AWS Certified Developer – Associate (Developing on AWS) Quiz Questions and Answers

Your company plans to move their on-premise data stores and code to AWS. They have some Node.js code that needs to be ported onto AWS with the least amount of administrative headache. You also need to minimise the cost of hosting the code base. Which of the following service would you use for this purpose?

Answer :
  • AWS Lambda 

Explanation :

AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume - there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service - all with zero administration. AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. All you need to do is supply your code in one of the languages that AWS Lambda supports (currently Node.js, Java, C#, Go and Python).

You’ve created a Code Commit Repository in AWS. You need to share the repository with the developers in your team. Which of the following would be a secure and easier way to share the repository with the development team? Choose 2 answers from the options given below.

Answer :
  • Create Git credentials for the IAM users 
  • Allow the developers to connect via HTTPS using the Git credentials 

Explanation :

HTTPS connections require either Git credentials, which IAM users can generate for themselves in IAM, or an AWS access key, which your repository users must configure in the credential helper included in the AWS CLI but is the only method available for root account or federated users. Git credentials are the easiest method for users of your repository to set up and use. SSH connections require your users to generate a public-private key pair, store the public key, associate the public key with their IAM user, configure their known hosts file on their local computer, and create and maintain a config file on their local computers. Because this is a more complex configuration process, we recommend you choose HTTPS and Git credentials for connections to AWS CodeCommit.

A developer has created a script that accesses an S3 bucket. The script will run on an EC2 Instance at regular intervals. What is the authentication mechanism that should be employed to ensure that the script works as desired?

Answer :
  • Create an IAM Role. Ensure the IAM Role has access to the S3 bucket via IAM policies. Attach the role to the instance 

Explanation :

You have an application or AWS CLI scripts running on an Amazon EC2 instance. Do not pass an access key to the application, embed it in the application, or have the application read a key from a source such as an Amazon S3 bucket (even if the bucket is encrypted). Instead, define an IAM role that has appropriate permissions for your application and launch the Amazon EC2 instance with roles for EC2. This associates an IAM role with the Amazon EC2 instance and lets the application get temporary security credentials that it can in turn use to make AWS calls. The AWS SDKs and the AWS CLI can get temporary credentials from the role automatically.

Your development team is planning on using the AWS Batch service to process a high number of intensive performance computing jobs. Which of the following integration services with AWS Batch will allow you to monitor the progress of the jobs?

Answer :
  • AWS CloudWatch Events

Explanation :

Using CloudWatch Events, you can monitor the progress of jobs, build AWS Batch custom workflows with complex dependencies, generate usage reports or metrics around job execution, or build your own custom dashboards. With AWS Batch and CloudWatch Events, you can eliminate scheduling and monitoring code that continuously polls AWS Batch for job status changes. Instead, handle AWS Batch job state changes asynchronously using any CloudWatch Events target, such as AWS Lambda, Amazon Simple Queue Service, Amazon Simple Notification Service, or Amazon Kinesis Data Streams.

A Development team wants to set up an AWS CodeCommit repository. Developers should be able to push changes to their own branches, but they should not be allowed to push commits or merge pull requests into the master branch. Additionally, whenever a commit or merge occurs into the master branch, the Project Manager needs to receive a notification. Which combination of steps will protect the master branch and send the alert with the shortest delay?

Answer :
  • Attach an AWS IAM policy to the developer IAM group that denies the actions of pushing commits, merging pull requests, and adding files to the master branch
  • Set up an Amazon CloudWatch Events rule triggered by a CodeCommit Repository State Change event for the master branch and add an Amazon SNS topic as a target

Explanation :

CodeCommit uses IAM policies to grant and deny access privileges for a repository. CloudWatch Events provides a near-real-time stream of CodeCommit events including repository state changes. CloudWatch Events rules can trigger on events matching a pattern and send a notification to an SNS topic. B is incorrect because CodeCommit supports IAM policies only, and not resource policies. C is incorrect because it could take up to 15 minutes for the Lambda function to detect the event. E is incorrect because CloudTrail logs can take up to 15 minutes to record an event.

Your team is planning on creating a Lambda function that will interact with a DynamoDB stream. Which of the following would need to be in place to ensure the Lambda function can interact with the DynamoDB table?

Answer :
  • IAM Role with permissions to DynamoDB

Explanation :

Regardless of what invokes a Lambda function, AWS Lambda always executes a Lambda function on your behalf. If your Lambda function needs to access any AWS resources, you need to grant the relevant permissions to access those resources. You also need to grant AWS Lambda permissions to poll your DynamoDB stream. You grant all of these permissions to an IAM role (execution role) that AWS Lambda can assume to poll the stream and execute the Lambda function on your behalf. You create this role first and then enable it at the time you create the Lambda function

Your team has just moved from their Jenkins se tup to using the AWS Code Pipeline service in AWS. They have a requirement to ensure triggers are in place during various stages in the pipeline so that actions can be taken based on those triggers. Which of the following can help you achieve this?

Answer :
  • AWS CloudWatch Events 

Explanation :

Amazon CloudWatch Events is a web service that monitors your AWS resources and the applications you run on AWS. You can use Amazon CloudWatch Events to detect and react to changes in the state of a pipeline, stage, or action. Then, based on rules you create, CloudWatch Events invokes one or more target actions when a pipeline, stage, or action enters the state you specify in a rule. Depending on the type of state change, you might want to send notifications, capture state information, take corrective action, initiate events, or take other actions.

Your development team is currently working with an application that interacts with the DynamoDB table. Due to the proposed extensive use of the application, the underlying DynamoDB table would undergo a steady growth in size. Which of the following preferred options should be used for retrieving the data? Choose 3 answers from the options given below.

Answer :
  • Query
  • GetItem
  • BtchGetItem

Explanation :

If possible, you should avoid using a Scan operation on a large table or index with a filter that removes many results. Also, as a table or index grows, the Scan operation slows. The Scan operation examines every item for the requested values and can use up the provisioned throughput for a large table or index in a single operation. For faster response times, design your tables and indexes so that your applications can use Query instead of Scan. (For tables, you can also consider using the GetItem and BatchGetItem APIs.)

As a developer, you need your operations team to monitor a set of metrics for an application. They also need to be notified in case any of the metrics crosses the threshold. How can you achieve this?

Answer :
  • Publish custom metrics for the application that can be monitored via CloudWatch. Create Alarms for notifications

Explanation :

You can create a CloudWatch alarm that watches a single metric. The alarm performs one or more actions based on the value of the metric relative to a threshold over a number of time periods. The action can be an Amazon EC2 action, an Amazon EC2 Auto Scaling action, or a notification sent to an Amazon SNS topic. You can also add alarms to CloudWatch dashboards and monitor them visually. When an alarm is on a dashboard, it turns red when it is in the ALARM state, making it easier for you to monitor its status proactively.

Your team needs to develop an application that needs to make use of SQS queues. There is a requirement that when a message is added to the queue, the message is not visible for 5 minutes to consumers. How can you achieve this? Choose 2 answers from the options given below.

Answer :
  • Implement delay queues in AWS 
  • Change the message timer value for each individual message 

Explanation :

Delay queues let you postpone the delivery of new messages to a queue for a number of seconds. If you create a delay queue, any messages that you send to the queue remain invisible to consumers for the duration of the delay period. The default (minimum) delay for a queue is 0 seconds. The maximum is 15 minutes. To set delay seconds on individual messages, rather than on an entire queue, use message timers to allow Amazon SQS to use the message timer's DelaySeconds value instead of the delay queue's DelaySeconds value.