AWS CLF-C01 Practice Test – Member Shared Questions, Page 60

Question 591

A developer created a Lambda function for a web application backend When testing the Lambda function from the AWS Lambda console, the developer can see that the function is being run, but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes. What could cause this situation?

A.

The Lambda function does not have any explicit log statements for the log data to send it to CloudWatch Logs

B.

The Lambda function is missing CloudWatch Logs as a source trigger to send log data

C.

The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs

D.

The Lambda function is missing a target CloudWatch Log group

Show Answer Comment (0)

Question 592

Question 593

A developer manages an application that interacts with Amazon RDS. Alter observing slow performance with read queries, the developer Implements Amazon ElastiCache to update the cache immediately following the primary database update.

What will be the result of this approach to caching?

A.

Caching will increase the load on the database instance because the cache is updated for every database update.

B.

Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data

C.

The cache will become large and expensive because the infrequently requested data is also written to the cache

D.

Overhead will be added to the initial response time because the cache is updated only after a cache miss

Show Answer Comment (0)

Question 594

A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment the application has used 1AM access keys. The application is now ready for deployment onto an ECS cluster How should the application authenticate with AWS services in production?

A.

Configure an ECS task 1AM role for the application to use

B.

Refactor the application to call AWS STS AssumeRole based on an instance role

C.

Configure AWS access key/secret access key environment variables with new credentials

D.

Configure the credentials file with a new access key/secret access key

Show Answer Comment (0)

Question 595

A company has dn application that analyzes photographs. A developer is preparing the application for deployment to Amazon EC2 instances. The application's image analysis functions require a mix of GPU instances and CPU instances that run on Amazon Linux. The developer needs to add code to the application so that the functions can determine whether they are running on a GPU instance What should the functions do to obtain this information?

A.

Call the Descnbeinstances API operation and filter on the current instance ID Examine the EiasticGpuAssociations property

B.

Evaluate the GPU_AVA1LABLE environment variable

C.

Call the DescribeElasticGpus API operation

D.

Retrieve the instance type from the instance metadata

Show Answer Comment (0)

Question 596

A developer is creating a serverless web application and maintains different branches of code. The developer wants to avoid updating the Amazon API Gateway target endpoint each time a new code push is performed What solution would allow the developer to perform a code push efficiently, without the need to update the API Gateway'^

A.

Associate different AWS Lambda functions to an API Gateway target endpoint

B.

Create different stages in API Gateway then associate API Gateway with AWSLambda.

C.

Create aliases and versions in AWS Lambda

D.

Tag the AWS Lambda functions with different names

Show Answer Comment (0)

Question 597

An application running on multiple Amazon EC2 instances pulls messages from a standard Amazon SQS queue. A requirement for the application is that all messages must be encrypted at rest Developers are instructed to use methods that allow tor centralized key management and minimize possible support requirements whenever possible. Which of the following solutions supports these requirements?

A.

Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue

B.

Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client

C.

Create an SQS queue and encrypt the queue by using server-side encryption with AWS KMS

D.

Create an SQS queue, and encrypt the queue by using client-record encryption

Show Answer Comment (0)

Question 598

An ecommerce company manages its application's infrastructure by using AWS Elastic Beanstalk. A developer wants to deploy the new version of the application with the least possible application downtime. The developer also must minimize the application's rollback time if there are issues with the deployment Which approach will meet these requirements?

A.

Use a rolling deployment to deploy the new version

B.

Use a rolling deployment with additional batches to deploy the new version

C.

Use an all-at-once deployment to deploy the new version

D.

Show Answer Comment (0)

Question 599

A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket. What is the MOST secure way to give the application the ability to write files to the S3 bucket?

A.

Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle user authentication within the client-side application

B.

Create a new IAM policy and a corresponding 1AM user with permissions to write to the S3 bucket Store the key and the secret for the user in the application code Use the key to authenticate the video uploads

C.

Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket Generate a presigned URL through this API call in the client application. Upload the video byusing the signed URL

D.

Generate a new 1AM key and a corresponding secret by using the AWS account root user credentials Store the key and the secret for the user in the application code. Use the key to authenticate the video uploads

Show Answer Comment (0)

Question 600

A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer. The developers all have assigned IAM user accounts in the same IAM group The developers currently can launch EC2 instances, and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB Which AWS 1AM changes are needed when creating an instance role to provide this functionality?

A.

Create an iam permission policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows DynamoDB to assume the role Attach a permissions policy to the development group in AWS IAM that allowsdevelopers to use the lamGetRole and lamPassRole permissions for the role

B.

Create an IAM permissions policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM thatallows developers to use the iam PassRole permission for the role

C.

Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows DynamoDB to assume the role Attach a permissions policy to the development group in AWS IAM thatallows developers to use the iam PassRole permission for the role

D.

Create an IAM permissions policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows Amazon EC2 to assume the role Attach a permissions policy to the development group in AWS IAM thatallows developers to use the iam GetRole permission for the role