AWS-DA(291-300)

An engaging and informative illustration depicting AWS cloud architecture, services, and development processes with light bulb ideas and coding elements.

AWS Certification Practice Quiz

Test your knowledge and skills on AWS with our comprehensive quiz designed for developers and IT professionals alike. This quiz contains 10 challenging questions that cover various aspects of AWS services and architecture.

Whether you're preparing for certification or looking to enhance your understanding of AWS, this quiz will help you:

Evaluate your current knowledge
Identify areas for improvement
Boost your confidence before taking the certification exam

10 Questions2 MinutesCreated by CodingFalcon24

A business created a set of APIs that are provided through the Amazon API Gateway. The API requests must be authenticated using a supplier of OpenID-based identification, such as Amazon or Facebook. Access to the APIs should be based on a specific authorisation mechanism. Which approach is the most straightforward and secure to employ when developing an authentication and authorisation strategy for APIs?

A. Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.

B. Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.

C. Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.

D. Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.

When a Developer attempts to execute an AWS CodeBuild project, an error occurs because the cumulative length of all environment variables exceeds the maximum character limit. What is the suggested course of action?

A. Add the export LC_ALL=ג€en_US.utf8ג€ command to the pre_build section to ensure POSIX localization.

B. Use Amazon Cognito to store key-value pairs for large numbers of environment variables.

C. Update the settings for the build project to use an Amazon S3 bucket for large numbers of environment variables.

D. Use AWS Systems Manager Parameter Store to store large numbers of environment variables.

A developer is now working on an application that manages papers that are ten megabytes in size and include very sensitive data. The application will encrypt data on the client side using AWS KMS. Which procedures must be followed?

A. Invoke the Encrypt API passing the plaintext data that must be encrypted, then reference the customer managed key ARN in the KeyId parameter

B. Invoke the GenerateRandom API to get a data encryption key, then use the data encryption key to encrypt the data

C. Invoke the GenerateDataKey API to retrieve the encrypted version of the data encryption key to encrypt the data

D. Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data

A software business must ensure that documents provided by users are maintained securely in Amazon S3. At rest, the documents must be encrypted in Amazon S3. The firm does not want to operate its security infrastructure in-house, but it need additional protection to maintain control over its encryption keys in order to comply with industry laws. Which encryption technique should a developer use in order to satisfy these requirements?

A. Server-side encryption with Amazon S3 managed keys (SSE-S3)

B. Server-side encryption with customer-provided encryption keys (SSE-C)

C. Server-side encryption with AWS KMS managed keys (SSE-KMS)

D. Client-side encryption

A developer has developed an application that can concurrently upload tens of thousands of items to Amazon S3 under a single AWS account. As part of the new criteria, data stored in S3 must be encrypted on the server using AWS KMS (SSE-KMS). After making this update, the application's performance degrades. Which of the following is the MOST LIKELY source of application latency?

A. Amazon S3 throttles the rate at which uploaded objects can be encrypted using Customer Master Keys.

B. The AWS KMS API calls limit is less than needed to achieve the desired performance.

C. The client encryption of the objects is using a poor algorithm.

D. KMS requires that an alias be used to create an independent display name that can be mapped to a CMK.

A developer has created an application for Amazon Kinesis Data Streams. With increased use and traffic, the application often receives ProvisionedThroughputExceededException error messages. How should the developer proceed in order to address the error? (Select two.)

A. Use Auto Scaling to scale the stream for better performance

B. Increase the delay between the GetRecords call and the PutRecords call

C. Increase the number of shards in the data stream

D. Specify a shard iterator using the ShardIterator parameter

E. Implement exponential backoff on the GetRecords call and the PutRecords call

A business has a website built in PHP and WordPress and is hosted on AWS Elastic Beanstalk. The website requires a new version to be deployed in the Elastic Beanstalk environment. The firm cannot afford to have the website unavailable in the event of an update failure. Deployments must have a negligible effect and be reversible as quickly as feasible. Which type of deployment should be used?

A. All at once

B. Rolling

C. Snapshots

D. Immutable

A development team is in the process of developing a new application that will operate on AWS. While the test and production environments will be hosted on Amazon EC2 instances, developers will use their own computers to execute their environments. Which of the following is the EASIEST and MOST SECURE method for local development computers to access AWS services?

A. Use an IAM role to assume a role and execute API calls using the role.

B. Create an IAM user to be shared with the entire development team; provide the development team with the access key.

C. Create an IAM user for each developer on the team; provide each developer with a unique access key.

D. Set up a federation through an Amazon Cognito user pool.

A developer is developing an AWS Lambda function to handle data coming from an Amazon Kinesis Data Stream. When the Lambda function parses the data and comes across an empty field, it returns an error. The function duplicates the records in the Kinesis stream. There are no duplicate entries when the Developer examines the stream output without using the Lambda function. What accounts for the duplicates?

A. The Lambda function did not advance the Kinesis stream pointer to the next record after the error.

B. The Lambda event source used asynchronous invocation, resulting in duplicate records.

C. The Lambda function did not handle the error, and the Lambda service attempted to reprocess the data.

D. The Lambda function is not keeping up with the amount of data coming from the stream.

The code of a developer is saved in an Amazon S3 bucket. The code must be distributed across many AWS Lambda accounts in the same Region as the S3 bucket as an AWS Lambda function. The Lambda function will be launched using a custom AWS CloudFormation template for each account. What is the MOST SECURE method for granting access to Lambda code stored in an S3 bucket?

A. Grant the CloudFormation execution role S3 list and get permissions. Add a bucket policy to Amazon S3 with the Principal of ג€AWSג€: [account numbers].

B. Grant the CloudFormation execution role S3 get permissions. Add a bucket policy to Amazon S3 with the Principal of ג€*ג€.

C. Use a service-based link to grant the Lambda function S3 list and get permissions by explicitly adding the S3 bucket's account number in the resource.

D. Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of ג€*ג€ to allow access to the S3 bucket.

Unlock and Upgrade

Remove all limits from your Quizzes

AWS-DA(291-300)

AWS Certification Practice Quiz

More Quizzes