AWS CERTIFIED DEVELOPER ASSOCIATE QUIZ 7 2 Created on January 07, 2021 By Sirjana GhimireAcharya AWS CERTIFIED DEVELOPER ASSOCIATE QUIZ 7 1 / 20 Your lead has admin access in IAM and he has granted you permission to manage other developers in your team. What are the ways you can manage the developer permission? APIs, IAM console AWS CLI All of the above 2 / 20 In DynamoDB, a table is a collection of______. Fields Attributes Items Values 3 / 20 What kind of service is provided by AWS DynamoDB? NoSQL Database Relational Database Document Database Dynamic Database 4 / 20 True or False: Classic Load Balancer has an associated IPv4, IPv6, and dualstack (both IPv4 and IPv6) DNS name? True False 5 / 20 A user had defined an IAM policy similar to the one given below on a bucket: { “Version”: “2012-10-17”, “Statement”: [{ “Effect”: “Allow”, “Principal”: { “AWS”: “arn:aws:iam::12112112:user/test” }, “Action”: [ “s3:GetBucketLocation”, “s3:ListBucket”, “s3:GetObject” ], “Resource”: [ “arn:aws:s3:::testbucket” ] } ] } What will this do? It will allow all the IAM users of the account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on bucket testbucket Allows the user test of the AWS account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on the bucket testbucket It will create an IAM policy for the user test It will result in an error saying invalid policy statement 6 / 20 One of your developer has attached an EBS volume to a Linux instance (which is running) as a “ /dev/sdf ” device. He comes back to you saying he is unable to see the attached device when he runs the command “df -h”. What is the possible reason do you think for this? The volume is not attached as a root device The volume is not in the same AZ of the instance The volume has not been mounted The volume is not formatted 7 / 20 Your company has just purchased some very expensive software which also involved the addition of a unique license for it. You have been told to set this up on an AWS EC2 instance; however, one of the problems is that the software license has to be tied to a specific MAC address and from your experience with AWS you know that every time an instance is restarted it will almost certainly lose it’s MAC address. What would be a possible solution to this given the options below? Use a VPC with a private subnet for the license and a public subnet for the EC2 Make sure any EC2 Instance that you deploy has a static IP address that is mapped to the MAC address. Use a VPC with a private subnet and configure the MAC address to be tied to that subnet. Use a VPC with an elastic network interface that has a fixed MAC Address. 8 / 20 In DynamoDB, a table is a collection of______. Fields Values Items Attributes 9 / 20 One of your fellow developer is trying to delete local secondary indexes in DynamoDB. Do you think he is correct? No Yes, if it is a local secondary indexes Yes, if it is a Global secondary indexes Yes, if it is a primary hash key index 10 / 20 Bob is an IAM user who has access to the EC2 services. Admin is an IAM user who has access to all the AWS services including IAM. Can Bob change his password? Yes, provided Admin has given Bob access to change his password Yes, only from the AWS console Yes, only from AWS CLI No, the IAM user can never change the password 11 / 20 A developer in your organization has created a new EBS volume from an existing snapshot that you created earlier. He has mounted the volume on the instance to which it is attached. Which of the below mentioned options is a required step before he can mount the volume? Create the file system of the volume No step is required. The user can directly mount the device Resize the volume as per the original snapshot size It is not possible to mount the volume. 12 / 20 A single DynamoDB table partition can support a maximum of 5,000 read capacity units or 1,000 write capacity units. True False 13 / 20 How long are the messages kept on an SQS queue by default? 4 days If a message is not read, it is never deleted 1 day 2 weeks 14 / 20 Your banking client wants to store some sensitive data in S3 , but they are not sure about the encryption available in S3. Which of the below is correct? He can choose to encrypt data using SSE-KMS He can choose to encrypt data using SSE-S3 None of the options are correct S3 storage is not safe for storing banking data . 15 / 20 You’re building a mobile application for Knowledge Hut. The application needs permissions for each user to communicate and store data in DynamoDB tables. What is the best method for granting each mobile device that installs your application to access DynamoDB tables for storage when required? Create an IAM role with the proper permission policy to communicate with the DynamoDB table. Use web identity federation, which assumes the IAM role using AssumeRoleWithWebIdentity, when the user signs in, granting temporary security credentials using STS. Create an IAM group that only gives access to your application and to the DynamoDB tables. Then, when writing to DynamoDB, simply include the unique device ID to associate the data with that specific user. During the install and game configuration process, have each user create an IAM credential and assign the IAM user to a group with proper permissions to communicate with DynamoDB. Create an Active Directory server and an AD user for each mobile application user. When the user signs in to the AD sign-on, allow the AD server to federate using SAML 2.0 to IAM and assign a role to the AD user which is the assumed with AssumeRoleWithSAML 16 / 20 Your client is new to AWS and they want to store data in S3. They are trying to understand the ACL and policy for an S3 bucket. Which of the below mentioned policy permissions is equivalent to the WRITE ACL on a bucket? s3:ListBucketVersions s3:GetObjectAcl s3:DeleteObject s3:GetObjectVersion 17 / 20 A user has configured an automated backup between 11 AM – 11:30 AM for the MySQL RDS DB. Will the performance of RDS get frozen momentarily during a backup? Yes, always Yes, only if the instance size is smaller than large size No Yes, provided it is a single zone implementation 18 / 20 Which of the below mentioned options is not a best practice to securely manage the AWS access credentials? Create strong access key and secret access key and attach to the root account Keep rotating your secure access credentials at regular intervals Enable MFA for privileged users Create individual IAM users 19 / 20 A large multi-national corporation like APPLE has come to you and asked if you can provide a high availability and disaster recovery plan for their organization. Their primary concern is not to lose any data so they are fine if there is a longer recovery time as it will presumably save on cost. Which of the following options would be the best one for this corporation, given the concerns that they have outlined to you above? Make sure you have RDS set up as an asynchronous Multi-AZ deployment, which automatically provisions and maintains an asynchronous “standby” replica in a different Availability Zone. Backup and restoring with S3 should be considered due to the low cost of S3 storage. Backup up frequently and the data can be sent to S3 using either Direct Connect or Storage Gateway, or over the Internet. Set up pre-configured servers using Amazon Machine Images. Use an Elastic IP and Route 53 to quickly switch over to your new infrastructure if there are any problems when you run your health checks. Set up a number of smaller instances in a different region, which all have Auto Scaling and Elastic Load Balancing enabled. If there is a network outage, then these instances will auto scale up. As long as spot instances are used and the instances are small this should remain a cost effective solution. 20 / 20 Knowledgehut has three AWS accounts. They have created separate IAM users within each account. Cloud Academy wants a single IAM console URL such as https:// knowledgehut.signin.aws.amazon.com/console/ for all account users. How can this be achieved? Create the same account alias with each account ID Merge all the accounts with consolidated billing Create the S3 bucket with an alias name and use the redirect rule to forward requests to various accounts It is not possible to have the same IAM account login URL for separate AWS accounts Your score is The average score is 35% LinkedIn Facebook Twitter 0% Restart quiz