The Kitchen Runs Itself
What is emphasized in a serverless architecture using AWS services like Lambda, API Gateway, and DynamoDB?
A. Managing servers
B. Event-driven design
C. Legacy protocol handling
D. Manual scaling
Correct Answer: B.
Explanation: Serverless architecture emphasizes event-driven design, using services like Lambda, API Gateway, and DynamoDB to build scalable applications without the need to manage servers.
What is the primary purpose of AWS X-Ray?
a. To store large amounts of data
b. To monitor and debug distributed applications
c. To manage user access and permissions
d. To provide cloud storage solutions
b. To monitor and debug distributed applications
AWS X-Ray is a service that helps developers analyze and debug distributed applications, such as those built using a microservices architecture. It provides insights into the performance of applications by tracing requests as they travel through the various components of the application. This allows developers to identify bottlenecks, understand dependencies, and troubleshoot issues more effectively.
To make a Serverless API, you should integrate API Gateway with......
a. Amazon EC2
b. Elastic Load Balancer
c. AWS Lambda
d. Amazon Macie
c. AWS Lambda
What is the purpose of mock endpoints in AWS API Gateway?
A. To simulate API responses for testing without needing the backend to be ready.
B. To handle legacy SOAP protocols.
C. To modify incoming requests and outgoing responses.
D. To limit requests to prevent overload.
Correct Answer: A
Explanation: Mock endpoints allow developers to simulate API responses for testing purposes, facilitating frontend development even when the backend is not yet ready.
A multi-national company has multiple business units with each unit having its own AWS account. The development team at the company would like to debug and trace data across accounts and visualize it in a centralized account.
As a Developer Associate, which of the following solutions would you suggest for the given use-case?
a. CloudTrail
b. VPC Flow Logs
c. X-Ray
d. CloudWatch Events
c. X-Ray
AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components.
You have created an application using serverless architecture using Lambda, Api Gateway, S3 and DynamoDB. Your boss asks you to do a major upgrade to API Gateway and you do this and deploy it to production. Unfortunately something has gone wrong and now your application is offline. What should you do to bring your application up as quickly as possible?
a. Restore your previous API gateway configuration using an EBS snapshot.
b. Delete the existing API Gateway.
c. Rollback your API Gateway to the previous stage.
d. Restart API Gateway for the new changes to take effect.
Answer: c. Rollback your API Gateway to the previous stage.
You can easily restore your AWS API Gateway from a previous deployment by selecting a stage that has the last version of your deployment.
Which of the following services does X-Ray NOT integrate with?
A. Elastic Load Balancer
B. API Gateway
C. Amazon CloudFront
D. Amazon S3
Correct Answer: C.
Explanation: Amazon CloudFront doesn't provide integration with AWS X-Ray. Integrating AWS X-Ray with other AWS services (https://docs.aws.amazon.com/xray/latest/devguide/xray-services.html).
What can API Gateway do when it receives a client request?
A. Modify the request parameters before sending the request to the backend
B. Store the request data in DynamoDB
C. Queue the request using SQS
D. Transform the request into a SOAP message
Correct Answer: A.
Explanation: When API Gateway receives a client request, it can modify the request parameters before sending the request on to the application backend. This is part of the API request and response transformations.
You can integrate API Gateway with the following, EXCEPT .....
a. Lambda Functions
b. HTTP Endpoints
c. AWS Services
d. AWS Cloudshell
d. AWS Cloudshell
AWS CloudShell is a browser-based shell that makes it easy to securely manage, interact with, and explore your AWS resources. It is not a service that you would integrate with API Gateway.
API Gateway can be integrated with:
A developer is working on an AWS Lambda function that reads data from Amazon S3 objects and writes the data to an Amazon DynamoDB table. Although the function triggers successfully from an S3 event notification upon object creation, it encounters a failure while attempting to write data to the DynamoDB table.
What is the probable reason for the failure?
A. The Lambda function's reserved concurrency limit has been exceeded
B. DynamoDB table does not have a Gateway VPC Endpoint, which is required by the Lambda function for a successful write
C. The Lambda function's provisioned concurrency limit has been exceeded
D. The Lambda function does not have IAM permissions to write to DynamoDB
Correct Answer: D.
Explanation: The Lambda function does not have IAM permissions to write to DynamoDB. You need to use an identity-based policy that allows read and write access to a specific Amazon DynamoDB table. To use this policy, attach the policy to a Lambda service role. A service role is a role that you create in your account to allow a service to perform actions on your behalf. That service role must include AWS Lambda as the principal in the trust policy. The role is then used to grant a Lambda function access to a DynamoDB table. By using an IAM policy and role to control access, you don’t need to embed credentials in code and can tightly control which services the Lambda function can access.
A development team wants to build an application using serverless architecture. The team plans to use AWS Lambda functions extensively to achieve this goal. The developers of the team work on different programming languages like Python, .NET and Javascript. The team wants to model the cloud infrastructure using any of these programming languages.
Which AWS service/tool should the team use for the given use-case?
A. AWS Serverless Application Model (SAM)
B. AWS Cloud Development Kit (CDK)
C. AWS CloudFormation
D. AWS CodeDeploy
Correct Answer: B. CDK
Explanation: The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define your cloud application resources using familiar programming languages.
Which of the following is NOT a component mentioned in the service map for the application?
A. Elastic Container Service container
B. SNS topics
C. DynamoDB
D. Lambda function
Correct Answer: D.
Explanation: The service map for the application includes an Elastic Container Service container, a couple of SNS topics, and DynamoDB for storing user data, session data, and game data. Lambda function is not mentioned as part of the service map.
You team maintains a public API Gateway that is accessed by clients from another domain. Usage has been consistent for the last few months but recently it has more than doubled. As a result, your costs have gone up and would like to prevent other unauthorized domains from accessing your API.
Which of the following actions should you take?
A. Restrict access by using CORS
B. Assign a Security Group to your API Gateway
C. Use Account-level throttling
D. Use Mapping Templates
A. Restrict access by using CORS
Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. When your API's resources receive requests from a domain other than the API's own domain and you want to restrict servicing these requests, you must disable cross-origin resource sharing (CORS) for selected methods on the resource.
You have created a whole new API (v2) and you want to test it, but you're worried about shifting all the traffic to it. What is the recommended way to test it?
a. Create a whole new Stage, then use Route 53 to distribute traffic between your two Stages using the Weighted record (CNAME)
b. Create a Canary release
c. Update all your Lambda functions to use Aliases
d. Deploy the new API in a different AWS region
b. Create a Canary release
Here’s why the other options are not recommended:
a. Create a whole new Stage, then use Route 53 to distribute traffic between your two Stages using the Weighted record (CNAME): This approach is more complex and involves managing DNS records, which can be cumbersome and less flexible compared to a Canary release.
c. Update all your Lambda functions to use Aliases: While using Lambda aliases can help manage different versions of a function, it does not provide the same level of traffic control and monitoring as a Canary release.
d. Deploy the new API in a different AWS region: Deploying in a different region does not help in testing the new version with a subset of your existing traffic and can introduce additional latency and complexity.
A SaaS company runs a HealthCare web application that is used worldwide by users. There have been requests by mobile developers to expose public APIs for the application-specific functionality. You decide to make the APIs available to mobile developers as product offerings.
Which of the following options will allow you to do that?
a. Use API Gateway Usage Plans
b. Use CloudFront Usage Plans
c. Use AWS Billing Usage Plans
d. Use AWS Lambda Custom Authorizers
e. All of the above
Correct option: A. Use API Gateway Usage Plans
Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud.
Incorrect options:
Use AWS Billing Usage Plans - AWS Billing and Cost Management is the service that you use to pay your AWS bill, monitor your usage, and analyze and control your costs. There is no such thing as AWS Billing Usage Plans. You cannot use AWS Billing to set up public APIs for the application.
Use CloudFront Usage Plans - Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. There is no such thing as CloudFront Usage Plans. You cannot use CloudFront to set up public APIs for the application.
Use AWS Lambda Custom Authorizers - Lambda is a separate service than Gateway API, therefore, it cannot be used to determine the API usage limits.
You are developing a new application using serverless infrastructure and are using services such as S3, DynamoDB, Lambda, API Gateway, CloudFront, CloudFormation and Polly. You deploy your application to production and your end users begin complaining about receiving a HTTP 429 error. What could be the cause of the error?
A. You enabled API throttling for a rate limit of 1000 requests per second while in development and now that you have deployed to production your API Gateway is being throttled.
B. You have an S3 bucket policy that is preventing Lambda from being able to write files to your bucket, generating a HTTP 429 error.
C. Your CloudFormation stack is not valid and is failing to deploy properly, which is causing a HTTP 429 error.
D. Your Lambda function does not have sufficient permissions to read to DynamoDB and this is generating a HTTP 429 error.
Correct Answer: A.
Explanation: When request submissions exceed the steady-state request rate and burst limits, API Gateway fails the limit-exceeding requests and returns 429 Too Many Requests error responses to the client. Upon catching such exceptions, the client can resubmit the failed requests in a way that is rate limiting, while complying with the API Gateway throttling limits.
You would like to use X-Ray to monitor your application which runs on a number of Docker containers. Where should you deploy and run the X-Ray daemon?
A. Use a dedicated Docker container build from an image which includes the X-Ray daemon.
B. Install the X-Ray daemon on Lambda.
C. The X-Ray daemon will already be installed on the underlying EC2 instance by default.
D. Install the X-Ray daemon on the underlying EC2 instance.
Correct Answer: A.
Explanation: X-Ray provides a Docker container image that you can deploy alongside your application. For custom configurations, you may need to define your own Docker image.
A company follows collaborative development practices. The engineering manager wants to isolate the development effort by setting up simulations of API components owned by various development teams.
Which API integration type is best suited for this requirement?
A. AWS_PROXY
B. HTTP
C. HTTP_PROXY
D. MOCK
Correct Answer: D
Explanation: This type of integration lets API Gateway return a response without sending the request further to the backend. This is useful for API testing because it can be used to test the integration setup without incurring charges for using the backend and to enable collaborative development of an API.
In collaborative development, a team can isolate their development effort by setting up simulations of API components owned by other teams by using the MOCK integrations. It is also used to return CORS-related headers to ensure that the API method permits CORS access. In fact, the API Gateway console integrates the OPTIONS method to support CORS with a mock integration.
What are the key features of API Gateway when dealing with legacy SOAP applications?
A. API Gateway converts the response from the application to XML.
B. API Gateway converts the response from the application to HTML.
C. API Gateway converts the response from the application to JSON and provides web service passthrough for SOAP applications.
D. API Gateway only supports RESTful applications and cannot interact with SOAP applications.
Correct Answer: C.
Explanation: API Gateway can transform the output from XML to JSON as part of your modernization effort. Additionally, when a method request carries a payload and either the Content-Type header does not match any specified mapping template or no mapping template is defined, API Gateway can pass the client-supplied request payload through the integration request to the backend without transformation. This process is known as integration passthrough.
What steps can a developer take to optimize the performance of a CPU-bound AWS Lambda function and ensure fast response time?
a. Increase the function's memory
b. Increase the function's CPU
c. Increase the function's provisioned concurrency
d. Increase the function's timeout
Correct option: A. Increase the function's memory
Memory is the principal lever available to Lambda developers for controlling the performance of a function. You can configure the amount of memory allocated to a Lambda function, between 128 MB and 10,240 MB. The Lambda console defaults new functions to the smallest setting and many developers also choose 128 MB for their functions.
The amount of memory also determines the amount of virtual CPU available to a function. Adding more memory proportionally increases the amount of CPU, increasing the overall computational power available. If a function is CPU-, network- or memory-bound, then changing the memory setting can dramatically improve its performance.
Your team lead has requested a code review of your code for Lambda functions. Your code is written in Python and makes use of the Amazon Simple Storage Service (S3) to upload logs to an S3 bucket. After the review, your team lead has recommended reuse of execution context to improve the Lambda performance.
Which of the following actions will help you implement the recommendation?
A. Move the Amazon S3 client initialization, out of your function handler
B. Enable X-Ray integration
C. Assign more RAM to the function
D. Use environment variables to pass operational parameters
Correct Answer: A.
Explanation: Move the Amazon S3 client initialization, out of your function handler - AWS best practices for Lambda suggest taking advantage of execution context reuse to improve the performance of your functions. Initialize SDK clients and database connections outside of the function handler, and cache static assets locally in the /tmp directory. Subsequent invocations processed by the same instance of your function can reuse these resources. This saves execution time and cost. To avoid potential data leaks across invocations, don’t use the execution context to store user data, events, or other information with security implications.
Which environment variable can be used by AWS X-Ray SDK to ensure that the daemon is correctly discovered on ECS?
A. AWS_XRAY_DAEMON_ADDRESS
B. AWS_XRAY_CONTEXT_MISSING
C. AWS_XRAY_TRACING_NAME
D. AWS_XRAY_DEBUG_MODE
Correct Answer: A
Explanation: AWS_XRAY_DAEMON_ADDRESS. Set the host and port of the X-Ray daemon listener. By default, the SDK uses 127.0.0.1:2000 for both trace data (UDP) and sampling (TCP). Use this variable if you have configured the daemon to listen on a different port or if it is running on a different host.
A development team has deployed a REST API in Amazon API Gateway to two different stages - a test stage and a prod stage. The test stage is used as a test build and the prod stage as a stable build. After the updates have passed the test, the team wishes to promote the test stage to the prod stage.
Which of the following represents the optimal solution for this use-case?
A. Deploy the API without choosing a stage. This way, the working deployment will be updated in all stages
B. API performance is optimized in a different way for prod environments. Hence, promoting test to prod is not correct. The promotion should be done by redeploying the API to the prod stage
C. Delete the existing prod stage. Create a new stage with the same name (prod) and deploy the tested version on this stage
D. Update stage variable value from the stage name of test to that of prod
Correct Answer: D.
Explanation: After creating your API, you must deploy it to make it callable by your users. To deploy an API, you create an API deployment and associate it with a stage. A stage is a logical reference to a lifecycle state of your API (for example, dev, prod, beta, v2). API stages are identified by the API ID and stage name. They're included in the URL that you use to invoke the API. Each stage is a named reference to a deployment of the API and is made available for client applications to call.
Stages enable robust version control of your API. In our current use-case, after the updates pass the test, you can promote the test stage to the prod stage. The promotion can be done by redeploying the API to the prod stage or updating a stage variable value from the stage name of test to that of prod.
You are a developer for a busy real estate company, and you want to enable other real estate agents to have the ability to show properties on your books, but skinned so that it looks like their own website. You decide the most efficient way to do this is to expose your API to the public using API Gateway. The project works well, but one of your competitors starts abusing this by sending your API tens of thousands of requests per second. This generates an HTTP 429 error. Each agent connects to your API using individual API keys. What is the most effective action to stop this behavior?
A. Deploy multiple API Gateways and give the agent access to another API Gateway.
B. Use AWS Shield Advanced API protection to block the requests.
C. Place an AWS Web Application Firewall (AWS WAF) in front of API Gateway and throttle the agent's API access using the individual API Keys.
D. Increase the capacity of your API Gateway to handle the increased load.
Correct Answer: C.
Expalantion: AWS WAF helps protect your web applications or APIs against common web exploits that could impact availability, compromise security, or consume excessive resources. To prevent your API from being overwhelmed by too many requests, Amazon API Gateway throttles requests to your API using the token bucket algorithm, where a token counts for a request. You can enable usage plans to restrict client request submissions to within specified request rates and quotas. This restricts the overall request submissions so that they don't go significantly past the account-level throttling limits in a Region. Amazon API Gateway provides Per-client throttling limits that are applied to clients that use API keys associated with your usage policy as client identifier.
A developer wants to enable X-Ray tracing on an on-premises Linux server running a custom application that is accessed through Amazon API Gateway. What is the most efficient solution that requires minimal configuration?
A. Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service
B. Install and run the CloudWatch Unified Agent on the on-premises servers to capture and relay the X-Ray data to the X-Ray service using the PutTraceSegments API call
C. Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service
D. Configure a Lambda function to analyze the incoming traffic data on the on-premises servers and then relay the X-Ray data to the X-Ray service using the PutTelemetryRecords API call
Correct Answer: A
Explanation: The AWS X-Ray daemon is a software application that listens for traffic on UDP port 2000, gathers raw segment data, and relays it to the AWS X-Ray API. The daemon works in conjunction with the AWS X-Ray SDKs and must be running so that data sent by the SDKs can reach the X-Ray service.
To run the X-Ray daemon locally, on-premises, or on other AWS services, download it, run it, and then give it permission to upload segment documents to X-Ray.