Udemy Quiz Questions Dev Associate
What are the four X-Ray Features? - correct answers1) Annotations - are simple key-value pairs that are
indexed for use with filter expressions. Use annotations to record data that you want to use to group
traces in the console, or when calling the Get Trace Summaries API.
Hence, the correct answer is: Annotations.
2) Metadata - is incorrect because you can not group traces with it. Metadata are key-value pairs with
values of any type, including objects and lists, but that is not indexed. You commonly use metadata to
record data that you want to store in the trace but don't need to search for traces.
3) Sampling - is incorrect because it is just used to ensure efficient tracing and to provide a
representative sample of the requests that your application serves. Additionally, sampling will help you
save money by reducing the amount of traces for high-volume and unimportant requests.
4) Subsegment - is incorrect because it is only used to provide more granular timing information and
details about downstream calls that your application made to fulfill the original request. It cannot group
traces from recorded data. are simple key-value pairs that are indexed for use with filter expressions.
X-Ray - Where are Annotations and metadata are aggregated? - correct answers At the trace level and
can be added to any segment or subsegment.
What is the API Gateway Stage Variable used for? - correct answersA stage variable is simply used for
changing the behavior of your API Gateway methods for each deployment stage; for example, making it
possible to reach a different backend depending on which stage the API is running on.
How can you obtain all values of identical query parameters key that is supplied in a request? - correct
answers Application Load Balancers provide two advanced options that you may want to configure
when you use ALBs with AWS Lambda: 1) support for multi-value headers and 2) health check
configurations. You can set up these options in Target Groups section on the Amazon EC2 console.
If requests from a client or responses from a Lambda function contain headers with multiple values or
contains the same header multiple times, or query parameters with multiple values for the same key,
you can enable support for multi-value header syntax. After you enable multi-value headers, the
headers and query parameters exchanged between the load balancer and the Lambda function use
arrays instead of strings.
ALB applies the same processing to duplicate HTTP headers.
,If you do not enable multi-value header syntax and a header or query parameter has multiple values,
the load balancer uses the last value that it receives.
What features are supported when using AWS KMS? - correct answers- Create symmetric and
asymmetric keys where the key material is only ever used within the service
- Create symmetric keys where the key material is generated and used within a custom key store under
your control.
- Import your own symmetric key for use within the service.
- Create both symmetric and asymmetric data key pairs for local use within your applications.
- Define which IAM users and roles can manage keys.
- Define which IAM users and roles can use keys to encrypt and decrypt data.
- Choose to have keys that were generated by the service to be automatically rotated on an annual
basis.
- Temporarily disable keys so they cannot be used by anyone.
- Re-enable disabled keys.
- Schedule the deletion of keys that you no longer use.
- Audit the use of keys by inspecting logs in AWS CloudTrail.
By default, AWS KMS creates the key material for a CMK. You cannot extract, export, view, or manage
this key material. Also, you cannot delete this key material; you must delete the CMK. However, you can
import your own key material into a CMK or create the key material for a CMK in the AWS CloudHSM
cluster associated with an AWS KMS custom key store. There are also types of CMKs that are not eligible
for automatic key rotation such as asymmetric CMKs, CMKs in custom key stores, and CMKs with
imported key material.
Can you import your own key material to an asymmetric CMK? - correct answersThe option that says:
Use AWS Certificate Manager as a custom key store is incorrect because you can only use AWS
CloudHSM as a custom key store for AWS KMS.
The option that says: Import your own key material to an asymmetric CMK is incorrect because you can
only import your own key material to symmetric CMKs and not for asymmetric types.
The option that says: Automatic key rotation for CMKs in custom key stores is incorrect because
automatic key rotation is only supported in symmetric CMKs. Automatic key rotation is not available for
asymmetric CMKs, CMKs in custom key stores, and CMKs with imported key material.
, What could be possible errors when running CodeBuild with a proxy server? - correct answers1. ssl-
bump is not configured properly.
2. Your organization's security policy does not allow you to use ssl-bump.
3. Your buildspec.yml file does not have proxy settings specified using a proxy element.
4.If you do not use ssl-bump for an explicit proxy server, add a proxy configuration to your buildspec.yml
using a proxy element.
version: 0.2proxy:upload-artifacts: yeslogs: yes
IAM service supports only one type of resource-based policy which is called what? - correct answersThe
IAM service supports only one type of resource-based policy called a role trust policy, which is attached
to an IAM role. An IAM role is both an identity and a resource that supports resource-based policies. For
that reason, you must attach both a trust policy and an identity-based policy to an IAM role. Trust
policies define which principal entities (accounts, users, roles, and federated users) can assume the role.
In a trust policy, the Principal attribute defines the AWS services or users that can assume the IAM role.
Here's an example trust policy for a role designed for an Amazon EC2 instance to assume. You can see
that the principal provided is the ec2.amazonaws.com service:
The option that says: Add the EC2 service under the Principal field of the Inline policy is incorrect
because the Inline policy is just an embedded policy that you can attach to an IAM entity to grant
permissions.
The option that says: Add the EC2 service under the Resource field of the Trust policy is incorrect
because the EC2 service must be added under the Principal field. Also, you can't add a Resource field in
the Trust Policy.
The option that says: Add the EC2 service under the Resource field of the Inline policy is incorrect
because an Inline Policy can't control what AWS services can assume a Role.
A developer wants to expose a legacy web service that uses an XML-based Simple Object Access
Protocol (SOAP) interface through API Gateway. However, there is a compatibility issue since most
modern applications communicate data in JSON format. - correct answersAPI Gateway lets you use
mapping templates to map the payload from a method request to the corresponding integration request
and from an integration response to the corresponding method response.
What are the four X-Ray Features? - correct answers1) Annotations - are simple key-value pairs that are
indexed for use with filter expressions. Use annotations to record data that you want to use to group
traces in the console, or when calling the Get Trace Summaries API.
Hence, the correct answer is: Annotations.
2) Metadata - is incorrect because you can not group traces with it. Metadata are key-value pairs with
values of any type, including objects and lists, but that is not indexed. You commonly use metadata to
record data that you want to store in the trace but don't need to search for traces.
3) Sampling - is incorrect because it is just used to ensure efficient tracing and to provide a
representative sample of the requests that your application serves. Additionally, sampling will help you
save money by reducing the amount of traces for high-volume and unimportant requests.
4) Subsegment - is incorrect because it is only used to provide more granular timing information and
details about downstream calls that your application made to fulfill the original request. It cannot group
traces from recorded data. are simple key-value pairs that are indexed for use with filter expressions.
X-Ray - Where are Annotations and metadata are aggregated? - correct answers At the trace level and
can be added to any segment or subsegment.
What is the API Gateway Stage Variable used for? - correct answersA stage variable is simply used for
changing the behavior of your API Gateway methods for each deployment stage; for example, making it
possible to reach a different backend depending on which stage the API is running on.
How can you obtain all values of identical query parameters key that is supplied in a request? - correct
answers Application Load Balancers provide two advanced options that you may want to configure
when you use ALBs with AWS Lambda: 1) support for multi-value headers and 2) health check
configurations. You can set up these options in Target Groups section on the Amazon EC2 console.
If requests from a client or responses from a Lambda function contain headers with multiple values or
contains the same header multiple times, or query parameters with multiple values for the same key,
you can enable support for multi-value header syntax. After you enable multi-value headers, the
headers and query parameters exchanged between the load balancer and the Lambda function use
arrays instead of strings.
ALB applies the same processing to duplicate HTTP headers.
,If you do not enable multi-value header syntax and a header or query parameter has multiple values,
the load balancer uses the last value that it receives.
What features are supported when using AWS KMS? - correct answers- Create symmetric and
asymmetric keys where the key material is only ever used within the service
- Create symmetric keys where the key material is generated and used within a custom key store under
your control.
- Import your own symmetric key for use within the service.
- Create both symmetric and asymmetric data key pairs for local use within your applications.
- Define which IAM users and roles can manage keys.
- Define which IAM users and roles can use keys to encrypt and decrypt data.
- Choose to have keys that were generated by the service to be automatically rotated on an annual
basis.
- Temporarily disable keys so they cannot be used by anyone.
- Re-enable disabled keys.
- Schedule the deletion of keys that you no longer use.
- Audit the use of keys by inspecting logs in AWS CloudTrail.
By default, AWS KMS creates the key material for a CMK. You cannot extract, export, view, or manage
this key material. Also, you cannot delete this key material; you must delete the CMK. However, you can
import your own key material into a CMK or create the key material for a CMK in the AWS CloudHSM
cluster associated with an AWS KMS custom key store. There are also types of CMKs that are not eligible
for automatic key rotation such as asymmetric CMKs, CMKs in custom key stores, and CMKs with
imported key material.
Can you import your own key material to an asymmetric CMK? - correct answersThe option that says:
Use AWS Certificate Manager as a custom key store is incorrect because you can only use AWS
CloudHSM as a custom key store for AWS KMS.
The option that says: Import your own key material to an asymmetric CMK is incorrect because you can
only import your own key material to symmetric CMKs and not for asymmetric types.
The option that says: Automatic key rotation for CMKs in custom key stores is incorrect because
automatic key rotation is only supported in symmetric CMKs. Automatic key rotation is not available for
asymmetric CMKs, CMKs in custom key stores, and CMKs with imported key material.
, What could be possible errors when running CodeBuild with a proxy server? - correct answers1. ssl-
bump is not configured properly.
2. Your organization's security policy does not allow you to use ssl-bump.
3. Your buildspec.yml file does not have proxy settings specified using a proxy element.
4.If you do not use ssl-bump for an explicit proxy server, add a proxy configuration to your buildspec.yml
using a proxy element.
version: 0.2proxy:upload-artifacts: yeslogs: yes
IAM service supports only one type of resource-based policy which is called what? - correct answersThe
IAM service supports only one type of resource-based policy called a role trust policy, which is attached
to an IAM role. An IAM role is both an identity and a resource that supports resource-based policies. For
that reason, you must attach both a trust policy and an identity-based policy to an IAM role. Trust
policies define which principal entities (accounts, users, roles, and federated users) can assume the role.
In a trust policy, the Principal attribute defines the AWS services or users that can assume the IAM role.
Here's an example trust policy for a role designed for an Amazon EC2 instance to assume. You can see
that the principal provided is the ec2.amazonaws.com service:
The option that says: Add the EC2 service under the Principal field of the Inline policy is incorrect
because the Inline policy is just an embedded policy that you can attach to an IAM entity to grant
permissions.
The option that says: Add the EC2 service under the Resource field of the Trust policy is incorrect
because the EC2 service must be added under the Principal field. Also, you can't add a Resource field in
the Trust Policy.
The option that says: Add the EC2 service under the Resource field of the Inline policy is incorrect
because an Inline Policy can't control what AWS services can assume a Role.
A developer wants to expose a legacy web service that uses an XML-based Simple Object Access
Protocol (SOAP) interface through API Gateway. However, there is a compatibility issue since most
modern applications communicate data in JSON format. - correct answersAPI Gateway lets you use
mapping templates to map the payload from a method request to the corresponding integration request
and from an integration response to the corresponding method response.
