If you are looking for question dumps for AWS Serverless Badge Assessment, here you are. Please try study the theory and answer the questions by yourself before taking a look at these answers. However, these choices are NOT 100% correct, I got a score of 81% out of it (pass rate is 80%). AWS let me know which of my answers is wrong by end of the test, so red ones are my original answer but incorrect, green ones are definitely correct. Please refer to AWS documentation for up-to-date information.
 |
| Scores I've got for each category |
Question #1: You are a developer that is getting started on a new serverless application in AWS. As you research AWS capabilities supporting development activity, you learn about CodeBuild, CodeDeploy, CodePipeline, and the Serverless Application Model.
Starting from existing code, which AWS feature will help your team automate the creation of an initial CI/CD environment?
A) AWS CodePipeline (it's wrong, so I guess B is the correct answer)
B) AWS SAM Pipelines
C) AWS CodeDeploy
D) AWS CodeBuild
Question #2: You are consulting for a company that promotes large musical events. They are going to announce a concert of a well known artist and expect a 10 fold increase in requests to their service. The service is based on API Gateway triggering a series of Lambda functions and an Amazon Relational Database Service (Amazon RDS) Database for persistent storage.
What suggestions would you make for cost effective scaling?
A) Set Lambda provisioned concurrency to a value that meets your cost target
B) Enable API Gateway caching to reduce backend invocations
C) Scale the Amazon RDS instance up during the peak request period
D) Use API Keys to rate limit incoming user requests
Question #3: Your customer, who runs an online shopping platform with consistent and predictable traffic, is planning to incrementally migrate to serverless. They are looking to start with a microservice that returns available quantity for a product. This microservice is currently running as a container on premise and is continuously invoked. The development team is looking to lift and shift this service into serverless.
Which of the following will be the simplest option to lift and shift this container based microservice to serverless without making changes to the microservice?
A) Deploy the microservice as a container based app on AWS Fargate. Use Amazon API Gateway to direct traffic for inventory check to this microservice
B) Create a Lambda function to fetch the quantity. Use Application Load Balancer to direct traffic for inventory check to this Lambda Function
C) Deploy the microservice as a container based app on Amazon Elastic Container Service (ECS). Use Application Load Balancer to direct traffic for inventory check to this microservice
D) Create a Lambda function to fetch the quantity. Use API Gateway to direct traffic for inventory check to this Lambda Function.
Question #4: You are a developer and you are starting to work on a new project. It is your employer's policy to include automated deployment strategy with every new application to follow DevOps best practices. Based on your research, you found out that AWS Serverless Application Model (AWS SAM) is capable of creating CI/CD pipelines from scratch using SAM CLI.
Which sequence of SAM CLI commands will allow you to initialize and deploy your pipeline?
A) sam pipeline init --bootstrap, sam deploy
B) sam pipeline bootstrap, sam pipeline build, sam pipeline deploy
C) sam pipeline init, sam build, sam deploy
D) sam pipeline init, sam deploy
Question #5: A development team is tasked with updating their e-commerce website to handle the recent surge in online orders. The increases in orders is coming from new promotions that occur on ad-hoc basis. The current site is using synchronous REST APIs, which send requests to Lambda Functions and ultimately orders are stored in DynamoDB. During promotions, the APIs are timing out and losing orders, which is causing a lot of headaches for customers.
What pattern would be the most effective and easiest way to ensure all orders are eventually processed during these peak periods?
A) Swap the REST API for AppSync and refactor the API's to use GraphQL
B) Insert an Amazon Simple Queue Service (SQS) queue in front of your Lambda function, store orders in the queue and process them via your Lambda functions.
C) Implement retry logic and exponential backoff when calling APIs
D) Increase the provisioned capacity of Lambda functions
Question #6: You are a senior application developer working on a serverless application that uses a REST API in Amazon API gateway, Lambda functions, and Amazon DynamoDB. You have been informed by your security team that your serverless application is vulnerable to parameter tampering attacks. You have been tasked to address this vulnerability before your application's go-live date.
What Amazon API gateway feature can you use to help address this vulnerability?
A) Configure a mapping template to reshape the incoming request payload
B) Use a Private API with a VPC endpoint policy to control access to the endpoint
C) Configure an Amazon API Gateway model along with a request validator
D) Configure a request parameter-based Lambda authorizer
Question #7: You are working as a Solutions Architect for an e-commerce company. You have been tasked to review their order processing application. The application handles multiple steps for each order and it has become difficult to operate. Additionally the developers are struggling to add new features. Your review uncovers that business logic is mixed with logic around state tracking and complex error handling.
How would you rearchitect the application in order to separate the business logic from state and error handling?
A) Extract the business logic into several Lambda functions. Create an API Gateway with the corresponding routes for each function. Modify the applications clients to call the new API Gateway endpoint.
B) Create Lambda functions for the business logic and use Amazon SQS FIFO queues to connect them asynchronously.
C) Create Lambda functions to implement the business logic. Use Amazon EventBridge to coordinate your functions and handle errors.
D) Create an AWS Step Function to model the order process and extract the business logic into Lambda functions.
Question #8: Your company wants to expose their services to external developers as public APIs. They want to do this for monetization, visibility and engagement that results in growth. They also want to throttle requests to those APIs based on defined limits and quotas.
What service would you suggest to meet the requirements?
A) Lambda Function URL
B) Application Load Balancer
C) AWS AppSync
D) Amazon API Gateway
Question #9: Your application recently experienced a large surge in usage that has led to higher costs than you estimated. The application uses Amazon Simple Notification Service (SNS) to publish customer profile changes to an AWS Lambda function. You have noticed that your Lambda costs are far higher than expected even though you return from the function immediately when the function does not need to process the change.
How can you lower costs with minimal changes to the application code and/or architecture?
A) Add an Amazon Simple Queue Service (SQS) queue and let the application send the messages to SQS. Spin up Amazon EC2 instance to filter the messages and post to Amazon Simple Notification Service (SNS) topic. As all the messages has valid data, no additional charges incurred at the Lambda layer.
B) Before sending the messages to Amazon Simple Notification Service (SNS) topic filter the messages at the application level. As all the messages has valid data, no additional charges incurred at the Lambda layer.
C) Use Amazon SNS attribute based message filtering to only send messages that need to be processed downstream to Lambda.
D) AWS Lambda is a serverless service and not meant for the high-volume traffic. Replace Lambda with Amazon EC2 based instance.
Question #10: You are a cloud architect working on modernizing an application for a customer. You decide to use managed services from AWS as a part of the application design.
How would you explain managed services from AWS to your customer?
A) A service managed and supported by the open source community.
B) A service managed by an AWS Partner.
C) A service managed by the operations team in your company.
D) A service managed by AWS.
Question #11: As a senior developer in your team, you were asked by your manager to review deployment options that may be applicable to the serverless application your team is currently working on. Since the application will be under constant heavy load, when it is pushed to production, the deployment process needs to be capable of monitoring the application during the deployment while the traffic is being shifted into the new version in 10 minute increments. Your application predominantly consists of Lambda functions, which process the business logic.
Which of the following options would be most suitable deployment option for your Lambda functions considering the above criteria?
A) Canary10Percent10Minutes
B) Linear10PercentEvery10Minutes (I guess this one should be correct)
C) AllAtOnce
D) BlueGreen10Percent10Minutes
Question #12: A company will be modernizing their application which is currently running on Amazon Elastic Cloud Compute (EC2) instances. They have experience with scaling this infrastructure using Amazon EC2 Autoscaling. They want to move to serverless infrastructure consisting of an Amazon API Gateway that triggers Lambda functions. They are consulting you about scaling this new infrastructure.
What should the company consider in order to make sure the serverless infrastructure scales to their needs?
A) Look at service limits for Amazon API Gateway and Lambda functions used in order to identify potential bottlenecks and balance performance requirements, costs, and business impact
B) Throttle Lambda functions by configuring reserved concurrency, sending the excess traffic to Dead Letter Queues (DLQ) that will be handled when the request volume reduces.
C) Enable Auto Scaling Groups for AWS Lambda to ensure that enough Lambda functions are ready to handle the incoming requests
D) Do nothing. API Gateway and AWS Lambda are managed services that have built-in horizontal scaling, security, and high availability to handle unlimited amount of requests
Question #13: As a developer, you are refactoring an existing AWS Lambda function. The function currently stores data in an Amazon DynamoDB table but the size of items sometimes exceeds 400KB, causing an error. You have decided to store one of the larger data fields in an Amazon Simple Storage Service (S3) bucket to reduce the item size in DynamoDB.
What steps are required to allow the function to access the bucket in addition to the existing table?
A) Update the Lambda execution role to include s3:PutObject permissions for all buckets.
B) Update the Lambda execution role trust policy to include both the S3 bucket and the DynamoDB table.
C) Update the Lambda execution role to include s3:PutObject permissions for this bucket.
D) Update the Lambda execution role to include s3:* on the bucket permissions.
Question #14: You are part of a team that is planning to migrate an application to serverless on AWS. The application uses workers that listen to a queue to run background processes. The queue is maintained in a RabbitMQ cluster, deployed on premises. The team thinks that this is an easy place to introduce an AWS serverless service to maintain the queue. Their priority is to move to a serverless over lift and shift approach.
Which of the following services can be used to create a queue, without provisioning any servers?
A) Amazon EventBridge
B) Amazon Managed Queue (MQ)
C) Amazon Simple Queue Service (SQS)
D) Amazon Simple Notification Service (SNS)
Question #15: Your team is getting ready to build a new serverless application using AWS Lambda, Amazon DynamoDB, and Amazon API Gateway. You have been tasked with selecting the tool the team will use to build the serverless application. The developers need to be able to locally invoke and test functions and deploy resources in production and non-production environments in a consistent manner.
A) AWS Cloud Development Kit (AWS CDK)
B) AWS Serverless Application Model (AWS SAM)
C) AWS Cloud9
D) AWS CloudFormation
Question #16: You're working on an existing application that writes its state data to an Amazon DynamoDB Table using the PutItem API. You want to build an asynchronous, event-driven observer mechanism that watches for item-level changes happening in this existing DynamoDB Table and invoke a Lambda function to publish a message to an Amazon Simple Notification Service (SNS) Topic of the change. What is the lowest cost solution while still using DynamoDB?
A) Use Amazon Kinesis Firehose: as an item is written to the Amazon DynamoDB Table, Amazon Kinesis Firehose writes the data to Amazon S3 bucket. The Amazon S3 bucket is configured with an onCreate event to invoke a Lambda function that publishes a message to an Amazon SNS Topic.
B) Update the existing application's implementation to write its state data to Amazon DynamoDB Table, then conditionally wait for a '200 OK' response from the PutItem API before invoking the Lambda function to publish a message to an Amazon Simple Notification Service SNS Topic.
C) Use Amazon DynamoDB Streams: as an item is written to the Amazon DynamoDB Table, a new stream record is written to reflect the item-level change that has happened to the table. This new stream record invokes a Lambda function, reading the data from the stream record, and publishes a message to an Amazon Simple Notification Service (SNS) Topic.
D) Creating an Amazon EventBridge rule that runs on a regular schedule which invokes a Lambda function. This Lambda function performs a scan operation of the Amazon DynamoDB Table, and performs a diff against its last invocation. If there's a difference, a message is published to an Amazon Simple Notification Service (SNS) Topic.
Question #17: You are building a Lambda function that retrieves information from a DynamoDB table. You have configured both the function and table using AWS Serverless Application Model (AWS SAM).
Which of the following is the best approach to pass the table name to your function code?
A) Use an environment variable, populate with the table name
B) Add a configuration file and bundle with function code.
C) Create a secret in AWS Secrets Manager and reference from your code.
D) Create a static variable in the function code with the table name
Question #18: A hotel booking application's backend has been built with micro-services using AWS Lambda. Many of these micro-services require access to a common database. The developers have asked you what is the best way to store the database connection string and username/password to allow each service to connect. The connection parameters will vary based on which environment (Dev/Test/Prod) that the micro-services are deployed. What is the best method to store the common configuration?
What is the best method to store the common configuration?
A) AWS Config
B) Application source code
C) AWS Lambda Environment Variables
D) AWS AppConfig
E) AWS Systems Manager Parameter Store
Question #19: What are the primary benefits and features of using AWS Serverless services? (Select THREE)
High availability
Reduced time to market
No server provisioning
High cost
Pay for idle compute capacity
Serverless applications are difficult to scale
Question #20: You are a lead engineer at an e-commerce company. You've designed a new architecture for your flagship product using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. After presenting the solution to your team, they express concern about how they would develop, test, and iterate the application quickly and safely when they have traditionally run applications locally on their machines. Which of the following tool would alleviate their concerns by allowing them to run the application locally, use Infrastructure as Code, quickly package and deploy the application, as well as roll back bad deployments?
A) AWS Console
B) AWS CloudFormation
C) AWS Serverless Application Model (SAM)
D) AWS Lambda UpdateFunctionCode API
B) sam pipeline bootstrap, sam pipeline build, sam pipeline deploy
C) sam pipeline init, sam build, sam deploy
D) sam pipeline init, sam deploy
Question #5: A development team is tasked with updating their e-commerce website to handle the recent surge in online orders. The increases in orders is coming from new promotions that occur on ad-hoc basis. The current site is using synchronous REST APIs, which send requests to Lambda Functions and ultimately orders are stored in DynamoDB. During promotions, the APIs are timing out and losing orders, which is causing a lot of headaches for customers.
What pattern would be the most effective and easiest way to ensure all orders are eventually processed during these peak periods?
A) Swap the REST API for AppSync and refactor the API's to use GraphQL
B) Insert an Amazon Simple Queue Service (SQS) queue in front of your Lambda function, store orders in the queue and process them via your Lambda functions.
C) Implement retry logic and exponential backoff when calling APIs
D) Increase the provisioned capacity of Lambda functions
Question #6: You are a senior application developer working on a serverless application that uses a REST API in Amazon API gateway, Lambda functions, and Amazon DynamoDB. You have been informed by your security team that your serverless application is vulnerable to parameter tampering attacks. You have been tasked to address this vulnerability before your application's go-live date.
What Amazon API gateway feature can you use to help address this vulnerability?
A) Configure a mapping template to reshape the incoming request payload
B) Use a Private API with a VPC endpoint policy to control access to the endpoint
C) Configure an Amazon API Gateway model along with a request validator
D) Configure a request parameter-based Lambda authorizer
Question #7: You are working as a Solutions Architect for an e-commerce company. You have been tasked to review their order processing application. The application handles multiple steps for each order and it has become difficult to operate. Additionally the developers are struggling to add new features. Your review uncovers that business logic is mixed with logic around state tracking and complex error handling.
How would you rearchitect the application in order to separate the business logic from state and error handling?
A) Extract the business logic into several Lambda functions. Create an API Gateway with the corresponding routes for each function. Modify the applications clients to call the new API Gateway endpoint.
B) Create Lambda functions for the business logic and use Amazon SQS FIFO queues to connect them asynchronously.
C) Create Lambda functions to implement the business logic. Use Amazon EventBridge to coordinate your functions and handle errors.
D) Create an AWS Step Function to model the order process and extract the business logic into Lambda functions.
Question #8: Your company wants to expose their services to external developers as public APIs. They want to do this for monetization, visibility and engagement that results in growth. They also want to throttle requests to those APIs based on defined limits and quotas.
What service would you suggest to meet the requirements?
A) Lambda Function URL
B) Application Load Balancer
C) AWS AppSync
D) Amazon API Gateway
Question #9: Your application recently experienced a large surge in usage that has led to higher costs than you estimated. The application uses Amazon Simple Notification Service (SNS) to publish customer profile changes to an AWS Lambda function. You have noticed that your Lambda costs are far higher than expected even though you return from the function immediately when the function does not need to process the change.
How can you lower costs with minimal changes to the application code and/or architecture?
A) Add an Amazon Simple Queue Service (SQS) queue and let the application send the messages to SQS. Spin up Amazon EC2 instance to filter the messages and post to Amazon Simple Notification Service (SNS) topic. As all the messages has valid data, no additional charges incurred at the Lambda layer.
B) Before sending the messages to Amazon Simple Notification Service (SNS) topic filter the messages at the application level. As all the messages has valid data, no additional charges incurred at the Lambda layer.
C) Use Amazon SNS attribute based message filtering to only send messages that need to be processed downstream to Lambda.
D) AWS Lambda is a serverless service and not meant for the high-volume traffic. Replace Lambda with Amazon EC2 based instance.
Question #10: You are a cloud architect working on modernizing an application for a customer. You decide to use managed services from AWS as a part of the application design.
How would you explain managed services from AWS to your customer?
A) A service managed and supported by the open source community.
B) A service managed by an AWS Partner.
C) A service managed by the operations team in your company.
D) A service managed by AWS.
Question #11: As a senior developer in your team, you were asked by your manager to review deployment options that may be applicable to the serverless application your team is currently working on. Since the application will be under constant heavy load, when it is pushed to production, the deployment process needs to be capable of monitoring the application during the deployment while the traffic is being shifted into the new version in 10 minute increments. Your application predominantly consists of Lambda functions, which process the business logic.
Which of the following options would be most suitable deployment option for your Lambda functions considering the above criteria?
A) Canary10Percent10Minutes
B) Linear10PercentEvery10Minutes (I guess this one should be correct)
C) AllAtOnce
D) BlueGreen10Percent10Minutes
Question #12: A company will be modernizing their application which is currently running on Amazon Elastic Cloud Compute (EC2) instances. They have experience with scaling this infrastructure using Amazon EC2 Autoscaling. They want to move to serverless infrastructure consisting of an Amazon API Gateway that triggers Lambda functions. They are consulting you about scaling this new infrastructure.
What should the company consider in order to make sure the serverless infrastructure scales to their needs?
A) Look at service limits for Amazon API Gateway and Lambda functions used in order to identify potential bottlenecks and balance performance requirements, costs, and business impact
B) Throttle Lambda functions by configuring reserved concurrency, sending the excess traffic to Dead Letter Queues (DLQ) that will be handled when the request volume reduces.
C) Enable Auto Scaling Groups for AWS Lambda to ensure that enough Lambda functions are ready to handle the incoming requests
D) Do nothing. API Gateway and AWS Lambda are managed services that have built-in horizontal scaling, security, and high availability to handle unlimited amount of requests
Question #13: As a developer, you are refactoring an existing AWS Lambda function. The function currently stores data in an Amazon DynamoDB table but the size of items sometimes exceeds 400KB, causing an error. You have decided to store one of the larger data fields in an Amazon Simple Storage Service (S3) bucket to reduce the item size in DynamoDB.
What steps are required to allow the function to access the bucket in addition to the existing table?
A) Update the Lambda execution role to include s3:PutObject permissions for all buckets.
B) Update the Lambda execution role trust policy to include both the S3 bucket and the DynamoDB table.
C) Update the Lambda execution role to include s3:PutObject permissions for this bucket.
D) Update the Lambda execution role to include s3:* on the bucket permissions.
Question #14: You are part of a team that is planning to migrate an application to serverless on AWS. The application uses workers that listen to a queue to run background processes. The queue is maintained in a RabbitMQ cluster, deployed on premises. The team thinks that this is an easy place to introduce an AWS serverless service to maintain the queue. Their priority is to move to a serverless over lift and shift approach.
Which of the following services can be used to create a queue, without provisioning any servers?
A) Amazon EventBridge
B) Amazon Managed Queue (MQ)
C) Amazon Simple Queue Service (SQS)
D) Amazon Simple Notification Service (SNS)
Question #15: Your team is getting ready to build a new serverless application using AWS Lambda, Amazon DynamoDB, and Amazon API Gateway. You have been tasked with selecting the tool the team will use to build the serverless application. The developers need to be able to locally invoke and test functions and deploy resources in production and non-production environments in a consistent manner.
A) AWS Cloud Development Kit (AWS CDK)
B) AWS Serverless Application Model (AWS SAM)
C) AWS Cloud9
D) AWS CloudFormation
Question #16: You're working on an existing application that writes its state data to an Amazon DynamoDB Table using the PutItem API. You want to build an asynchronous, event-driven observer mechanism that watches for item-level changes happening in this existing DynamoDB Table and invoke a Lambda function to publish a message to an Amazon Simple Notification Service (SNS) Topic of the change. What is the lowest cost solution while still using DynamoDB?
A) Use Amazon Kinesis Firehose: as an item is written to the Amazon DynamoDB Table, Amazon Kinesis Firehose writes the data to Amazon S3 bucket. The Amazon S3 bucket is configured with an onCreate event to invoke a Lambda function that publishes a message to an Amazon SNS Topic.
B) Update the existing application's implementation to write its state data to Amazon DynamoDB Table, then conditionally wait for a '200 OK' response from the PutItem API before invoking the Lambda function to publish a message to an Amazon Simple Notification Service SNS Topic.
C) Use Amazon DynamoDB Streams: as an item is written to the Amazon DynamoDB Table, a new stream record is written to reflect the item-level change that has happened to the table. This new stream record invokes a Lambda function, reading the data from the stream record, and publishes a message to an Amazon Simple Notification Service (SNS) Topic.
D) Creating an Amazon EventBridge rule that runs on a regular schedule which invokes a Lambda function. This Lambda function performs a scan operation of the Amazon DynamoDB Table, and performs a diff against its last invocation. If there's a difference, a message is published to an Amazon Simple Notification Service (SNS) Topic.
Question #17: You are building a Lambda function that retrieves information from a DynamoDB table. You have configured both the function and table using AWS Serverless Application Model (AWS SAM).
Which of the following is the best approach to pass the table name to your function code?
A) Use an environment variable, populate with the table name
B) Add a configuration file and bundle with function code.
C) Create a secret in AWS Secrets Manager and reference from your code.
D) Create a static variable in the function code with the table name
Question #18: A hotel booking application's backend has been built with micro-services using AWS Lambda. Many of these micro-services require access to a common database. The developers have asked you what is the best way to store the database connection string and username/password to allow each service to connect. The connection parameters will vary based on which environment (Dev/Test/Prod) that the micro-services are deployed. What is the best method to store the common configuration?
What is the best method to store the common configuration?
A) AWS Config
B) Application source code
C) AWS Lambda Environment Variables
D) AWS AppConfig
E) AWS Systems Manager Parameter Store
Question #19: What are the primary benefits and features of using AWS Serverless services? (Select THREE)
High availability
Reduced time to market
No server provisioning
High cost
Pay for idle compute capacity
Serverless applications are difficult to scale
Question #20: You are a lead engineer at an e-commerce company. You've designed a new architecture for your flagship product using Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. After presenting the solution to your team, they express concern about how they would develop, test, and iterate the application quickly and safely when they have traditionally run applications locally on their machines. Which of the following tool would alleviate their concerns by allowing them to run the application locally, use Infrastructure as Code, quickly package and deploy the application, as well as roll back bad deployments?
A) AWS Console
B) AWS CloudFormation
C) AWS Serverless Application Model (SAM)
D) AWS Lambda UpdateFunctionCode API
Question #21: As a Solutions Architect for an e-commerce company, you are asked to improve the overall performance of an application that is behind Amazon API Gateway. You also need to protect the backend system and the application from traffic spikes.
What is the optimal solution that you would recommend?
A) Enable caching and WAF (Web Application Firewall)
B) Enable caching and set throttling limits.
C) Enable API Gateway to automatically scale and set throttling limits
D) Enable caching and scale API gateway services.
Question #22: A retailer is planning to migrate their eCommerce application from a monolithic application to serverless. They've done some experimentation with serverless by moving some of their cron jobs to AWS Lambda.
What should be their next step in planning their migration?
A) Start breaking the application into microservices.
B) Choose the right data store for different microservices.
C) Decouple the control plane’s transactional data requirements from the data plane’s query operations.
D) Understand what the application does, what each component does, and how each component interacts.
Question #23: Your company is planning a migration journey to AWS cloud. As a solution architect you worked on the plan and suggested to migrate some of the processes as a lift and shift to Amazon Elastic Cloud Compute (EC2) instances, then create lightweight scheduled jobs to AWS Lambda. Finally, experiment with AWS serverless technologies to plan for migrating API workloads in the future.
Which migration pattern describes this migration plan?
A) Leapfrog
B) Repurchasing
C) Organic
D) Strangler
Question #24: Your company wants to offer an audio service to the customer uploaded documents. Your application writes the data to Amazon S3 and the S3 put events are stored in Amazon Simple Queue Service (SQS) queue for further processing. A document goes through various stages of processing to extract the text and convert the text file to audio. As the amount of time for each operation is dependent up on the size of the uploaded document, your architect recommended to use a meta data store that will support key-value format.
Which one of the following AWS managed services support the recommended data store?
A) Amazon DynamoDB. It is a managed No SQL DB service and supports persistent data store.
B) Amazon Simple Storage Service (Amazon S3). It is a managed Object storage service and supports persistent data store.
C) Amazon Aurora database. It is a managed Amazon Relational Database Service (Amazon RDS) database service and supports persistent data store.
D) Amazon Neptune. It is a managed Graph DB service and supports persistent data store.
Question #25: As a Solution Architect working for an online gaming company, you have been informed the player feedback system is slow to respond during peak periods. The feedback is reviewed weekly by the game developers. The current system submits the feedback to an Amazon API Gateway which invokes a Lambda function to first validate and then store the review in a Amazon DynamoDB table. This table has been configured with provisioned capacity.
What suggestion would you offer to remove the players wait time?
A) Increase the Lambda functions memory configuration so that it can process each client request faster.
B) Enable API caching and payload compression in Amazon API Gateway
C) Change Amazon DynamoDB from provisioned capacity to on-demand allowing the table to scale up to handle any increases in demand.
D) Insert an Amazon Simple Queue Service queue between the API Gateway and Lambda function. Use Lambda's native SQS poller to read off the queue. Refactor the Lambda function to handle the new event object.
Question #26: Which of the following invocation methods does AWS Lambda support?
A) Poll, Stream, Synchronous based Invocations
B) Poll, Synchronous, Asynchronous based Invocations
C) Poll, Batch, Asynchronous based Invocations
D) Poll, Batch, Synchronous based Invocations
Question #27: You are creating AWS Lambda functions to handle events from an online ordering system. What are some best practices you should follow when writing Lambda functions? (Select TWO)
Store complex business logic within the function handler.
Store database credentials directly in variables in the function.
Store state information within your function, but outside the function handler.
Limit the use of function dependencies to only what is required.
Split complex business logic into separate modular functions outside of the function handler.
Question #28: A food and grocery delivery company is building a mobile application for their customers using AWS serverless services. As an architect you are asked to design the backend AWS solution architecture for the mobile app using event driven architecture. One of the features of the app is to provide real time updates to the user about the order delivery status.
What would be the efficient design for this feature to enable bi-directional communication between the API backend and the app?
A) Webhooks with Amazon Simple Notification Service (Amazon SNS)
B) Amazon API Gateway WebSockets
C) Publish Subscribe model using message queue
D) Client polling an AWS Lambda API
Question #29: A travel company is developing a new search engine that queries multiple airlines, hotels, and car rental services at one time. The company received feedback on their prototype that the search often resulted in timeout errors and that users could not tell if a search was still in progress. Using Amazon CloudWatch and AWS X-Ray, a developer found that while the Lambda function aggregating the search results was still running, the Amazon API Gateway REST API timed out after 30 seconds.
Which changes could the company make to their design to (1) alleviate the timeout errors and (2) provide users with ongoing status of their search?
A) Replace the REST API with a WebSocket API. Push the search updates to the client via the WebSocket.
What is the optimal solution that you would recommend?
A) Enable caching and WAF (Web Application Firewall)
B) Enable caching and set throttling limits.
C) Enable API Gateway to automatically scale and set throttling limits
D) Enable caching and scale API gateway services.
Question #22: A retailer is planning to migrate their eCommerce application from a monolithic application to serverless. They've done some experimentation with serverless by moving some of their cron jobs to AWS Lambda.
What should be their next step in planning their migration?
A) Start breaking the application into microservices.
B) Choose the right data store for different microservices.
C) Decouple the control plane’s transactional data requirements from the data plane’s query operations.
D) Understand what the application does, what each component does, and how each component interacts.
Question #23: Your company is planning a migration journey to AWS cloud. As a solution architect you worked on the plan and suggested to migrate some of the processes as a lift and shift to Amazon Elastic Cloud Compute (EC2) instances, then create lightweight scheduled jobs to AWS Lambda. Finally, experiment with AWS serverless technologies to plan for migrating API workloads in the future.
Which migration pattern describes this migration plan?
A) Leapfrog
B) Repurchasing
C) Organic
D) Strangler
Question #24: Your company wants to offer an audio service to the customer uploaded documents. Your application writes the data to Amazon S3 and the S3 put events are stored in Amazon Simple Queue Service (SQS) queue for further processing. A document goes through various stages of processing to extract the text and convert the text file to audio. As the amount of time for each operation is dependent up on the size of the uploaded document, your architect recommended to use a meta data store that will support key-value format.
Which one of the following AWS managed services support the recommended data store?
A) Amazon DynamoDB. It is a managed No SQL DB service and supports persistent data store.
B) Amazon Simple Storage Service (Amazon S3). It is a managed Object storage service and supports persistent data store.
C) Amazon Aurora database. It is a managed Amazon Relational Database Service (Amazon RDS) database service and supports persistent data store.
D) Amazon Neptune. It is a managed Graph DB service and supports persistent data store.
Question #25: As a Solution Architect working for an online gaming company, you have been informed the player feedback system is slow to respond during peak periods. The feedback is reviewed weekly by the game developers. The current system submits the feedback to an Amazon API Gateway which invokes a Lambda function to first validate and then store the review in a Amazon DynamoDB table. This table has been configured with provisioned capacity.
What suggestion would you offer to remove the players wait time?
A) Increase the Lambda functions memory configuration so that it can process each client request faster.
B) Enable API caching and payload compression in Amazon API Gateway
C) Change Amazon DynamoDB from provisioned capacity to on-demand allowing the table to scale up to handle any increases in demand.
D) Insert an Amazon Simple Queue Service queue between the API Gateway and Lambda function. Use Lambda's native SQS poller to read off the queue. Refactor the Lambda function to handle the new event object.
Question #26: Which of the following invocation methods does AWS Lambda support?
A) Poll, Stream, Synchronous based Invocations
B) Poll, Synchronous, Asynchronous based Invocations
C) Poll, Batch, Asynchronous based Invocations
D) Poll, Batch, Synchronous based Invocations
Question #27: You are creating AWS Lambda functions to handle events from an online ordering system. What are some best practices you should follow when writing Lambda functions? (Select TWO)
Store complex business logic within the function handler.
Store database credentials directly in variables in the function.
Store state information within your function, but outside the function handler.
Limit the use of function dependencies to only what is required.
Split complex business logic into separate modular functions outside of the function handler.
Question #28: A food and grocery delivery company is building a mobile application for their customers using AWS serverless services. As an architect you are asked to design the backend AWS solution architecture for the mobile app using event driven architecture. One of the features of the app is to provide real time updates to the user about the order delivery status.
What would be the efficient design for this feature to enable bi-directional communication between the API backend and the app?
A) Webhooks with Amazon Simple Notification Service (Amazon SNS)
B) Amazon API Gateway WebSockets
C) Publish Subscribe model using message queue
D) Client polling an AWS Lambda API
Question #29: A travel company is developing a new search engine that queries multiple airlines, hotels, and car rental services at one time. The company received feedback on their prototype that the search often resulted in timeout errors and that users could not tell if a search was still in progress. Using Amazon CloudWatch and AWS X-Ray, a developer found that while the Lambda function aggregating the search results was still running, the Amazon API Gateway REST API timed out after 30 seconds.
Which changes could the company make to their design to (1) alleviate the timeout errors and (2) provide users with ongoing status of their search?
A) Replace the REST API with a WebSocket API. Push the search updates to the client via the WebSocket.
B) Update the client to poll the REST API every 5 seconds to check for updates.
C) Send the query to travel providers using SNS. Use Amazon EMR to perform a map-reduce to finalize the result.
D) Register the client with an SNS Topic and publish updates to the topic.
Question #30: An organization developed serverless applications by using an event driven architecture (Amazon API Gateway, AWS Lambda). When launched in production, customers complained about slow response during the morning peak hours. Developers pointed out it is related to AWS Lambda cold starts. On average, the development team estimated there will be 100 concurrent users.
How do you mitigate the AWS Lambda cold starts?
A) Prevent AWS Lambda cold start with the Amazon CloudWatch Metrics to schedule events on morning hours.
B) Prevent AWS Lambda cold starts by increasing the service limits.
C) Prevent AWS Lambda cold starts with Lambda reserved concurrency.
D) Prevent AWS Lambda cold starts with Lambda provisioned concurrency.
Question #31: A banking organization is investigating how to migrate an existing system to serverless. This system is built using a monolithic architecture and is currently hosted in AWS on Amazon Elastic Compute Cloud (EC2) which is accessed by customers using an Application Load Balancer (ALB). The system has a number of critical components that are important to maintaining the integrity of customer banking transactions. However, a number of non-critical components have been identified as being suitable for the initial migration to serverless. The organization wants to migrate components as soon as possible in a gradual manner that reduces risk and disruption to its customers.
What migration strategy would you recommend for this system?
A) Use serverless to automate build tasks for the existing system and use this learning to migrate the complete existing application to a serverless cloud architecture.
B) Adopt the Leapfrog pattern to completely rebuild and replace the whole current system with a new serverless cloud architecture and migrate to the new system in a single step.
C) Use the Strangler migration pattern to incrementally decompose the monolith and gradually migrate non-critical system components to serverless by routing non-critical routes in the Application Load Balancer (ALB) to serverless backends.
D) Refactor the system to use containers. Use the Organic migration strategy to lift-and-shift the complete containerized system to the Amazon Elastic Container Service (Amazon ECS) using AWS Fargate for the underlying compute to satisfy the serverless requirement.
Question #32: A large company is planning to adopt serverless. To begin, they want to migrate a maintenance script written in Python that is run nightly. Which of the following services could they use as part of the migration? (Select TWO)
Amazon SNS
Amazon Simple Queue Service
AWS Lambda
Amazon EventBridge
AWS Batch
Question #33: A Solutions Architect is working with a company to migrate an existing application to AWS Lambda. A key requirement for the application is high throughput and low latency. The company is concerned about the potential impact of Lambda cold starts. Which of the following Lambda design best practices can help to reduce cold start durations? (Select TWO)
Separate business logic from Lambda-specific handler code.
Include only the dependencies and modules needed by the function.
Avoid using recursive code in the Lambda functions.
Use environment variables for operational parameters.
Write modular functions that have a singular purpose.
Question #34: You are developing a Lambda function that gets requests from an API Gateway and handles updates of user profiles. These profiles include application preferences like notification options, user photo, user alias and more. The profile information is stored on an MS SQL RDS database on your VPC except for the photos which are stored in S3. The VPC has an Internet Gateway and a NAT Gateway.
How can you configure your Lambda function to access S3 and the RDS database privately?
A) Create a service control policy that routes traffic from the Lambda service to the S3 services. Add a resource policy to allow write access.
B) Use a Lambda Resource Policy that allows write permissions to the S3 bucket. Create a VPC Endpoint for S3. Start the Lambda function on a private subnet and use the VPC Endpoint to access S3 privately.
C) Create a Lambda Execution Role that allows write permissions to the S3 bucket. Create a VPC Endpoint for S3.
D) Create a new NAT Gateway and Internet Gateway. Configure route table. Create an execution role that allows the Lambda function to write to the bucket.
Question #35: You are building an AWS Lambda function that requires an API key to interact with a third-party service. The API key must be stored securely as usage incurs a cost to your organization. Which of the following are the most secure means to store and access the key? (Select TWO)
Encrypt the key and include the encrypted value as a string in your function
Secret with the API key in AWS Secrets Manager
Environment variable containing the API key
Function execution role with permission to manage secrets
Function execution role with permissions to get the API key secret
Question #36: An architect is designing a real-time chat module for a new online game platform and wants to use the WebSocket API capabilities within Amazon API Gateway. An important requirement for this chat system is the ability to track the current number of active users on the platform.
Which of the options below could help implement this functionality?
A) Use the predefined $active route when a connection is activated to trigger a Lambda function that updates an active users counter stored in a DynamoDB table.
B) Use the `active-connections` command on the @connections API to periodically retrieve the total number of active connections and store this as a count in a DynamoDB table.
C) Use the $default route to trigger a Lambda function that increments an active user count in DynamoDB.
D) Use the $connect and $disconnect predefined routes to trigger a Lambda Function which increments and decrements an active user counter in DynamoDB respectively.
Question #37: You are a solutions architect designing a new music ticketing application. The application will access an Amazon API Gateway, which in turn invokes various Lambda functions to handle ticket purchases, customer signups, and account management. All customer information will be stored in Amazon DynamoDB.
Which of the following security task are you responsible for in accordance with the shared responsibility model?
A) Enabling encryption at rest for your Amazon DynamoDB table.
B) Enable and schedule automated patching of the Lambda service within your AWS account.
C) Routinely updating all Lambda functions with the latest runtime versions to ensure the latest maintenance and security updates are deployed.
D) Enable HTTPS for your Amazon API Gateway to ensure all customer, and payment details sent from the application are encrypted in transit.
Question #38: A developer has just started using AWS Lambda to write an application and wants to ensure the code is well tested. What design best practice can help with testing Lambda function code?
A) Minimize dependencies and packages used by the Lambda functions.
B) Separate business logic from Lambda-specific code
C) Avoid using recursive code within the Lambda functions.
D) Take advantage of execution environment reuse.
Question #39: You are a tech lead for a team responsible for launching a new location services API for a contact management system, the location data is stored in a relational database running on Amazon RDS. Your security team requires that credentials used to connect to databases must be encrypted at rest and rotated automatically every 90 days. All the activities associated with secrets rotation must be logged.
Which AWS service would allow you to implement this requirement with the least amount of overhead?
A) AWS Lambda Environment Variables
B) AWS Systems Manager Parameter store
C) AWS Secrets Manager
D) AWS Config Rule secretsmanager-secret-periodic-rotation
Question #40: You have written a custom hash function in AWS Lambda. You are able to invoke the function in your account. You need to grant access to invoke the function to all member accounts of an AWS Organization.
Which of the following actions meet this requirement?
A) Create an execution role in each of the organization's member accounts and attach it to the Lambda function.
B) Define the Lambda function as a global public function.
C) Create an SCP at the organization level that allows all member accounts to access the Lambda function.
D) Create a resource policy and attach it to your Lambda function. Specify the Principal as '*' and use a condition to specify the organization's PrincipalOrgID.
Question #41: A travel company is developing a new search engine that queries multiple airlines to find the best fares. Requests are sent to the airlines in parallel to minimize latency to customers and results are returned to the client as they arrive. The company has decided to use Amazon API Gateway REST APIs and airline partner have committed to a 15 second maximum SLA for search results.
Which of the following approaches offers the most flexibility to add new airlines partners while orchestrating the requests.
A) Proxy search requests to an SQS Queue. Use AWS Fargate to read messages from queue and send search parameters to airlines. Wait for results and then return to client.
B) Proxy search requests to an SNS Topic that sends messages to airlines with search parameters. Subscribe a Lambda function to a second SNS Topic on which to receive and aggregate results.
C) Proxy search results to an AWS Step Functions workflow. Use a parallel state to send synchronous requests to all airlines. When all responses are received, move to aggregate step and return.
D) Proxy request to Lambda function. Using Node.js, send requests to all airlines and then use a Lambda Destination to aggregate results together before returning to client.
Question #42: You are responsible for building an e-commerce site. In your development process you create a MVP (Minimum Viable Product) and deploy it in a TEST environment. Your architecture is made of an Amazon API Gateway that calls a Lambda function and an Amazon DynamoDB table. A member of the QA team reported that during testing a synchronous call broke the system causing a timeout error.
What should you do to fix the error?
A) Increase the timeout limit in the API Gateway. If the invocation request returns invocation errors, Lambda retries that request two more times by default. You can configure this retry value between 0 and 2.
B) Increase the timeout limit in the API Gateway. If the invocation request returns invocation errors, Lambda retries that invocation for up to 6 hours. You can decrease the default duration using the maximum age of event setting.
C) Do nothing. In a synchronous invocation, like between API Gateway and Lambda, Lambda provides built-in retry behaviors.
D) Generate the SDK from the API stage, and use the backoff and retry mechanisms it provides.
Question #43: You have built a CloudWatch dashboard that consolidates system metrics from Lambda functions powering your serverless e-commerce backend. You also use CloudWatch logs for troubleshooting. The business would like insights into what is popular and has asked you provide metrics on orders placed by product category.
What is the most scalable and easiest way to implement this?
A) Use metric filters to extract information from logs
B) Use embedded metric format (EMF) to log
C) Publish business level metrics as custom metrics from lambda function using CloudWatch PutMetricData API
D) Write a CloudWatch logs insights query against logs and add to dashboard
Question #44: You are refactoring an Amazon EC2 based application to use several AWS Lambda functions. During testing you realize some of the test events are failing. However, you are unsure which functions are failing and why.
What services can you use to identify and troubleshoot the functions that are failing?
A) Use AWS CloudTrail metrics to identify the failing functions and CloudTrail logs to analyze the function output.
B) Use AWS X-Ray to analyze the Amazon CloudWatch metrics and logs to identify and troubleshoot the failing functions.
C) Use the Amazon CloudWatch Lambda Insights Multi-Function dashboard to identify and troubleshoot the failing functions.
D) Use Amazon CloudWatch metrics to identify the failing functions and CloudWatch Logs to troubleshoot the function output.
Question #45: You have enabled several of your AWS Lambda functions for an Amazon VPC connection. You defined security groups that allow inbound and outbound access to resources in private subnets of the VPC. An Amazon EC2 instance in one of the defined subnets is running an application that needs to invoke one of your VPC enabled functions.
What options would allow access from a private subnet to your VPC enabled Lambda function? (Select TWO)
Create a Network Load Balancer (NLB), set the Lambda function as its target and invoke the Lambda function from the EC2 instance by sending request to the NLB.
Create an interface VPC endpoint for the Lambda service.
Utilize VPC enabled Lambda functions which can be invoked privately from resources in the VPC.
Create a Gateway VPC endpoint for the Lambda service and access the Lambda function through AWS network.
Create a NAT Gateway in the public subnet of the VPC and route private traffic through it to the public internet to invoke the Lambda function.
Question #46: You manage an application that uses an Amazon API Gateway REST API and an AWS Lambda function that needs read and write access to DynamoDB.
Which of the following grants the function access to DynamoDB in the MOST secure manner?
A) Create an IAM policy with DynamoDB read and write operations to access all DynamoDB tables. Add the policy to the function execution role.
B) Create an IAM policy with DynamoDB read and write operations to access specific DynamoDB tables. Add the policy to the function execution role.
C) Create a function resource-based policy with DynamoDB read and write operations to access specific DynamoDB tables.
D) Create a function resource-based policy with DynamoDB read and write operations to access all DynamoDB tables.
Question #47: You are an application developer that is tasked to extend an existing backend application with a serverless API behind an Amazon API Gateway. Frontend clients will interact with the API of the existing application and the new serverless API via REST calls. Requests to both APIs are authenticated using a token in the HTTP header verified by the existing IAM solution.
How can you use the existing auth mechanism to secure access to the API Gateway with the least amount of work?
A) Use a Lambda Extension to augment your Lambda functions with functionality to interact with your existing IAM solution. Configure the function to run for every Lambda and cancel code executions when auth fails
B) Create an Amazon Cognito Identity Pool and add your custom solutions as a federated identity provider. Use the native integration of Cognito with API Gateway for authentication
C) Create an Amazon Cognito User Pool and established a managed synchronization between your existing IAM solution and Cognito. Use the native integration of Cognito with Amazon API Gateway for authentication
D) Use a AWS Lambda authorizer to validate tokens at the existing IAM solution. Connect the Lambda function that serves as your authorizer to a VPC to allow private connectivity to the existing IAM solution
Question #48: A retail company has asked you to improve their backend infrastructure. They are receiving customer complaints about their web store. On peak load hours, customers are seeing error messages from the backend when they submit purchase orders. The orders are lost unless the customers repeat the order process.
How can you change the infrastructure to improve the customer experience and avoid losing orders?
A) Create asynchronous communication between the Amazon API Gateway and Amazon Lambda using an Amazon Simple Queue Service (SQS) queue to store incoming orders until they are processed by Lambda.
B) Create asynchronous communication between the API Gateway and Lambda using an Amazon Simple Notification Service (SNS) to store the orders until they are processed by Lambda.
C) Create synchronous communication between the Amazon API Gateway and AWS Lambda and have Amazon API Gateway send failed requests to an Amazon Dead Letter Queue
D) Use API Gateway throttling to avoid overwhelming the backend with too many requests avoiding the generation of errors.
Question #49: Company X has been operating a serverless application - using AWS Lambda, Amazon DynamoDB, Amazon API Gateway, and Amazon SQS - issue free for over 12 months. Two weeks ago, the customer service team started receiving increased reports of performance issues from end users during peak hours. Company X asked you to help troubleshoot the performance issues and identify any bottlenecks in the request paths. Which debugging and troubleshooting approach is the easiest way to help you locate bottlenecks in the application flow?
A) Add debugging log statements to Lambda function code. Review function execution outputs in CloudWatch Logs to identify potential problems.
B) Use AWS X-Ray to trace requests and investigate latency between service interactions
C) Review the Duration, Throttles, and Errors Lambda function metrics in Amazon CloudWatch to identify troublesome Lambda functions.
D) Analyze dead-letter queues for errors and unhandled events.
Question #50: An application that is processing customer requests has to also distribute the message to a number of downstream applications.
What AWS services can the application use to distribute the request messages to the downstream applications? (Select TWO)
Amazon Aurora Database Activity Streams
Amazon Simple Notification Service
Amazon EventBridge
Amazon AppFlow
Amazon Simple Queue Service
C) Send the query to travel providers using SNS. Use Amazon EMR to perform a map-reduce to finalize the result.
D) Register the client with an SNS Topic and publish updates to the topic.
Question #30: An organization developed serverless applications by using an event driven architecture (Amazon API Gateway, AWS Lambda). When launched in production, customers complained about slow response during the morning peak hours. Developers pointed out it is related to AWS Lambda cold starts. On average, the development team estimated there will be 100 concurrent users.
How do you mitigate the AWS Lambda cold starts?
A) Prevent AWS Lambda cold start with the Amazon CloudWatch Metrics to schedule events on morning hours.
B) Prevent AWS Lambda cold starts by increasing the service limits.
C) Prevent AWS Lambda cold starts with Lambda reserved concurrency.
D) Prevent AWS Lambda cold starts with Lambda provisioned concurrency.
Question #31: A banking organization is investigating how to migrate an existing system to serverless. This system is built using a monolithic architecture and is currently hosted in AWS on Amazon Elastic Compute Cloud (EC2) which is accessed by customers using an Application Load Balancer (ALB). The system has a number of critical components that are important to maintaining the integrity of customer banking transactions. However, a number of non-critical components have been identified as being suitable for the initial migration to serverless. The organization wants to migrate components as soon as possible in a gradual manner that reduces risk and disruption to its customers.
What migration strategy would you recommend for this system?
A) Use serverless to automate build tasks for the existing system and use this learning to migrate the complete existing application to a serverless cloud architecture.
B) Adopt the Leapfrog pattern to completely rebuild and replace the whole current system with a new serverless cloud architecture and migrate to the new system in a single step.
C) Use the Strangler migration pattern to incrementally decompose the monolith and gradually migrate non-critical system components to serverless by routing non-critical routes in the Application Load Balancer (ALB) to serverless backends.
D) Refactor the system to use containers. Use the Organic migration strategy to lift-and-shift the complete containerized system to the Amazon Elastic Container Service (Amazon ECS) using AWS Fargate for the underlying compute to satisfy the serverless requirement.
Question #32: A large company is planning to adopt serverless. To begin, they want to migrate a maintenance script written in Python that is run nightly. Which of the following services could they use as part of the migration? (Select TWO)
Amazon SNS
Amazon Simple Queue Service
AWS Lambda
Amazon EventBridge
AWS Batch
Question #33: A Solutions Architect is working with a company to migrate an existing application to AWS Lambda. A key requirement for the application is high throughput and low latency. The company is concerned about the potential impact of Lambda cold starts. Which of the following Lambda design best practices can help to reduce cold start durations? (Select TWO)
Separate business logic from Lambda-specific handler code.
Include only the dependencies and modules needed by the function.
Avoid using recursive code in the Lambda functions.
Use environment variables for operational parameters.
Write modular functions that have a singular purpose.
Question #34: You are developing a Lambda function that gets requests from an API Gateway and handles updates of user profiles. These profiles include application preferences like notification options, user photo, user alias and more. The profile information is stored on an MS SQL RDS database on your VPC except for the photos which are stored in S3. The VPC has an Internet Gateway and a NAT Gateway.
How can you configure your Lambda function to access S3 and the RDS database privately?
A) Create a service control policy that routes traffic from the Lambda service to the S3 services. Add a resource policy to allow write access.
B) Use a Lambda Resource Policy that allows write permissions to the S3 bucket. Create a VPC Endpoint for S3. Start the Lambda function on a private subnet and use the VPC Endpoint to access S3 privately.
C) Create a Lambda Execution Role that allows write permissions to the S3 bucket. Create a VPC Endpoint for S3.
D) Create a new NAT Gateway and Internet Gateway. Configure route table. Create an execution role that allows the Lambda function to write to the bucket.
Question #35: You are building an AWS Lambda function that requires an API key to interact with a third-party service. The API key must be stored securely as usage incurs a cost to your organization. Which of the following are the most secure means to store and access the key? (Select TWO)
Encrypt the key and include the encrypted value as a string in your function
Secret with the API key in AWS Secrets Manager
Environment variable containing the API key
Function execution role with permission to manage secrets
Function execution role with permissions to get the API key secret
Question #36: An architect is designing a real-time chat module for a new online game platform and wants to use the WebSocket API capabilities within Amazon API Gateway. An important requirement for this chat system is the ability to track the current number of active users on the platform.
Which of the options below could help implement this functionality?
A) Use the predefined $active route when a connection is activated to trigger a Lambda function that updates an active users counter stored in a DynamoDB table.
B) Use the `active-connections` command on the @connections API to periodically retrieve the total number of active connections and store this as a count in a DynamoDB table.
C) Use the $default route to trigger a Lambda function that increments an active user count in DynamoDB.
D) Use the $connect and $disconnect predefined routes to trigger a Lambda Function which increments and decrements an active user counter in DynamoDB respectively.
Question #37: You are a solutions architect designing a new music ticketing application. The application will access an Amazon API Gateway, which in turn invokes various Lambda functions to handle ticket purchases, customer signups, and account management. All customer information will be stored in Amazon DynamoDB.
Which of the following security task are you responsible for in accordance with the shared responsibility model?
A) Enabling encryption at rest for your Amazon DynamoDB table.
B) Enable and schedule automated patching of the Lambda service within your AWS account.
C) Routinely updating all Lambda functions with the latest runtime versions to ensure the latest maintenance and security updates are deployed.
D) Enable HTTPS for your Amazon API Gateway to ensure all customer, and payment details sent from the application are encrypted in transit.
Question #38: A developer has just started using AWS Lambda to write an application and wants to ensure the code is well tested. What design best practice can help with testing Lambda function code?
A) Minimize dependencies and packages used by the Lambda functions.
B) Separate business logic from Lambda-specific code
C) Avoid using recursive code within the Lambda functions.
D) Take advantage of execution environment reuse.
Question #39: You are a tech lead for a team responsible for launching a new location services API for a contact management system, the location data is stored in a relational database running on Amazon RDS. Your security team requires that credentials used to connect to databases must be encrypted at rest and rotated automatically every 90 days. All the activities associated with secrets rotation must be logged.
Which AWS service would allow you to implement this requirement with the least amount of overhead?
A) AWS Lambda Environment Variables
B) AWS Systems Manager Parameter store
C) AWS Secrets Manager
D) AWS Config Rule secretsmanager-secret-periodic-rotation
Question #40: You have written a custom hash function in AWS Lambda. You are able to invoke the function in your account. You need to grant access to invoke the function to all member accounts of an AWS Organization.
Which of the following actions meet this requirement?
A) Create an execution role in each of the organization's member accounts and attach it to the Lambda function.
B) Define the Lambda function as a global public function.
C) Create an SCP at the organization level that allows all member accounts to access the Lambda function.
D) Create a resource policy and attach it to your Lambda function. Specify the Principal as '*' and use a condition to specify the organization's PrincipalOrgID.
Question #41: A travel company is developing a new search engine that queries multiple airlines to find the best fares. Requests are sent to the airlines in parallel to minimize latency to customers and results are returned to the client as they arrive. The company has decided to use Amazon API Gateway REST APIs and airline partner have committed to a 15 second maximum SLA for search results.
Which of the following approaches offers the most flexibility to add new airlines partners while orchestrating the requests.
A) Proxy search requests to an SQS Queue. Use AWS Fargate to read messages from queue and send search parameters to airlines. Wait for results and then return to client.
B) Proxy search requests to an SNS Topic that sends messages to airlines with search parameters. Subscribe a Lambda function to a second SNS Topic on which to receive and aggregate results.
C) Proxy search results to an AWS Step Functions workflow. Use a parallel state to send synchronous requests to all airlines. When all responses are received, move to aggregate step and return.
D) Proxy request to Lambda function. Using Node.js, send requests to all airlines and then use a Lambda Destination to aggregate results together before returning to client.
Question #42: You are responsible for building an e-commerce site. In your development process you create a MVP (Minimum Viable Product) and deploy it in a TEST environment. Your architecture is made of an Amazon API Gateway that calls a Lambda function and an Amazon DynamoDB table. A member of the QA team reported that during testing a synchronous call broke the system causing a timeout error.
What should you do to fix the error?
A) Increase the timeout limit in the API Gateway. If the invocation request returns invocation errors, Lambda retries that request two more times by default. You can configure this retry value between 0 and 2.
B) Increase the timeout limit in the API Gateway. If the invocation request returns invocation errors, Lambda retries that invocation for up to 6 hours. You can decrease the default duration using the maximum age of event setting.
C) Do nothing. In a synchronous invocation, like between API Gateway and Lambda, Lambda provides built-in retry behaviors.
D) Generate the SDK from the API stage, and use the backoff and retry mechanisms it provides.
Question #43: You have built a CloudWatch dashboard that consolidates system metrics from Lambda functions powering your serverless e-commerce backend. You also use CloudWatch logs for troubleshooting. The business would like insights into what is popular and has asked you provide metrics on orders placed by product category.
What is the most scalable and easiest way to implement this?
A) Use metric filters to extract information from logs
B) Use embedded metric format (EMF) to log
C) Publish business level metrics as custom metrics from lambda function using CloudWatch PutMetricData API
D) Write a CloudWatch logs insights query against logs and add to dashboard
Question #44: You are refactoring an Amazon EC2 based application to use several AWS Lambda functions. During testing you realize some of the test events are failing. However, you are unsure which functions are failing and why.
What services can you use to identify and troubleshoot the functions that are failing?
A) Use AWS CloudTrail metrics to identify the failing functions and CloudTrail logs to analyze the function output.
B) Use AWS X-Ray to analyze the Amazon CloudWatch metrics and logs to identify and troubleshoot the failing functions.
C) Use the Amazon CloudWatch Lambda Insights Multi-Function dashboard to identify and troubleshoot the failing functions.
D) Use Amazon CloudWatch metrics to identify the failing functions and CloudWatch Logs to troubleshoot the function output.
Question #45: You have enabled several of your AWS Lambda functions for an Amazon VPC connection. You defined security groups that allow inbound and outbound access to resources in private subnets of the VPC. An Amazon EC2 instance in one of the defined subnets is running an application that needs to invoke one of your VPC enabled functions.
What options would allow access from a private subnet to your VPC enabled Lambda function? (Select TWO)
Create a Network Load Balancer (NLB), set the Lambda function as its target and invoke the Lambda function from the EC2 instance by sending request to the NLB.
Create an interface VPC endpoint for the Lambda service.
Utilize VPC enabled Lambda functions which can be invoked privately from resources in the VPC.
Create a Gateway VPC endpoint for the Lambda service and access the Lambda function through AWS network.
Create a NAT Gateway in the public subnet of the VPC and route private traffic through it to the public internet to invoke the Lambda function.
Question #46: You manage an application that uses an Amazon API Gateway REST API and an AWS Lambda function that needs read and write access to DynamoDB.
Which of the following grants the function access to DynamoDB in the MOST secure manner?
A) Create an IAM policy with DynamoDB read and write operations to access all DynamoDB tables. Add the policy to the function execution role.
B) Create an IAM policy with DynamoDB read and write operations to access specific DynamoDB tables. Add the policy to the function execution role.
C) Create a function resource-based policy with DynamoDB read and write operations to access specific DynamoDB tables.
D) Create a function resource-based policy with DynamoDB read and write operations to access all DynamoDB tables.
Question #47: You are an application developer that is tasked to extend an existing backend application with a serverless API behind an Amazon API Gateway. Frontend clients will interact with the API of the existing application and the new serverless API via REST calls. Requests to both APIs are authenticated using a token in the HTTP header verified by the existing IAM solution.
How can you use the existing auth mechanism to secure access to the API Gateway with the least amount of work?
A) Use a Lambda Extension to augment your Lambda functions with functionality to interact with your existing IAM solution. Configure the function to run for every Lambda and cancel code executions when auth fails
B) Create an Amazon Cognito Identity Pool and add your custom solutions as a federated identity provider. Use the native integration of Cognito with API Gateway for authentication
C) Create an Amazon Cognito User Pool and established a managed synchronization between your existing IAM solution and Cognito. Use the native integration of Cognito with Amazon API Gateway for authentication
D) Use a AWS Lambda authorizer to validate tokens at the existing IAM solution. Connect the Lambda function that serves as your authorizer to a VPC to allow private connectivity to the existing IAM solution
Question #48: A retail company has asked you to improve their backend infrastructure. They are receiving customer complaints about their web store. On peak load hours, customers are seeing error messages from the backend when they submit purchase orders. The orders are lost unless the customers repeat the order process.
How can you change the infrastructure to improve the customer experience and avoid losing orders?
A) Create asynchronous communication between the Amazon API Gateway and Amazon Lambda using an Amazon Simple Queue Service (SQS) queue to store incoming orders until they are processed by Lambda.
B) Create asynchronous communication between the API Gateway and Lambda using an Amazon Simple Notification Service (SNS) to store the orders until they are processed by Lambda.
C) Create synchronous communication between the Amazon API Gateway and AWS Lambda and have Amazon API Gateway send failed requests to an Amazon Dead Letter Queue
D) Use API Gateway throttling to avoid overwhelming the backend with too many requests avoiding the generation of errors.
Question #49: Company X has been operating a serverless application - using AWS Lambda, Amazon DynamoDB, Amazon API Gateway, and Amazon SQS - issue free for over 12 months. Two weeks ago, the customer service team started receiving increased reports of performance issues from end users during peak hours. Company X asked you to help troubleshoot the performance issues and identify any bottlenecks in the request paths. Which debugging and troubleshooting approach is the easiest way to help you locate bottlenecks in the application flow?
A) Add debugging log statements to Lambda function code. Review function execution outputs in CloudWatch Logs to identify potential problems.
B) Use AWS X-Ray to trace requests and investigate latency between service interactions
C) Review the Duration, Throttles, and Errors Lambda function metrics in Amazon CloudWatch to identify troublesome Lambda functions.
D) Analyze dead-letter queues for errors and unhandled events.
Question #50: An application that is processing customer requests has to also distribute the message to a number of downstream applications.
What AWS services can the application use to distribute the request messages to the downstream applications? (Select TWO)
Amazon Aurora Database Activity Streams
Amazon Simple Notification Service
Amazon EventBridge
Amazon AppFlow
Amazon Simple Queue Service
Loading...