributes of the table. Which solution would help achieve these objectives?", + "possible_answers": [ + { + "label": "Create global secondary indexes on keys that are frequently queried. Add the necessary attributes into the indexes", + "is_correct": true, + "explaination": "GSIs let DynamoDB efficiently support additional query patterns and can reduce latency by indexing frequently queried attributes." + }, + { + "label": "Create local secondary indexes on keys that are frequently queried. DynamoDB will fetch needed attributes from the table", + "is_correct": false, + "explaination": "LSIs are limited by table design and are not the most flexible answer for planning frequent query access patterns across key attributes." + }, + { + "label": "Create DynamoDB global tables to speed up query responses. Use a scan to fetch data from the table", + "is_correct": false, + "explaination": "Global tables are for multi-region replication, not for optimizing frequent query patterns in the same way indexes do." + }, + { + "label": "Create an AWS Auto Scaling policy for the DynamoDB table", + "is_correct": false, + "explaination": "Auto Scaling helps capacity management, but it does not optimize query patterns or reduce latency caused by inefficient access design." + } + ] + }, + { + "question": "A developer is writing an application that will process data delivered into an Amazon S3 bucket. The data is delivered approximately 10 times a day, and the developer expects the data will be processed in less than 1 minute, on average. How can the developer deploy and invoke the application with the lowest cost and lowest latency?", + "possible_answers": [ + { + "label": "Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch alarm triggered by an S3 object upload", + "is_correct": false, + "explaination": "CloudWatch alarms are not the lowest-latency event path for reacting to object creation in S3." + }, + { + "label": "Deploy the application as an AWS Lambda function and invoke it with an S3 event notification", + "is_correct": true, + "explaination": "S3 event notifications directly trigger Lambda on object creation, providing a low-cost and low-latency serverless solution." + }, + { + "label": "Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch scheduled event", + "is_correct": false, + "explaination": "Scheduled polling introduces delay and is less efficient than event-driven invocation." + }, + { + "label": "Deploy the application onto an Amazon EC2 instance and have it poll the S3 bucket for new objects", + "is_correct": false, + "explaination": "This would be more expensive and more operationally complex than using Lambda with S3 events." + } + ] + }, + { + "question": "A company is using Amazon API Gateway to manage its public-facing API. The CISO requires that the APIs be used by test account users only. What is the MOST secure way to restrict API access to users of this particular AWS account?", + "possible_answers": [ + { + "label": "Client-side SSL certificates for authentication", + "is_correct": false, + "explaination": "Client certificates can help identify clients, but the requirement is specifically to restrict access to users of a particular AWS account." + }, + { + "label": "API Gateway resource policies", + "is_correct": true, + "explaination": "API Gateway resource policies can restrict invocation access based on IAM principals and AWS account conditions." + }, + { + "label": "Cross-origin resource sharing (CORS)", + "is_correct": false, + "explaination": "CORS controls browser-origin access, not AWS account-based authorization." + }, + { + "label": "Usage plans", + "is_correct": false, + "explaination": "Usage plans manage throttling and quotas, but do not securely restrict access to a specific AWS account." + } + ] + }, + { + "question": "A Developer is migrating existing applications to AWS. These applications use MongoDB as their primary data store, and they will be deployed to Amazon EC2 instances. Management requires that the Developer minimize changes to applications while using AWS services. Which solution should the Developer use to host MongoDB in AWS?", + "possible_answers": [ + { + "label": "Install MongoDB on the same instance where the application is running", + "is_correct": false, + "explaination": "This would increase management overhead and does not leverage a managed AWS service." + }, + { + "label": "Deploy Amazon DocumentDB in MongoDB compatibility mode", + "is_correct": true, + "explaination": "Amazon DocumentDB is compatible with MongoDB APIs, minimizing application changes while using a managed AWS database service." + }, + { + "label": "Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB", + "is_correct": false, + "explaination": "This would require substantial redesign and would not minimize application changes." + }, + { + "label": "Replicate the existing MongoDB workload to Amazon DynamoDB", + "is_correct": false, + "explaination": "DynamoDB uses a different data model and access pattern, so this would not minimize changes." + } + ] + }, + { + "question": "A company requires that AWS Lambda functions written by Developers log errors so System Administrators can more effectively troubleshoot issues. What should the Developers implement to meet this need?", + "possible_answers": [ + { + "label": "Publish errors to a dedicated Amazon SQS queue", + "is_correct": false, + "explaination": "SQS can store messages, but it is not the standard solution for application error logging in Lambda." + }, + { + "label": "Create an Amazon CloudWatch Events event trigger based on certain Lambda events", + "is_correct": false, + "explaination": "Event triggers are not a replacement for explicit application error logging." + }, + { + "label": "Report errors through logging statements in Lambda function code", + "is_correct": true, + "explaination": "Logging errors in the function code sends them to CloudWatch Logs, which administrators can use for troubleshooting." + }, + { + "label": "Set up an Amazon SNS topic that sends logging statements upon failure", + "is_correct": false, + "explaination": "SNS can notify on failures, but it is not the primary logging mechanism for application errors." + } + ] + }, + { + "question": "A Developer is writing an application that runs on Amazon EC2 instances in an Auto Scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old data. The Developer wants to correct this by making sure the reads are strongly consistent. How can the Developer accomplish this?", + "possible_answers": [ + { + "label": "Set `ConsistentRead` to `true` when calling `GetItem`", + "is_correct": true, + "explaination": "DynamoDB strongly consistent reads are requested by setting `ConsistentRead` to true on supported read operations like `GetItem`." + }, + { + "label": "Create a new DynamoDB Accelerator (DAX) table", + "is_correct": false, + "explaination": "DAX is a cache and is not intended to guarantee stronger consistency than the base table." + }, + { + "label": "Set Consistency to strong when calling `UpdateTable`", + "is_correct": false, + "explaination": "UpdateTable changes table settings, not read consistency behavior for item retrieval." + }, + { + "label": "Use the `GetShardIterator` command", + "is_correct": false, + "explaination": "GetShardIterator is used with streams like Kinesis or DynamoDB Streams, not DynamoDB item reads." + } + ] + }, + { + "question": "A Developer has an application that must accept a large amount of incoming data streams and process the data before sending it to many downstream users. Which serverless solution should the Developer use to meet these requirements?", + "possible_answers": [ + { + "label": "Amazon RDS MySQL stored procedure with AWS Lambda", + "is_correct": false, + "explaination": "RDS stored procedures are not a serverless streaming ingestion and fan-out solution." + }, + { + "label": "AWS Direct Connect with AWS Lambda", + "is_correct": false, + "explaination": "Direct Connect is for private network connectivity, not stream ingestion and processing." + }, + { + "label": "Amazon Kinesis Data Streams with AWS Lambda", + "is_correct": true, + "explaination": "Kinesis Data Streams with Lambda provides a scalable serverless pattern for ingesting, processing, and distributing streaming data." + }, + { + "label": "Amazon EC2 bash script with AWS Lambda", + "is_correct": false, + "explaination": "This is not a serverless streaming architecture." + } + ] + }, + { + "question": "An application is experiencing performance issues based on increased demand. This increased demand is on read-only historical records pulled from an Amazon RDS-hosted database with custom views and queries. A Developer must improve performance without changing the database structure. Which approach will improve performance and MINIMIZE management overhead?", + "possible_answers": [ + { + "label": "Deploy Amazon DynamoDB, move all the data, and point to DynamoDB", + "is_correct": false, + "explaination": "This would require a major redesign and increase migration complexity." + }, + { + "label": "Deploy Amazon ElastiCache for Redis and cache the data for the application", + "is_correct": true, + "explaination": "ElastiCache can offload repeated reads of historical data from RDS without requiring database schema changes." + }, + { + "label": "Deploy Memcached on Amazon EC2 and cache the data for the application", + "is_correct": false, + "explaination": "A self-managed cache on EC2 adds more operational overhead than managed ElastiCache." + }, + { + "label": "Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve cache performance", + "is_correct": false, + "explaination": "DAX is a caching layer for DynamoDB, not Amazon RDS." + } + ] + }, + { + "question": "A Developer has an Amazon DynamoDB table that must be in provisioned mode to comply with user requirements. The application needs to support the following: Average item size: 10 KB. Item reads each second: 10 strongly consistent. Item writes each second: 2 transactional. Which read and write capacity cost-effectively meets these requirements?", + "possible_answers": [ + { + "label": "Read `10`; write `2`", + "is_correct": false, + "explaination": "This underestimates capacity because reads and transactional writes consume units based on item size and transaction overhead." + }, + { + "label": "Read `30`; write `40`", + "is_correct": true, + "explaination": "A 10 KB strongly consistent read consumes 3 RCUs, so 10 reads per second require 30 RCUs. A 10 KB transactional write consumes 20 WCUs, so 2 per second require 40 WCUs." + }, + { + "label": "Use on-demand scaling", + "is_correct": false, + "explaination": "The table must remain in provisioned mode." + }, + { + "label": "Read `300`; write `400`", + "is_correct": false, + "explaination": "This greatly overprovisions capacity and is not cost-effective." + } + ] + }, + { + "question": "A company wants to containerize an existing three-tier web application and deploy it to Amazon ECS Fargate. The application is using session data to keep track of user activities. Which approach would provide the BEST user experience?", + "possible_answers": [ + { + "label": "Provision a Redis cluster in Amazon ElastiCache and save the session data in the cluster", + "is_correct": true, + "explaination": "Redis in ElastiCache provides fast shared session storage for distributed containers, improving consistency and user experience." + }, + { + "label": "Create a session table in Amazon Redshift and save the session data in the database table", + "is_correct": false, + "explaination": "Redshift is an analytics database and not appropriate for low-latency session storage." + }, + { + "label": "Enable session stickiness in the existing Network Load Balancer and manage the session data in the container", + "is_correct": false, + "explaination": "Keeping session state in containers reduces resilience and portability in a scaled Fargate environment." + }, + { + "label": "Use an Amazon S3 bucket as data store and save the session data in the bucket", + "is_correct": false, + "explaination": "S3 is not suitable for low-latency, frequently updated session storage." + } + ] + }, + { + "question": "An application is using a single-node Amazon ElastiCache for Redis instance to improve read performance. Over time, demand for the application has increased exponentially, which has increased the load on the ElastiCache instance. It is critical that this cache layer handles the load and is resilient in case of node failures. What can the Developer do to address the load and resiliency requirements?", + "possible_answers": [ + { + "label": "Add a read replica instance", + "is_correct": true, + "explaination": "Redis read replicas can increase read throughput and improve resiliency by providing failover targets." + }, + { + "label": "Migrate to a Memcached cluster", + "is_correct": false, + "explaination": "Memcached can scale reads, but it does not provide the same durability and failover features as Redis for resiliency." + }, + { + "label": "Migrate to an Amazon Elasticsearch Service cluster", + "is_correct": false, + "explaination": "OpenSearch/Elasticsearch is a search engine, not a drop-in cache replacement for this use case." + }, + { + "label": "Vertically scale the ElastiCache instance", + "is_correct": false, + "explaination": "Vertical scaling can help temporarily, but it does not add resiliency the way read replicas do." + }, + { + "question": "A Developer is investigating an application's performance issues. The application consists of hundreds of microservices, and a single API call can potentially have a deep call stack. The Developer must isolate the component that is causing the issue. Which AWS service or feature should the Developer use to gather information about what is happening and isolate the fault?", + "possible_answers": [ + { + "label": "AWS X-Ray.", + "is_correct": true, + "explaination": "AWS X-Ray is designed to trace requests across distributed microservices and helps identify latency bottlenecks and failing components in deep call chains." + }, + { + "label": "VPC Flow Logs.", + "is_correct": false, + "explaination": "VPC Flow Logs provide network traffic metadata, not end-to-end application tracing across microservices." + }, + { + "label": "Amazon GuardDuty.", + "is_correct": false, + "explaination": "GuardDuty is a threat detection service, not a performance tracing tool." + }, + { + "label": "Amazon Macie.", + "is_correct": false, + "explaination": "Macie is for sensitive data discovery and protection, not performance troubleshooting." + } + ] + }, + { + "question": "A Company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A Developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing. How should the Developer incorporate unit tests as part of CI/CD pipelines?", + "possible_answers": [ + { + "label": "Create a separate CodePipeline pipeline to run unit tests.", + "is_correct": false, + "explaination": "Unit tests should normally be integrated into the existing pipeline rather than managed in a separate pipeline." + }, + { + "label": "Update the AWS CodeBuild specification to include a phase for running unit tests.", + "is_correct": true, + "explaination": "CodeBuild is the standard build/test stage in CodePipeline, and unit tests should be added to the buildspec so they run automatically." + }, + { + "label": "Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests.", + "is_correct": false, + "explaination": "CodeDeploy is for deployments, not for executing unit test phases in a CI pipeline." + }, + { + "label": "Create a testing branch in AWS CodeCommit to run unit tests.", + "is_correct": false, + "explaination": "Branching strategy does not by itself ensure tests run as part of the pipeline execution." + } + ] + }, + { + "question": "An application has the following requirements: Performance efficiency of seconds with up to a minute of latency. The data storage size may grow up to thousands of terabytes. Per-message sizes may vary between 100 KB and 100 MB. Data can be stored as key/value stores supporting eventual consistency. What is the MOST cost-effective AWS service to meet these requirements?", + "possible_answers": [ + { + "label": "Amazon DynamoDB.", + "is_correct": true, + "explaination": "DynamoDB is a scalable key/value store with eventual consistency support and is the best fit among the given options for massive scale and this access pattern." + }, + { + "label": "Amazon S3.", + "is_correct": false, + "explaination": "S3 scales massively but is object storage, not a key/value database in the same sense required here." + }, + { + "label": "Amazon RDS (with a MySQL engine).", + "is_correct": false, + "explaination": "RDS is relational and is not the most cost-effective or scalable fit for this key/value use case." + }, + { + "label": "Amazon ElastiCache.", + "is_correct": false, + "explaination": "ElastiCache is an in-memory cache and is not suitable for storing thousands of terabytes." + } + ] + }, + { + "question": "A Developer must allow guest users without logins to access an Amazon Cognito-enabled site to view files stored within an Amazon S3 bucket. How should the Developer meet these requirements?", + "possible_answers": [ + { + "label": "Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources.", + "is_correct": false, + "explaination": "User pools are for authenticated users, and creating blank users is not the intended approach for guest access." + }, + { + "label": "Create a new identity pool, enable access to unauthenticated identities, and grant access to AWS resources.", + "is_correct": true, + "explaination": "Cognito identity pools can issue temporary AWS credentials to unauthenticated guest users, enabling controlled S3 access." + }, + { + "label": "Create a new user pool, enable access to authenticated identifies, and grant access to AWS resources.", + "is_correct": false, + "explaination": "Authenticated identities do not satisfy the requirement for guest users without logins." + }, + { + "label": "Create a new user pool, disable authentication access, and grant access to AWS resources.", + "is_correct": false, + "explaination": "User pools are not the correct feature for unauthenticated guest AWS access." + } + ] + }, + { + "question": "A Developer has written code for an application and wants to share it with other Developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking. Which AWS service should the Developer use?", + "possible_answers": [ + { + "label": "AWS CodeBuild.", + "is_correct": false, + "explaination": "CodeBuild is a build service, not a long-term version control system." + }, + { + "label": "Amazon S3.", + "is_correct": false, + "explaination": "S3 stores objects, but it is not a source control system with proper branching, version history, and change tracking semantics." + }, + { + "label": "AWS CodeCommit.", + "is_correct": true, + "explaination": "CodeCommit is a managed source control service supporting version history, commits, branching, and collaborative review workflows." + }, + { + "label": "AWS Cloud9.", + "is_correct": false, + "explaination": "Cloud9 is a development environment, not a source control repository." + } + ] + }, + { + "question": "A Developer has discovered that an application responsible for processing messages in an Amazon SQS queue is routinely falling behind. The application is capable of processing multiple messages in one execution, but is only receiving one message at a time. What should the Developer do to increase the number of messages the application receives?", + "possible_answers": [ + { + "label": "Call the `ChangeMessageVisibility` API for the queue and set `MaxNumberOfMessages` to a value greater than the default of `1`.", + "is_correct": false, + "explaination": "ChangeMessageVisibility changes the visibility timeout of received messages and does not affect how many are returned per receive call." + }, + { + "label": "Call the `AddPermission` API to set `MaxNumberOfMessages` for the `ReceiveMessage` action to a value greater than the default of `1`.", + "is_correct": false, + "explaination": "AddPermission manages access permissions, not ReceiveMessage batch size." + }, + { + "label": "Call the `ReceiveMessage` API to set `MaxNumberOfMessages` to a value greater than the default of `1`.", + "is_correct": true, + "explaination": "The SQS ReceiveMessage API supports `MaxNumberOfMessages`, allowing a consumer to retrieve multiple messages in one poll." + }, + { + "label": "Call the `SetQueueAttributes` API for the queue and set `MaxNumberOfMessages` to a value greater than the default of `1`.", + "is_correct": false, + "explaination": "MaxNumberOfMessages is a ReceiveMessage request parameter, not a queue attribute." + } + ] + }, + { + "question": "A Developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB. Why is the Lambda function not being invoked?", + "possible_answers": [ + { + "label": "A Lambda function cannot be registered as a target for an ALB.", + "is_correct": false, + "explaination": "ALBs do support Lambda functions as targets." + }, + { + "label": "A Lambda function can be registered with an ALB using AWS Management Console only.", + "is_correct": false, + "explaination": "Lambda targets can be configured through the CLI as well." + }, + { + "label": "The permissions to invoke the Lambda function are missing.", + "is_correct": true, + "explaination": "When ALB invokes Lambda, the Lambda function must grant the appropriate permission to the ALB service principal." + }, + { + "label": "Cross-zone is not enabled on the ALB.", + "is_correct": false, + "explaination": "Cross-zone load balancing is unrelated to Lambda target invocation permissions." + } + ] + }, + { + "question": "A company provides APIs as a service and commits to a service level agreement (SLA) with all its users. To comply with each SLA, what should the company do?", + "possible_answers": [ + { + "label": "Enable throttling limits for each method in Amazon API Gateway.", + "is_correct": false, + "explaination": "Method throttling is useful, but it is not the best way to manage different limits and agreements for distinct users." + }, + { + "label": "Create a usage plan for each user and request API keys to access the APIs.", + "is_correct": true, + "explaination": "API Gateway usage plans and API keys let the company enforce per-customer quotas and throttling aligned to SLAs." + }, + { + "label": "Enable API rate limiting in Amazon Cognito for each user.", + "is_correct": false, + "explaination": "Cognito is not the service used to implement API Gateway rate limits and usage quotas." + }, + { + "label": "Enable default throttling limits for each stage after deploying the APIs.", + "is_correct": false, + "explaination": "Default stage throttling does not provide user-specific SLA enforcement." + } + ] + }, + { + "question": "A Developer is preparing a deployment package using AWS CloudFormation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is created from the infrastructure template. How can the application stack refer to the VPC created from the infrastructure template?", + "possible_answers": [ + { + "label": "Use the Ref function to import the VPC into the application stack from the infrastructure template.", + "is_correct": false, + "explaination": "`Ref` works within a template or nested relationship, but it does not directly import values across independent stacks." + }, + { + "label": "Use the export flag in the infrastructure template, and then use the `Fn::ImportValue` function in the application template.", + "is_correct": true, + "explaination": "CloudFormation cross-stack references are done by exporting a value from one stack and importing it in another with `Fn::ImportValue`." + }, + { + "label": "Use the `DependsOn` attribute to specify that the application instance depends on the VPC in the application template.", + "is_correct": false, + "explaination": "`DependsOn` controls creation order inside one template and does not allow cross-stack value sharing." + }, + { + "label": "Use the `Fn::GetAtt` function to include the attribute of the VPC in the application template.", + "is_correct": false, + "explaination": "`Fn::GetAtt` does not retrieve attributes from resources in another independent stack unless exported/imported appropriately." + } + ] + }, + { + "question": "A Developer needs to create an application that supports Security Assertion Markup Language (SAML) and Facebook authentication. It must also allow access to AWS services, such as Amazon DynamoDB. Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?", + "possible_answers": [ + { + "label": "AWS AppSync.", + "is_correct": false, + "explaination": "AppSync is for GraphQL APIs and is not the primary identity federation solution for this requirement." + }, + { + "label": "Amazon Cognito identity pools.", + "is_correct": true, + "explaination": "Cognito identity pools support federation with SAML and social providers such as Facebook and can issue temporary AWS credentials for service access." + }, + { + "label": "Amazon Cognito user pools.", + "is_correct": false, + "explaination": "User pools provide user directory and authentication, but identity pools are the feature that grant AWS service access credentials from federated identities." + }, + { + "label": "Amazon Lambda@Edge.", + "is_correct": false, + "explaination": "Lambda@Edge is unrelated to user federation and AWS credential issuance." + } + ] + }, + { + "question": "A Developer is trying to monitor an application's status by running a cron job that returns 1 if the service is up and 0 if the service is down. The Developer created code that uses an AWS CLI `put-metric-alarm` command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console. What is causing this issue?", + "possible_answers": [ + { + "label": "Sending custom metrics using the CLI is not supported.", + "is_correct": false, + "explaination": "The AWS CLI does support publishing custom CloudWatch metrics." + }, + { + "label": "The Developer needs to use the `put-metric-data` command.", + "is_correct": true, + "explaination": "`put-metric-alarm` creates alarms, but `put-metric-data` is the command that actually publishes custom metric values to CloudWatch." + }, + { + "label": "The Developer must use a unified CloudWatch agent to publish custom metrics.", + "is_correct": false, + "explaination": "The agent is optional; custom metrics can be published directly with the CLI or SDK." + }, + { + "label": "The code is not running on an Amazon EC2 instance.", + "is_correct": false, + "explaination": "CloudWatch custom metrics can be published from outside EC2 as long as valid AWS credentials are used." + } + ] + }, + { + "question": "A Developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time. Which approach should the Developer use to achieve this goal?", + "possible_answers": [ + { + "label": "Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console.", + "is_correct": false, + "explaination": "Default EC2 metrics do not include arbitrary application-generated values." + }, + { + "label": "Develop the application to store each value in a file on Amazon S3 every minute with the timestamp as the name.", + "is_correct": false, + "explaination": "S3 storage is not the simplest or best way to graph application metrics over time." + }, + { + "label": "Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.", + "is_correct": true, + "explaination": "CloudWatch custom metrics are the standard solution for monitoring and graphing application-specific values." + }, + { + "label": "Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.", + "is_correct": false, + "explaination": "There is no mechanism to add arbitrary application variables to default EC2 metrics in that way." + } + ] + }, + { + "question": "A Development team decides to adopt a continuous integration/continuous delivery (CI/CD) process using AWS CodePipeline and AWS CodeCommit for a new application. However, management wants a person to review and approve the code before it is deployed to production. How can the Development team add a manual approver to the CI/CD pipeline?", + "possible_answers": [ + { + "label": "Use AWS SES to send an email to approvers when their action is required. Develop a simple application that allows approvers to accept or reject a build. Invoke an AWS Lambda function to advance the pipeline when a build is accepted.", + "is_correct": false, + "explaination": "This is a custom solution when CodePipeline already has built-in manual approvals." + }, + { + "label": "If approved, add an approved tag when pushing changes to the CodeCommit repository. CodePipeline will proceed to build and deploy approved commits without interruption.", + "is_correct": false, + "explaination": "CodePipeline does not use repository tags as a built-in manual approval mechanism." + }, + { + "label": "Add an approval step to CodeCommit. Commits will not be saved until approved.", + "is_correct": false, + "explaination": "CodeCommit does not provide manual deployment approval steps in this way." + }, + { + "label": "Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNS topic when approval is required. The pipeline execution will stop and wait for an approval.", + "is_correct": true, + "explaination": "CodePipeline supports manual approval actions natively and can notify approvers through SNS." + } + ] + }, + { + "question": "A Developer is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET method. What needs to be defined to meet this requirement? (Choose TWO)", + "possible_answers": [ + { + "label": "A Lambda@Edge function.", + "is_correct": false, + "explaination": "Lambda@Edge is for CloudFront edge processing, not the standard way to expose a REST API from Lambda." + }, + { + "label": "An Amazon API Gateway with a Lambda function.", + "is_correct": true, + "explaination": "API Gateway is used to expose Lambda functions as HTTP endpoints in a serverless architecture." + }, + { + "label": "An exposed GET method in an Amazon API Gateway.", + "is_correct": true, + "explaination": "To support an HTTP GET request, API Gateway must define and expose a GET method on the relevant resource." + }, + { + "label": "An exposed GET method in the Lambda function.", + "is_correct": false, + "explaination": "Lambda functions do not directly expose HTTP methods; API Gateway does that." + }, + { + "label": "An exposed GET method in Amazon Route 53.", + "is_correct": false, + "explaination": "Route 53 is DNS, not an HTTP method router." + } + ] + }, + { + "question": "A Developer is writing an application in AWS Lambda. To simplify testing and deployments, the Developer needs the database connection string to be easily changed without modifying the Lambda code. How can this requirement be met?", + "possible_answers": [ + { + "label": "Store the connection string as a secret in AWS Secrets Manager.", + "is_correct": true, + "explaination": "Secrets Manager lets the application retrieve the connection string externally so configuration can change without code changes." + }, + { + "label": "Store the connection string in an IAM user account.", + "is_correct": false, + "explaination": "IAM users are not used to store configuration values like database connection strings." + }, + { + "label": "Store the connection string in AWS KMS.", + "is_correct": false, + "explaination": "KMS manages encryption keys, not application configuration values directly." + }, + { + "label": "Store the connection string as a Lambda layer.", + "is_correct": false, + "explaination": "Lambda layers are for code and shared dependencies, not dynamic environment configuration." + } + ] + }, + { + "question": "A company is launching an ecommerce website and will host the static data in Amazon S3. The company expects approximately 1,000 transactions per second (TPS) for GET and PUT requests in total. Logging must be enabled to track all requests and must be retained for auditing purposes. What is the MOST cost-effective solution?", + "possible_answers": [ + { + "label": "Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days.", + "is_correct": false, + "explaination": "CloudTrail tracks API activity, but S3 server access logging is the more cost-effective solution for request-level access logging in this scenario." + }, + { + "label": "Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days.", + "is_correct": false, + "explaination": "Expiring the logs may conflict with the requirement to retain them for auditing purposes." + }, + { + "label": "Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days.", + "is_correct": false, + "explaination": "This is not as cost-effective as server access logging for this access-tracking requirement and expiration may violate retention needs." + }, + { + "label": "Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.", + "is_correct": true, + "explaination": "S3 server access logging captures request details, and transitioning older logs to Glacier minimizes long-term storage cost while preserving them for audit retention." + } + ] + }, + { + "question": "A Developer decides to store highly secure data in Amazon S3 and wants to implement server-side encryption (SSE) with granular control of who can access the master key. Company policy requires that the master key be created, rotated, and disabled easily when needed, all for security reasons. Which solution should be used to meet these requirements?", + "possible_answers": [ + { + "label": "SSE with Amazon S3 managed keys (SSE-S3).", + "is_correct": false, + "explaination": "SSE-S3 does not provide granular customer control over the master key lifecycle." + }, + { + "label": "SSE with AWS KMS managed keys (SSE-KMS).", + "is_correct": true, + "explaination": "SSE-KMS provides fine-grained access control, key rotation, and the ability to disable keys through AWS KMS." + }, + { + "label": "SSE with AWS Secrets Manager.", + "is_correct": false, + "explaination": "Secrets Manager stores secrets, but it is not the S3 server-side encryption key management mechanism." + }, + { + "label": "SSE with customer-provided encryption keys.", + "is_correct": false, + "explaination": "SSE-C gives key control but does not offer the same easy managed rotation and disabling capabilities as KMS." + } + ] + }, + { + "question": "A Developer is migrating an on-premises application to AWS. The application currently takes user uploads and saves them to a local directory on the server. All uploads must be saved and made immediately available to all instances in an Auto Scaling group. Which approach will meet these requirements?", + "possible_answers": [ + { + "label": "Use Amazon EBS and configure the application AMI to use a snapshot of the same EBS instance on boot.", + "is_correct": false, + "explaination": "EBS volumes are not shared across all instances in an Auto Scaling group in this manner." + }, + { + "label": "Use Amazon S3 and rearchitect the application so all uploads are placed in S3.", + "is_correct": true, + "explaination": "S3 provides durable, shared storage that all instances can access immediately, making it a good fit for distributed uploads." + }, + { + "label": "Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI).", + "is_correct": false, + "explaination": "Instance storage is local to a specific instance and cannot be shared across the Auto Scaling group." + }, + { + "label": "Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.", + "is_correct": false, + "explaination": "This adds complexity and does not provide the immediate shared access as effectively as S3." + } + ] + }, + { + "question": "A Developer implemented a static website hosted in Amazon S3 that makes web service requests hosted in Amazon API Gateway and AWS Lambda. The site is showing an error that reads: `No Access-Control-Allow-Origin` header is present on the requested resource. Origin `null` is therefore not allowed access.' What should the Developer do to resolve this issue?", + "possible_answers": [ + { + "label": "Enable cross-origin resource sharing (CORS) on the S3 bucket.", + "is_correct": false, + "explaination": "The error refers to requests made to the API, so the CORS configuration must be enabled on the API Gateway method response path." + }, + { + "label": "Enable cross-origin resource sharing (CORS) for the method in API Gateway.", + "is_correct": true, + "explaination": "API Gateway must return the appropriate `Access-Control-Allow-Origin` header so browser-based calls from the S3-hosted site are permitted." + }, + { + "label": "Add the `Access-Control-Request-Method` header to the request.", + "is_correct": false, + "explaination": "The problem is not a missing client request header but the missing CORS response configuration." + }, + { + "label": "Add the `Access-Control-Request-Headers` header to the request.", + "is_correct": false, + "explaination": "This does not solve the absence of the server-side CORS response header." + } + ] + }, + { + "question": "A Developer is building an application that needs to store data in Amazon S3. Management requires that the data be encrypted before it is sent to Amazon S3 for storage. The encryption keys need to be managed by the Security team. Which approach should the Developer take to meet these requirements?", + "possible_answers": [ + { + "label": "Implement server-side encryption using customer-provided encryption keys (SSE-C).", + "is_correct": false, + "explaination": "SSE-C encrypts at the S3 side after upload begins; the requirement is to encrypt before the data is sent to S3." + }, + { + "label": "Implement server-side encryption by using a client-side master key.", + "is_correct": false, + "explaination": "This mixes concepts incorrectly and does not clearly provide managed key control by the Security team." + }, + { + "label": "Implement client-side encryption using an AWS KMS managed customer master key (CMK).", + "is_correct": true, + "explaination": "Client-side encryption ensures data is encrypted before upload, and a customer-managed KMS key allows the Security team to control key usage." + }, + { + "label": "Implement client-side encryption using Amazon S3 managed keys.", + "is_correct": false, + "explaination": "S3-managed keys are for server-side encryption, not client-side encryption before transmission." + } + ] + } + ] + }, + { + "question": "A company has a web application that uses an Amazon Cognito user pool for authentication. The company wants to create a login page with the company logo. What should a Developer do to meet these requirements?", + "possible_answers": [ + { + "label": "Create a hosted user interface in Amazon Cognito and customize it with the company logo.", + "is_correct": true, + "explaination": "Amazon Cognito user pools provide a hosted UI that can be branded with custom styling such as a company logo." + }, + { + "label": "Create a login page with the company logo and upload it to Amazon Cognito.", + "is_correct": false, + "explaination": "Cognito does not work by uploading an arbitrary custom login page into the service in this way." + }, + { + "label": "Create a login page in Amazon API Gateway with the logo and save the link in Amazon Cognito.", + "is_correct": false, + "explaination": "API Gateway is not used to host a Cognito login page." + }, + { + "label": "Upload the logo to the Amazon Cognito app settings and point to the logo on a custom login page.", + "is_correct": false, + "explaination": "The supported approach is to customize the Cognito hosted UI rather than managing a separate linked custom page in this way." + } + ] + }, + { + "question": "A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key. Which IAM permissions should the Developer request for the Lambda function to achieve this functionality?", + "possible_answers": [ + { + "label": "`dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem`.", + "is_correct": false, + "explaination": "DeleteItem is not needed for the required retrieve-and-update-or-create workflow." + }, + { + "label": "`dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable`.", + "is_correct": false, + "explaination": "DescribeTable is not needed, and UpdateItem alone is not the selected permission set for the stated behavior." + }, + { + "label": "`dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable`.", + "is_correct": false, + "explaination": "GetRecords is for streams and UpdateTable changes table configuration, not items." + }, + { + "label": "`dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem`.", + "is_correct": true, + "explaination": "The function needs GetItem to retrieve, UpdateItem to modify attributes, and PutItem to create the item if it does not exist." + } + ] + }, + { + "question": "A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom. Which encryption option will meet these requirements?", + "possible_answers": [ + { + "label": "Server-side encryption with Amazon S3 managed keys (SSE-S3).", + "is_correct": false, + "explaination": "SSE-S3 encrypts data at rest, but it does not provide the same detailed audit trail of key usage as KMS." + }, + { + "label": "Server-side encryption with AWS KMS managed keys (SSE-KMS).", + "is_correct": true, + "explaination": "SSE-KMS provides encryption at rest and integrates with AWS KMS and CloudTrail for auditing key usage." + }, + { + "label": "Server-side encryption with customer-provided keys (SSE-C).", + "is_correct": false, + "explaination": "SSE-C uses customer-provided keys but does not provide the same AWS-managed audit trail for master key usage." + }, + { + "label": "Server-side encryption with self-managed keys.", + "is_correct": false, + "explaination": "Self-managed key approaches increase operational burden and do not provide the same native KMS auditing capabilities." + } + ] + }, + { + "question": "A company's website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world are experiencing high latency due to static content on the EC2 instance, even during non-peak hours. Which combination of steps will resolve the latency issue? (Choose TWO)", + "possible_answers": [ + { + "label": "Double the Auto Scaling group's maximum number of servers.", + "is_correct": false, + "explaination": "More servers do not solve the root issue of globally distributed static content latency." + }, + { + "label": "Host the application code on AWS Lambda.", + "is_correct": false, + "explaination": "Moving code to Lambda does not directly address static content delivery latency." + }, + { + "label": "Scale vertically by resizing the EC2 instances.", + "is_correct": false, + "explaination": "Larger instances do not solve the geographic delivery latency of static content." + }, + { + "label": "Create an Amazon CloudFront distribution to cache the static content.", + "is_correct": true, + "explaination": "CloudFront caches static assets at edge locations closer to global users, reducing latency." + }, + { + "label": "Store the application's static content in Amazon S3.", + "is_correct": true, + "explaination": "Moving static assets to S3 and serving them through CloudFront is a standard way to reduce load on EC2 and improve global performance." + } + ] + }, + { + "question": "A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible. What is a viable long-term solution for this scenario?", + "possible_answers": [ + { + "label": "Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when the employee logs in.", + "is_correct": false, + "explaination": "Presigned URLs expire, so storing them long-term in a table is not a viable durable solution." + }, + { + "label": "Save the picture's S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in.", + "is_correct": false, + "explaination": "A VPC endpoint is for private network connectivity, not browser access for employees in a web application." + }, + { + "label": "Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a picture.", + "is_correct": false, + "explaination": "Storing images as base64 in a database is inefficient and not a good long-term pattern." + }, + { + "label": "Save the picture's S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.", + "is_correct": true, + "explaination": "This keeps the bucket private while allowing temporary authenticated access to each employee's image when needed." + } + ] + }, + { + "question": "A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization. Which approach will MINIMIZE the average runtime of the function?", + "possible_answers": [ + { + "label": "Deploy the function into multiple AWS Regions.", + "is_correct": false, + "explaination": "Multiple Regions do not reduce the runtime of an individual Lambda invocation." + }, + { + "label": "Deploy the function into multiple Availability Zones.", + "is_correct": false, + "explaination": "Lambda already runs across Availability Zones, and this does not increase CPU for one invocation." + }, + { + "label": "Deploy the function using Lambda layers.", + "is_correct": false, + "explaination": "Layers help package shared code but do not increase CPU resources." + }, + { + "label": "Deploy the function with its memory allocation set to the maximum amount.", + "is_correct": true, + "explaination": "Lambda CPU allocation scales with memory, so increasing memory gives more CPU and can reduce runtime for CPU-intensive functions." + } + ] + }, + { + "question": "A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The application stores data in a MySQL database that is currently installed on a single EC2 instance. The company has decided to migrate the database from the EC2 instance to MySQL on Amazon RDS. What should the Developer do to update the application to support data storage in Amazon RDS?", + "possible_answers": [ + { + "label": "Update the database connection parameters in the application to point to the new RDS instance.", + "is_correct": true, + "explaination": "The application should connect to the RDS endpoint instead of the old EC2-hosted MySQL server." + }, + { + "label": "Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials.", + "is_correct": false, + "explaination": "This may be useful in some designs but is not the primary required change to point the app to RDS." + }, + { + "label": "Create a new EC2 instance with an IAM role that allows access to the new RDS database.", + "is_correct": false, + "explaination": "IAM roles do not replace the need to update the application's database endpoint connection parameters." + }, + { + "label": "Create an AWS Lambda function that will route traffic, from the EC2 instance to the RDS database.", + "is_correct": false, + "explaination": "A Lambda routing layer is unnecessary for application database connectivity." + } + ] + }, + { + "question": "A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the application is causing order processing to take too long. The application processes Amazon SQS queues. The `ApproximateNumberOfMessagesVisible` metric spikes at very high values throughout the day, which cause Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within limits. What can the Developer implement to improve performance while keeping costs low?", + "possible_answers": [ + { + "label": "Target tracking scaling policy.", + "is_correct": true, + "explaination": "A target tracking policy can automatically scale ECS tasks based on queue depth or related workload metrics, improving throughput while controlling cost." + }, + { + "label": "Docker Swarm.", + "is_correct": false, + "explaination": "Docker Swarm is not the scaling mechanism used for Amazon ECS." + }, + { + "label": "Service scheduler.", + "is_correct": false, + "explaination": "A scheduler alone does not provide automatic workload-responsive scaling." + }, + { + "label": "Step scaling policy.", + "is_correct": false, + "explaination": "Step scaling can work, but target tracking is generally simpler and more cost-efficient for maintaining a desired metric level." + } + ] + }, + { + "question": "A Developer wants to build an application that will allow new users to register and create new user accounts. The application must also allow users with social media accounts to log in using their social media credentials. Which AWS service or feature can be used to meet these requirements?", + "possible_answers": [ + { + "label": "AWS IAM.", + "is_correct": false, + "explaination": "IAM is for AWS identities, not end-user registration and social sign-in for applications." + }, + { + "label": "Amazon Cognito identity pools.", + "is_correct": false, + "explaination": "Identity pools provide AWS credentials but do not themselves manage user registration and sign-in." + }, + { + "label": "Amazon Cognito user pools.", + "is_correct": true, + "explaination": "Cognito user pools support user registration, authentication, and federation with social identity providers." + }, + { + "label": "AWS Directory Service.", + "is_correct": false, + "explaination": "Directory Service is not the best fit for public-facing user registration and social login." + } + ] + }, + { + "question": "A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table. What MUST the company do to implement this authentication in API Gateway?", + "possible_answers": [ + { + "label": "Implement an AWS Lambda authorizer that references the DynamoDB authentication table.", + "is_correct": true, + "explaination": "A Lambda authorizer can inspect incoming headers, query DynamoDB, and make an authorization decision for API Gateway." + }, + { + "label": "Create a model that requires the credentials, then grant API Gateway access to the authentication table.", + "is_correct": false, + "explaination": "Models validate request shape, but they do not perform dynamic authentication against DynamoDB." + }, + { + "label": "Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table.", + "is_correct": false, + "explaination": "Integration requests pass data to the backend but do not implement custom authentication logic." + }, + { + "label": "Implement an Amazon Cognito authorizer that references the DynamoDB authentication table.", + "is_correct": false, + "explaination": "Cognito authorizers validate Cognito tokens and are not designed to authenticate custom header pairs against DynamoDB." + } + ] + }, + { + "question": "A Developer is trying to make API calls using SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls. Which method the Developer use to access the multi-factor authentication protected API?", + "possible_answers": [ + { + "label": "GetFederationToken.", + "is_correct": false, + "explaination": "GetFederationToken is not the standard method for obtaining MFA-authenticated session credentials from IAM user credentials." + }, + { + "label": "GetCallerIdentity.", + "is_correct": false, + "explaination": "GetCallerIdentity returns identity information and does not provide MFA-backed session credentials." + }, + { + "label": "GetSessionToken.", + "is_correct": true, + "explaination": "GetSessionToken can be used with MFA to obtain temporary session credentials for protected API calls." + }, + { + "label": "DecodeAutherizationMessage.", + "is_correct": false, + "explaination": "This API is used to decode authorization failure messages, not to obtain MFA-backed credentials." + } + ] + }, + { + "question": "An application is running on a cluster of Amazon EC2 instances. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error. Which combination of steps should be taken to prevent this failure? (Choose TWO)\n```\nService: AWSKMS; Status Code: 400; Error Code: ThrottlingException\n```", + "possible_answers": [ + { + "label": "Contact AWS Support to request an AWS KMS rate limit increase.", + "is_correct": true, + "explaination": "High-volume access to SSE-KMS encrypted S3 objects can hit KMS request quotas, so increasing the KMS quota may be necessary." + }, + { + "label": "Perform error retries with exponential backoff in the application code.", + "is_correct": true, + "explaination": "Exponential backoff is the correct client-side pattern when KMS-related throttling or transient failures occur." + }, + { + "label": "Contact AWS Support to request a S3 rate limit increase.", + "is_correct": false, + "explaination": "The likely limit issue here is KMS request throughput, not S3 bucket request scaling." + }, + { + "label": "Import a customer master key (CMK) with a larger key size.", + "is_correct": false, + "explaination": "Key size does not address KMS request throttling behavior." + }, + { + "label": "Use more than one customer master key (CMK) to encrypt S3 data.", + "is_correct": false, + "explaination": "This is not the primary recommended mitigation compared to increasing the KMS quota and implementing backoff." + } + ] + }, + { + "question": "When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data. How should the Developer write the function to send processed data to the Administrators?", + "possible_answers": [ + { + "label": "Separate the Lambda handler from the core logic.", + "is_correct": false, + "explaination": "This is a good coding practice generally, but it does not itself send notifications." + }, + { + "label": "Use Amazon CloudWatch Events to send the processed data.", + "is_correct": false, + "explaination": "CloudWatch Events is not the standard service for directly sending processed data notifications to administrators." + }, + { + "label": "Publish the processed data to an Amazon SNS topic.", + "is_correct": true, + "explaination": "SNS is designed for fanout notifications and can deliver processed data to subscribed administrators." + }, + { + "label": "Push the processed data to Amazon SQS.", + "is_correct": false, + "explaination": "SQS is a queue, not a direct notification service for administrators." + } + ] + }, + { + "question": "A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least. What is the easiest way to achieve this?", + "possible_answers": [ + { + "label": "Encrypt the data before sending it to Amazon S3.", + "is_correct": false, + "explaination": "Client-side encryption is possible, but it is not the easiest way to satisfy annual key rotation requirements." + }, + { + "label": "Import a custom key into AWS KMS with annual rotation enabled.", + "is_correct": false, + "explaination": "Automatic rotation is not supported for imported key material in the same simple way as for KMS-managed customer keys." + }, + { + "label": "Use AWS KMS with automatic key rotation.", + "is_correct": true, + "explaination": "KMS automatic key rotation is the simplest managed approach for annual key rotation with S3 encryption." + }, + { + "label": "Export a key from AWS KMS to encrypt the data.", + "is_correct": false, + "explaination": "KMS does not work by exporting master keys for this use case." + } + ] + }, + { + "question": "A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes. What would be the BEST way to accomplish this?", + "possible_answers": [ + { + "label": "Use an `x-Version` header to denote which version is being called and pass that header to the Lambda function(s).", + "is_correct": false, + "explaination": "This creates custom routing logic in the application rather than using API Gateway's built-in versioning features." + }, + { + "label": "Create an API Gateway Lambda authorizer to route API clients to the correct API version.", + "is_correct": false, + "explaination": "Authorizers are for authentication and authorization, not API version routing." + }, + { + "label": "Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s).", + "is_correct": false, + "explaination": "Resource policies control access, not runtime version routing for testing." + }, + { + "label": "Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context.", + "is_correct": true, + "explaination": "API Gateway stages are the standard way to manage multiple versions/environments of an API for testing and release workflows." + } + ] + }, + { + "question": "A Developer must encrypt a 100-GB object using AWS KMS. What is the BEST approach?", + "possible_answers": [ + { + "label": "Make an `Encrypt` API call to encrypt the plaintext data as ciphertext using a customer master key (CMK).", + "is_correct": false, + "explaination": "The KMS `Encrypt` API is intended for small payloads, not large objects like 100 GB." + }, + { + "label": "Make an `Encrypt` API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material.", + "is_correct": false, + "explaination": "Imported key material does not change the payload size limitation of the Encrypt API." + }, + { + "label": "Make an `GenerateDataKey` API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data.", + "is_correct": true, + "explaination": "For large objects, the best practice is envelope encryption: generate a data key with KMS, use it locally to encrypt the data, and store the encrypted data key." + }, + { + "label": "Make an `GenerateDataKeyWithoutPlaintext` API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data.", + "is_correct": false, + "explaination": "You need the plaintext data key to perform the encryption of the large object." + } + ] + }, + { + "question": "A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit. What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?", + "possible_answers": [ + { + "label": "A GitHub secure authentication token.", + "is_correct": false, + "explaination": "A GitHub token is not used to authenticate to AWS CodeCommit." + }, + { + "label": "A public and private SSH key file.", + "is_correct": false, + "explaination": "SSH keys are used for SSH access, but the question specifically asks about HTTPS." + }, + { + "label": "A set of Git credentials generated from IAM.", + "is_correct": true, + "explaination": "For CodeCommit over HTTPS, IAM-based Git credentials are needed to authenticate Git operations." + }, + { + "label": "An Amazon EC2 IAM role with CodeCommit permissions.", + "is_correct": false, + "explaination": "An EC2 role is unrelated to authenticating developers' Git clients over HTTPS." + } + ] + }, + { + "question": "What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?", + "possible_answers": [ + { + "label": "`GetItem`.", + "is_correct": false, + "explaination": "GetItem retrieves only one item per request." + }, + { + "label": "`BatchGetItem`.", + "is_correct": true, + "explaination": "BatchGetItem retrieves multiple items from one or more DynamoDB tables in a single API call." + }, + { + "label": "`GetMultipleItems`.", + "is_correct": false, + "explaination": "This is not a valid DynamoDB API operation." + }, + { + "label": "`GetItemRange`.", + "is_correct": false, + "explaination": "This is not a valid DynamoDB API operation." + } + ] + }, + { + "question": "After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful. NAT device be the target of internet bound traffic of your private subnet. Which of the following steps could resolve the issue?", + "possible_answers": [ + { + "label": "Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet.", + "is_correct": false, + "explaination": "A second ENI is not the required fix for a NAT instance not forwarding traffic." + }, + { + "label": "Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet.", + "is_correct": false, + "explaination": "This is not how NAT access is implemented for private subnet instances." + }, + { + "label": "Disabling the `Source/Destination Check` attribute on the NAT instance.", + "is_correct": true, + "explaination": "A NAT instance must have source/destination checking disabled so it can forward traffic for other instances." + }, + { + "label": "Attaching an Elastic IP address to the instance in the private subnet.", + "is_correct": false, + "explaination": "Private subnet instances should route outbound traffic through the NAT device, not be assigned public internet addressing directly." + } + ] + }, + { + "question": "You attempt to store an object in the `US-STANDARD` region in Amazon S3, and receive a confirmation that it has been successfully stored. You then immediately make another API call and attempt to read this object. S3 tells you that the object does not exist. What could explain this behavior?", + "possible_answers": [ + { + "label": "`US-STANDARD` uses eventual consistency and it can take time for an object to be readable in a bucket.", + "is_correct": true, + "explaination": "In classic exam scenarios, S3 in the US-Standard region could exhibit eventual consistency behavior, leading to a temporary read-after-write miss." + }, + { + "label": "Objects in Amazon S3 do not become visible until they are replicated to a second region.", + "is_correct": false, + "explaination": "S3 visibility is not dependent on replication to another region." + }, + { + "label": "`US-STANDARD` imposes a 1 second delay before new objects are readable.", + "is_correct": false, + "explaination": "There is no fixed 1-second delay rule for S3 object visibility." + }, + { + "label": "ou exceeded the bucket object limit, and once this limit is raised the object will be visible.", + "is_correct": false, + "explaination": "S3 does not hide successfully stored objects because of a bucket object count limit in this way." + } + ] + }, + { + "question": "What is the maximum number of S3 Buckets available per AWS account?", + "possible_answers": [ + { + "label": "100 per region.", + "is_correct": false, + "explaination": "S3 bucket quotas are not scoped per Region in the way described here." + }, + { + "label": "there is no limit.", + "is_correct": false, + "explaination": "S3 bucket count is subject to an account quota." + }, + { + "label": "1,000,000 per account.", + "is_correct": true, + "explaination": "The provided answer key identifies 1,000,000 buckets per account as the correct value for this question set." + }, + { + "label": "500 per account.", + "is_correct": false, + "explaination": "This is not the answer indicated by the source material." + }, + { + "label": "100 per IAM user.", + "is_correct": false, + "explaination": "Bucket quotas apply to the AWS account, not to individual IAM users." + } + ] + }, + { + "question": "Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security Keys are allowed to be stored on the EC2 instance. (Choose TWO)", + "possible_answers": [ + { + "label": "Create an IAM User that allows write access to the DynamoDB table.", + "is_correct": false, + "explaination": "The question explicitly rules out storing security keys on the EC2 instance, so an IAM user with static keys is not appropriate." + }, + { + "label": "Add an IAM Role to a running EC2 instance.", + "is_correct": false, + "explaination": "The selected answer set focuses on launching the instance with the role included in the configuration." + }, + { + "label": "Add an IAM User to a running EC2 Instance.", + "is_correct": false, + "explaination": "IAM users are not attached to EC2 instances in this manner and would require credentials to be stored." + }, + { + "label": "Launch an EC2 Instance with the IAM Role included in the launch configuration.", + "is_correct": true, + "explaination": "Attaching an IAM role to the EC2 instance provides temporary credentials securely without storing keys." + }, + { + "label": "Create an IAM Role that allows write access to the DynamoDB table.", + "is_correct": true, + "explaination": "The IAM role must include permissions to write to DynamoDB for the application to succeed." + }, + { + "label": "Launch an EC2 Instance with the IAM User included in the launch configuration.", + "is_correct": false, + "explaination": "EC2 instances use IAM roles through instance profiles, not IAM users." + } + ] + }, + { + "question": "Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? (Choose TWO)", + "possible_answers": [ + { + "label": "By default, all requests are denied.", + "is_correct": true, + "explaination": "AWS IAM starts from an implicit deny unless an allow is explicitly granted." + }, + { + "label": "An explicit allow overrides an explicit deny.", + "is_correct": false, + "explaination": "An explicit deny always overrides any allow." + }, + { + "label": "An explicit allow overrides default deny.", + "is_correct": true, + "explaination": "A matching allow statement can override the implicit default deny." + }, + { + "label": "An explicit deny does not override an explicit allow.", + "is_correct": false, + "explaination": "This is incorrect because explicit deny takes precedence." + }, + { + "label": "By default, all request are allowed.", + "is_correct": false, + "explaination": "IAM does not allow requests by default." + } + ] + }, + { + "question": "You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable internet access?", + "possible_answers": [ + { + "label": "Deploy a NAT instance into the public subnet.", + "is_correct": false, + "explaination": "A NAT instance is for outbound internet access from private subnets, not for inbound access to a public subnet instance." + }, + { + "label": "Modify the routing table for the public subnet.", + "is_correct": false, + "explaination": "The subnet routing is already working for the other instances." + }, + { + "label": "Configure a publically routable IP Address In the host OS of the fourth instance.", + "is_correct": false, + "explaination": "Public IP assignment is managed by AWS networking, not by configuring it manually in the host OS." + }, + { + "label": "Assign an Elastic IP address to the fourth instance.", + "is_correct": true, + "explaination": "The instance likely lacks a public IP, and assigning an Elastic IP provides public internet reachability." + } + ] + }, + { + "question": "If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users by default?", + "possible_answers": [ + { + "label": "0 seconds.", + "is_correct": false, + "explaination": "Messages are not immediately visible again after retrieval." + }, + { + "label": "1 hour.", + "is_correct": false, + "explaination": "This is longer than the default SQS visibility timeout." + }, + { + "label": "1 day.", + "is_correct": false, + "explaination": "This is not the default visibility timeout." + }, + { + "label": "forever.", + "is_correct": false, + "explaination": "Messages remain hidden only for the configured visibility timeout unless deleted." + }, + { + "label": "30 seconds.", + "is_correct": true, + "explaination": "The default SQS visibility timeout is 30 seconds." + } + ] + }, + { + "question": "What is the format of structured notification messages sent by Amazon SNS?", + "possible_answers": [ + { + "label": "An XML object containing Messageld, UnsubscribeURL, Subject, Message and other values.", + "is_correct": false, + "explaination": "Structured SNS messages are not sent in XML format." + }, + { + "label": "An JSON object containing Messageld, DuplicateFlag, Message and other values.", + "is_correct": false, + "explaination": "DuplicateFlag is not the standard structured field described for SNS notifications." + }, + { + "label": "An XML object containing Messageld, DuplicateFlag, Message and other values.", + "is_correct": false, + "explaination": "SNS structured notifications are not sent as XML." + }, + { + "label": "An JSON object containing Messageld, unsubscribeURL, Subject, Message and other values.", + "is_correct": true, + "explaination": "Amazon SNS structured message delivery uses JSON with fields such as MessageId, Subject, Message, and UnsubscribeURL." + } + ] + }, + { + "question": "When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side?", + "possible_answers": [ + { + "label": "`x-amz-storage-class`.", + "is_correct": false, + "explaination": "This header chooses the storage class, not server-side encryption." + }, + { + "label": "`Content-MD5`.", + "is_correct": false, + "explaination": "Content-MD5 is for integrity checking, not encryption." + }, + { + "label": "`x-amz-security-token`.", + "is_correct": false, + "explaination": "This is related to temporary security credentials, not S3 object encryption." + }, + { + "label": "`x-amz-server-side-encryption`.", + "is_correct": true, + "explaination": "This header instructs S3 to apply server-side encryption when storing the object." + } + ] + }, + { + "question": "Which of the following platforms are supported by Elastic Beanstalk? (Choose TWO)", + "possible_answers": [ + { + "label": "Apache Tomcat.", + "is_correct": true, + "explaination": "Elastic Beanstalk provides a managed platform for Java applications running on Apache Tomcat." + }, + { + "label": ".NET.", + "is_correct": true, + "explaination": "Elastic Beanstalk supports .NET application platforms." + }, + { + "label": "IBM Websphere.", + "is_correct": false, + "explaination": "WebSphere is not one of the standard Elastic Beanstalk managed platforms." + }, + { + "label": "Oracle JBoss.", + "is_correct": false, + "explaination": "JBoss is not listed here as a supported Elastic Beanstalk platform in the provided answers." + }, + { + "label": "Jetty.", + "is_correct": false, + "explaination": "Jetty is not one of the selected supported Elastic Beanstalk platforms in this question set." + } + ] + }, + { + "question": "Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an `AWS::ElasticLoadBalancing::LoadBalancer` resource name `ElasticLoad Balancer`?", + "possible_answers": [ + { + "label": "\"Fn::Join\":[ \"\".[\"http://\", {Fn::GetAtt\": [ \"ElasticLoadBalancer\",\"DNSName\"]}]]`.", + "is_correct": true, + "explaination": "The correct way is to get the load balancer DNSName attribute and join it with `http://` to form the URL." + }, + { + "label": "\"Fn::Join\":[ \"\".[\"http://\", {Fn::GetAtt\": [ \"ElasticLoadBalancer\",\"Url\"]}]]`.", + "is_correct": false, + "explaination": "Classic Elastic Load Balancer resources expose `DNSName`, not a `Url` attribute." + }, + { + "label": "\"Fn::Join\":[ \"\".[\"http://\", {\"Ref : \"ElasticLoadBalancerUrl\"}]]`.", + "is_correct": false, + "explaination": "This references a value that is not the correct built-in attribute for the load balancer URL." + }, + { + "label": "\"Fn::Join\":[ \"\".[\"http://\", {\"Ref : \"ElasticLoadBalancer\",\"DNSName\"}]]`.", + "is_correct": false, + "explaination": "This is not valid CloudFormation syntax for retrieving a resource attribute." + } + ] + }, + { + "question": "Which features can be used to restrict access to data in S3? (Choose TWO)", + "possible_answers": [ + { + "label": "Use S3 Virtual Hosting.", + "is_correct": false, + "explaination": "Virtual hosting affects how buckets are addressed, not how access is restricted." + }, + { + "label": "Set an S3 Bucket policy.", + "is_correct": true, + "explaination": "Bucket policies are a primary mechanism for controlling access to S3 resources." + }, + { + "label": "Enable IAM Identity Federation.", + "is_correct": false, + "explaination": "Federation helps authenticate users, but it is not itself the direct S3 data access restriction mechanism asked here." + }, + { + "label": "Set an S3 ACL on the bucket or the object.", + "is_correct": true, + "explaination": "S3 ACLs can grant or restrict access at the bucket or object level." + }, + { + "label": "Create a CloudFront distribution for the bucket.", + "is_correct": false, + "explaination": "CloudFront can help front S3 content, but it is not itself one of the direct S3 access control features requested." + } + ] + }, + { + "question": "What happens, by default, when one of the resources in a CloudFormation stack cannot be created?", + "possible_answers": [ + { + "label": "Previously-created resources are kept but the stack creation terminates.", + "is_correct": false, + "explaination": "By default, CloudFormation performs a rollback on failure." + }, + { + "label": "Previously-created resources are deleted and the stack creation terminates.", + "is_correct": true, + "explaination": "CloudFormation's default behavior is to roll back the stack and delete resources that were created before the failure." + }, + { + "label": "The stack creation continues, and the final results indicate which steps failed.", + "is_correct": false, + "explaination": "CloudFormation does not continue stack creation by default after a resource creation failure." + }, + { + "label": "CloudFormation templates are parsed in advance so stack creation is guaranteed to succeed.", + "is_correct": false, + "explaination": "Template parsing does not guarantee successful resource creation." + } + ] + }, + { + "question": "Which of the following are valid arguments for an SNS Publish request? (Choose THREE)", + "possible_answers": [ + { + "label": "TopicArn.", + "is_correct": true, + "explaination": "TopicArn is a valid SNS Publish parameter used to identify the target topic." + }, + { + "label": "Subject.", + "is_correct": true, + "explaination": "Subject is a valid optional parameter for certain SNS message deliveries such as email." + }, + { + "label": "Destination.", + "is_correct": false, + "explaination": "Destination is not the standard parameter name for SNS Publish." + }, + { + "label": "Format.", + "is_correct": false, + "explaination": "Format is not a standard SNS Publish argument." + }, + { + "label": "Message.", + "is_correct": true, + "explaination": "Message is a required SNS Publish argument containing the payload." + }, + { + "label": "Language.", + "is_correct": false, + "explaination": "Language is not a valid SNS Publish parameter." + } + ] + }, + { + "question": "How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?", + "possible_answers": [ + { + "label": "Query the appropriate Amazon CloudWatch metric.", + "is_correct": false, + "explaination": "CloudWatch metrics are not the standard source for retrieving current instance IP addresses programmatically from within the instance." + }, + { + "label": "Use `ipconfig` or `ifconfig` command.", + "is_correct": false, + "explaination": "These commands can show interface addresses, but the AWS-standard answer is to use instance metadata." + }, + { + "label": "Query the local instance userdata.", + "is_correct": false, + "explaination": "User data contains launch configuration, not dynamic network metadata." + }, + { + "label": "Query the local instance metadata.", + "is_correct": true, + "explaination": "The EC2 instance metadata service provides both public and private IP information to software running on the instance." + } + ] + }, + { + "question": "EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:", + "possible_answers": [ + { + "label": "Be used to launch EC2 Instances in any AWS region.", + "is_correct": false, + "explaination": "AMIs are Region-specific unless explicitly copied to another Region." + }, + { + "label": "Only be used to launch EC2 instances in the same country as the AMI is stored.", + "is_correct": false, + "explaination": "AWS AMI usage is scoped by Region, not by country." + }, + { + "label": "Only be used to launch EC2 instances in the same AWS region as the AMI is stored.", + "is_correct": true, + "explaination": "An AMI is tied to a specific AWS Region and must be copied if needed elsewhere." + }, + { + "label": "Only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored.", + "is_correct": false, + "explaination": "AMIs are Region-scoped, not Availability Zone-scoped." + } + ] + }, + { + "question": "Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?", + "possible_answers": [ + { + "label": "`DescribeInstances`.", + "is_correct": false, + "explaination": "DescribeInstances retrieves EC2 instance information, not AMI listings." + }, + { + "label": "`DescribeAMIs`.", + "is_correct": false, + "explaination": "This is not the correct EC2 API operation name." + }, + { + "label": "`DescribeImages`.", + "is_correct": true, + "explaination": "The EC2 API call used to retrieve information about AMIs is `DescribeImages`." + }, + { + "label": "`GetAMIs`.", + "is_correct": false, + "explaination": "This is not a valid EC2 API operation." + }, + { + "label": "You cannot retrieve a list of AMIs as there are over 10,000 AMIs.", + "is_correct": false, + "explaination": "AMIs can be listed through the DescribeImages API." + } + ] + }, + { + "question": "In AWS, which security aspects are the customer's responsibility? (Choose FOUR)", + "possible_answers": [ + { + "label": "Life-cycle management of IAM credentials.", + "is_correct": true, + "explaination": "Managing AWS identities, users, roles, and credential hygiene is part of the customer's responsibility under the shared responsibility model." + }, + { + "label": "Decommissioning storage devices.", + "is_correct": false, + "explaination": "Physical storage device decommissioning is handled by AWS." + }, + { + "label": "Security Group and ACL (Access Control List) settings.", + "is_correct": true, + "explaination": "Customers are responsible for configuring network access controls for their workloads." + }, + { + "label": "Encryption of EBS (Elastic Block Storage) volumes.", + "is_correct": true, + "explaination": "Customers are responsible for deciding whether and how to encrypt their data at rest." + }, + { + "label": "Controlling physical access to compute resources.", + "is_correct": false, + "explaination": "AWS is responsible for physical security of the underlying infrastructure." + }, + { + "label": "Patch management on the EC2 instance's operating system.", + "is_correct": true, + "explaination": "For EC2, the customer is responsible for the guest OS, including patching and hardening." + } + ] + }, + { + "question": "When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table's provisioned throughput?", + "possible_answers": [ + { + "label": "Set a smaller page size for the scan.", + "is_correct": true, + "explaination": "Using a smaller page size reduces the amount of data read per request and helps smooth throughput consumption." + }, + { + "label": "Use parallel scans.", + "is_correct": false, + "explaination": "Parallel scans speed up the scan but can increase throughput pressure rather than minimize impact." + }, + { + "label": "Define a range index on the table.", + "is_correct": false, + "explaination": "Indexes can help certain query patterns, but they do not directly reduce the impact of a large scan." + }, + { + "label": "Prewarm the table by updating all items.", + "is_correct": false, + "explaination": "Prewarming does not address scan throughput consumption." + } + ] + }, + { + "question": "How can you secure data at rest on an EBS volume?", + "possible_answers": [ + { + "label": "Attach the volume to an instance using EC2's SSL interface.", + "is_correct": false, + "explaination": "SSL protects data in transit, not at rest on the volume." + }, + { + "label": "Write the data randomly instead of sequentially.", + "is_correct": false, + "explaination": "Write pattern has nothing to do with securing data at rest." + }, + { + "label": "Use an encrypted file system on top of the EBS volume.", + "is_correct": true, + "explaination": "Encrypting the filesystem or volume contents protects the data stored on the EBS volume at rest." + }, + { + "label": "Encrypt the volume using the S3 server-side encryption service.", + "is_correct": false, + "explaination": "S3 server-side encryption applies to S3 objects, not EBS volumes." + }, + { + "label": "Create an IAM policy that restricts read and write access to the volume.", + "is_correct": false, + "explaination": "Access control is important, but it does not encrypt the data at rest." + } + ] + }, + { + "question": "Which of the following is chosen as the default region when making an API call with an AWS SDK?", + "possible_answers": [ + { + "label": "`ap-northeast-1`.", + "is_correct": false, + "explaination": "This is not the default region commonly used in older AWS SDK assumptions." + }, + { + "label": "`us-west-2`.", + "is_correct": false, + "explaination": "This is a valid AWS Region, but not the default in this exam context." + }, + { + "label": "`us-east-1`.", + "is_correct": true, + "explaination": "The selected answer key identifies `us-east-1` as the default Region in this context." + }, + { + "label": "`eu-west-1`.", + "is_correct": false, + "explaination": "This is not the default region referenced here." + }, + { + "label": "`us-central-1`.", + "is_correct": false, + "explaination": "This is not a standard AWS Region." + } + ] + }, + { + "question": "Which of the following statements about SWF are true? (Choose THREE)", + "possible_answers": [ + { + "label": "SWF tasks are assigned once and never duplicated.", + "is_correct": true, + "explaination": "In the exam context, SWF is intended to manage task coordination so that tasks are assigned once rather than duplicated arbitrarily." + }, + { + "label": "SWF requires an S3 bucket for workflow storage.", + "is_correct": false, + "explaination": "SWF does not require the user to provide an S3 bucket to store workflow state." + }, + { + "label": "SWF workflow executions can last up to a year.", + "is_correct": true, + "explaination": "SWF supports long-running workflows that can span extended durations." + }, + { + "label": "SWF triggers SNS notifications on task assignment.", + "is_correct": false, + "explaination": "SNS notifications are not a required or inherent part of SWF task assignment." + }, + { + "label": "SWF uses deciders and workers to complete tasks.", + "is_correct": true, + "explaination": "SWF coordinates workflows through deciders, which control flow, and workers, which perform tasks." + }, + { + "label": "SWF requires at least 1 EC2 instance per domain.", + "is_correct": false, + "explaination": "SWF does not require a dedicated EC2 instance per domain." + } + ] + }, + { + "question": "A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: `min-size=4`, `max-size=4`, The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in `us-west-2`. After 60 minutes of load-testing, the webserver logs show. Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the four webservers? (Choose TWO)\n```\n+--------------------------------------+---------------------+-----------------------+\n| | # of HTTP requests | # of HTTP requests |\n| WEBSERVER LOGS | from load-tester | from private beta users|\n+--------------------------------------+---------------------+-----------------------+\n| webserver #1 (subnet in us-west-2a): | 19,210 | 434 |\n| webserver #2 (subnet in us-west-2a): | 21,790 | 490 |\n| webserver #3 (subnet in us-west-2b): | 0 | 410 |\n| webserver #4 (subnet in us-west-2b): | 0 | 428 |\n+--------------------------------------+---------------------+-----------------------+\n```", + "possible_answers": [ + { + "label": "Launch and run the load-tester EC2 instance from `us-east-1` instead.", + "is_correct": false, + "explaination": "Changing Regions does not directly solve uneven request distribution caused by DNS resolution behavior and limited client diversity." + }, + { + "label": "Re-configure the load-testing software to re-resolve DNS for each web request.", + "is_correct": true, + "explaination": "If the client reuses one resolved ELB IP, traffic can become uneven. Re-resolving DNS helps distribute requests across ELB nodes." + }, + { + "label": "Use a 3rd-party load-testing service which offers globally-distributed test clients.", + "is_correct": true, + "explaination": "Using many distributed clients avoids the skew caused by one source instance and better approximates real-world traffic distribution." + }, + { + "label": "Configure ELB and Auto Scaling to distribute across `us-west-2a` and `us-west-2c`.", + "is_correct": false, + "explaination": "Availability Zone selection is not the core issue described in this load distribution problem." + }, + { + "label": "Configure ELB session stickiness to use the app-specific session cookie.", + "is_correct": false, + "explaination": "Stickiness generally makes distribution less even, not more even." + } + ] + }, + { + "question": "Which of the following are valid SNS delivery transports? (Choose TWO)", + "possible_answers": [ + { + "label": "HTTP.", + "is_correct": true, + "explaination": "SNS supports HTTP and HTTPS endpoints as delivery protocols." + }, + { + "label": "UDP.", + "is_correct": false, + "explaination": "UDP is not a supported Amazon SNS delivery transport." + }, + { + "label": "SMS.", + "is_correct": true, + "explaination": "SNS supports SMS as a valid message delivery transport." + }, + { + "label": "DynamoDB.", + "is_correct": false, + "explaination": "DynamoDB is a database service, not an SNS delivery transport." + }, + { + "label": "Named Pipes.", + "is_correct": false, + "explaination": "Named Pipes are not an SNS-supported protocol." + } + ] + }, + { + "question": "Company C has recently launched an online commerce site for bicycles on AWS. They have a `Product` DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details. Which approach below provides the least impact to provisioned throughput on the `Product` table?", + "possible_answers": [ + { + "label": "Serialize the image and store it in multiple DynamoDB tables.", + "is_correct": false, + "explaination": "Storing images in DynamoDB would consume more storage and throughput and is not an efficient design." + }, + { + "label": "Create an `Images` DynamoDB table to store the Image with a foreign key constraint to the `Product` table.", + "is_correct": false, + "explaination": "This still keeps large binary data in DynamoDB and increases throughput impact." + }, + { + "label": "Add an image data type to the `Product` table to store the images in binary format.", + "is_correct": false, + "explaination": "Embedding images directly in the table increases item size and read/write capacity consumption." + }, + { + "label": "Store the images in Amazon S3 and add an S3 URL pointer to the `Product` table item for each image.", + "is_correct": true, + "explaination": "S3 is the appropriate storage for large binary objects, and storing only a pointer in DynamoDB minimizes throughput impact." + } + ] + }, + { + "question": "Which DynamoDB limits can be raised by contacting AWS support? (Choose TWO)", + "possible_answers": [ + { + "label": "The number of hash keys per account.", + "is_correct": false, + "explaination": "Hash key design is part of the table schema and not a quota raised through support." + }, + { + "label": "The maximum storage used per account.", + "is_correct": false, + "explaination": "Storage scaling is handled by the service and is not typically the quota referenced here." + }, + { + "label": "The number of tables per account.", + "is_correct": true, + "explaination": "Account-level table count quotas can be increased by AWS Support." + }, + { + "label": "The number of local secondary indexes per account.", + "is_correct": false, + "explaination": "LSI count is a schema limitation per table, not an account quota raised through support." + }, + { + "label": "The number of provisioned throughput units per account.", + "is_correct": true, + "explaination": "Provisioned throughput account-level limits can be raised by AWS Support." + } + ] + }, + { + "question": "When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?", + "possible_answers": [ + { + "label": "Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue.", + "is_correct": true, + "explaination": "The visibility timeout should cover the processing time so the message is not picked up again before completion, and then the message should be deleted after successful processing." + }, + { + "label": "Retrieve the message with an increased visibility timeout, delete the message from the queue, process the message.", + "is_correct": false, + "explaination": "Deleting the message before processing risks losing the message if processing fails." + }, + { + "label": "Retrieve the message with increased `DelaySeconds`, process the message, delete the message from the queue.", + "is_correct": false, + "explaination": "DelaySeconds affects initial delivery timing, not visibility while a message is being processed." + }, + { + "label": "Retrieve the message with increased `DelaySeconds`, delete the message from the queue, process the message.", + "is_correct": false, + "explaination": "This incorrectly uses DelaySeconds and also deletes the message before confirming successful processing." + } + ] + }, + { + "question": "Company A has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can Company A provide only paid subscribers the ability to download a premier content file in the S3 bucket?", + "possible_answers": [ + { + "label": "Apply a bucket policy that grants anonymous users to download the content from the S3 bucket.", + "is_correct": false, + "explaination": "Granting anonymous access would expose the content to non-paying users." + }, + { + "label": "Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.", + "is_correct": true, + "explaination": "A presigned URL grants time-limited access to a private object only when an authorized paid user requests it." + }, + { + "label": "Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects.", + "is_correct": false, + "explaination": "MFA requirements do not integrate naturally with anonymous website subscriber download flows." + }, + { + "label": "Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors.", + "is_correct": false, + "explaination": "Encryption at rest does not control who is allowed to download the objects." + } + ] + }, + { + "question": "Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?", + "possible_answers": [ + { + "label": "User ID, where the application has many different users.", + "is_correct": true, + "explaination": "A high-cardinality, evenly distributed key such as User ID helps spread load across partitions efficiently." + }, + { + "label": "Status Code where most status codes are the same.", + "is_correct": false, + "explaination": "Low-cardinality values like status codes can create hot partitions." + }, + { + "label": "Device ID, where one is by far more popular than all the others.", + "is_correct": false, + "explaination": "A skewed access distribution leads to throughput imbalance and hot keys." + }, + { + "label": "Game Type, where there are three possible game types.", + "is_correct": false, + "explaination": "Only three possible values is too low-cardinality for good partition distribution." + } + ] + }, + { + "question": "An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is: `Return all Items in this office for names starting with A through E`. Which table configuration will result in the lowest impact on provisioned throughput for this query?", + "possible_answers": [ + { + "label": "Configure the table to have a hash index on the name attribute, and a range index on the office identifier.", + "is_correct": false, + "explaination": "This key order does not align efficiently with the access pattern of office plus a name range." + }, + { + "label": "Configure the table to have a range index on the name attribute, and a hash index on the office identifier.", + "is_correct": true, + "explaination": "Using office identifier as the hash key and name as the range key supports efficient queries for a specific office and a name range." + }, + { + "label": "Configure a hash index on the name attribute and no range index.", + "is_correct": false, + "explaination": "This would not efficiently support querying all names in a given office within a specific range." + }, + { + "label": "Configure a hash index on the office identifier attribute and no range index.", + "is_correct": false, + "explaination": "Without a range key on name, the query would require more scanning within the office partition." + } + ] + }, + { + "question": "What is one key difference between an Amazon EBS-backed and an instance-store backed instance?", + "possible_answers": [ + { + "label": "Virtual Private Cloud requires EBS backed instances.", + "is_correct": false, + "explaination": "VPC usage is not determined by whether an instance is EBS-backed or instance-store backed." + }, + { + "label": "Amazon EBS-backed instances can be stopped and restarted.", + "is_correct": true, + "explaination": "A major difference is that EBS-backed instances can be stopped and started again while preserving the root volume." + }, + { + "label": "Auto scaling requires using Amazon EBS-backed instances.", + "is_correct": false, + "explaination": "Auto Scaling does not fundamentally require EBS-backed instances." + }, + { + "label": "Instance-store backed instances can be stopped and restarted.", + "is_correct": false, + "explaination": "Instance-store backed instances do not support stop/start behavior in the same way as EBS-backed instances." + } + ] + }, + { + "question": "Which of the following services are included at no additional cost with the use of the AWS platform?", + "possible_answers": [ + { + "label": "Simple Storage Service.", + "is_correct": false, + "explaination": "Amazon S3 is billed based on storage, requests, and data transfer." + }, + { + "label": "Elastic Compute Cloud.", + "is_correct": false, + "explaination": "EC2 instances are billed services." + }, + { + "label": "Auto Scaling.", + "is_correct": true, + "explaination": "There is no additional charge for the Auto Scaling service itself beyond the resources it launches." + }, + { + "label": "Elastic Load Balancing.", + "is_correct": false, + "explaination": "Elastic Load Balancing is a billed AWS service." + }, + { + "label": "CloudFormation.", + "is_correct": true, + "explaination": "There is no additional charge for CloudFormation itself; you only pay for the resources it creates." + }, + { + "label": "Simple Workflow Service.", + "is_correct": false, + "explaination": "SWF usage is billed." + } + ] + }, + { + "question": "Your application is trying to upload a 6 GB file to Simple Storage Service and receive a `Your proposed upload exceeds the maximum allowed object size.` error message. What is a possible solution for this?", + "possible_answers": [ + { + "label": "None, Simple Storage Service objects are limited to 5 GB.", + "is_correct": false, + "explaination": "S3 supports objects much larger than 5 GB when using multipart upload." + }, + { + "label": "Use the multi-part upload API for this object.", + "is_correct": true, + "explaination": "Multipart upload is the correct way to upload objects larger than 5 GB to Amazon S3." + }, + { + "label": "Use the large object upload API for this object.", + "is_correct": false, + "explaination": "There is no separate S3 API called large object upload." + }, + { + "label": "Contact support to increase your object size limit.", + "is_correct": false, + "explaination": "The correct solution is to use multipart upload, not a support request." + }, + { + "label": "Upload to a different region.", + "is_correct": false, + "explaination": "Region choice does not solve the requirement to use multipart upload for large objects." + } + ] + }, + { + "question": "What AWS products and features can be deployed by Elastic Beanstalk? (Choose THREE)", + "possible_answers": [ + { + "label": "Auto scaling groups.", + "is_correct": true, + "explaination": "Elastic Beanstalk can provision and manage Auto Scaling groups as part of an environment." + }, + { + "label": "Route 53 hosted zones.", + "is_correct": false, + "explaination": "Route 53 hosted zones are not automatically deployed as a standard Elastic Beanstalk environment component." + }, + { + "label": "Elastic Load Balancers.", + "is_correct": true, + "explaination": "Elastic Beanstalk can create and manage load balancers for environments that require them." + }, + { + "label": "RDS Instances.", + "is_correct": true, + "explaination": "Elastic Beanstalk can optionally provision an RDS database as part of the environment setup." + }, + { + "label": "Elastic IP addresses.", + "is_correct": false, + "explaination": "Elastic IPs are not typically a standard Beanstalk-managed deployable feature in this context." + }, + { + "label": "SQS Queues.", + "is_correct": false, + "explaination": "While worker environments use SQS internally, this option is not one of the selected answers in the provided set." + } + ] + }, + { + "question": "Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API?", + "possible_answers": [ + { + "label": "Create an IAM user with access credentials that are distributed with the mobile app to sign the requests.", + "is_correct": false, + "explaination": "Embedding long-lived IAM user credentials in a mobile app is insecure." + }, + { + "label": "Distribute the AWS root account access credentials with the mobile app to sign the requests.", + "is_correct": false, + "explaination": "Root credentials must never be distributed to applications." + }, + { + "label": "Request temporary security credentials using web identity federation to sign the requests.", + "is_correct": true, + "explaination": "Web identity federation allows users authenticated by Facebook to obtain temporary AWS credentials securely for direct DynamoDB access." + }, + { + "label": "Establish cross account access between the mobile app and the DynamoDB table to sign the requests", + "is_correct": false, + "explaination": "Cross-account access is not the correct pattern for individual mobile users authenticated by Facebook." + } + ] + }, + { + "question": "Which of the following programming languages have an officially supported AWS SDK? (Choose TWO)", + "possible_answers": [ + { + "label": "Perl.", + "is_correct": false, + "explaination": "Perl is not one of the selected officially supported SDK answers in this question set." + }, + { + "label": "PHP.", + "is_correct": true, + "explaination": "AWS provides an officially supported SDK for PHP." + }, + { + "label": "Pascal.", + "is_correct": false, + "explaination": "Pascal does not have an official AWS SDK." + }, + { + "label": "Java.", + "is_correct": true, + "explaination": "AWS provides an officially supported SDK for Java." + }, + { + "label": "SQL.", + "is_correct": false, + "explaination": "SQL is a query language, not a general-purpose programming language with an AWS SDK." + } + ] + }, + { + "question": "A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table Each sample involves writing 1K of data and the writes are evenly distributed over time. How much write throughput is required for the target table?", + "possible_answers": [ + { + "label": "1 write capacity unit.", + "is_correct": false, + "explaination": "One WCU is far below the required write rate." + }, + { + "label": "10 write capacity units.", + "is_correct": true, + "explaination": "600 writes per minute equals 10 writes per second, and each 1 KB item write consumes 1 WCU." + }, + { + "label": "60 write capacity units.", + "is_correct": false, + "explaination": "This would overprovision beyond the needed 10 writes per second." + }, + { + "label": "600 write capacity units.", + "is_correct": false, + "explaination": "This confuses writes per minute with writes per second." + }, + { + "label": "3600 write capacity units.", + "is_correct": false, + "explaination": "This is far higher than required." + } + ] + }, + { + "question": "In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?", + "possible_answers": [ + { + "label": "5xx HTTP response code.", + "is_correct": false, + "explaination": "5xx codes typically indicate a server-side issue." + }, + { + "label": "200 HTTP response code.", + "is_correct": false, + "explaination": "200 indicates success." + }, + { + "label": "306 HTTP response code.", + "is_correct": false, + "explaination": "This is not the standard class used to indicate client request problems in DynamoDB." + }, + { + "label": "4xx HTTP response code.", + "is_correct": true, + "explaination": "4xx response codes indicate errors caused by the client request, such as invalid parameters or access issues." + } + ] + }, + { + "question": "Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company B reduce the number of empty responses?", + "possible_answers": [ + { + "label": "Set the imaging queue visibility `Timeout` attribute to 20 seconds.", + "is_correct": false, + "explaination": "Visibility timeout controls how long a received message stays hidden, not how polling waits for new messages." + }, + { + "label": "Set the Imaging queue `ReceiveMessageWaitTimeSeconds` attribute to 20 seconds.", + "is_correct": true, + "explaination": "This enables long polling, which reduces empty responses and lowers CPU and request costs." + }, + { + "label": "Set the imaging queue `MessageRetentionPeriod` attribute to 20 seconds.", + "is_correct": false, + "explaination": "Message retention controls how long unconsumed messages stay in the queue, not how polling behaves." + }, + { + "label": "Set the `DelaySeconds` parameter of a message to 20 seconds.", + "is_correct": false, + "explaination": "DelaySeconds postpones initial visibility of messages and does not reduce empty polling responses generally." + } + ] + }, + { + "question": "An Amazon S3 bucket, `myawsbucket` is configured with website hosting in Tokyo region, what is the region-specific website endpoint?", + "possible_answers": [ + { + "label": "`www.myawsbucket.ap-northeast-1.amazonaws.com`.", + "is_correct": false, + "explaination": "This is not the standard S3 static website endpoint format." + }, + { + "label": "`myawsbucket.s3-website-ap-northeast-1.amazonaws.com`.", + "is_correct": true, + "explaination": "S3 static website endpoints follow the `bucket.s3-website-region.amazonaws.com` style." + }, + { + "label": "`myawsbucket.amazonaws.com`.", + "is_correct": false, + "explaination": "This is not a valid region-specific S3 website hosting endpoint." + }, + { + "label": "`myawsbucket.tokyo.amazonaws.com`.", + "is_correct": false, + "explaination": "This is not the naming format for S3 website endpoints." + } + ] + }, + { + "question": "You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. Given these requirements, what is the most efficient way to manage these Items after the analysis?", + "possible_answers": [ + { + "label": "Retain the items in a single table.", + "is_correct": false, + "explaination": "Keeping all historical items would not minimize storage or management overhead." + }, + { + "label": "Delete items individually over a 24 hour period.", + "is_correct": false, + "explaination": "Deleting individual items creates many API calls and unnecessary throughput usage." + }, + { + "label": "Delete the table and create a new table per hour.", + "is_correct": true, + "explaination": "Dropping the old table and creating a new one avoids mass delete operations and minimizes throughput and API costs." + }, + { + "label": "Create a new table per hour.", + "is_correct": false, + "explaination": "Without deleting the old table, storage would continue growing unnecessarily." + } + ] + }, + { + "question": "You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers. Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already logged in. This is not behavior you have designed. What is a possible solution to prevent this happening?", + "possible_answers": [ + { + "label": "Use instance memory to save session state.", + "is_correct": false, + "explaination": "Storing session state in instance memory can cause users to lose sessions when routed to another server." + }, + { + "label": "Use instance storage to save session state.", + "is_correct": false, + "explaination": "Instance storage is local to a single server and does not solve multi-server session continuity." + }, + { + "label": "Use EBS to save session state.", + "is_correct": false, + "explaination": "EBS is attached to individual instances and is not a shared low-latency session store." + }, + { + "label": "Use ElastiCache to save session state.", + "is_correct": true, + "explaination": "A shared low-latency cache such as ElastiCache allows all web servers behind the load balancer to access the same session data." + }, + { + "label": "Use Glacier to save session slate.", + "is_correct": false, + "explaination": "Glacier is archival storage and completely unsuitable for web session state." + } + ] + }, + { + "question": "You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?", + "possible_answers": [ + { + "label": "Store photos on an EBS volume of the web server.", + "is_correct": false, + "explaination": "Moving content to EBS does not solve the hotlinking problem and would reduce scalability." + }, + { + "label": "Remove public read access and use signed URLs with expiry dates.", + "is_correct": true, + "explaination": "Signed URLs limit access to authorized requests for a limited time and prevent uncontrolled direct linking from third-party sites." + }, + { + "label": "Use CloudFront distributions for static content.", + "is_correct": false, + "explaination": "CloudFront can help with delivery, but by itself it does not stop unauthorized linking unless paired with signed URLs or other access controls." + }, + { + "label": "Block the IPs of the offending websites in Security Groups.", + "is_correct": false, + "explaination": "Security groups do not apply to S3 in this way and IP blocking is not a robust solution for public web traffic." + } + ] + }, + { + "question": "Which statements about DynamoDB are true? (Choose TWO)", + "possible_answers": [ + { + "label": "DynamoDB uses a pessimistic locking model.", + "is_correct": false, + "explaination": "DynamoDB does not use pessimistic locking as its standard concurrency mechanism." + }, + { + "label": "DynamoDB uses optimistic concurrency control.", + "is_correct": true, + "explaination": "DynamoDB commonly uses optimistic concurrency patterns, such as version checks or conditional writes, to avoid conflicting updates." + }, + { + "label": "DynamoDB uses conditional writes for consistency.", + "is_correct": true, + "explaination": "Conditional writes are a key DynamoDB feature for preserving correctness and preventing unintended overwrites." + }, + { + "label": "DynamoDB restricts item access during reads.", + "is_correct": false, + "explaination": "DynamoDB does not lock items for reads in the way implied here." + }, + { + "label": "DynamoDB restricts item access during writes.", + "is_correct": false, + "explaination": "DynamoDB does not rely on pessimistic write locks as the default model described." + } + ] + }, + { + "question": "You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this. You advise them to:", + "possible_answers": [ + { + "label": "Bulk upload the device tokens contained in a CSV file via the AWS Management Console.", + "is_correct": false, + "explaination": "SNS mobile push registration is typically done programmatically rather than by manual CSV upload." + }, + { + "label": "Let the push notification service (e.g. Amazon Device Messaging) handle the registration.", + "is_correct": false, + "explaination": "The app still needs to register device tokens with SNS to enable direct notifications through SNS." + }, + { + "label": "Implement a token vending service to handle the registration.", + "is_correct": false, + "explaination": "A token vending service is not the standard mechanism for SNS mobile endpoint registration." + }, + { + "label": "Call the `CreatePlatformEndPoint` API function to register multiple device tokens.", + "is_correct": true, + "explaination": "SNS mobile push requires device tokens to be registered as platform endpoints using the `CreatePlatformEndpoint` API." + } + ] + }, + { + "question": "You are writing to a DynamoDB table and receive the following exception: `ProvisionedThroughputExceededException`. though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this?", + "possible_answers": [ + { + "label": "You haven't provisioned enough DynamoDB storage instances.", + "is_correct": false, + "explaination": "DynamoDB storage instances are not something users provision directly in this manner." + }, + { + "label": "You're exceeding your capacity on a particular `Range Key`.", + "is_correct": false, + "explaination": "Hot partition behavior is generally tied to partition key distribution rather than sort key alone." + }, + { + "label": "You're exceeding your capacity on a particular `Hash Key`.", + "is_correct": true, + "explaination": "A hot partition caused by uneven access to a single partition key can trigger throughput exceptions even when total table throughput is not fully consumed." + }, + { + "label": "You're exceeding your capacity on a particular `Sort Key`.", + "is_correct": false, + "explaination": "Sort keys do not by themselves create partition-level hot spots in the same way partition keys do." + }, + { + "label": "You haven't configured DynamoDB Auto Scaling triggers.", + "is_correct": false, + "explaination": "Auto Scaling can help over time, but it does not explain immediate hot key throttling below overall table limits." + } + ] + }, + { + "question": "If an application is storing hourly log files from thousands of instances from a high traffic web site, which naming scheme would give optimal performance on S3?", + "possible_answers": [ + { + "label": "Sequential.", + "is_correct": false, + "explaination": "Sequential naming can create hot prefixes and less even request distribution." + }, + { + "label": "`instanceID_log-HH-DD-MM-YYYY`.", + "is_correct": true, + "explaination": "Starting object names with high-cardinality values such as instance IDs helps distribute requests more evenly across S3 keyspace." + }, + { + "label": "`instanceIDLog-YYYY-MM-DD-HH`.", + "is_correct": false, + "explaination": "Although similar, this is not the selected answer in the provided key." + }, + { + "label": "`HH-DD-MM-YYYY-log_instanceID`.", + "is_correct": false, + "explaination": "Beginning with time values can create concentration around similar prefixes for simultaneous writes." + }, + { + "label": "`YYYY-MM-DD-HH-logInstanceID`.", + "is_correct": false, + "explaination": "Leading with timestamp values can reduce distribution efficiency for concurrent writes." + } + ] + }, + { + "question": "Which of the following statements about SQS is true?", + "possible_answers": [ + { + "label": "Messages will be delivered exactly once and messages will be delivered in First in, First out order.", + "is_correct": false, + "explaination": "This is not true for standard SQS queues." + }, + { + "label": "Messages will be delivered exactly once and message delivery order is indeterminate.", + "is_correct": false, + "explaination": "Standard SQS does not guarantee exactly-once delivery." + }, + { + "label": "Messages will be delivered one or more times and messages will be delivered in First in, First out order.", + "is_correct": false, + "explaination": "Standard SQS provides at-least-once delivery but not FIFO ordering." + }, + { + "label": "Messages will be delivered one or more times and message delivery order is indeterminate.", + "is_correct": true, + "explaination": "Standard SQS provides at-least-once delivery and does not guarantee message order." + } + ] + }, + { + "question": "A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Which two approaches can satisfy the objectives? (Choose TWO)", + "possible_answers": [ + { + "label": "The application authenticates against LDAP. The application then calls the IAM Security Service to login to IAM using the LDAP credentials. The application can use the 1AM temporary credentials to access the appropriate S3 bucket.", + "is_correct": false, + "explaination": "IAM does not support directly logging in with LDAP credentials in this way." + }, + { + "label": "The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the appropriate S3 bucket.", + "is_correct": true, + "explaination": "LDAP-authenticated users can be mapped to IAM roles, and STS AssumeRole can provide temporary credentials for user-specific S3 access." + }, + { + "label": "The application authenticates against IAM Security Token Service using the LDAP credentials. The application uses those temporary AWS security credentials to access the appropriate S3 bucket.", + "is_correct": false, + "explaination": "STS does not directly authenticate LDAP credentials by itself." + }, + { + "label": "Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.", + "is_correct": true, + "explaination": "An identity broker can bridge on-prem LDAP authentication to AWS federated credentials with least-privilege access to user-specific S3 content." + }, + { + "label": "Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credentials. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.", + "is_correct": false, + "explaination": "The missing piece is the LDAP authentication step, so this option is incomplete." + } + ] + }, + { + "question": "Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to `http://www.companyc.com` the `index.html` page is returned. Company C now would like a new page welcome.html to be returned when a visitor enters `http://www.companyc.com` in the browser. Which of the following steps will allow Company C to meet this requirement? (Choose TWO)", + "possible_answers": [ + { + "label": "Upload an html page named welcome.html to their S3 bucket.", + "is_correct": true, + "explaination": "The new object must exist in the bucket if it is to be served as the index document." + }, + { + "label": "Create a welcome subfolder in their S3 bucket.", + "is_correct": false, + "explaination": "A subfolder is not required to change the default root document." + }, + { + "label": "Set the Index Document property to welcome.html.", + "is_correct": true, + "explaination": "In S3 static website hosting, the Index Document setting determines which page is returned for the root path." + }, + { + "label": "Move the `index.html` page to a welcome subfolder.", + "is_correct": false, + "explaination": "Moving index.html is not necessary to change the root document." + }, + { + "label": "Set the Error Document property to welcome.html.", + "is_correct": false, + "explaination": "The Error Document handles error responses, not the normal root page." + } + ] + }, + { + "question": "What type of block cipher does Amazon S3 offer for server side encryption?", + "possible_answers": [ + { + "label": "Triple DES.", + "is_correct": false, + "explaination": "Triple DES is not the S3 server-side encryption standard referenced here." + }, + { + "label": "Advanced Encryption Standard.", + "is_correct": true, + "explaination": "Amazon S3 server-side encryption uses AES, specifically AES-256." + }, + { + "label": "Blowfish.", + "is_correct": false, + "explaination": "Blowfish is not the encryption standard used for S3 server-side encryption." + }, + { + "label": "RC5.", + "is_correct": false, + "explaination": "RC5 is not the algorithm used by S3 server-side encryption." + } + ] + }, + { + "question": "A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data. What should the Development team do to achieve this?", + "possible_answers": [ + { + "label": "Add annotations to the segment document and the code.", + "is_correct": true, + "explaination": "X-Ray annotations are indexed and searchable, making them the right choice for filtering trace data." + }, + { + "label": "Add metadata to the segment document and the code.", + "is_correct": false, + "explaination": "Metadata is stored with traces but is not indexed for filtering in the same way as annotations." + }, + { + "label": "Configure the necessary X-Ray environment variables.", + "is_correct": false, + "explaination": "Environment variables alone do not create indexed trace attributes." + }, + { + "label": "Install required plugins for the appropriate AWS SDK.", + "is_correct": false, + "explaination": "Plugins can assist instrumentation but do not address the need for indexed searchable fields." + } + ] + }, + { + "question": "A team of Developers must migrate an application running inside an AWS Elastic Beanstalk environment from a Classic Load Balancer to an Application Load Balancer. Which steps should be taken to accomplish the task using the AWS Management Console?", + "possible_answers": [ + { + "label": "1. Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the new version of the application code to the environment.", + "is_correct": false, + "explaination": "Elastic Beanstalk does not switch the underlying load balancer type of an existing environment in this simple in-place manner." + }, + { + "label": "1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the `swap-environment-cnames` action.", + "is_correct": true, + "explaination": "Creating a new environment with the desired load balancer type and swapping CNAMEs is the standard migration approach." + }, + { + "label": "1. Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the `swap-environment-cnames` action.", + "is_correct": false, + "explaination": "The selected answer key uses creating a new environment rather than cloning with a changed load balancer type." + }, + { + "label": "1. Edit the environment definitions in the existing deployment. 2. Change the associated load balancer type according to the requirements. 3. Rebuild the environment with the new load balancer type.", + "is_correct": false, + "explaination": "Changing the load balancer type in-place on an existing environment is not the standard migration method." + } + ] + }, + { + "question": "A company needs a version control system for collaborative software development. Features of the system must include the following: Support for batches of changes across multiple files. Parallel branching Version tracking. Which AWS service will meet these requirements?", + "possible_answers": [ + { + "label": "AWS CodePipeline.", + "is_correct": false, + "explaination": "CodePipeline is a CI/CD orchestration service, not a source control system." + }, + { + "label": "Amazon S3.", + "is_correct": false, + "explaination": "S3 stores objects but does not provide full collaborative source control features like branching and commit history." + }, + { + "label": "AWS Code Build.", + "is_correct": false, + "explaination": "CodeBuild is a build service, not a version control repository." + }, + { + "label": "AWS CodeCommit.", + "is_correct": true, + "explaination": "CodeCommit is a managed Git-based version control service that supports branching, version history, and grouped changes across files." + } + ] + }, + { + "question": "A company is using continuous integration and continuous delivery systems. A Developer now needs to automate a software package deployment to both Amazon EC2 instances and virtual servers running on-premises. Which AWS service should be used to accomplish this?", + "possible_answers": [ + { + "label": "AWS CodePipeline.", + "is_correct": false, + "explaination": "CodePipeline orchestrates workflows but is not the service that directly deploys software to EC2 and on-premises hosts." + }, + { + "label": "AWS CodeBuild.", + "is_correct": false, + "explaination": "CodeBuild compiles and tests code, but it does not perform the host deployment role described." + }, + { + "label": "AWS Elastic Beanstalk.", + "is_correct": false, + "explaination": "Elastic Beanstalk manages application environments on AWS, not deployments to both EC2 and on-premises servers." + }, + { + "label": "AWS CodeDeploy.", + "is_correct": true, + "explaination": "CodeDeploy supports automated deployments to Amazon EC2 instances and on-premises servers." + } + ] + }, + { + "question": "A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution: Average execution time of 100 seconds 50 requests per second. Which step must be taken prior to deployment to prevent errors?", + "possible_answers": [ + { + "label": "Implement dead-letter queues to capture invocation errors.", + "is_correct": false, + "explaination": "Dead-letter queues help diagnose failed async invocations but do not address account concurrency limits." + }, + { + "label": "Add an event source from Amazon API Gateway to the Lambda function.", + "is_correct": false, + "explaination": "The trigger source does not solve a concurrency quota shortfall." + }, + { + "label": "Implement error handling within the application code.", + "is_correct": false, + "explaination": "Application error handling does not increase the account's Lambda concurrency capacity." + }, + { + "label": "Contact AWS Support to increase the concurrent execution limits.", + "is_correct": true, + "explaination": "50 requests/second with 100-second execution time implies about 5,000 concurrent executions, which exceeds the default new-account concurrency quota." + } + ] + }, + { + "question": "A Developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users. How can session data be externalized, keeping latency at the LOWEST possible value?", + "possible_answers": [ + { + "label": "Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database instance for session data storage.", + "is_correct": false, + "explaination": "RDS works, but it is not the lowest-latency option for session storage." + }, + { + "label": "Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application level to leverage the shared file system for session data storage.", + "is_correct": false, + "explaination": "A shared filesystem generally has higher latency and is not ideal for session state." + }, + { + "label": "Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for session data storage.", + "is_correct": true, + "explaination": "ElastiCache Memcached provides very low-latency in-memory shared storage, making it well suited for externalized session state." + }, + { + "label": "Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage.", + "is_correct": false, + "explaination": "DynamoDB is scalable and durable, but in-memory cache is typically lower latency for session access." + } + ] + }, + { + "question": "An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed. Why is the table being throttled?", + "possible_answers": [ + { + "label": "The GSI write capacity units are underprovisioned.", + "is_correct": true, + "explaination": "Writes to the base table also update GSIs. If the GSI lacks write capacity, the base table writes can be throttled even when the table itself has spare WCUs." + }, + { + "label": "There are not enough read capacity units on the primary table.", + "is_correct": false, + "explaination": "The issue described is write throttling, not insufficient read capacity." + }, + { + "label": "Amazon DynamoDB Streams is not enabled on the table.", + "is_correct": false, + "explaination": "Streams are unrelated to GSI write throttling." + }, + { + "label": "A large write operation is being performed against another table.", + "is_correct": false, + "explaination": "Write activity on another table does not directly explain this table and GSI interaction." + } + ] + }, + { + "question": "A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor's changes to be overwritten without a proper review process. Which DynamoDB write option should be selected to prevent this overwriting?", + "possible_answers": [ + { + "label": "Concurrent writes.", + "is_correct": false, + "explaination": "Concurrent writes describe the problem, not the mechanism to prevent overwrites." + }, + { + "label": "Conditional writes.", + "is_correct": true, + "explaination": "Conditional writes can ensure an update succeeds only if the current item state matches an expected value, preventing lost updates." + }, + { + "label": "Atomic writes.", + "is_correct": false, + "explaination": "Atomicity does not by itself prevent one editor from overwriting another's changes without a condition check." + }, + { + "label": "Batch writes.", + "is_correct": false, + "explaination": "Batch writes are for grouped operations and do not solve concurrent overwrite protection." + } + ] + }, + { + "question": "A Developer has been asked to create an AWS Lambda function that is triggered any time updates are made to items in an Amazon DynamoDB table. The function has been created, and appropriate permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled for the table, but the function is still not being triggered. Which option would enable DynamoDB table updates to trigger the Lambda function?", + "possible_answers": [ + { + "label": "Change the `StreamViewType` parameter value to `NEW_AND_OLD_IMAGES` for the DynamoDB table.", + "is_correct": false, + "explaination": "The stream view type changes what data is included in the stream records, but does not by itself connect the stream to Lambda." + }, + { + "label": "Configure event source mapping for the Lambda function.", + "is_correct": true, + "explaination": "Lambda must be explicitly configured with the DynamoDB stream as an event source so records trigger function invocations." + }, + { + "label": "Map an Amazon SNS topic to the DynamoDB streams.", + "is_correct": false, + "explaination": "SNS is not required to connect DynamoDB Streams to Lambda." + }, + { + "label": "Increase the maximum execution time (timeout) setting of the Lambda function.", + "is_correct": false, + "explaination": "Timeout settings do not determine whether the function is triggered by the stream." + } + ] + }, + { + "question": "A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds. How should a Developer instrument the code so that the requirement can be met?", + "possible_answers": [ + { + "label": "Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds.", + "is_correct": false, + "explaination": "Publishing every 30 seconds does not meet the 15-second responsiveness requirement." + }, + { + "label": "Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds.", + "is_correct": true, + "explaination": "High-resolution CloudWatch metrics support sub-minute granularity, and publishing every 5 seconds enables scaling decisions based on recent 15-second load." + }, + { + "label": "Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds.", + "is_correct": false, + "explaination": "Standard-resolution metrics are not designed for this near-real-time scaling requirement." + }, + { + "label": "Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds.", + "is_correct": false, + "explaination": "Publishing frequently does not change the fact that standard-resolution metrics do not provide the needed high-resolution scaling granularity." + } + ] + }, + { + "question": "A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day. Messages must be delivered in real time for fraud detection and live operational dashboards. Which approach will meet these requirements?", + "possible_answers": [ + { + "label": "Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances.", + "is_correct": false, + "explaination": "SQS is useful for decoupling, but Kinesis is the better fit for real-time high-throughput streaming ingestion and multiple consumers." + }, + { + "label": "Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift.", + "is_correct": false, + "explaination": "This is not a real-time streaming ingestion design." + }, + { + "label": "Use AWS Data Pipeline to automate the movement and transformation of data.", + "is_correct": false, + "explaination": "Data Pipeline is not the primary service for real-time large-scale message ingestion." + }, + { + "label": "Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages.", + "is_correct": true, + "explaination": "Kinesis Data Streams is designed for high-throughput real-time streaming data ingestion and processing by multiple consumers." + } + ] + }, + { + "question": "A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions. The Developer needs to create/delete branches. Which specific IAM permissions need to be added, based on the principle of least privilege?\n```\n{\n\"Version\": \"2012-10-17\",\n\"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codecommit:BatchGetRepositories\",\n \"codecommit:Get*\",\n \"codecommit:List*\",\n \"codecommit:GitPull\"\n ],\n \"Resource\": \"*\"\n }\n]\n}\n```", + "possible_answers": [ + { + "label": "\"codecommit:CreateBranch\" \"codecommit:DeleteBranch\".", + "is_correct": true, + "explaination": "These are the specific least-privilege permissions needed to create and delete branches in CodeCommit." + }, + { + "label": "\"codecommit:Put*\".", + "is_correct": false, + "explaination": "This grants broader permissions than necessary and violates least privilege." + }, + { + "label": "\"codecommit:Update*\".", + "is_correct": false, + "explaination": "This is broader than needed and may not directly cover both branch create and delete with least privilege." + }, + { + "label": "\"codecommit:*\".", + "is_correct": false, + "explaination": "This grants full CodeCommit access and is not least privilege." + } + ] + }, + { + "question": "An AWS Lambda function must access an external site by using a regularly rotated user name and password. These items must be kept securely and cannot be stored in the function code. What combination of AWS services can be used to accomplish this? (Choose TWO)", + "possible_answers": [ + { + "label": "AWS Certificate Manager (ACM).", + "is_correct": false, + "explaination": "ACM manages certificates, not rotating usernames and passwords for external site access." + }, + { + "label": "AWS Systems Manager Parameter Store.", + "is_correct": true, + "explaination": "Parameter Store can securely store configuration values and secrets for Lambda to retrieve at runtime." + }, + { + "label": "AWS Trusted Advisor.", + "is_correct": false, + "explaination": "Trusted Advisor provides recommendations, not secure secret storage." + }, + { + "label": "AWS KMS.", + "is_correct": true, + "explaination": "KMS can be used to encrypt the stored secret values so they remain secure at rest." + }, + { + "label": "Amazon GuardDuty.", + "is_correct": false, + "explaination": "GuardDuty is a threat detection service, not a secret storage or rotation mechanism." + } + ] + }, + { + "question": "A Developer is trying to deploy a serverless application using AWS CodeDeploy. The application was updated and needs to be redeployed. What file does the Developer need to update to push that change through CodeDeploy?", + "possible_answers": [ + { + "label": "`dockerrun.aws.json`.", + "is_correct": false, + "explaination": "This file is used with Elastic Beanstalk Docker environments, not CodeDeploy deployment definitions." + }, + { + "label": "`buildspec.yml`.", + "is_correct": false, + "explaination": "buildspec.yml is used by CodeBuild, not CodeDeploy." + }, + { + "label": "`appspec.yml`.", + "is_correct": true, + "explaination": "CodeDeploy uses the AppSpec file to define deployment behavior and lifecycle hooks." + }, + { + "label": "`ebextensions.config`.", + "is_correct": false, + "explaination": "`.ebextensions` files are for Elastic Beanstalk configuration, not CodeDeploy." + } + ] + }, + { + "question": "A Developer is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform clientside encryption. What steps must be followed?", + "possible_answers": [ + { + "label": "Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the `KeyId` parameter.", + "is_correct": false, + "explaination": "KMS Encrypt is intended for small payloads, not full 10 MB client-side encryption of documents." + }, + { + "label": "Invoke the `GenerateRandom` API to get a data encryption key, then use the data encryption key to encrypt the data.", + "is_correct": false, + "explaination": "GenerateRandom does not provide the standard KMS envelope encryption workflow with an encrypted copy of the data key." + }, + { + "label": "Invoke the `GenerateDataKey` API to retrieve the encrypted version of the data encryption key to encrypt the data.", + "is_correct": false, + "explaination": "You need the plaintext data key to perform the client-side encryption." + }, + { + "label": "Invoke the `GenerateDataKey` API to retrieve the plaintext version of the data encryption key to encrypt the data.", + "is_correct": true, + "explaination": "For client-side envelope encryption, KMS returns a plaintext data key for local encryption and an encrypted copy for later decryption." + } + ] + }, + { + "question": "A Developer is building a web application that uses Amazon API Gateway to expose an AWS Lambda function to process requests from clients. During testing, the Developer notices that the API Gateway times out even though the Lambda function finishes under the set time limit. Which of the following API Gateway metrics in Amazon CloudWatch can help the Developer troubleshoot the issue? (Choose TWO)", + "possible_answers": [ + { + "label": "CacheHitCount.", + "is_correct": false, + "explaination": "Cache hit count is only relevant when API caching is enabled and does not directly explain timeout behavior." + }, + { + "label": "IntegrationLatency.", + "is_correct": true, + "explaination": "IntegrationLatency measures the time API Gateway spends waiting for the backend integration, which is key in troubleshooting timeouts." + }, + { + "label": "CacheMissCount.", + "is_correct": false, + "explaination": "Cache misses do not directly explain backend timing or end-to-end request timeout behavior." + }, + { + "label": "Latency.", + "is_correct": true, + "explaination": "Latency measures the total time between API Gateway receiving a request and returning a response, which is essential for identifying timeout issues." + }, + { + "label": "Count.", + "is_correct": false, + "explaination": "Count shows request volume, not where latency is occurring." + } + ] + }, + { + "question": "A company needs to distribute firmware updates to its customers around the world. Which service will allow easy and secure control of the access to the downloads at the lowest cost?", + "possible_answers": [ + { + "label": "Use Amazon CloudFront with signed URLs for Amazon S3.", + "is_correct": true, + "explaination": "CloudFront provides global content delivery and signed URLs provide secure, time-limited access to firmware files stored in S3." + }, + { + "label": "Create a dedicated Amazon CloudFront Distribution for each customer.", + "is_correct": false, + "explaination": "This would add unnecessary cost and management overhead." + }, + { + "label": "Use Amazon CloudFront with AWS Lambda@Edge.", + "is_correct": false, + "explaination": "Lambda@Edge may help with custom logic, but it is more complex and not the lowest-cost answer." + }, + { + "label": "Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket.", + "is_correct": false, + "explaination": "This would add cost and complexity compared to CloudFront signed URLs." + } + ] + }, + { + "question": "An application writes items to an Amazon DynamoDB table. As the application scales to thousands of instances, calls to the DynamoDB API generate occasional `ThrottlingException` errors. The application is coded in a language incompatible with the AWS SDK. How should the error be handled?", + "possible_answers": [ + { + "label": "Add exponential backoff to the application logic.", + "is_correct": true, + "explaination": "Even without the AWS SDK, the correct way to handle occasional throttling is to implement retries with exponential backoff in the application." + }, + { + "label": "Use Amazon SQS as an API message bus.", + "is_correct": false, + "explaination": "This may decouple components, but it does not directly solve DynamoDB throttling handling in the client logic." + }, + { + "label": "Pass API calls through Amazon API Gateway.", + "is_correct": false, + "explaination": "API Gateway is not a standard solution for handling DynamoDB throttling." + }, + { + "label": "Send the items to DynamoDB through Amazon Kinesis Data Firehose.", + "is_correct": false, + "explaination": "Kinesis Firehose is not a generic write proxy for DynamoDB item operations." + } + ] + }, + { + "question": "An e-commerce web application that shares session state on-premises is being migrated to AWS. The application must be fault tolerant, natively highly scalable, and any service interruption should not affect the user experience. What is the best option to store the session state?", + "possible_answers": [ + { + "label": "Store the session state in Amazon ElastiCache.", + "is_correct": true, + "explaination": "ElastiCache is a common low-latency shared session store that supports scalability and reduces the impact of individual application instance failures." + }, + { + "label": "Store the session state in Amazon CloudFront.", + "is_correct": false, + "explaination": "CloudFront is a CDN and not a session state storage system." + }, + { + "label": "Store the session state in Amazon S3.", + "is_correct": false, + "explaination": "S3 is not suitable for fast session reads and writes needed by a web application." + }, + { + "label": "Enable session stickiness using elastic load balancers.", + "is_correct": false, + "explaination": "Sticky sessions do not make the application natively fault tolerant and do not externalize session state." + } + ] + }, + { + "question": "A Developer is creating a template that uses AWS CloudFormation to deploy an application. This application is serverless and uses Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. Which tool should the Developer use to define simplified syntax for expressing serverless resources?", + "possible_answers": [ + { + "label": "CloudFormation serverless intrinsic functions.", + "is_correct": false, + "explaination": "There is no separate tool by this name for simplified serverless resource syntax." + }, + { + "label": "AWS serverless express.", + "is_correct": false, + "explaination": "This is not the template-definition tool intended for simplified serverless CloudFormation syntax." + }, + { + "label": "An AWS serverless application model.", + "is_correct": true, + "explaination": "AWS SAM extends CloudFormation with simplified syntax specifically for serverless resources like Lambda, API Gateway, and DynamoDB integrations." + }, + { + "label": "A CloudFormation serverless plugin.", + "is_correct": false, + "explaination": "The standard AWS tool for this is SAM, not a generic plugin." + } + ] + }, + { + "question": "A Developer has a stateful web server on-premises that is being migrated to AWS. The Developer must have greater elasticity in the new design. How should the Developer re-factor the application to make it more elastic? (Choose TWO)", + "possible_answers": [ + { + "label": "Use pessimistic concurrency on Amazon DynamoDB.", + "is_correct": false, + "explaination": "Concurrency control does not directly make the web tier more elastic." + }, + { + "label": "Use Amazon CloudFront with an Auto Scaling group.", + "is_correct": false, + "explaination": "CloudFront can help content delivery, but it is not one of the two selected refactoring steps for elasticity here." + }, + { + "label": "Use Amazon CloudFront with an AWS Web Application Firewall.", + "is_correct": false, + "explaination": "This improves protection and delivery, not the core stateful-to-elastic refactor." + }, + { + "label": "Store session state data in an Amazon DynamoDB table.", + "is_correct": true, + "explaination": "Externalizing session state allows web servers to be stateless and replaced or scaled horizontally more easily." + }, + { + "label": "Use an ELB with an Auto Scaling group.", + "is_correct": true, + "explaination": "An ELB with Auto Scaling supports horizontal scaling and high availability for the web tier." + } + ] + }, + { + "question": "A Developer must analyze performance issues with production-distributed applications written as AWS Lambda functions. These distributed Lambda applications invoke other components that make up the applications. How should the Developer identify and troubleshoot the root cause of the performance issues in production?", + "possible_answers": [ + { + "label": "Add logging statements to the Lambda functions, then use Amazon CloudWatch to view the logs.", + "is_correct": false, + "explaination": "Logs are useful, but they do not provide the same end-to-end distributed tracing insight as X-Ray." + }, + { + "label": "Use AWS Cloud Trail and then examine the logs.", + "is_correct": false, + "explaination": "CloudTrail records API activity, not distributed application performance traces." + }, + { + "label": "Use AWS X-Ray, then examine the segments and errors.", + "is_correct": true, + "explaination": "X-Ray is purpose-built to trace requests across Lambda-based distributed systems and isolate bottlenecks and failures." + }, + { + "label": "Run Amazon Inspector agents and then analyze performance.", + "is_correct": false, + "explaination": "Inspector is for security assessments, not runtime performance tracing." + } + ] + }, + { + "question": "A Developer wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Developer creates a new metric filter to count exceptions in the application logs. However, no results are returned from the logs. What is the reason that no filtered results are being returned?", + "possible_answers": [ + { + "label": "A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC.", + "is_correct": false, + "explaination": "A VPC endpoint is not the reason metric filters fail to show historical matches." + }, + { + "label": "CloudWatch Logs only publishes metric data for events that happen after the filter is created.", + "is_correct": true, + "explaination": "Metric filters do not retroactively process old log events; they only apply to new log entries after the filter is created." + }, + { + "label": "The log group for CloudWatch Logs should be first streamed to Amazon Elasticsearch Service before metric filtering returns the results.", + "is_correct": false, + "explaination": "CloudWatch Logs metric filters do not require Elasticsearch/OpenSearch." + }, + { + "label": "Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket.", + "is_correct": false, + "explaination": "S3 export is unrelated to CloudWatch Logs metric filter operation." + } + ] + }, + { + "question": "To include objects defined by the AWS Serverless Application Model (SAM) in an AWS CloudFormation template, in addition to `Resources`, what section MUST be included in the document root?", + "possible_answers": [ + { + "label": "`Conditions`.", + "is_correct": false, + "explaination": "Conditions are optional and not specific to enabling SAM resources." + }, + { + "label": "`Globals`.", + "is_correct": false, + "explaination": "Globals can be useful in SAM templates but are not the mandatory section required to enable SAM syntax." + }, + { + "label": "`Transform`.", + "is_correct": true, + "explaination": "SAM templates must include a `Transform` declaration so CloudFormation knows to process SAM resource syntax." + }, + { + "label": "`Properties`.", + "is_correct": false, + "explaination": "Properties belong under resources and are not a required document-root section for enabling SAM." + } + ] + }, + { + "question": "A company is using Amazon RDS MySQL instances for its application database tier and Apache Tomcat servers for its web tier. Most of the database queries from web applications are repeated read requests. Use of which AWS service would increase in performance by adding in-memory store for repeated read queries?", + "possible_answers": [ + { + "label": "Amazon RDS Multi-AZ.", + "is_correct": false, + "explaination": "Multi-AZ improves availability, not repeated read query caching." + }, + { + "label": "Amazon SQS.", + "is_correct": false, + "explaination": "SQS is a messaging service, not a query cache." + }, + { + "label": "Amazon ElastiCache.", + "is_correct": true, + "explaination": "ElastiCache provides an in-memory cache layer that can significantly improve performance for repeated read-heavy query patterns." + }, + { + "label": "Amazon RDS read replica.", + "is_correct": false, + "explaination": "Read replicas help scale reads, but the question specifically asks for an in-memory store for repeated queries." + } + ] + }, + { + "question": "A Developer is investigating an issue whereby certain requests are passing through an Amazon API Gateway endpoint /MyAPI, but the requests do not reach the AWS Lambda function backing /MyAPI. The Developer found that a second Lambda function sometimes runs at maximum concurrency allowed for the given AWS account. How can the Developer address this issue?", + "possible_answers": [ + { + "label": "Manually reduce the concurrent execution limit at the account level.", + "is_correct": false, + "explaination": "Reducing the account limit would worsen the contention problem." + }, + { + "label": "Add another API Gateway stage for /MyAPI, and shard the requests.", + "is_correct": false, + "explaination": "The issue is Lambda concurrency contention, not API Gateway stage sharding." + }, + { + "label": "Configure the second Lambda function's concurrency execution limit.", + "is_correct": true, + "explaination": "Reserving or limiting concurrency for the noisy Lambda function prevents it from exhausting all account concurrency and starving /MyAPI's backend function." + }, + { + "label": "Reduce the throttling limits in the API Gateway /MyAPI endpoint", + "is_correct": false, + "explaination": "API Gateway throttling does not address the root issue of another Lambda consuming all available concurrency." + } + ] + }, + { + "question": "A company is migrating a single-server, on-premises web application to AWS. The company intends to use multiple servers behind an Elastic Load Balancer (ELB) to balance the load, and will also store session data in memory on the web server. The company does not want to lose that session data if a server fails or goes offline, and it wants to minimize user's downtime. Where should the company move session data to MOST effectively reduce downtime and make users' session data more fault tolerant?", + "possible_answers": [ + { + "label": "An Amazon ElastiCache for Redis cluster.", + "is_correct": true, + "explaination": "Redis in ElastiCache is a shared low-latency external session store that makes user sessions resilient to individual server failures." + }, + { + "label": "A second Amazon EBS volume.", + "is_correct": false, + "explaination": "EBS volumes are tied to instances and do not provide the same shared fault-tolerant session layer." + }, + { + "label": "The web server's primary disk.", + "is_correct": false, + "explaination": "Local disk storage would still be lost or unavailable if the server fails." + }, + { + "label": "An Amazon EC2 instance dedicated to session data.", + "is_correct": false, + "explaination": "A single EC2 instance for session storage would create an unnecessary single point of failure." + } + ] + }, + { + "question": "A Developer created configuration specifications for an AWS Elastic Beanstalk application in a file named healthcheckurl.yaml in the `.ebextensions/directory` of their application source bundle. The file contains the following: After the application launches, the health check is not being run on the correct path, even though it is valid. What can be done to correct this configuration file?\n```\noption_settings:\n - namespace: aws:elasticbeanstalk:application\n option_name: Application Healthcheck URL\n value: /health_check\n```", + "possible_answers": [ + { + "label": "Convert the file to JSON format.", + "is_correct": false, + "explaination": "Elastic Beanstalk supports YAML or JSON, so format alone is not the issue." + }, + { + "label": "Rename the file to a `.config` extension.", + "is_correct": true, + "explaination": "Elastic Beanstalk processes configuration files in `.ebextensions` only when they use the `.config` extension." + }, + { + "label": "Change the configuration section from `options_settings` to resources.", + "is_correct": false, + "explaination": "The issue here is the filename extension, not the need to convert the section type." + }, + { + "label": "Change the namespace of the option settings to a custom namespace.", + "is_correct": false, + "explaination": "A custom namespace is not the root cause of the file not being applied." + } + ] + }, + { + "question": "A Developer has created a Lambda function and is finding that the function is taking longer to complete than expected. After some debugging, the Developer has discovered that increasing compute capacity would improve performance. How can the Developer increase the Lambda compute resources?", + "possible_answers": [ + { + "label": "Run on a larger instance size with more compute capacity.", + "is_correct": false, + "explaination": "Lambda does not use EC2 instance size selection." + }, + { + "label": "Increase the maximum execution time.", + "is_correct": false, + "explaination": "Increasing timeout allows longer execution but does not increase CPU or memory resources." + }, + { + "label": "Specify a larger compute capacity when calling the Lambda function.", + "is_correct": false, + "explaination": "Compute capacity is not specified at invocation time." + }, + { + "label": "Increase the allocated memory for the Lambda function.", + "is_correct": true, + "explaination": "Lambda compute power scales with the configured memory allocation, so increasing memory increases available CPU as well." + } + ] + }, + { + "question": "An e-commerce site allows returning users to log in to display customized web pages. The workflow is shown in the image below. An application is running on EC2 instances. Amazon RDS is used for the database that stores user accounts and preferences. The website freezes or is slow to load while waiting for the login step to complete. The remaining components of the site are well-optimized. Which of the following techniques will resolve this issue? (Select TWO)\n```\n① User logs in\n display user login page\n authenticate and authorize user access\n │\n ▼ user login data\n② Database queried for user\n create query for user table\n query user table for account & preferences\n │\n ▼ user account data\n③ Display customized entry page\n modify greeting with user name\n display new items recommended for user\n```", + "possible_answers": [ + { + "label": "Implement the user login page as an asynchronous Lambda function.", + "is_correct": false, + "explaination": "Moving the login step to Lambda does not directly solve the database wait issue described." + }, + { + "label": "Use Amazon ElastiCache for MemCached to cache user data.", + "is_correct": true, + "explaination": "Caching frequently used user account or preference data reduces load on RDS and shortens login response time." + }, + { + "label": "Use Amazon Application Load Balancer to load balance the traffic to the website.", + "is_correct": false, + "explaination": "Load balancing helps scale web requests but does not solve database latency during login." + }, + { + "label": "Call the database asynchronously so the code can continue executing.", + "is_correct": true, + "explaination": "Asynchronous database access can prevent the application from freezing while waiting for login-related data retrieval." + }, + { + "label": "Batch login requests from hundreds of users together as a single read request to the database.", + "is_correct": false, + "explaination": "Batching unrelated user logins is not a practical or appropriate fix for this problem." + } + ] + }, + { + "question": "A Developer is building a mobile application and needs any update to user profile data to be pushed to all devices accessing the specific identity. The Developer does not want to manage a back end to maintain the user profile data. What is the MOST efficient way for the Developer to achieve these requirements using Amazon Cognito?", + "possible_answers": [ + { + "label": "Use Cognito federated identities.", + "is_correct": false, + "explaination": "Federated identities provide AWS credentials but do not themselves synchronize user profile data across devices." + }, + { + "label": "Use a Cognito user pool.", + "is_correct": false, + "explaination": "User pools manage authentication, but the question asks specifically about synchronizing profile updates across devices." + }, + { + "label": "Use Cognito Sync.", + "is_correct": true, + "explaination": "Cognito Sync is designed to synchronize user profile and application data across multiple devices for the same identity." + }, + { + "label": "Use Cognito events.", + "is_correct": false, + "explaination": "Cognito events can trigger workflows but are not the main feature for device data synchronization." + } + ] + }, + { + "question": "A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using `CreateApiKey` and sends the new key to the user. When the user attempts to call the API using this key, the user receives a `403 Forbidden` error. Existing users are unaffected and can still call the API. What code updates will grant these new users access to the API?", + "possible_answers": [ + { + "label": "The `createDeployment` method must be called so the API can be redeployed to include the newly created API key.", + "is_correct": false, + "explaination": "API redeployment is not what associates a newly created API key with a usage plan." + }, + { + "label": "The `updateAuthorizer` method must be called to update the API's authorizer to include the newly created API key.", + "is_correct": false, + "explaination": "API keys are not managed through authorizers." + }, + { + "label": "The `importApiKeys` method must be called to import all newly created API keys into the current stage of the API.", + "is_correct": false, + "explaination": "Creating an API key does not automatically grant access unless it is associated with a usage plan." + }, + { + "label": "The `createUsagePlanKey` method must be called to associate the newly created API key with the correct usage plan.", + "is_correct": true, + "explaination": "API Gateway requires the API key to be associated with the appropriate usage plan before it can be used successfully." + } + ] + }, + { + "question": "A Developer is writing a mobile application that allows users to view images from an S3 bucket. The users must be able to log in with their Amazon login, as well as Facebook and/or Google accounts. How can the Developer provide this authentication functionality?", + "possible_answers": [ + { + "label": "Use Amazon Cognito with web identity federation.", + "is_correct": true, + "explaination": "Cognito with web identity federation supports social identity providers such as Facebook, Google, and Login with Amazon." + }, + { + "label": "Use Amazon Cognito with SAML-based identity federation.", + "is_correct": false, + "explaination": "SAML federation is generally used for enterprise identity providers, not the consumer social logins named here." + }, + { + "label": "Use AWS IAM Access/Secret keys in the application code to allow `Get*` on the S3 bucket.", + "is_correct": false, + "explaination": "Embedding AWS keys in a mobile application is insecure." + }, + { + "label": "Use AWS STS `AssumeRole` in the application code and assume a role with `Get*` permissions on the S3 bucket.", + "is_correct": false, + "explaination": "This would require additional identity plumbing, while Cognito already provides the correct managed federation flow." + } + ] + }, + { + "question": "A Developer wants access to make the log data of an application running on an EC2 instance available to systems administrators. Which of the following enables monitoring of this metric in Amazon CloudWatch?", + "possible_answers": [ + { + "label": "Retrieve the log data from CloudWatch using the `GetMetricData` API call.", + "is_correct": false, + "explaination": "GetMetricData retrieves metrics, not application log files from an EC2 instance." + }, + { + "label": "Retrieve the log data from AWS CloudTrail using the `LookupEvents` API call.", + "is_correct": false, + "explaination": "CloudTrail records API events, not arbitrary application logs from EC2." + }, + { + "label": "Launch a new EC2 instance, configure Amazon CloudWatch Events, and then install the application.", + "is_correct": false, + "explaination": "CloudWatch Events does not automatically collect application log files." + }, + { + "label": "Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.", + "is_correct": true, + "explaination": "The CloudWatch Logs agent can ship application log files from EC2 to CloudWatch for centralized monitoring and access." + } + ] + }, + { + "question": "A nightly batch job loads 1 million new records into a DynamoDB table. The records are only needed for one hour, and the table needs to be empty by the next night's batch job. Which is the MOST efficient and cost-effective method to provide an empty table?", + "possible_answers": [ + { + "label": "Use `DeleteItem` using a `ConditionExpression`.", + "is_correct": false, + "explaination": "Deleting items individually would be slow, expensive, and operationally inefficient for 1 million records." + }, + { + "label": "Use `BatchWriteItem` to empty all of the rows.", + "is_correct": false, + "explaination": "Batch deletes are possible but still consume throughput and are less efficient than recreating the table." + }, + { + "label": "Write a recursive function that scans and calls out `DeleteItem`.", + "is_correct": false, + "explaination": "This is even more operationally expensive than batch deletion." + }, + { + "label": "Create and then delete the table after the task has completed.", + "is_correct": true, + "explaination": "Deleting and recreating the table is often the fastest and most cost-effective way to clear very large transient datasets." + } + ] + }, + { + "question": "A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found. What is causing the duplicate entries?", + "possible_answers": [ + { + "label": "The S3 bucket name was specified incorrectly.", + "is_correct": false, + "explaination": "An incorrect bucket name would more likely cause failures rather than duplicate log entries with the same request ID." + }, + { + "label": "The Lambda function failed, and the Lambda service retired the invocation with a delay.", + "is_correct": true, + "explaination": "When a Lambda invocation fails, the service can retry the event, which can lead to repeated processing and duplicated logs." + }, + { + "label": "There was an S3 outage, which caused duplicate entries of the sale log file.", + "is_correct": false, + "explaination": "An S3 outage is not the most likely explanation for duplicate Lambda log entries with the same request context." + }, + { + "label": "The application stopped intermittently and then resumed.", + "is_correct": false, + "explaination": "This does not directly explain Lambda retry behavior and duplicate request logging." + } + ] + }, + { + "question": "A company is providing services to many downstream consumers. Each consumer may connect to one or more services. This has resulted in a complex architecture that is difficult to manage and does not scale well. The company needs a single interface to manage these services to consumers. Which AWS service should be used to refactor this architecture?", + "possible_answers": [ + { + "label": "AWS Lambda.", + "is_correct": false, + "explaination": "Lambda provides serverless compute but not a single managed API interface to multiple backend services." + }, + { + "label": "AWS X-Ray.", + "is_correct": false, + "explaination": "X-Ray is for tracing and observability, not for presenting and managing APIs to consumers." + }, + { + "label": "Amazon SQS.", + "is_correct": false, + "explaination": "SQS is a messaging service, not a unified service-consumer interface." + }, + { + "label": "Amazon API Gateway.", + "is_correct": true, + "explaination": "API Gateway provides a centralized interface for exposing, managing, securing, and scaling APIs to downstream consumers." + } + ] + }, + { + "question": "A Developer is creating a serverless website with content that includes HTML files, images, videos, and JavaScript (client-side scripts). Which combination of services should the Developer use to create the website?", + "possible_answers": [ + { + "label": "Amazon S3 and Amazon CloudFront.", + "is_correct": true, + "explaination": "A static serverless website is commonly built with S3 for storage/hosting and CloudFront for global content delivery." + }, + { + "label": "Amazon EC2 and Amazon ElastiCache.", + "is_correct": false, + "explaination": "This is not a serverless architecture." + }, + { + "label": "Amazon ECS and Redis.", + "is_correct": false, + "explaination": "This is not serverless and is unnecessary for static site content." + }, + { + "label": "AWS Lambda and Amazon API Gateway.", + "is_correct": false, + "explaination": "Lambda and API Gateway are useful for dynamic APIs, but not required to serve a static content website." + } + ] + }, + { + "question": "A Development team has pushed out 10 applications running on several Amazon EC2 instances. The Operations team is asking for a graphical representation of one key performance metric for each application. These metrics should be available on one screen for easy monitoring. Which steps should the Developer take to accomplish this using Amazon CloudWatch?", + "possible_answers": [ + { + "label": "Create a custom namespace with a unique metric name for each application.", + "is_correct": true, + "explaination": "Publishing application-specific custom metrics allows CloudWatch dashboards to graph each application's key metric together on one screen." + }, + { + "label": "Create a custom dimension with a unique metric name for each application.", + "is_correct": false, + "explaination": "Dimensions can help categorize metrics, but the selected answer emphasizes using custom metrics per application." + }, + { + "label": "Create a custom event with a unique metric name for each application.", + "is_correct": false, + "explaination": "CloudWatch metrics are the right mechanism for graphing performance data, not custom events." + }, + { + "label": "Create a custom alarm with a unique metric name for each application.", + "is_correct": false, + "explaination": "Alarms monitor thresholds, but they are not the primary mechanism for publishing and graphing application performance values." + } + ] + }, + { + "question": "A company is creating an application that will require users to access AWS services and allow them to reset their own passwords. Which of the following would allow the company to manage users and authorization while allowing users to reset their own passwords?", + "possible_answers": [ + { + "label": "Amazon Cognito identify pools and AWS STS.", + "is_correct": false, + "explaination": "Identity pools and STS provide AWS credentials, but user password management and self-service reset are handled by user pools." + }, + { + "label": "Amazon Cognito identity pools and AWS IAM.", + "is_correct": false, + "explaination": "Identity pools do not provide a managed user directory with self-service password reset." + }, + { + "label": "Amazon Cognito user pools and AWS KMS.", + "is_correct": false, + "explaination": "KMS is for encryption and does not manage AWS service authorization for application users." + }, + { + "label": "Amazon Cognito user pools and identity pools.", + "is_correct": true, + "explaination": "User pools manage users and password reset, while identity pools provide access to AWS resources with appropriate authorization." + } + ] + }, + { + "question": "A company has three different environments: Development, QA, and Production. The company wants to deploy its code first in the Development environment, then QA, and then Production. Which AWS service can be used to meet this requirement?", + "possible_answers": [ + { + "label": "Use AWS CodeCommit to create multiple repositories to deploy the application.", + "is_correct": false, + "explaination": "CodeCommit stores source code, but it does not orchestrate sequential deployments across environments." + }, + { + "label": "Use AWS CodeBuild to create, configure, and deploy multiple build application projects.", + "is_correct": false, + "explaination": "CodeBuild builds code, but it does not manage staged deployments across environments by itself." + }, + { + "label": "Use AWS Data Pipeline to create multiple data pipeline provisions to deploy the application.", + "is_correct": false, + "explaination": "Data Pipeline is for data workflows, not application environment promotion." + }, + { + "label": "Use AWS CodeDeploy to create multiple deployment groups.", + "is_correct": true, + "explaination": "CodeDeploy deployment groups can represent Development, QA, and Production targets and support staged promotion through those environments." + } + ] + }, + { + "question": "A company uses Amazon DynamoDB for managing and tracking orders. The DynamoDB table is partitioned based on the order date. The company receives a huge increase in orders during a sales event, causing DynamoDB writes to throttle, and the consumed throughput is far below the provisioned throughput. According to AWS best practices, how can this issue be resolved with MINIMAL costs?", + "possible_answers": [ + { + "label": "Create a new DynamoDB table for every order date.", + "is_correct": false, + "explaination": "This does not directly solve hot partition issues and adds management complexity." + }, + { + "label": "Increase the read and write capacity units of the DynamoDB table.", + "is_correct": false, + "explaination": "If total consumed throughput is far below provisioned throughput, the problem is likely hot partitions rather than insufficient total capacity." + }, + { + "label": "Add a random number suffix to the partition key values.", + "is_correct": true, + "explaination": "Adding randomness to the partition key spreads writes across more partitions and mitigates hot key throttling with minimal extra cost." + }, + { + "label": "Add a global secondary index to the DynamoDB table.", + "is_correct": false, + "explaination": "A GSI does not fix a hot partition problem on the primary write path." + } + ] + }, + { + "question": "A Development team currently supports an application that uses an in-memory store to save accumulated game results. Individual results are stored in a database. As part of migrating to AWS, the team needs to use automatic scaling. The team knows this will yield inconsistent results. Where should the team store these accumulated game results to BEST allow for consistent results without impacting performance?", + "possible_answers": [ + { + "label": "Amazon S3.", + "is_correct": false, + "explaination": "S3 is durable storage but is not appropriate for fast in-memory-style accumulation of game results." + }, + { + "label": "Amazon RDS.", + "is_correct": false, + "explaination": "RDS is durable and consistent, but not the best fit for low-latency in-memory shared result accumulation." + }, + { + "label": "Amazon ElastiCache.", + "is_correct": true, + "explaination": "ElastiCache provides a shared low-latency in-memory data store that supports scaling application instances without inconsistent local state." + }, + { + "label": "Amazon Kinesis.", + "is_correct": false, + "explaination": "Kinesis is a streaming service, not a shared in-memory store for current accumulated results." + } + ] + }, + { + "question": "In a multi-container Docker environment in AWS Elastic Beanstalk, what is required to configure container instances in the environment?", + "possible_answers": [ + { + "label": "An Amazon ECS task definition.", + "is_correct": true, + "explaination": "Elastic Beanstalk multi-container Docker environments use an ECS task definition to describe the containers that run on each instance." + }, + { + "label": "An Amazon ECS cluster.", + "is_correct": false, + "explaination": "The task definition is the required container configuration artifact referenced by the question." + }, + { + "label": "A Dockerfile in an application package.", + "is_correct": false, + "explaination": "A single Dockerfile alone does not define a multi-container environment in Elastic Beanstalk." + }, + { + "label": "A CLI for Elastic Beanstalk.", + "is_correct": false, + "explaination": "The EB CLI helps manage deployments but is not the configuration object for container instances." + } + ] + }, + { + "question": "An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services. What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?", + "possible_answers": [ + { + "label": "Use AWS KMS to store and retrieve credentials.", + "is_correct": false, + "explaination": "KMS protects keys and secrets but is not the simplest or best way to provide AWS API access to an EC2 application." + }, + { + "label": "Use EC2 instance profiles.", + "is_correct": true, + "explaination": "EC2 instance profiles provide temporary credentials through IAM roles, which is the recommended secure pattern with minimal overhead." + }, + { + "label": "Use AWS `root` user to make requests to the application.", + "is_correct": false, + "explaination": "Root credentials should never be used for applications." + }, + { + "label": "Store and retrieve credentials from AWS CodeCommit.", + "is_correct": false, + "explaination": "CodeCommit is a source repository, not a credential management solution." + } + ] + }, + { + "question": "A company maintains an application responsible for processing several thousand external callbacks each day. The company's System administrators want to know how many callbacks are being received on a rolling basis, and they want this data available for 10 days. The company also wants the ability to issue automated alerts if the number of callbacks exceeds the defined thresholds. What is the MOST cost-effective way to address the need to track and alert on these statistics?", + "possible_answers": [ + { + "label": "Push callback data to an Amazon RDS database that can be queried to show historical data and to alert on exceeded thresholds.", + "is_correct": false, + "explaination": "RDS would add unnecessary cost and operational overhead for a simple rolling metric and alerting requirement." + }, + { + "label": "Push callback data to AWS X-Ray and use AWS Lambda to query, display, and alert on exceeded thresholds.", + "is_correct": false, + "explaination": "X-Ray is for distributed tracing, not simple callback counting and alerting." + }, + { + "label": "Push callback data to Amazon Kinesis Data Streams and invoke an AWS Lambda function that stores data in Amazon DynamoDB and sends the required alerts.", + "is_correct": false, + "explaination": "This is unnecessarily complex for counting and alarming on callback volume." + }, + { + "label": "Push callback data to Amazon CloudWatch as a custom metric and use the CloudWatch alerting mechanisms to alert System Administrators.", + "is_correct": true, + "explaination": "CloudWatch custom metrics and alarms provide a simple and cost-effective way to graph rolling callback counts and trigger threshold alerts." + } + ] + }, + { + "question": "A company has a website that is developed in PHP and WordPress and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed in the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails. Deployments must have minimal impact and rollback as soon as possible. What deployment method should be used?", + "possible_answers": [ + { + "label": "All at once.", + "is_correct": false, + "explaination": "All at once has the greatest risk of downtime if a deployment fails." + }, + { + "label": "Rolling.", + "is_correct": false, + "explaination": "Rolling reduces impact but does not provide the strongest isolation and fastest rollback compared to immutable deployments." + }, + { + "label": "Snapshots.", + "is_correct": false, + "explaination": "Snapshots are not an Elastic Beanstalk deployment policy." + }, + { + "label": "Immutable.", + "is_correct": true, + "explaination": "Immutable deployments launch a fresh set of instances with the new version, minimizing impact on current traffic and allowing quick rollback if the new version fails." + } + ] + }, + { + "question": "A company has a multi-tiered web application on AWS. During a recent spike in traffic, one of the primary relational databases on Amazon RDS could not serve all the traffic. Some read queries for repeatedly accessed items failed, so users received error messages. What can be done to minimize the impact on database read queries MOST efficiently during future traffic spikes?", + "possible_answers": [ + { + "label": "Use Amazon S3 to cache database query results.", + "is_correct": false, + "explaination": "S3 is not a low-latency cache for repeated database reads." + }, + { + "label": "Use Amazon RDS as a custom origin for Amazon CloudFront.", + "is_correct": false, + "explaination": "CloudFront is designed for HTTP content delivery, not for direct database query caching." + }, + { + "label": "Use local storage and memory on Amazon EC2 instances to cache data.", + "is_correct": false, + "explaination": "Per-instance caching can help somewhat, but it is less consistent and less resilient than a shared managed cache." + }, + { + "label": "Use Amazon ElastiCache in front of the primary database to cache data.", + "is_correct": true, + "explaination": "ElastiCache reduces repeated read pressure on RDS and is an efficient way to absorb future read-heavy spikes." + } + ] + }, + { + "question": "A Developer must build an application that uses Amazon DynamoDB. The requirements state that the items being stored in the DynamoDB table will be 7KB in size and that reads must be strongly consistent. The maximum read rate is 3 items per second, and the maximum write rate is 10 items per second. How should the Developer size the DynamoDB table to meet these requirements?", + "possible_answers": [ + { + "label": "Read: 3 read capacity. `unitsWrite`: 70 write capacity units.", + "is_correct": false, + "explaination": "Strongly consistent 7 KB reads require more than 1 RCU each, so 3 RCUs is not enough." + }, + { + "label": "Read: 6 read capacity. `unitsWrite`: 70 write capacity units.", + "is_correct": true, + "explaination": "A 7 KB strongly consistent read consumes 2 RCUs, so 3 reads/sec requires 6 RCUs. A 7 KB write consumes 7 WCUs, so 10 writes/sec requires 70 WCUs." + }, + { + "label": "Read: 6 read capacity. `unitsWrite`: 10 write capacity units.", + "is_correct": false, + "explaination": "10 WCUs is far too low for writing 10 items per second when each item is 7 KB." + }, + { + "label": "Read: 3 read capacity. `unitsWrite`: 10 write capacity units.", + "is_correct": false, + "explaination": "Both read and write values are too low for the required item size and request rate." + } + ] + }, + { + "question": "A Developer is creating an AWS Lambda function to process a stream of data from an Amazon Kinesis Data Stream. When the Lambda function parses the data and encounters a missing field, it exits the function with an error. The function is generating duplicate records from the Kinesis stream. When the Developer looks at the stream output without the Lambda function, there are no duplicate records. What is the reason for the duplicates?", + "possible_answers": [ + { + "label": "The Lambda function did not advance the Kinesis stream pointer to the next record after the error.", + "is_correct": false, + "explaination": "Lambda's event source mapping handles checkpointing rather than the function manually advancing pointers." + }, + { + "label": "The Lambda event source used asynchronous invocation, resulting in duplicate records.", + "is_correct": false, + "explaination": "The core issue is failure and retry behavior, not simply asynchronous invocation." + }, + { + "label": "The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.", + "is_correct": true, + "explaination": "If processing fails for a batch from Kinesis, Lambda retries it, which can make previously seen records appear duplicated." + }, + { + "label": "The Lambda function is not keeping up with the amount of data coming from the stream.", + "is_correct": false, + "explaination": "Lag alone does not directly explain duplicates caused by reprocessing failed batches." + } + ] + }, + { + "question": "A company is developing an application that will run on several Amazon EC2 instances in an Auto Scaling group and can access a database running on Amazon EC2. The application needs to store secrets required to connect to the database. The application must allow for periodic secret rotation, and there should be no changes to the application when a secret changes. What is the SAFEST way to meet these requirements?", + "possible_answers": [ + { + "label": "Associate an IAM role to the EC2 instance where the application is running with permission to access the database.", + "is_correct": false, + "explaination": "An IAM role can provide access to retrieve secrets, but it does not by itself store and rotate database connection secrets." + }, + { + "label": "Use AWS Systems Manager Parameter Store with the SecureString data type to store secrets.", + "is_correct": true, + "explaination": "Parameter Store SecureString provides centralized secret storage and lets the application retrieve updated values without code changes." + }, + { + "label": "Configure the application to store secrets in Amazon S3 object metadata.", + "is_correct": false, + "explaination": "S3 object metadata is not an appropriate or secure secret management system for rotating database credentials." + }, + { + "label": "Hard code the database secrets in the application code itself.", + "is_correct": false, + "explaination": "Hardcoding secrets is insecure and makes rotation difficult." + } + ] + }, + { + "question": "A Developer writes an AWS Lambda function and uploads the code in a `.ZIP` file to Amazon S3. The Developer makes changes to the code and uploads a new `.ZIP` file to Amazon S3. However, Lambda executes the earlier code. How can the Developer fix this in the LEAST disruptive way?", + "possible_answers": [ + { + "label": "Create another Lambda function and specify the new `.ZIP` file.", + "is_correct": false, + "explaination": "Creating a new function is unnecessary and more disruptive than updating the existing one." + }, + { + "label": "Call the `update-function-code` API.", + "is_correct": true, + "explaination": "Uploading a new ZIP to S3 does not automatically update Lambda. The function code must be updated explicitly to point to the new object." + }, + { + "label": "Remove the earlier `.ZIP` file first, then add the new `.ZIP` file.", + "is_correct": false, + "explaination": "Replacing the S3 object alone does not guarantee Lambda will refresh to the new code automatically." + }, + { + "label": "Call the `create-alias` API.", + "is_correct": false, + "explaination": "Aliases are for version routing and do not update the function code itself." + } + ] + }, + { + "question": "An AWS Lambda function must read data from an Amazon RDS MySQL database in a VPC and also reach a public endpoint over the internet to get additional data. Which steps must be taken to allow the function to access both the RDS resource and the public endpoint? (Select TWO)", + "possible_answers": [ + { + "label": "Modify the default configuration for the Lambda function to associate it with an Amazon VPC private subnet.", + "is_correct": true, + "explaination": "To access an RDS database inside a VPC, the Lambda function must run in subnets within that VPC, typically private subnets." + }, + { + "label": "Modify the default network access control list to allow outbound traffic.", + "is_correct": false, + "explaination": "The default NACL is not the core requirement here, and the main design need is VPC attachment plus internet egress through NAT." + }, + { + "label": "Add a NAT Gateway to the VPC.", + "is_correct": true, + "explaination": "A Lambda function in private subnets needs a NAT Gateway to reach public internet endpoints." + }, + { + "label": "Modify the default configuration of the Lambda function to associate it with a VPC public subnet.", + "is_correct": false, + "explaination": "Using a public subnet is not the recommended design for Lambda internet egress in a VPC." + }, + { + "label": "Add an environmental variable to the Lambda function to allow outbound internet access.", + "is_correct": false, + "explaination": "Environment variables do not control network routing or internet access." + } + ] + }, + { + "question": "A Developer has been asked to make changes to the source code of an AWS Lambda function. The function is managed using an AWS CloudFormation template. The template is configured to load the source code from an Amazon S3 bucket. The Developer manually created a `.ZIP` file deployment package containing the changes and put the file into the correct location on Amazon S3. When the function is invoked, the code changes have not been applied. What step is required to update the function with the changes?", + "possible_answers": [ + { + "label": "Delete the `.ZIP` file on S3, and re-upload by using a different object key name.", + "is_correct": false, + "explaination": "Changing the S3 object alone does not update the deployed Lambda function until CloudFormation updates the resource definition." + }, + { + "label": "Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion.", + "is_correct": true, + "explaination": "CloudFormation must detect a change in the Lambda code location/version properties to redeploy the updated function code." + }, + { + "label": "Ensure that the function source code is base64-encoded before uploading the deployment package to S3.", + "is_correct": false, + "explaination": "Lambda deployment packages uploaded to S3 do not need to be manually base64 encoded." + }, + { + "label": "Modify the execution role of the Lambda function to allow S3 access permission to the deployment package `.ZIP` file.", + "is_correct": false, + "explaination": "The issue is stack update behavior, not the function runtime's permission to access its deployment package." + } + ] + }, + { + "question": "A Developer wants to enable AWS X-Ray for a secure application that runs in an Amazon ECS environment. What combination of steps will enable X-Ray? (Select THREE)", + "possible_answers": [ + { + "label": "Create a Docker image that runs the X-Ray daemon.", + "is_correct": true, + "explaination": "In ECS, the X-Ray daemon commonly runs as a sidecar container so application traces can be forwarded to X-Ray." + }, + { + "label": "Add instrumentation to the application code for X-Ray.", + "is_correct": true, + "explaination": "Application code must be instrumented so requests and segments are generated for X-Ray tracing." + }, + { + "label": "Install the X-Ray daemon on the underlying EC2 instance.", + "is_correct": false, + "explaination": "In ECS, the expected answer is to run the daemon in a container rather than relying on host installation." + }, + { + "label": "Configure and use an IAM EC2 instance role.", + "is_correct": false, + "explaination": "The selected answer set uses task roles for secure application permissions rather than relying on the container host role." + }, + { + "label": "Register the application with X-Ray.", + "is_correct": false, + "explaination": "There is no separate application registration step required for X-Ray." + }, + { + "label": "Configure and use an IAM role for tasks.", + "is_correct": true, + "explaination": "The ECS task needs permissions to send trace data, so a task IAM role is the secure way to grant them." + } + ] + }, + { + "question": "A Developer is designing a new application that uses Amazon S3. To satisfy compliance requirements, the Developer must encrypt the data at rest. How can the Developer accomplish this?", + "possible_answers": [ + { + "label": "Use `s3:x-amz-acl` as a condition in the S3 bucket policy.", + "is_correct": false, + "explaination": "This condition key is about ACL-related controls, not encryption at rest." + }, + { + "label": "Use Amazon RDS with default encryption.", + "is_correct": false, + "explaination": "RDS encryption is unrelated to data stored in Amazon S3." + }, + { + "label": "Use `aws:SecureTransport` as a condition in the S3 bucket policy.", + "is_correct": false, + "explaination": "SecureTransport enforces encryption in transit over HTTPS, not encryption at rest." + }, + { + "label": "Turn on S3 default encryption for the S3 bucket.", + "is_correct": true, + "explaination": "S3 default encryption ensures that new objects uploaded to the bucket are encrypted at rest automatically." + } + ] + }, + { + "question": "An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires a different Amazon Machine Image (AMI) in each region. Which AWS CloudFormation template key can be used to specify the correct AMI for each region?", + "possible_answers": [ + { + "label": "`Parameters`.", + "is_correct": false, + "explaination": "Parameters accept input values, but the standard way to map different values per Region in a template is `Mappings`." + }, + { + "label": "`Outputs`.", + "is_correct": false, + "explaination": "Outputs expose values after stack creation and are not used to select Region-specific AMIs." + }, + { + "label": "`Mappings`.", + "is_correct": true, + "explaination": "CloudFormation `Mappings` are designed to store Region-specific values such as AMI IDs." + }, + { + "label": "`Resources`.", + "is_correct": false, + "explaination": "Resources define what will be created, but not the best mechanism for maintaining Region lookup tables." + } + ] + }, + { + "question": "A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table. Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?", + "possible_answers": [ + { + "label": "Scan operation using `eventually-consistent` reads.", + "is_correct": false, + "explaination": "A scan reads many more items than necessary and is typically more expensive than a query." + }, + { + "label": "Query operation using `strongly-consistent` reads.", + "is_correct": false, + "explaination": "Strongly consistent reads consume more read capacity than eventually consistent reads." + }, + { + "label": "Query operation using `eventually-consistent` reads.", + "is_correct": true, + "explaination": "A query is more efficient than a scan, and eventually consistent reads consume fewer RCUs than strongly consistent reads." + }, + { + "label": "Scan operation using `strongly-consistent` reads.", + "is_correct": false, + "explaination": "This is the most expensive combination among the options." + } + ] + }, + { + "question": "A Developer has published an update to an application that is served to a global user base using Amazon CloudFront. After deploying the application, users are not able to see the updated changes. How can the Developer resolve this issue?", + "possible_answers": [ + { + "label": "Remove the origin from the CloudFront configuration and add it again.", + "is_correct": false, + "explaination": "Re-adding the origin is unnecessary and does not directly address cached stale objects." + }, + { + "label": "Disable forwarding of query strings and request headers from the CloudFront distribution configuration.", + "is_correct": false, + "explaination": "This changes cache behavior but does not ensure already cached stale content is refreshed." + }, + { + "label": "Invalidate all the application objects from the edge caches.", + "is_correct": true, + "explaination": "A CloudFront invalidation removes cached objects from edge locations so users receive the updated content." + }, + { + "label": "Disable the CloudFront distribution and enable it again to update all the edge locations.", + "is_correct": false, + "explaination": "Disabling and re-enabling the distribution is disruptive and not the correct cache refresh mechanism." + } + ] + }, + { + "question": "A Developer must deploy a new AWS Lambda function using an AWS CloudFormation template. Which procedures will deploy a Lambda function? (Select TWO)", + "possible_answers": [ + { + "label": "Upload the code to an AWS CodeCommit repository, then add a reference to it in an `AWS::Lambda::Function` resource in the template.", + "is_correct": false, + "explaination": "Lambda function code in CloudFormation is not deployed from CodeCommit in this way." + }, + { + "label": "Create an `AWS::Lambda::Function` resource in the template, then write the code directly inside the CloudFormation template.", + "is_correct": true, + "explaination": "Inline code can be provided directly in a CloudFormation Lambda resource for supported runtimes and small functions." + }, + { + "label": "Upload a `.ZIP` file containing the function code to Amazon S3, then add a reference to it in an `AWS::Lambda::Function` resource in the template.", + "is_correct": true, + "explaination": "This is the standard CloudFormation deployment pattern for Lambda functions with packaged code." + }, + { + "label": "Upload a `.ZIP` file to AWS CloudFormation containing the function code, then add a reference to it in an `AWS::Lambda::Function` resource in the template.", + "is_correct": false, + "explaination": "CloudFormation does not serve as a ZIP artifact store for Lambda code in this manner." + }, + { + "label": "Upload the function code to a private Git repository, then add a reference to it in an `AWS::Lambda::Function` resource in the template.", + "is_correct": false, + "explaination": "CloudFormation Lambda resources do not directly reference arbitrary Git repositories for deployment code." + } + ] + }, + { + "question": "How should custom libraries be utilized in AWS Lambda?", + "possible_answers": [ + { + "label": "Host the library on Amazon S3 and reference to it from the Lambda function.", + "is_correct": false, + "explaination": "Lambda does not dynamically load arbitrary libraries from S3 at runtime in the usual packaging model." + }, + { + "label": "Install the library locally and upload a `ZIP` file of the Lambda function.", + "is_correct": true, + "explaination": "Custom libraries should be included in the deployment package so they are available when the function executes." + }, + { + "label": "Import the necessary Lambda blueprint when creating the function.", + "is_correct": false, + "explaination": "Blueprints are starter templates and do not solve adding custom libraries." + }, + { + "label": "Modify the function runtime to include the necessary library.", + "is_correct": false, + "explaination": "The runtime is managed by AWS and is not modified in this way for application dependencies." + } + ] + }, + { + "question": "A company needs to secure its existing website running behind an Elastic Load Balancer. The website's Amazon EC2 instances are CPU-constrained. What should be done to secure the website while not increasing the CPU load on the EC2 web servers? (Select TWO)", + "possible_answers": [ + { + "label": "Configure an Elastic Load Balancer with SSL pass-through.", + "is_correct": false, + "explaination": "SSL pass-through leaves encryption work to the backend instances, which does not reduce CPU load on them." + }, + { + "label": "Configure SSL certificates on an Elastic Load Balancer.", + "is_correct": true, + "explaination": "Installing the certificates on the load balancer enables TLS handling at the ELB layer." + }, + { + "label": "Configure an Elastic Load Balancer with a Loadable Storage System.", + "is_correct": false, + "explaination": "This is not an ELB feature relevant to HTTPS offloading." + }, + { + "label": "Install SSL certificates on the EC2 instances.", + "is_correct": false, + "explaination": "This would increase TLS processing on the EC2 instances, which the company wants to avoid." + }, + { + "label": "Configure an Elastic Load Balancer with SSL termination.", + "is_correct": true, + "explaination": "SSL termination at the load balancer offloads encryption/decryption from the CPU-constrained web servers." + } + ] + }, + { + "question": "A Developer is writing an imaging micro service on AWS Lambda. The service is dependent on several libraries that are not available in the Lambda runtime environment. Which strategy should the Developer follow to create the Lambda deployment package?", + "possible_answers": [ + { + "label": "Create a `ZIP` file with the source code and all dependent libraries.", + "is_correct": true, + "explaination": "The standard Lambda packaging approach is to bundle the function code together with all required dependencies." + }, + { + "label": "Create a `ZIP` file with the source code and a script that installs the dependent libraries at runtime.", + "is_correct": false, + "explaination": "Installing dependencies at runtime is inefficient and not the recommended Lambda deployment model." + }, + { + "label": "Create a `ZIP` file with the source code. Stage the dependent libraries on an Amazon S3 bucket indicated by the Lambda environment variable `LD_LIBRARY_PATH`.", + "is_correct": false, + "explaination": "Lambda does not normally load libraries directly from S3 during runtime execution." + }, + { + "label": "Create a `ZIP` file with the source code and a buildspec.yaml file that installs the dependent libraries on AWS Lambda.", + "is_correct": false, + "explaination": "buildspec.yaml is for CodeBuild, not for Lambda runtime dependency installation." + } + ] + }, + { + "question": "A Developer is designing a fault-tolerant environment where client sessions will be saved. How can the Developer ensure that no sessions are lost if an Amazon EC2 instance fails?", + "possible_answers": [ + { + "label": "Use sticky sessions with an Elastic Load Balancer target group.", + "is_correct": false, + "explaination": "Sticky sessions still rely on instance-local state and do not protect sessions if that instance fails." + }, + { + "label": "Use Amazon SQS to save session data.", + "is_correct": false, + "explaination": "SQS is a messaging service and not appropriate for storing active session state." + }, + { + "label": "Use Amazon DynamoDB to perform scalable session handling.", + "is_correct": true, + "explaination": "A durable external data store like DynamoDB can hold session state independently of any one EC2 instance." + }, + { + "label": "Use Elastic Load Balancer connection draining to stop sending requests to failing instances.", + "is_correct": false, + "explaination": "Connection draining helps during shutdown, but it does not preserve session state if the instance fails unexpectedly." + } + ] + }, + { + "question": "In a move toward using microservices, a company's Management team has asked all Development teams to build their services so that API requests depend only on that service's data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB. What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?", + "possible_answers": [ + { + "label": "Use Amazon Glue to perform frequent ETL updates from the Accounts database to the Payments database.", + "is_correct": false, + "explaination": "Glue is more suited for ETL workloads than near-real-time microservice synchronization." + }, + { + "label": "Use Amazon ElastiCache in Payments, with the cache updated by triggers in the Accounts database.", + "is_correct": false, + "explaination": "This adds tighter coupling and is not the simplest event-driven synchronization model." + }, + { + "label": "Use Amazon Kinesis Data Firehose to deliver all changes from the Accounts database to the Payments database.", + "is_correct": false, + "explaination": "Firehose is typically used for delivery to analytics/storage destinations rather than direct microservice database synchronization." + }, + { + "label": "Use Amazon DynamoDB Streams to deliver all changes from the Accounts database to the Payments database.", + "is_correct": true, + "explaination": "DynamoDB Streams provides a simple and decoupled near-real-time change feed for propagating updates between services." + } + ] + }, + { + "question": "A company needs a fully-managed source control service that will work in AWS. The service must ensure that revision control synchronizes multiple distributed repositories by exchanging sets of changes peer-to-peer. All users need to work productively even when not connected to a network. Which source control service should be used?", + "possible_answers": [ + { + "label": "Subversion.", + "is_correct": false, + "explaination": "Subversion is centralized and not the best fit for distributed peer-to-peer repository synchronization." + }, + { + "label": "AWS CodeBuild.", + "is_correct": false, + "explaination": "CodeBuild is a build service, not a source control service." + }, + { + "label": "AWS CodeCommit.", + "is_correct": true, + "explaination": "CodeCommit is a fully managed Git-based source control service, and Git supports distributed version control with offline productivity." + }, + { + "label": "AWS CodeStar.", + "is_correct": false, + "explaination": "CodeStar helps manage development projects, but CodeCommit is the actual source control service." + } + ] + }, + { + "question": "A Developer is writing a serverless application that requires that an AWS Lambda function be invoked every 10 minutes. What is an automated and serverless way to trigger the function?", + "possible_answers": [ + { + "label": "Deploy an Amazon EC2 instance based on Linux, and edit its `/etc/crontab` file by adding a command to periodically invoke the Lambda function.", + "is_correct": false, + "explaination": "This is not serverless and adds unnecessary operational overhead." + }, + { + "label": "Configure an environment variable named PERIOD for the Lambda function. Set the value to `600`.", + "is_correct": false, + "explaination": "Environment variables do not schedule Lambda invocations." + }, + { + "label": "Create an Amazon CloudWatch Events rule that triggers on a regular schedule to invoke the Lambda function.", + "is_correct": true, + "explaination": "A scheduled EventBridge/CloudWatch Events rule is the standard serverless way to invoke Lambda periodically." + }, + { + "label": "Create an Amazon SNS topic that has a subscription to the Lambda function with a 600-second timer.", + "is_correct": false, + "explaination": "SNS does not provide a native periodic timer for invoking Lambda in this way." + } + ] + }, + { + "question": "A company is building an application to track athlete performance using an Amazon DynamoDB table. Each item in the table is identified by a partition key (`user_id`) and a sort key (`sport_name`). The table design is shown below. (Note: Not all table attributes are shown) A Developer is asked to write a leaderboard application to display the top performers (`user_id`) based on the score for each `sport_name`. What process will allow the Developer to extract results MOST efficiently from the DynamoDB table?\n```\nPartition Key: user_id\nSort Key: sport_name\nAttributes: score\n score_datetime\n```", + "possible_answers": [ + { + "label": "Use a DynamoDB query operation with the key attributes of `user_id` and `sport_name` and order the results based on the score attribute.", + "is_correct": false, + "explaination": "The current primary key does not support efficient querying of all users by sport ordered by score." + }, + { + "label": "Create a global secondary index with a partition key of `sport_name` and a sort key of score, and get the results.", + "is_correct": true, + "explaination": "A GSI keyed by sport and sorted by score enables efficient leaderboard queries for top performers in each sport." + }, + { + "label": "Use a DynamoDB scan operation to retrieve scores and `user_id` based on `sport_name`, and order the results based on the score attribute.", + "is_correct": false, + "explaination": "A scan would be much less efficient than a properly designed index." + }, + { + "label": "Create a local secondary index with a primary key of `sport_name` and a sort key of score and get the results based on the score attribute.", + "is_correct": false, + "explaination": "An LSI must share the same partition key as the base table, so this design would not work as described." + } + ] + }, + { + "question": "A Developer is creating a mobile application that will not require users to log in. What is the MOST efficient method to grant users access to AWS resources?", + "possible_answers": [ + { + "label": "Use an identity provider to securely authenticate with the application.", + "is_correct": false, + "explaination": "The requirement explicitly says users will not need to log in." + }, + { + "label": "Create an AWS Lambda function to create an IAM user when a user accesses the application.", + "is_correct": false, + "explaination": "Creating IAM users for mobile app users is not scalable or appropriate." + }, + { + "label": "Create credentials using AWS KMS and apply these credentials to users when using the application.", + "is_correct": false, + "explaination": "KMS is not used to mint application access credentials for guest users." + }, + { + "label": "Use Amazon Cognito to associate unauthenticated users with an IAM role that has limited access to resources.", + "is_correct": true, + "explaination": "Cognito identity pools support unauthenticated identities and can grant least-privilege temporary AWS access without requiring login." + } + ] + }, + { + "question": "An application running on Amazon EC2 instances must access objects within an Amazon S3 bucket that are encrypted using server-side encryption using AWS KMS encryption keys (SSE-KMS). The application must have access to the customer master key (CMK) to decrypt the objects. Which combination of steps will grant the application access? (Select TWO)", + "possible_answers": [ + { + "label": "Write an S3 bucket policy that grants the bucket access to the key.", + "is_correct": false, + "explaination": "The application principal needs permission to use the KMS key, not the bucket itself." + }, + { + "label": "Grant access to the key in the IAM EC2 role attached to the application's EC2 instances.", + "is_correct": true, + "explaination": "The EC2 instance role must have permission to use the KMS key for decryption." + }, + { + "label": "Write a key policy that enables IAM policies to grant access to the key.", + "is_correct": true, + "explaination": "The KMS key policy must allow the account's IAM policies to grant principals permission to use the CMK." + }, + { + "label": "Grant access to the key in the S3 bucket's ACL.", + "is_correct": false, + "explaination": "S3 ACLs do not control KMS key usage." + }, + { + "label": "Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.", + "is_correct": false, + "explaination": "Systems Manager Parameter Store is not how KMS decryption permissions are granted." + } + ] + }, + { + "question": "What does an Amazon SQS delay queue accomplish?", + "possible_answers": [ + { + "label": "Messages are hidden for a configurable amount of time when they are first added to the queue.", + "is_correct": true, + "explaination": "A delay queue postpones the initial visibility of newly sent messages for the configured delay period." + }, + { + "label": "Messages are hidden for a configurable amount of time after they are consumed from the queue.", + "is_correct": false, + "explaination": "That describes visibility timeout, not delay queues." + }, + { + "label": "The consumer can poll the queue for a configurable amount of time before retrieving a message.", + "is_correct": false, + "explaination": "That describes long polling, not a delay queue." + }, + { + "label": "Message cannot be deleted for a configurable amount of time after they are consumed from the queue.", + "is_correct": false, + "explaination": "SQS does not provide such a deletion lock mechanism." + } + ] + }, + { + "question": "A company has multiple Developers located across the globe who are updating code incrementally for a development project. When Developers upload code concurrently, internet connectivity is slow and it is taking a long time to upload code for deployment in AWS Elastic Beanstalk. Which step will result in minimized upload and deployment time with the LEAST amount of administrative effort?", + "possible_answers": [ + { + "label": "Allow the Developers to upload the code to an Amazon S3 bucket, and deploy it directly to Elastic Beanstalk.", + "is_correct": false, + "explaination": "Using S3 alone does not solve the collaborative source-control and concurrent upload workflow as efficiently as a managed code repository." + }, + { + "label": "Allow the Developers to upload the code to a central FTP server to deploy the application to Elastic Beanstalk.", + "is_correct": false, + "explaination": "An FTP server adds administrative overhead and is not an AWS-native collaborative development workflow." + }, + { + "label": "Create an AWS CodeCommit repository, allow the Developers to commit code to it, and then directly deploy the code to Elastic Beanstalk.", + "is_correct": true, + "explaination": "CodeCommit is designed for distributed collaborative source control and integrates well with deployment workflows, reducing repeated full artifact uploads." + }, + { + "label": "Create a code repository on an Amazon EC2 instance so that all Developers can update the code, and deploy the application from the instance to Elastic Beanstalk.", + "is_correct": false, + "explaination": "Self-managing a repository on EC2 adds more operational effort than using a fully managed service." + } + ] + }, + { + "question": "A company recently migrated its web, application and NoSQL database tiers to AWS. The company is using Auto Scaling to scale the web and application tiers. More than 95 percent of the Amazon DynamoDB requests are repeated readrequests. How can the DynamoDB NoSQL tier be scaled up to cache these repeated requests?", + "possible_answers": [ + { + "label": "Amazon EMR.", + "is_correct": false, + "explaination": "EMR is for big data processing and is not used as a cache in front of DynamoDB." + }, + { + "label": "Amazon DynamoDB Accelerator.", + "is_correct": true, + "explaination": "DAX is an in-memory cache designed specifically to accelerate repeated DynamoDB reads." + }, + { + "label": "Amazon SQS.", + "is_correct": false, + "explaination": "SQS is a message queue and does not cache database read requests." + }, + { + "label": "Amazon CloudFront.", + "is_correct": false, + "explaination": "CloudFront caches web content, not DynamoDB query results directly." + } + ] + }, + { + "question": "A Development team is working on a case management solution that allows medical claims to be processed and reviewed. Users log in to provide information related to their medical and financial situations. As part of the application, sensitive documents such as medical records, medical imaging, bank statements, and receipts are uploaded to Amazon S3. All documents must be securely transmitted and stored. All access to the documents must be recorded for auditing. What is the MOST secure approach?", + "possible_answers": [ + { + "label": "Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.", + "is_correct": false, + "explaination": "This provides encryption at rest but does not address the strongest audit and client-side protection requirements." + }, + { + "label": "Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.", + "is_correct": false, + "explaination": "Cognito helps with user authentication, but it does not by itself provide document encryption and auditability of encryption key usage." + }, + { + "label": "Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.", + "is_correct": false, + "explaination": "This adds complexity and does not directly satisfy the strongest managed encryption and audit requirements." + }, + { + "label": "Use client-side encryption/decryption with Amazon S3 and AWS KMS.", + "is_correct": true, + "explaination": "Client-side encryption protects documents before upload, and KMS provides strong key management and auditing of key usage." + } + ] + }, + { + "question": "A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS). The app then uses the token to access AWS services. Review the following response: Based on the response displayed what permissions are associated with the call from the application?\n```\n", + "possible_answers": [ + { + "label": "Permissions associated with the role `AROACLKWSDQRAOEXAMPLE:app1`.", + "is_correct": false, + "explaination": "This looks like a session-related identifier, but the selected answer in the provided key focuses on the permissions tied to the returned access key identity." + }, + { + "label": "Permissions associated with the default role used when the AWS service was built.", + "is_correct": false, + "explaination": "Temporary STS credentials do not inherit a generic service default role in this manner." + }, + { + "label": "Permission associated with the IAM principal that owns the `AccessKeyID` `ASgeIAIOSFODNN7EXAMPLE`.", + "is_correct": true, + "explaination": "The effective permissions of the request are those associated with the temporary credentials represented by the returned AccessKeyId." + }, + { + "label": "Permissions associated with the account that owns the AWS service.", + "is_correct": false, + "explaination": "Permissions are not determined simply by the service-owning account; they are based on the principal represented by the credentials." + } + ] + }, + { + "question": "A Developer is using AWS CLI, but when running list commands on a large number of resources, it is timing out. What can be done to avoid this time-out?", + "possible_answers": [ + { + "label": "Use pagination.", + "is_correct": true, + "explaination": "Pagination breaks large result sets into smaller chunks, reducing timeouts and improving handling of long listings." + }, + { + "label": "Use shorthand syntax.", + "is_correct": false, + "explaination": "Shorthand syntax affects command formatting, not result size or timeout behavior." + }, + { + "label": "Use parameter values.", + "is_correct": false, + "explaination": "This is too generic and does not directly solve list command timeout issues." + }, + { + "label": "Use quoting strings.", + "is_correct": false, + "explaination": "Quoting affects shell parsing, not pagination or timeout control." + } + ] + }, + { + "question": "Where can PortMapping be defined when launching containers in Amazon ECS?", + "possible_answers": [ + { + "label": "Security groups.", + "is_correct": false, + "explaination": "Security groups control network access but do not define container port mappings." + }, + { + "label": "Amazon Elastic Container Registry (Amzon ECR).", + "is_correct": false, + "explaination": "ECR stores container images and does not define runtime port mappings." + }, + { + "label": "Container agent.", + "is_correct": false, + "explaination": "The ECS agent runs on the host, but port mappings are defined in the task configuration." + }, + { + "label": "Task definition.", + "is_correct": true, + "explaination": "Port mappings are configured in the ECS task definition as part of the container definition." + } + ] + }, + { + "question": "An organization is storing large files in Amazon S3, and is writing a web application to display meta-data about the files to end-users. Based on the metadata a user selects an object to download. The organization needs a mechanism to index the files and provide single-digit millisecond latency retrieval for the metadata. What AWS service should be used to accomplish this?", + "possible_answers": [ + { + "label": "Amazon DynamoDB.", + "is_correct": true, + "explaination": "DynamoDB is ideal for storing indexed metadata with single-digit millisecond lookup latency." + }, + { + "label": "Amazon EC2.", + "is_correct": false, + "explaination": "EC2 is compute infrastructure, not a managed metadata index with low-latency retrieval." + }, + { + "label": "AWS Lambda.", + "is_correct": false, + "explaination": "Lambda can process requests but is not the data store for indexed metadata." + }, + { + "label": "Amazon RDS.", + "is_correct": false, + "explaination": "RDS could store metadata, but DynamoDB is the better fit for simple, highly scalable, single-digit millisecond key-value style access." + } + ] + }, + { + "question": "While developing an application that runs on Amazon EC2 in an Amazon VPC, a Developer identifies the need for centralized storage of application-level logs. Which AWS service can be used to securely store these logs?", + "possible_answers": [ + { + "label": "Amazon EC2 VPC Flow Logs.", + "is_correct": false, + "explaination": "VPC Flow Logs capture network traffic metadata, not application-level logs." + }, + { + "label": "Amazon CloudWatch Logs.", + "is_correct": true, + "explaination": "CloudWatch Logs is the standard secure centralized logging service for application logs from EC2 instances." + }, + { + "label": "Amazon CloudSearch.", + "is_correct": false, + "explaination": "CloudSearch is a search service, not the primary centralized log storage solution." + }, + { + "label": "AWS CloudTrail", + "is_correct": false, + "explaination": "CloudTrail records AWS API actions, not arbitrary application logs." + } + ] + }, + { + "question": "A stock market monitoring application uses Amazon Kinesis for data ingestion. During simulated tests of peak data rates, the Kinesis stream cannot keep up with the incoming data. What step will allow Kinesis to accommodate the traffic during peak hours?", + "possible_answers": [ + { + "label": "Install the Kinesis Producer Library (KPL) for ingesting data into the stream.", + "is_correct": false, + "explaination": "KPL can improve producer efficiency, but it does not by itself increase stream capacity." + }, + { + "label": "Reduce the data retention period to allow for more data ingestion using `DecreaseStreamRetentionPeriod`.", + "is_correct": false, + "explaination": "Retention period changes stored history, not ingest throughput capacity." + }, + { + "label": "Increase the shard count of the stream using `UpdateShardCount`.", + "is_correct": true, + "explaination": "Adding shards increases the write and read throughput capacity of the Kinesis stream." + }, + { + "label": "Ingest multiple records into the stream in a single call using `PutRecords`.", + "is_correct": false, + "explaination": "Batching with PutRecords can reduce call overhead, but it does not increase the stream's underlying throughput limit." + } + ] + }, + { + "question": "A company has an AWS CloudFormation template that is stored as a single file. The template is able to launch and create a full infrastructure stack. Which best practice would increase the maintainability of the template?", + "possible_answers": [ + { + "label": "Use nested stacks for common template patterns.", + "is_correct": true, + "explaination": "Nested stacks improve maintainability by breaking large templates into reusable, manageable components." + }, + { + "label": "Embed credentials to prevent typos.", + "is_correct": false, + "explaination": "Embedding credentials in templates is insecure and not a best practice." + }, + { + "label": "Remove mappings to decrease the number of variables.", + "is_correct": false, + "explaination": "Mappings are often useful for organization and portability; removing them does not inherently improve maintainability." + }, + { + "label": "Use `AWS::Include` to reference publicly-hosted template files.", + "is_correct": false, + "explaination": "Publicly hosted template fragments can add risk and are not the main best practice answer here." + } + ] + }, + { + "question": "An on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, `LimitExceeded` errors are being logged. What should be changed to fix this error?", + "possible_answers": [ + { + "label": "Implement exponential backoffs in the application.", + "is_correct": true, + "explaination": "When transient rate or service limits are encountered, exponential backoff is the standard client-side mitigation." + }, + { + "label": "Load balance the application to multiple servers.", + "is_correct": false, + "explaination": "More servers do not directly address API limit handling behavior." + }, + { + "label": "Move the application to Amazon EC2.", + "is_correct": false, + "explaination": "Hosting location does not directly solve request limit errors." + }, + { + "label": "Add a one second delay to each API call.", + "is_correct": false, + "explaination": "A fixed delay is less effective than exponential backoff and adaptive retry logic." + } + ] + }, + { + "question": "A company caches session information for a web application in an Amazon DynamoDB table. The company wants an automated way to delete old items from the table. What is the simplest way to do this?", + "possible_answers": [ + { + "label": "Write a script that deletes old records; schedule the scripts as a cron job on an Amazon EC2 instance.", + "is_correct": false, + "explaination": "This adds operational overhead and is unnecessary for DynamoDB expiration use cases." + }, + { + "label": "Add an attribute with the expiration time; enable the `Time To Live` feature based on that attribute.", + "is_correct": true, + "explaination": "DynamoDB TTL is the simplest built-in way to automatically expire and delete old items." + }, + { + "label": "Each day, create a new table to hold session data; delete the previous day's table.", + "is_correct": false, + "explaination": "This is far more disruptive and complex than using TTL." + }, + { + "label": "Add an attribute with the expiration time; name the attribute `ItemExpiration`.", + "is_correct": false, + "explaination": "The attribute name itself is not enough; TTL must be explicitly enabled on the table using that attribute." + } + ] + }, + { + "question": "An application is expected to process many files. Each file takes four minutes to process each AWS Lambda invocation. The Lambda function does not return any important data. What is the fastest way to process all the files?", + "possible_answers": [ + { + "label": "First split the files to make them smaller, then process with synchronous RequestResponse Lambda invocations.", + "is_correct": false, + "explaination": "This adds unnecessary preprocessing and synchronous waiting." + }, + { + "label": "Make synchronous RequestResponse Lambda invocations and process the files one by one.", + "is_correct": false, + "explaination": "Sequential synchronous invocation is slower than parallel asynchronous processing." + }, + { + "label": "Make asynchronous Event Lambda invocations and process the files in parallel.", + "is_correct": true, + "explaination": "Asynchronous Lambda invocations allow the files to be processed concurrently, which is the fastest approach here." + }, + { + "label": "First join all the files, then process it all at once with an asynchronous Event Lambda invocation.", + "is_correct": false, + "explaination": "Combining files into one larger job reduces parallelism and can increase runtime risk." + } + ] + }, + { + "question": "The upload of a 15 GB object to Amazon S3 fails. The error message reads: `Your proposed upload exceeds the maximum allowed object size.`. What technique will allow the Developer to upload this object?", + "possible_answers": [ + { + "label": "Upload the object using the multi-part upload API.", + "is_correct": true, + "explaination": "Multipart upload is the required approach for uploading objects larger than 5 GB to Amazon S3." + }, + { + "label": "Upload the object over an AWS Direct Connect connection.", + "is_correct": false, + "explaination": "Direct Connect affects network connectivity, not S3 single-request object size limits." + }, + { + "label": "Contact AWS Support to increase the object size limit.", + "is_correct": false, + "explaination": "The correct supported method is multipart upload, not a quota increase request." + }, + { + "label": "Upload the object to another AWS region.", + "is_correct": false, + "explaination": "The region does not change the need to use multipart upload for large objects." + } + ] + }, + { + "question": "AWS CodeBuild builds code for an application, creates the Docker image, pushes the image to Amazon Elastic Container Registry (Amazon ECR), and tags the image with a unique identifier. If the Developers already have AWS CLI configured on their workstations, how can the Docker images be pulled to the workstations?", + "possible_answers": [ + { + "label": "Run the following: `docker pull REPOSITORY URI : TAG`.", + "is_correct": false, + "explaination": "Docker must first authenticate to ECR before it can pull private images." + }, + { + "label": "Run the output of the following: `aws ecr get-login` and then run: `docker pull REPOSITORY URI : TAG`.", + "is_correct": true, + "explaination": "The ECR login command provides Docker authentication, after which the image can be pulled successfully." + }, + { + "label": "Run the following: `aws ecr get-login` and then run: `docker pull REPOSITORY URI : TAG`.", + "is_correct": false, + "explaination": "The selected answer key specifically uses running the output of the get-login command, which executes the Docker login command it returns." + }, + { + "label": "Run the output of the following: `aws ecr get-download-url-for-layer` and then run: `docker pull REPOSITORY URI : TAG`.", + "is_correct": false, + "explaination": "Layer download URLs are not the normal Docker client authentication and pull workflow." + } + ] + }, + { + "question": "A web application is designed to allow new users to create accounts using their email addresses. The application will store attributes for each user, and is expecting millions of user to sign up. What should the Developer implement to achieve the design goals?", + "possible_answers": [ + { + "label": "Amazon Cognito user pools.", + "is_correct": true, + "explaination": "Cognito user pools are built for large-scale user registration, authentication, and user attribute storage." + }, + { + "label": "AWS Mobile Hub user data storage.", + "is_correct": false, + "explaination": "Mobile Hub is not the primary managed user account service for this requirement." + }, + { + "label": "Amazon Cognito Sync.", + "is_correct": false, + "explaination": "Cognito Sync is for synchronizing user data across devices, not for user registration and account creation." + }, + { + "label": "AWS Mobile Hub cloud logic.", + "is_correct": false, + "explaination": "Cloud logic is not the managed large-scale user account directory feature being asked for." + } + ] + }, + { + "question": "A company needs a new REST API that can return information about the contents of an Amazon S3 bucket, such as a count of the objects stored in it. The company has decided that the new API should be written as a microservice using AWS Lambda and Amazon API Gateway. How should the Developer ensure that the microservice has the necessary access to the Amazon S3 bucket, while adhering to security best practices?", + "possible_answers": [ + { + "label": "Create an IAM user that has permissions to access the Amazon S3 bucket, and store the IAM user credentials in the Lambda function source code.", + "is_correct": false, + "explaination": "Embedding IAM user credentials in function code is not a security best practice." + }, + { + "label": "Create an IAM role that has permissions to access the Amazon S3 bucket and assign it to the Lambda function as its execution role.", + "is_correct": true, + "explaination": "The Lambda execution role is the recommended least-privilege mechanism for granting the function access to S3." + }, + { + "label": "Create an Amazon S3 bucket policy that specifies the Lambda service as its principal and assign it to the Amazon S3 bucket.", + "is_correct": false, + "explaination": "The correct pattern is to grant the Lambda function's execution role access, not the generic Lambda service principal." + }, + { + "label": "Create an IAM role, attach the AmazonS3FullAccess managed policy to it, and assign the role to the Lambda function as its execution role.", + "is_correct": false, + "explaination": "This would be broader than necessary and would not follow least-privilege best practices." + } + ] + }, + { + "question": "An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application. How can these requirements be met? (Choose TWO)", + "possible_answers": [ + { + "label": "Use AWS KMS to encrypt traffic between CloudFront and the web application.", + "is_correct": false, + "explaination": "KMS manages encryption keys for data at rest and some application use cases, not TLS transport encryption between endpoints." + }, + { + "label": "Set the Origin Protocol Policy to `HTTPS Only`.", + "is_correct": true, + "explaination": "This forces CloudFront to use HTTPS when connecting to the origin web application." + }, + { + "label": "Set the Origin's HTTP Port to `443`.", + "is_correct": false, + "explaination": "Port 443 alone does not guarantee HTTPS-only transport behavior." + }, + { + "label": "Set the Viewer Protocol Policy to `HTTPS Only` or `Redirect HTTP to HTTPS`.", + "is_correct": true, + "explaination": "This ensures users access CloudFront over HTTPS rather than unencrypted HTTP." + }, + { + "label": "Enable the CloudFront option `Restrict Viewer Access`.", + "is_correct": false, + "explaination": "Restrict Viewer Access is for signed URLs/cookies, not transport encryption." + } + ] + }, + { + "question": "An application is using Amazon DynamoDB as its data store, and should be able to read 100 items per second as strongly consistent reads. Each item is 5 KB in size. To what value should the table's provisioned read throughput be set?", + "possible_answers": [ + { + "label": "50 read capacity units.", + "is_correct": false, + "explaination": "This is too low for 100 strongly consistent reads per second of 5 KB items." + }, + { + "label": "100 read capacity units.", + "is_correct": false, + "explaination": "Each 5 KB strongly consistent read consumes 2 RCUs, so 100 RCUs is insufficient." + }, + { + "label": "200 read capacity units.", + "is_correct": true, + "explaination": "A strongly consistent read of up to 4 KB costs 1 RCU, so a 5 KB item costs 2 RCUs. At 100 reads per second, 200 RCUs are required." + }, + { + "label": "500 read capacity units.", + "is_correct": false, + "explaination": "This overprovisions beyond the required capacity." + } + ] + }, + { + "question": "An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the Developer wants to examine the logs of the Lambda function code for errors. Based on this system configuration, where would the Developer find the logs?", + "possible_answers": [ + { + "label": "Amazon S3.", + "is_correct": false, + "explaination": "S3 stores the uploaded files, but Lambda execution logs are not written there by default." + }, + { + "label": "AWS CloudTrail.", + "is_correct": false, + "explaination": "CloudTrail records AWS API activity, not Lambda application logs." + }, + { + "label": "Amazon CloudWatch.", + "is_correct": true, + "explaination": "Lambda automatically sends function execution logs to Amazon CloudWatch Logs." + }, + { + "label": "Amazon DynamoDB", + "is_correct": false, + "explaination": "DynamoDB stores metadata in this application, not Lambda execution logs." + } + ] + }, + { + "question": "A Developer is creating a Lambda function that will generate and export a file. The function requires 100 MB of temporary storage for temporary files while executing. These files will not be needed after the function is complete. How can the Developer MOST efficiently handle the temporary files?", + "possible_answers": [ + { + "label": "Store the files in EBS and delete the files at the end of the Lambda function.", + "is_correct": false, + "explaination": "Lambda does not natively use EBS volumes for temporary local storage." + }, + { + "label": "Copy the files to EFS and delete the files at the end of the Lambda function.", + "is_correct": false, + "explaination": "EFS is persistent shared storage and is unnecessary for short-lived temporary files." + }, + { + "label": "Store the files in the `/tmp` directory and delete the files at the end of the Lambda function.", + "is_correct": true, + "explaination": "Lambda provides ephemeral local storage in `/tmp`, which is the most efficient place for temporary files needed only during execution." + }, + { + "label": "Copy the files to an S3 bucket with a lifecycle policy to delete the files.", + "is_correct": false, + "explaination": "S3 adds network overhead and is less efficient for temporary scratch storage used only within the invocation." + } + ] + }, + { + "question": "A Developer has developed a web application and wants to deploy it quickly on a Tomcat server on AWS. The Developer wants to avoid having to manage the underlying infrastructure. What is the easiest way to deploy the application, based on these requirements?", + "possible_answers": [ + { + "label": "AWS CloudFormation.", + "is_correct": false, + "explaination": "CloudFormation helps define infrastructure, but it does not abstract away server platform management as simply as the best choice here." + }, + { + "label": "AWS Elastic Beanstalk.", + "is_correct": true, + "explaination": "Elastic Beanstalk provides a managed platform for deploying applications on Tomcat without requiring the Developer to manage the infrastructure directly." + }, + { + "label": "Amazon S3.", + "is_correct": false, + "explaination": "S3 is object storage and static hosting, not a Tomcat application platform." + }, + { + "label": "AWS CodePipeline", + "is_correct": false, + "explaination": "CodePipeline orchestrates CI/CD workflows, but it is not itself the hosting platform for a Tomcat web application." + } + ] + }, + { + "question": "An application runs on multiple EC2 instances behind an ELB. Where is the session data best written so that it can be served reliably across multiple requests?", + "possible_answers": [ + { + "label": "Write data to Amazon ElastiCache.", + "is_correct": true, + "explaination": "A shared in-memory store like ElastiCache is a common and reliable place to keep session state for applications behind a load balancer." + }, + { + "label": "Write data to Amazon Elastic Block Store.", + "is_correct": false, + "explaination": "EBS is tied to individual instances and is not the best shared session state solution across multiple EC2 instances." + }, + { + "label": "Write data to Amazon EC2 Instance Store.", + "is_correct": false, + "explaination": "Instance store is local and ephemeral to a specific instance, so it is not suitable for shared session reliability." + }, + { + "label": "Write data to the `root` filesystem.", + "is_correct": false, + "explaination": "Local filesystem storage on one instance does not provide reliable shared session access behind an ELB." + } + ] + }, + { + "question": "A company is migrating from a monolithic architecture to a microservices-based architecture. The Developers need to refactor the application so that the many microservices can asynchronously communicate with each other without impacting performance. Use of which managed AWS services will enable asynchronous message passing? (Choose TWO)", + "possible_answers": [ + { + "label": "Amazon SQS.", + "is_correct": true, + "explaination": "SQS enables asynchronous decoupled messaging between services." + }, + { + "label": "Amazon Cognito.", + "is_correct": false, + "explaination": "Cognito is an identity service, not a message-passing service." + }, + { + "label": "Amazon Kinesis.", + "is_correct": false, + "explaination": "Kinesis is a streaming service and can be used in some architectures, but the selected answers here focus on classic asynchronous message passing." + }, + { + "label": "Amazon SNS.", + "is_correct": true, + "explaination": "SNS supports asynchronous pub/sub fanout messaging between services." + }, + { + "label": "Amazon ElastiCache.", + "is_correct": false, + "explaination": "ElastiCache is a caching service, not an asynchronous messaging mechanism." + } + ] + }, + { + "question": "According to best practice, how should access keys be managed in AWS? (Choose TWO)", + "possible_answers": [ + { + "label": "Use the same access key in all applications for consistency.", + "is_correct": false, + "explaination": "Reusing the same access key broadly increases security risk and reduces accountability." + }, + { + "label": "Delete all access keys for the account `root` user.", + "is_correct": true, + "explaination": "Best practice is to avoid using root access keys entirely and delete them if they exist." + }, + { + "label": "Leave unused access keys in the account for tracking purposes.", + "is_correct": false, + "explaination": "Unused access keys should be removed to reduce attack surface." + }, + { + "label": "Embed and encrypt access keys in code for continuous deployment.", + "is_correct": false, + "explaination": "Embedding keys in code is not a best practice even if encrypted." + }, + { + "label": "Use Amazon IAM roles instead of access keys where possible.", + "is_correct": true, + "explaination": "IAM roles provide temporary credentials and are preferred over long-lived access keys." + } + ] + }, + { + "question": "An application running on an Amazon Linux EC2 instance needs to manage the AWS infrastructure. How can the EC2 instance be configured to make AWS API calls securely?", + "possible_answers": [ + { + "label": "Sign the AWS CLI command using the signature version 4 process.", + "is_correct": false, + "explaination": "AWS SDKs and CLI already sign requests, but the secure credential source on EC2 should be an IAM role." + }, + { + "label": "Run the `aws configure` AWS CLI command and specify the access key id and secret access key.", + "is_correct": false, + "explaination": "Using static credentials on the instance is less secure than using an instance role." + }, + { + "label": "Specify a role for the EC2 instance with the necessary privileges.", + "is_correct": true, + "explaination": "An EC2 instance profile role provides temporary credentials securely for AWS API access." + }, + { + "label": "Pass the access key id and secret access key as parameters for each AWS CLI command.", + "is_correct": false, + "explaination": "Passing static credentials directly is not secure best practice." + } + ] + }, + { + "question": "An application needs to use the IP address of the client in its processing. The application has been moved into AWS and has been placed behind an Application Load Balancer (ALB). However, all the client IP addresses now appear to be the same. The application must maintain the ability to scale horizontally. Based on this scenario, what is the MOST cost-effective solution to this problem?", + "possible_answers": [ + { + "label": "Remove the application from the ALB. Delete the ALB and change Amazon Route 53 to direct traffic to the instance running the application.", + "is_correct": false, + "explaination": "This removes horizontal scalability and high availability benefits." + }, + { + "label": "Remove the application from the ALB. Create a Classic Load Balancer in its place. Direct traffic to the application using the HTTP protocol.", + "is_correct": false, + "explaination": "This does not solve the problem better than using ALB headers and does not improve cost-effectiveness." + }, + { + "label": "Alter the application code to inspect the `X-Forwarded-For` header. Ensure that the code can work properly if a list of IP addresses is passed in the header.", + "is_correct": true, + "explaination": "ALB preserves client IPs in the `X-Forwarded-For` header, so updating the application to use that header is the simplest and most cost-effective solution." + }, + { + "label": "Alter the application code to inspect a custom header. Alter the client code to pass the IP address in the custom header.", + "is_correct": false, + "explaination": "This is insecure and unnecessary because ALB already provides the client IP in standard headers." + } + ] + }, + { + "question": "A development team is using AWS Elastic Beanstalk to deploy a two-tier application that consists of a load-balanced web tier and an Amazon RDS database tier in production. The team would like to separate the RDS instance from the Elastic Beanstalk. How can this be accomplished?", + "possible_answers": [ + { + "label": "Use the Elastic Beanstalk CLI to disassociate the database.", + "is_correct": false, + "explaination": "There is no simple in-place disassociate operation for an Elastic Beanstalk-created RDS database in this context." + }, + { + "label": "Use the AWS CLI to disassociate the database.", + "is_correct": false, + "explaination": "The selected answer set indicates recreating the environment instead of a direct CLI disassociation." + }, + { + "label": "Change the deployment policy to disassociate the database.", + "is_correct": false, + "explaination": "Deployment policy controls rollout behavior, not the structural association of the RDS resource." + }, + { + "label": "Recreate a new Elastic Beanstalk environment without Amazon RDS.", + "is_correct": true, + "explaination": "To separate the database from Elastic Beanstalk, the standard approach is to create a new environment that references an external database instead of an attached Beanstalk-managed RDS instance." + } + ] + }, + { + "question": "A company is using AWS CodePipeline to deliver one of its applications. The delivery pipeline is triggered by changes to the master branch of an AWS CodeCommit repository and uses AWS CodeBuild to implement the test and build stages of the process and AWS CodeDeploy to deploy the application. The pipeline has been operating successfully for several months and there have been no modifications. Following a recent change to the application's source code, AWS CodeDeploy has not deployed the updates application as expected. What are the possible causes? (Choose two.)", + "possible_answers": [ + { + "label": "The change was not made in the master branch of the AWS CodeCommit repository.", + "is_correct": true, + "explaination": "If the pipeline is configured to trigger from the master branch only, changes in another branch will not flow through to deployment." + }, + { + "label": "One of the earlier stages in the pipeline failed and the pipeline has terminated.", + "is_correct": true, + "explaination": "If a source, test, or build stage fails, the pipeline stops before CodeDeploy is reached." + }, + { + "label": "One of the Amazon EC2 instances in the company's AWS CodePipeline cluster is inactive.", + "is_correct": false, + "explaination": "CodePipeline does not use a cluster of EC2 instances in that manner." + }, + { + "label": "The AWS CodePipeline is incorrectly configured and is not executing AWS CodeDeploy.", + "is_correct": false, + "explaination": "The scenario states the pipeline has been working successfully for months with no modifications." + }, + { + "label": "AWS CodePipeline does not have permissions to access AWS CodeCommit.", + "is_correct": false, + "explaination": "If this were the issue, the pipeline likely would not have been operating successfully before the recent code change." + } + ] + }, + { + "question": "A social media company is using Amazon Cognito in order to synchronize profiles across different mobile devices, to enable end users to have a seamless experience. Which of the following configurations can be used to silently notify users whenever an update is available on all other devices?", + "possible_answers": [ + { + "label": "Modify the user pool to include all the devices which keep them in sync.", + "is_correct": false, + "explaination": "User pools manage users, not cross-device data synchronization notifications in this manner." + }, + { + "label": "Use the SyncCallback interface to receive notifications on the application.", + "is_correct": false, + "explaination": "Callbacks alone are not the Cognito feature referenced for silent device update notifications." + }, + { + "label": "Use an Amazon Cognito stream to analyze the data and push the notifications.", + "is_correct": false, + "explaination": "Streams are not the selected built-in configuration for silent synchronization notifications." + }, + { + "label": "Use the push synchronization feature with the appropriate IAM role.", + "is_correct": true, + "explaination": "Cognito Sync supports push synchronization, which can silently notify devices when synchronized data changes." + } + ] + }, + { + "question": "An on-premises application is implemented using a Linux, Apache, MySQL and PHP (LAMP) stack. The Developer wants to run this application in AWS. Which of the following sets of AWS services can be used to run this stack?", + "possible_answers": [ + { + "label": "Amazon API Gateway, Amazon S3.", + "is_correct": false, + "explaination": "These services do not provide the full compute and relational database stack required for a LAMP application." + }, + { + "label": "AWS Lambda, Amazon DynamoDB.", + "is_correct": false, + "explaination": "This is a serverless architecture and does not map directly to a LAMP stack using MySQL." + }, + { + "label": "Amazon EC2, Amazon Aurora.", + "is_correct": true, + "explaination": "EC2 can host Linux, Apache, and PHP, while Aurora can provide the MySQL-compatible database tier." + }, + { + "label": "Amazon Cognito, Amazon RDS.", + "is_correct": false, + "explaination": "This omits the compute platform needed to run Linux, Apache, and PHP." + }, + { + "label": "Amazon ECS, Amazon EBS.", + "is_correct": false, + "explaination": "This does not directly provide the MySQL database component and is not the simplest mapping to a LAMP stack." + } + ] + }, + { + "question": "An application displays a status dashboard. The status is updated by 1 KB messages from an SQS queue. Although the status changes infrequently, the Developer must minimize the time between the message arrival in the queue and the dashboard update. What technique provides the shortest delay in updating the dashboard?", + "possible_answers": [ + { + "label": "Retrieve the messages from the queue using long polling every 20 seconds.", + "is_correct": true, + "explaination": "Long polling reduces empty responses and can return as soon as a message arrives, minimizing delay while the queue is otherwise infrequently updated." + }, + { + "label": "Reduce the size of the messages by compressing them before sending.", + "is_correct": false, + "explaination": "The messages are already small, and message size is not the main latency factor here." + }, + { + "label": "Retrieve the messages from the queue using short polling every 10 seconds.", + "is_correct": false, + "explaination": "Short polling can introduce more empty polls and is generally less efficient for infrequent updates." + }, + { + "label": "Reduce the size of each message payload by sending it in two parts.", + "is_correct": false, + "explaination": "Splitting messages would add complexity and does not reduce dashboard update delay." + } + ] + }, + { + "question": "An on-premises legacy application is caching data files locally and writing shared images to local disks. What is necessary to allow for horizontal scaling when migrating the application to AWS?", + "possible_answers": [ + { + "label": "Modify the application to have both shared images and caching data written to Amazon EBS.", + "is_correct": false, + "explaination": "EBS is attached to individual instances and is not the best shared scale-out store for both concerns." + }, + { + "label": "Modify the application to read and write cache data on Amazon S3, and also store shared images on S3.", + "is_correct": true, + "explaination": "Using S3 for shared assets and shared cached data removes dependence on instance-local disks and supports horizontal scaling." + }, + { + "label": "Modify the application to use Amazon S3 for serving shared images; cache data can then be written to local disks.", + "is_correct": false, + "explaination": "Local cache files would still create instance-specific state and limit horizontal scaling." + }, + { + "label": "Modify the application to read and write cache data on Amazon S3, while continuing to write shared images to local disks.", + "is_correct": false, + "explaination": "Shared images on local disks would remain unavailable across scaled-out instances." + } + ] + }, + { + "question": "A Developer must trigger an AWS Lambda function based on the item lifecycle activity in an Amazon DynamoDB table. How can the Developer create the solution?", + "possible_answers": [ + { + "label": "Enable a DynamoDB stream that publishes an Amazon SNS message. Trigger the Lambda function synchronously from the SNS message.", + "is_correct": false, + "explaination": "SNS is not required for the standard direct DynamoDB Streams to Lambda integration." + }, + { + "label": "Enable a DynamoDB stream that publishes an SNS message. Trigger the Lambda function asynchronously from the SNS message.", + "is_correct": false, + "explaination": "This adds an unnecessary intermediary when Lambda can consume the stream directly." + }, + { + "label": "Enable a DynamoDB stream, and trigger the Lambda function synchronously from the stream.", + "is_correct": false, + "explaination": "Lambda event source mappings for DynamoDB Streams are not described as synchronous invocation in this context." + }, + { + "label": "Enable a DynamoDB stream, and trigger the Lambda function asynchronously from the stream.", + "is_correct": true, + "explaination": "DynamoDB Streams can be configured as a Lambda event source so item lifecycle changes trigger asynchronous processing." + } + ] + }, + { + "question": "After installing the AWS CLI, a Developer tries to run the command `aws configure` but receives the following error: `Error: aws: command not found`. What is the most likely cause of this error?", + "possible_answers": [ + { + "label": "The `aws` executable is not in the `PATH` environment variable.", + "is_correct": true, + "explaination": "The command shell cannot find `aws`, which most commonly means the CLI binary location is not in the PATH." + }, + { + "label": "Access to the `aws` executable has been denied to the installer.", + "is_correct": false, + "explaination": "This would generally result in a different type of permission error." + }, + { + "label": "Incorrect AWS credentials were provided.", + "is_correct": false, + "explaination": "Credentials are not involved before the shell can even locate the `aws` command." + }, + { + "label": "The `aws` script does not have an executable file mode.", + "is_correct": false, + "explaination": "That could cause an execution error, but `command not found` most directly indicates PATH resolution failure." + } + ] + }, + { + "question": "The Developer for a retail company must integrate a fraud detection solution into the order processing solution. The fraud detection solution takes between ten and thirty minutes to verify an order. At peak, the web site can receive one hundred orders per minute. What is the most scalable method to add the fraud detection solution to the order processing pipeline?", + "possible_answers": [ + { + "label": "Add all new orders to an Amazon SQS queue. Configure a fleet of 10 EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status.", + "is_correct": false, + "explaination": "This is scalable to a point, but a fixed-size fleet is less adaptable than the best choice." + }, + { + "label": "Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depth metric as its unit of scale to launch a dynamically-sized fleet of EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status.", + "is_correct": true, + "explaination": "SQS decouples intake from processing, and queue-depth-based Auto Scaling provides a highly scalable worker fleet for variable long-running fraud checks." + }, + { + "label": "Add all new orders to an Amazon Kinesis Stream. Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.", + "is_correct": false, + "explaination": "The fraud check takes too long for Lambda and Kinesis is not the best fit for this long-running worker pattern." + }, + { + "label": "Write all new orders to Amazon DynamoDB. Configure DynamoDB Streams to include all new orders. Subscribe a Lambda function to automatically read batches of records from the Kinesis Stream. The Lambda function includes the fraud detection software and will update the order with a pass or fail status.", + "is_correct": false, + "explaination": "This adds unnecessary complexity and again relies on Lambda for a workload that exceeds its ideal execution characteristics." + } + ] + }, + { + "question": "When a Developer tries to run an AWS CodeBuild project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters. What is the recommended solution?", + "possible_answers": [ + { + "label": "Add the export `LC_ALL=\"en_US.utf8\"` command to the `pre_build` section to ensure `POSIX` localization.", + "is_correct": false, + "explaination": "Locale settings do not solve CodeBuild environment variable length limits." + }, + { + "label": "Use Amazon Cognito to store key-value pairs for large numbers of environment variables.", + "is_correct": false, + "explaination": "Cognito is not a configuration or parameter storage service for build environments." + }, + { + "label": "Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables.", + "is_correct": false, + "explaination": "S3 is not the recommended built-in service for managing CodeBuild environment variables in this way." + }, + { + "label": "Use AWS Systems Manager Parameter Store to store large numbers of environment variables.", + "is_correct": true, + "explaination": "Parameter Store is the recommended service for externalizing and securely managing many configuration values used by CodeBuild." + } + ] + }, + { + "question": "A set of APIs are exposed to customers using the Amazon API Gateway. These APIs have caching enabled on the API Gateway. Customers have asked for an option to invalidate this cache for each of the APIs. What action can be taken to allow API customers to invalidate the API Cache?", + "possible_answers": [ + { + "label": "Ask customers to use AWS credentials to call the `InvalidateCache` API.", + "is_correct": false, + "explaination": "There is no customer-facing API Gateway cache invalidation pattern like this for ordinary API clients." + }, + { + "label": "Ask customers to invoke an AWS API endpoint which invalidates the cache.", + "is_correct": false, + "explaination": "This adds unnecessary custom logic when API Gateway already supports client cache-bypass behavior." + }, + { + "label": "Ask customers to pass an HTTP header called `Cache-Control:max-age=0`.", + "is_correct": true, + "explaination": "API Gateway can be configured to allow authorized clients to invalidate cached entries by sending the `Cache-Control: max-age=0` header." + }, + { + "label": "Ask customers to add a query string parameter called `INVALIDATE_CACHE` when making an API call.", + "is_correct": false, + "explaination": "This is not the standard API Gateway cache invalidation mechanism." + } + ] + }, + { + "question": "A Developer has been asked to build a real-time dashboard web application to visualize the key prefixes and storage size of objects in Amazon S3 buckets. Amazon DynamoDB will be used to store the Amazon S3 metadata. What is the optimal and MOST cost-effective design to ensure that the real-time dashboard is kept up to date with the state of the objects in the Amazon S3 buckets?", + "possible_answers": [ + { + "label": "Use an Amazon CloudWatch event backed by an AWS Lambda function. Issue an Amazon S3 API call to get a list of all Amazon S3 objects and persist the metadata within DynamoDB. Have the web application poll the DynamoDB table to reflect this change.", + "is_correct": false, + "explaination": "Listing all objects repeatedly is inefficient and more expensive than reacting only to changes." + }, + { + "label": "Use Amazon S3 Event Notification backed by a Lambda function to persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change.", + "is_correct": true, + "explaination": "S3 event notifications provide a real-time, event-driven, and cost-effective way to update DynamoDB only when objects change." + }, + { + "label": "Run a cron job within an Amazon EC2 instance to list all objects within Amazon S3 and persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change.", + "is_correct": false, + "explaination": "This requires constant polling and additional compute cost compared to native S3 events." + }, + { + "label": "Create a new Amazon EMR cluster to get all the metadata about Amazon S3 objects; persist the metadata into DynamoDB. Have the web application poll the DynamoDB table to reflect this change.", + "is_correct": false, + "explaination": "EMR would be excessive and not cost-effective for this event-driven metadata tracking requirement." + } + ] + }, + { + "question": "A Developer must repeatedly and consistently deploy a serverless RESTful API on AWS. Which techniques will work? (Choose TWO)", + "possible_answers": [ + { + "label": "Define a Swagger file. Use AWS Elastic Beanstalk to deploy the Swagger file.", + "is_correct": false, + "explaination": "Elastic Beanstalk is not the standard deployment platform for serverless APIs." + }, + { + "label": "Define a Swagger file. Use AWS CodeDeploy to deploy the Swagger file.", + "is_correct": false, + "explaination": "CodeDeploy is not the normal infrastructure-as-code mechanism for repeatedly deploying serverless API definitions." + }, + { + "label": "Deploy a SAM template with an inline Swagger definition.", + "is_correct": true, + "explaination": "AWS SAM supports serverless API deployment and can include an inline Swagger/OpenAPI definition." + }, + { + "label": "Define a Swagger file. Deploy a SAM template that references the Swagger file.", + "is_correct": true, + "explaination": "SAM also supports referencing an external Swagger/OpenAPI file for consistent serverless API deployments." + }, + { + "label": "Define an inline Swagger definition in a Lambda function. Invoke the Lambda function.", + "is_correct": false, + "explaination": "Lambda is not the mechanism for deploying API definitions this way." + } + ] + }, + { + "question": "An existing serverless application processes uploaded image files. The process currently uses a single Lambda function that takes an image file, performs the processing, and stores the file in Amazon S3. Users of the application now require thumbnail generation of the images. Users want to avoid any impact to the time it takes to perform the image uploads. How can thumbnail generation be added to the application, meeting user requirements while minimizing changes to existing code?", + "possible_answers": [ + { + "label": "Change the existing Lambda function handling the uploads to create thumbnails at the time of upload. Have the function store both the image and thumbnail in Amazon S3.", + "is_correct": false, + "explaination": "This would increase the time required to complete the upload path, which the users specifically want to avoid." + }, + { + "label": "Create a second Lambda function that handles thumbnail generation and storage. Change the existing Lambda function to invoke it asynchronously.", + "is_correct": false, + "explaination": "This can work, but it still requires modifying the existing function instead of using a more decoupled event-driven design." + }, + { + "label": "Create an S3 event notification with a Lambda function destination. Create a new Lambda function to generate and store thumbnails.", + "is_correct": true, + "explaination": "Using a separate S3-triggered Lambda function offloads thumbnail generation from the upload path and minimizes changes to the existing code." + }, + { + "label": "Create an S3 event notification to an SQS Queue. Create a scheduled Lambda function that processes the queue, and generates and stores thumbnails.", + "is_correct": false, + "explaination": "This adds more latency and complexity than necessary compared to direct S3 event notifications to Lambda." + } + ] + }, + { + "question": "A company is using Amazon API Gateway to manage access to a set of microservices implemented as AWS Lambda functions. Following a bug report, the company makes a minor breaking change to one of the APIs. In order to avoid impacting existing clients when the new API is deployed, the company wants to allow clients six months to migrate from v1 to v2. Which approach should the Developer use to handle this change?", + "possible_answers": [ + { + "label": "Update the underlying Lambda function and provide clients with the new Lambda invocation URL.", + "is_correct": false, + "explaination": "Clients should not be invoking Lambda directly, and this does not provide a clean API versioning strategy." + }, + { + "label": "Use API Gateway to automatically propagate the change to clients, specifying 180 days in the phased deployment parameter.", + "is_correct": false, + "explaination": "API Gateway does not provide a built-in phased deployment parameter for client migration in this way." + }, + { + "label": "Use API Gateway to deploy a new stage named v2 to the API and provide users with its URL.", + "is_correct": true, + "explaination": "Versioning the API through separate stages or endpoints allows v1 and v2 to coexist while clients migrate over time." + }, + { + "label": "Update the underlying Lambda function, create an Amazon CloudFront distribution with the updated Lambda function as its origin.", + "is_correct": false, + "explaination": "CloudFront is not the correct version management mechanism for API backward compatibility here." + } + ] + }, + { + "question": "A company developed a set of APIs that are being served through the Amazon API Gateway. The API calls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. The APIs should allow access based on a custom authorization model. Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?", + "possible_answers": [ + { + "label": "Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.", + "is_correct": true, + "explaination": "Cognito can federate with OpenID/social identity providers and issue JWTs, while a custom authorizer enables custom access control logic." + }, + { + "label": "Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.", + "is_correct": false, + "explaination": "This is more custom code and operational effort than using managed Cognito integration." + }, + { + "label": "Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.", + "is_correct": false, + "explaination": "This is more complex and less secure than using a managed identity solution." + }, + { + "label": "Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.", + "is_correct": false, + "explaination": "Storing and handling credentials directly is less secure and not the simplest design." + } + ] + }, + { + "question": "Where should an Elastic Beanstalk configuration file named `healthcheckur1.config` be placed in the application source bundle?", + "possible_answers": [ + { + "label": "In the `root` of the application.", + "is_correct": false, + "explaination": "Elastic Beanstalk configuration files are not loaded from the application root unless they are in the proper special directory." + }, + { + "label": "In the `bin` folder.", + "is_correct": false, + "explaination": "The `bin` folder is not where Elastic Beanstalk reads configuration extension files." + }, + { + "label": "In `healthcheckur1.config.ebextension` under `root`.", + "is_correct": false, + "explaination": "This is not the correct directory naming convention for Elastic Beanstalk configuration files." + }, + { + "label": "In the `.ebextensions` folder.", + "is_correct": true, + "explaination": "Elastic Beanstalk reads `.config` configuration files from the `.ebextensions` directory in the application source bundle." + } + ] + }, + { + "question": "A Developer has implemented a Lambda function that needs to add new customers to an RDS database that is expected to run hundreds of times per hour. The Lambda function is configured to use 512MB of RAM and is based on the following pseudo code. After testing the Lambda function, the Developer notices that the Lambda execution time is much longer than expected. What should the Developer do to improve performance?\n```\ndef lambda_handler(event, context):\n\ndb = database.connect()\n\ndb.statement('INSERT INTO Customers (CustomerName) VALUES (context.name)')\n\ndb.close()\n```", + "possible_answers": [ + { + "label": "Increase the amount of RAM allocated to the Lambda function, which will increase the number of threads the Lambda can use.", + "is_correct": false, + "explaination": "More memory can help performance in some cases, but the best optimization shown by this scenario is to avoid reconnecting to the database on every invocation." + }, + { + "label": "Increase the size of the RDS database to allow for an increased number of database connections each hour.", + "is_correct": false, + "explaination": "The issue is not the database size, but repeated connection setup inside the handler." + }, + { + "label": "Move the database connection and close statement out of the handler. Place the connection in the global space.", + "is_correct": true, + "explaination": "Reusing a database connection across warm Lambda invocations reduces connection overhead and improves execution time." + }, + { + "label": "Replace RDS wit Amazon DynamoDB to implement control over the number of writes per second.", + "is_correct": false, + "explaination": "Switching databases is unnecessary and does not directly address the connection setup inefficiency." + } + ] + }, + { + "question": "A static website is hosted in an Amazon S3 bucket. Several HTML pages on the site use JavaScript to download images from another Amazon S3 bucket. These images are not displayed when users browse the site. What is the possible cause for the issue?", + "possible_answers": [ + { + "label": "The referenced Amazon S3 bucket is in another region.", + "is_correct": false, + "explaination": "Cross-region S3 access is supported and is not by itself the cause of browser image blocking." + }, + { + "label": "The images must be stored in the same Amazon S3 bucket.", + "is_correct": false, + "explaination": "Assets can be stored in different buckets as long as access and browser policies are configured correctly." + }, + { + "label": "Port 80 must be opened on the security group in which the Amazon S3 bucket is located.", + "is_correct": false, + "explaination": "S3 buckets do not use EC2 security groups." + }, + { + "label": "Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket.", + "is_correct": true, + "explaination": "When JavaScript loads resources from another bucket/origin, the bucket must allow the request through an appropriate CORS configuration." + } + ] + }, + { + "question": "Amazon S3 has the following structure: `S3://BUCKET/FOLDERNAME/FILENAME.zip`. Which S3 best practice would optimize performance with thousands of PUT request each second to a single bucket?", + "possible_answers": [ + { + "label": "Prefix folder names with user id; for example, `s3://BUCKET/2013-FOLDERNAME/FILENAME.zip`.", + "is_correct": false, + "explaination": "This does not ensure the strongest distribution of request load across prefixes." + }, + { + "label": "Prefix file names with timestamps; for example, `s3://BUCKET/FOLDERNAME/2013-26-05-15-00-00-FILENAME.zip`.", + "is_correct": false, + "explaination": "Timestamp-based prefixes can still cluster requests around similar key prefixes." + }, + { + "label": "Prefix file names with random hex hashes; for example, `s3://BUCKET/FOLDERNAME/23a6-FILENAME.zip`.", + "is_correct": false, + "explaination": "Randomizing can help, but the selected answer in the source material uses the folder-name prefix pattern." + }, + { + "label": "Prefix folder names with random hex hashes; for example, `s3://BUCKET/23a6-FOLDERNAME/FILENAME.zip`.", + "is_correct": true, + "explaination": "Randomizing the leading key prefix helps distribute high request rates more evenly across S3 partitions." + } + ] + } +] \ No newline at end of file diff --git a/src/types.ts b/src/types.ts new file mode 100644 index 0000000..541919c --- /dev/null +++ b/src/types.ts @@ -0,0 +1,21 @@ +export interface Answer { + label: string; + is_correct: boolean; + explaination: string; +} + +export interface QuizQuestion { + question: string; + possible_answers: Answer[]; +} + +export interface UserSubmission { + timestamp: string; + score: number; + totalQuestions: number; + results: { + question: string; + selectedLabels: string[]; + possible_answers: Answer[]; + }[]; +} \ No newline at end of file diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 0000000..2b1cdf0 --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,12 @@ +{ + "compilerOptions": { + "target": "ES2022", + "lib": ["DOM", "DOM.Iterable", "ES2022"], + "module": "ESNext", + "skipLibCheck": true, + "moduleResolution": "bundler", + "jsx": "react-jsx", + "strict": true + }, + "include": ["src"] +} \ No newline at end of file diff --git a/vite.config.ts b/vite.config.ts new file mode 100644 index 0000000..0661e1f --- /dev/null +++ b/vite.config.ts @@ -0,0 +1,6 @@ +import { defineConfig } from 'vite' +import react from '@vitejs/plugin-react' + +export default defineConfig({ + plugins: [react()] +}) \ No newline at end of file