AWS DevOps Practice Questions Part 5

AWS DevOps Practice Questions Part 5

1.Which of the following items are required to allow an application deployed on an EC2 instance to write data to a
DynamoDB table?
Assume that no security Keys are allowed to be stored on the EC2 instance. (Choose two.)

Create an IAM User that allows write access to the DynamoDB table.

Add an IAM Role to a running EC2 instance.

Add an IAM User to a running EC2 Instance.

Launch an EC2 Instance with the IAM Role included in the launch configuration.

Create an IAM Role that allows write access to the DynamoDB table.

Launch an EC2 Instance with the IAM User included in the launch configuration.

2. What is the maximum number of S3 Buckets available per AWS account?

100 per region

there is no limit

100 per account

500 per account

100 per IAM user

3. You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it
has been successfully stored. You then immediately make another API call and attempt to read this object. S3
tells you that the object does not exist.
What could explain this behavior?

US-STANDARD uses eventual consistency and it can take time for an object to be readable in a bucket

Objects in Amazon S3 do not become visible until they are replicated to a second region.

US-STANDARD imposes a 1 second delay before new objects are readable.

You exceeded the bucket object limit, and once this limit is raised the object will be visible.

4. After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public
subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your
private subnet. When you try and make an outbound connection to the Internet from an instance in the private
subnet, you are not successful.
Which of the following steps could resolve the issue?

Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet

Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the
public subnet

Disabling the Source/Destination Check attribute on the NAT instance

Attaching an Elastic IP address to the instance in the private subnet

5. What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?





6. When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to
encrypt object data when saved on the server side?






7. Which of the following services are key/value stores? (Choose three.)

Amazon ElastiCache

Simple Notification Service


Simple Workflow Service

Simple Storage Service

8. If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users
by default?

0 seconds

1 hour

1 day


30 seconds


9. You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running
in this subnet. These three instances can successfully communicate with other hosts on the Internet. You
launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for
the others, but find that this instance cannot be accessed from the Internet.
What should you do to enable internet access?

Deploy a NAT instance into the public subnet.

Modify the routing table for the public subnet

Configure a publically routable IP Address In the host OS of the fourth instance.

Assign an Elastic IP address to the fourth instance.

10. Which of the following are correct statements with policy evaluation logic in AWS Identity and Access
Management? (Choose two.)

By default, all requests are denied

An explicit allow overrides an explicit deny

An explicit allow overrides default deny.

An explicit deny does not override an explicit allow

By default, all request are allowed


11. What happens, by default, when one of the resources in a CloudFormation stack cannot be created?

Previously-created resources are kept but the stack creation terminates.

Previously-created resources are deleted and the stack creation terminates.

The stack creation continues, and the final results indicate which steps failed.

CloudFormation templates are parsed in advance so stack creation is guaranteed to succeed.


12. Which features can be used to restrict access to data in S3? (Choose two.)

Use S3 Virtual Hosting

Set an S3 Bucket policy.

Enable IAM Identity Federation.

Set an S3 ACL on the bucket or the object.

Create a CloudFront distribution for the bucket

13. Which code snippet below returns the URL of a load balanced web site created in CloudFormation with an
AWS::ElasticLoadBalancing::LoadBalancer resource name “ElasticLoad Balancer”?

“Fn::Join” : [“”. [ “http://”, {“Fn::GetAtr” : [ “ElasticLoadBalancer”,”DNSName”]}]]

“Fn::Join” : [“”. [ “http://”, {“Fn::GetAtr” : [ “ElasticLoadBalancer”,”Url”]}]]

“Fn::Join” : [“”. [ “http://”, {“Ref” : “ElasticLoadBalancerUrl”}]]

“Fn::Join” : [“.”, [ “http://”, {“Ref” : “ElasticLoadBalancerDNSName”}]]


14. Which of the following platforms are supported by Elastic Beanstalk? (Choose two.)

Apache Tomcat


IBM WebsphereD. Oracle JBoss



15. Company D is running their corporate website on Amazon S3 accessed from http// Their
marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3- While testing the new web fonts, Company D recognized the web fonts are
being blocked by the browser.
What should Company D do to prevent the web fonts from being blocked by the browser?

Enable versioning on the cdfonts bucket for each web font

Create a policy on the cdfonts bucket to enable access to everyone

Add the Content-MD5 header to the request for webfonts in the cdfonts bucket from the website

Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration

16. When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table’s provisioned throughput?

Set a smaller page size for the scan

Use parallel scans

Define a range index on the table

Prewarm the table by updating all items


17. In AWS, which security aspects are the customer’s responsibility? (Choose four.)

A. Life-cycle management of IAM credentials

Decommissioning storage devices

Security Group and ACL (Access Control List) settings

Encryption of EBS (Elastic Block Storage) volumes

Controlling physical access to compute resources

Patch management on the EC2 instance’s operating system



18. Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?





You cannot retrieve a list of AMIs as there are over 10,000 AMIs

19. EC2 instances are launched from Amazon Machine images (AMIs). A given public AMI can:

be used to launch EC2 Instances in any AWS region.

only be used to launch EC2 instances in the same country as the AMI is stored.

only be used to launch EC2 instances in the same AWS region as the AMI is stored.

only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored


20. How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running

Query the appropriate Amazon CloudWatch metric.

Use ipconfig or ifconfig command.

Query the local instance userdata.

Query the local instance metadata.


21. Which of the following are valid arguments for an SNS Publish request? (Choose three.)







22. How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB

Strongly consistent reads use the same amount of throughput as eventually consistent reads

Strongly consistent reads use more throughput than eventually consistent reads

Strongly consistent reads use less throughput than eventually consistent reads

Strongly consistent reads use variable throughput depending on read activity

23. Which of the following are valid SNS delivery transports? (Choose two.)




D. DynamoDB

E. Named Pipes

24 . A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB
session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes.
The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.
The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance
running in us-west-2
After 60 minutes of load-testing, the webserver logs show:

Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the four
webservers? (Choose two.)

A.Launch and run the load-tester EC2 instance from us-east-1 instead.

B.Re-configure the load-testing software to re-resolve DNS for each web request.

C.Use a 3rd-party load-testing service which offers globally-distributed test clients.

D.Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.

E.Configure ELB session stickiness to use the app-specific session cookie.

25 Which of the following statements about SWF are true? (Choose three.)
A . SWF tasks are assigned once and never duplicated
B. SWF requires an S3 bucket for workflow storage
C . SWF workflow executions can last up to a year
D . SWF triggers SNS notifications on task assignment
E . SWF uses deciders and workers to complete tasks
F . SWF requires at least 1 EC2 instance per domain

26 . Which of the following is chosen as the default region when making an API call with an AWS SDK?
A . ap-northeast-1
B us-west-2
C us-east-1
D eu-west-1
E us-central-1

27. How can you secure data at rest on an EBS volume?
A . Attach the volume to an instance using EC2’s SSL interface.
B . Write the data randomly instead of sequentially.
C . Use an encrypted file system on top of the EBS volume.
D . Encrypt the volume using the S3 server-side encryption service.
E . Create an IAM policy that restricts read and write access to the volume.

28 . What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

  1. Virtual Private Cloud requires EBS backed instances
  2. Amazon EBS-backed instances can be stopped and restarted
  3. Auto scaling requires using Amazon EBS-backed instances.
  4. Instance-store backed instances can be stopped and restarted.

29. An application stores payroll information nightly in DynamoDB for a large number of employees across
hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours.
Managers run reports for ranges of names working in their office. One query is. “Return all Items in this office
for names starting with A through E”.
Which table configuration will result in the lowest impact on provisioned throughput for this query?
A . Configure the table to have a hash index on the name attribute, and a range index on the office identifier
B . Configure the table to have a range index on the name attribute, and a hash index on the office identifier
C . Configure a hash index on the name attribute and no range index
D . Configure a hash index on the office Identifier attribute and no range index

30 . Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput
A . User ID, where the application has many different users.
B . Status Code where most status codes are the same
C . Device ID, where one is by far more popular than all the others.
D . Game Type, where there are three possible game types

31 . Company A has an S3 bucket containing premier content that they intend to make available to only paid
subscribers of their website. The S3 bucket currently has default permissions of all objects being private to
prevent inadvertent exposure of the premier content to non-paying website visitors.
How can Company A provide only paid subscribers the ability to download a premier content file in the S3
A . Apply a bucket policy that grants anonymous users to download the content from the S3 bucket
B . Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download
C . Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects
D . Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors

32 . When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below
will result in successful processing of the message and remove it from the queue while minimizing the chances
of duplicate processing?
A . Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue
B . Retrieve the message with an increased visibility timeout, delete the message from the queue, process the
C. Retrieve the message with increased DelaySeconds, process the message, delete the message from the

D . Retrieve the message with increased DelaySeconds, delete the message from the queue, process the

33 . Which DynamoDB limits can be raised by contacting AWS support? (Choose two.)

  1. The number of hash keys per account
  2. The maximum storage used per account
  3. The number of tables per account
  4. The number of local secondary indexes per account
  5. The number of provisioned throughput units per account

34 . Company C has recently launched an online commerce site for bicycles on AWS. They have a “Product”
DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to
display in the online store. Due to customer demand, they want to include an image for each bicycle along with
the existing details.
Which approach below provides the least impact to provisioned throughput on the “Product” table?

  1. Serialize the image and store it in multiple DynamoDB tables
  2. Create an “Images” DynamoDB table to store the Image with a foreign key constraint to the “Product” table
  3. Add an image data type to the “Product” table to store the images in binary format
  4. Store the images in Amazon S3 and add an S3 URL pointer to the “Product” table item for each image

35 . In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request
sent to the service ?

  1. A 5xx HTTP response code
  2. 200 HTTP response code
  3. 306 HTTP response code
  4. 4xx HTTP response code

36 . A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and
saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly
distributed over time.
How much write throughput is required for the target table?

  1. 1 write capacity unit
  2. 10 write capacity units
  3. 60 write capacity units
  4. 600 write capacity units
  5. 3600 write capacity units

37 . Which of the following programming languages have an officially supported AWS SDK? (Choose two.)

  1. Perl
  2. PHP
  3. Pascal
  4. Java
  5. SQL

38 . Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing
Facebook account and the game will record player data and scoring information directly to a DynamoDB table.
What is the most secure approach for signing requests to the DynamoDB API?

  1. Create an IAM user with access credentials that are distributed with the mobile app to sign the requests
  2. Distribute the AWS root account access credentials with the mobile app to sign the requests
  3. Request temporary security credentials using web identity federation to sign the requests
  4. Establish cross account access between the mobile app and the DynamoDB table to sign the requests

39 . What AWS products and features can be deployed by Elastic Beanstalk? (Choose three.)

  1. Auto scaling groups
  2. Route 53 hosted zones
  3. Elastic Load Balancers
  4. RDS Instances
  5. Elastic IP addresses
  6. SQS Queues

40 . Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposed upload
exceeds the maximum allowed object size.” error message.
What is a possible solution for this?

  1. None, Simple Storage Service objects are limited to 5 GB
  2. Use the multi-part upload API for this object
  3. Use the large object upload API for this object
  4. Contact support to increase your object size limit
  5. Upload to a different region

41 . Which of the following services are included at no additional cost with the use of the AWS platform? (Choose

  1. Simple Storage Service
  2. Elastic Compute Cloud
  3. Auto Scaling
  4. Elastic Load Balancing
  5. CloudFormation
  6. Simple Workflow Service

42 . You are writing to a DynamoDB table and receive the following exception:”
ProvisionedThroughputExceededException”. though according to your Cloudwatch metrics for the table, you
are not exceeding your provisioned throughput.What could be an explanation for this?

  1. You haven’t provisioned enough DynamoDB storage instances
  2. You’re exceeding your capacity on a particular Range Key
  3. You’re exceeding your capacity on a particular Hash Key
  4. You’re exceeding your capacity on a particular Sort Key
  5. You haven’t configured DynamoDB Auto Scaling triggers

43 . You are providing AWS consulting services for a company developing a new mobile application that will be
leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to
individual devices each device registration identifier or token needs to be registered with SNS; however the
developers are not sure of the best way to do this.
You advise them to:

  1. Bulk upload the device tokens contained in a CSV file via the AWS Management Console.
  2. Let the push notification service (e.g. Amazon Device Messaging) handle the registration.
  3. Implement a token vending service to handle the registration.
  4. Call the CreatePlatformEndPoint API function to register multiple device tokens.

44 . Which statements about DynamoDB are true? (Choose two.)

  1. DynamoDB uses a pessimistic locking model
  2. DynamoDB uses optimistic concurrency control
  3. DynamoDB uses conditional writes for consistency
  4. DynamoDB restricts item access during reads
  5. DynamoDB restricts item access during writes

45 . You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point
you find out that other sites have been linking to the photos on your site, causing loss to your business.
What is an effective method to mitigate this?

  1. Store photos on an EBS volume of the web server
  2. Remove public read access and use signed URLs with expiry dates.
  3. Use CloudFront distributions for static content.
  4. Block the IPs of the offending websites in Security Groups.

46 . You have written an application that uses the Elastic Load Balancing service to spread traffic to several web
servers. Your users complain that they are sometimes forced to login again in the middle of using your
application, after they have already logged in. This is not behavior you have designed.
What is a possible solution to prevent this happening?

  1. Use instance memory to save session state.
  2. Use instance storage to save session state.
  3. Use EBS to save session state
  4. Use ElastiCache to save session state.
  5. Use Glacier to save session slate.

47 . You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed
and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls.
Given these requirements, what is the most efficient way to manage these Items after the analysis?

  1. Retain the items in a single table
  2. Delete items individually over a 24 hour period
  3. Delete the table and create a new table per hour
  4. Create a new table per hour

48 . An Amazon S3 bucket, “myawsbucket” is configured with website hosting in Tokyo region, what is the regionspecific website endpoint?

  2. myawsbucket.s3-website-ap-northeast-1.amazonawscom

49 . Company B provides an online image recognition service and utilizes SQS to decouple system components for
scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as
high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and
increasing costs with empty responses.
How can Company B reduce the number of empty responses?

  1. Set the imaging queue visibility Timeout attribute to 20 seconds
  2. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
  3. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
  4. Set the DelaySeconds parameter of a message to 20 seconds

50 . A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center
via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated,
logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? (Choose two.)

  1. The application authenticates against LDAP. The application then calls the IAM Security Service to login to
    IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the
    appropriate S3 bucket.
  2. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the 
    user. The application then calls the IAM Security Token Service to assume that IAM Role. The application 
    can use the temporary credentials to access the appropriate S3 bucket.
  3. The application authenticates against IAM Security Token Service using the LDAP credentials. The 
    application uses those temporary AWS security credentials to access the appropriate S3 bucket.
  4. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to 
    get IAM federated user credentials. The application calls the identity broker to get IAM federated user 
    credentials with access to the appropriate S3 bucket.
  5. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role
    to get temporary AWS security credentials. The application calls the identity broker to get AWS temporary
    security credentials with access to the appropriate S3 bucket.

51 . Which of the following statements about SQS is true?

  1. Messages will be delivered exactly once and messages will be delivered in First in, First out order
  2. Messages will be delivered exactly once and message delivery order is indeterminate
  3. Messages will be delivered one or more times and messages will be delivered in First in, First out order
  4. Messages will be delivered one or more times and message delivery order is indeterminate

52 . If an application is storing hourly log files from thousands of instances from a high traffic web site, which
naming scheme would give optimal performance on S3?

  1. Sequential
  2. instanceID_log-HH-DD-MM-YYYY
  3. instanceID_log-YYYY-MM-DD-HH
  4. HH-DD-MM-YYYY-log_instanceID
  5. YYYY-MM-DD-HH-log_instanceID

53 . What type of block cipher does Amazon S3 offer for server side encryption?

  1. Triple DES
  2. Advanced Encryption Standard
  3. Blowfish
  4. RC5

54 . Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting
enabled. Currently, when visitors go to the index.html page is returned. Company C
now would like a new page welcome.html to be returned when a visitor enters in the
Which of the following steps will allow Company C to meet this requirement? (Choose two.)

  1. Upload an html page named welcome.html to their S3 bucket
  2. Create a welcome subfolder in their S3 bucket
  3. Set the Index Document property to welcome.html
  4. Move the index.html page to a welcome subfolder
  5. Set the Error Document property to welcome.html






Share this post

Comments (4)

  • Shaw Reply

    I saw a lot of questions from 2016-2017 old dump, is this for Certified Developer – Associate (June 2018) latest version as well?

    September 6, 2018 at 3:29 am
  • Shaw Reply

    Are part 1-4 valid or just part 5 itself?

    August 26, 2018 at 9:30 am
  • C Reply

    Still valid. Passed Certified Devops Associate todat

    August 15, 2018 at 3:42 am
  • Xinfinity Reply

    Anyone out there has done this exam recently and can confirm if this is still valid ?? just want to make sure 🙂


    April 3, 2018 at 6:12 am

Leave a Reply

Your email address will not be published. Required fields are marked *