Whizlabs O!

er | Flat 15% OFF SITEWIDE | Use Coupon - WHIZOFFER15

Ask Hi,
Search Courses " ! Expert Abhilash

My All
Dashboard Inbox
Courses Courses

! # My Courses # AWS Certi"ed Solutions Architect Associate # AWS Lambda - Quiz #

Report

AWS Lambda - Quiz Completed on 28-October-2019

Attempt Marks Obtained Your score Time Taken

01 8 / 25 32% 00 H 35 M 12 S

Result
Failed

Domains wise Quiz Performance Report

No Domain Total Correct Incorrect Unattempted Marked as

Question Review

1 Other 25 8 16 1 0

Total All 25 8 16 1 0
Domain

Review the Answers Sorting by All

Question 1 Incorrect
 Domain : Other

You are uploading large !les to AWS S3 bucket, ranging from 1GB – 3GB. Your organization
has a requirement to calculate the hash checksum of the !le by reading entire !le so the
users can validate the checksum to identify any potential corruptions during downloads. For
this, you created a Lambda function and getting it triggered through S3 noti!cations.
However, the request is getting timed out. What could be the reason?

] A. Lambda function is con!gured with minimal memory of 128 MB.

%
$

Lambda function is set to run in a private VPC without NAT Gateway or VPC
] B.
Endpoint. &
] C. You have not setup S3 bucket name in the environment variable.

] D. Lambda function is created in a di"erent region than S3 bucket.

Explanation:

Answer: B

Option A is not correct. If the function reaches the maximum con!gured memory, in this case

128 MB, the function gets terminated with an error message as below, not as request timed
out.

REPORT RequestId: xxxxxxxx Duration: xxxxx ms Billed Duration: xxxxx ms

Memory Size: 128 MB Max Memory Used: 129 MB RequestId: xxxxxxx Process exited before
completing request

Option B is correct. AWS Lambda functions can run within a private VPC with the
resources allocated inside the subnet provided during con!guration.

For the lambda function to access S3 service endpoint from within private VPC, there should
be a NAT Gateway or S3 VPC Endpoint con!gured in the route table associated with the
subnet which was chosen during Lambda function setup. If not, the request would get timed
out.

https://aws.amazon.com/premiumsupport/knowledge-center/internet-
access-lambda-function/

Option C is not correct. Bucket need not be con!gured as environment variable.

Lambda function environment variables are used to con!gure additional parameters that can
be passed to lambda function.

https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html

Option D is not correct. As long as Lambda function has internet access, it can access S3
service endpoints irrespective of S3 bucket region.

Ask our Experts Rate this Question?

' (

Question 2 Incorrect

Domain : Other

Which of the following are not the supported event sources for AWS Lambda function?
(choose 2 options)

A. AWS S3

B. AWS IoT

$ C. AWS CodePipeline
&
$ D. AWS CodeCommit
%
E. AWS OpsWorks
&

Explanation:
Answer: C, E

Following are the supported event sources for AWS Lambda function.

https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-
function.html

Ask our Experts Rate this Question? ' (

Question 3 Correct

Domain : Other

Your organization is having a requirement to perform big data analysis to transform data and
store the result in AWS S3 bucket. They have implemented the solution using AWS Lambda
due to its zero-administrative maintenance and cost-e"ective nature. However, in very few
cases, the execution is getting abruptly terminated after 5 minutes. They would like to get a
noti!cation in such scenarios. What would you do?
 Setup timer in the code and send noti!cation when the timer reaches 300
] A.
seconds.

Con!gure SES for failures under Con!guration option in the lambda

] B.
function.

Setup ERROR_NOTIFY environment variable with email address. Lambda

] C. function has inbuilt feature to send email during max memory and time out
terminations using this environment variable.

] D. Con!gure Dead-letter Queue and send noti!cation to SNS topic

&
$

Explanation:

Answer: D

Option A is not correct. Although you can set the timers in the code, it may not be accurate
measure to !nd if the lambda function is terminated after 300 seconds or it just !nished
executing on 300th second.

Option B is not correct. There is no option to con!gure AWS SES within Lambda setup.
Option C is not a valid statement.

Option D is correct. You can forward non-processed payloads to Dead Letter Queue (DLQ)
using

AWS SQS, AWS SNS.

For more information on Dead Letter Queue (DLQ), refer documentation here.

https://aws.amazon.com/blogs/compute/robust-serverless-application-design-
with-aws-lambda-dlq/

Ask our Experts Rate this Question? ' (

Question 4 Correct

Domain : Other

Your organization uploads relatively large compressed !les ranging between 100MB –
200MB in size to AWS S3 bucket. Once uploaded, they are looking to calculate the total
number objects in the compressed !le and add the total count as a metadata to the
compressed !le in AWS S3. They approached you for a cost-e"ective solution. You have
recommended using AWS Lambda through S3 event noti!cations to perform this operation.
However, they were concerned about failures as S3 event noti!cation is an asynchronous
one-time trigger and Lambda can fail due to operation time outs, max memory limits, max
execution time limits etc. What is the best retry approach you recommend?

All the failed events will be logged to CloudWatch. You can manually retrigger
] A.
failed events.

Con!gure Dead-letter queue with SQS. Con!gure SQS to trigger Lambda

] B.
&
$
function again.
 All failures will be caught during exception inside Lambda function. Trigger lambda
] C.
function inside lambda function code to process failed event.

] D. Enable Active tracing using AWS X-Ray. It will automatically retrigger failed events.

Explanation:

Answer: B

Option A is not recommended approach. Although you can con!gure logging to

CloudWatch, it is di#cult to !nd the speci!c failure logs. Manual retries are not a best
practice in an enterprise level solution designs.

Option B is correct. You can forward non-processed or failed payloads to Dead Letter Queue

(DLQ) using AWS SQS, AWS SNS.

 https://aws.amazon.com/blogs/compute/robust-serverless-application-
design-with-aws-lambda-dlq/

Option C is not correct. Max memory limit and max execution time limit gets terminated
without being caught in the handler exception.
Option D is not correct. Active tracing option can be used for detailed logging. It will not retry
failed events.

https://docs.aws.amazon.com/lambda/latest/dg/lambda-x-ray.html

Ask our Experts Rate this Question?

' (

Question 5 Incorrect

Domain : Other

You have a requirement to create a REST API using AWS API Gateway with Lambda as
backend system and Oracle RDS instance as database. You have created API methods,
Lambda function code and spinned up Oracle RDS instance in a private VPC with no Internet
Gateway. When you are trying to connect to RDS instance from your Lambda, connection
getting failed. What could be the reason? (choose 2 options)

$ A. Lambda execution role does not have policy to access RDS instance.
%
B. Lambda function is running in “no VPC” network mode.
&
RDS instance security group is not allowing connections from Lambda
C.
subnet range. &

$ D. RDS instance is not con!gured as destination in Lambda setup.

%
Explanation:

Answer: B, C

Option A is not correct. A policy on the role can only de!ne access to which API
actions can be made on RDS instance such as rds:CreateDBInstance,
rds:CreateDBSecurityGroup, rds:CreateDBSnapshot etc. The policy will not de!ne
whether a resouce can connect to RDS instance or not.

Option B is correct. When Lambda function is running in “no VPC” network mode,
it will not have access to resources running in a private VPC.

https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

Option C is correct. Security groups act as a !rewall for any resources (such as
RDS instance and Lambda in this case) they are connected with. If there is no
inbound rule de!ned to allow connections from Lambda subnet IP range or the
Lambda security group, connections will fail.

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

Option D is not correct. There is no such con!guration for the destination in

Lambda setup.

Ask our Experts Rate this Question? ' (

Question 6 Correct

Domain : Other
Which of the following is customer’s responsibility with respect to AWS Lambda service?
(choose 2 options)

$ A. Lambda function code.

&
B. Monitoring and logging lambda functions.

C. Security patches.

D. Installing required libraries in underlying compute instances for Lambda execution.

$ E. Providing access to AWS resources which triggers Lambda function.

&

Explanation:

Answer: A, E

Option A is correct.

Options B, C are not correct. Refer below screen shot

Option D is not correct. You cannot login to underlying compute instances of lambda
execution. So, we cannot install any required libraries. However, you can package all the
required dependent libraries along with your code.

Refer below documentation for more information on creating deployment package for
Lambda functions.

https://docs.aws.amazon.com/lambda/latest/dg/with-s3-example-deployment-
pkg.html
Option E is correct. AWS Lambda assumes the role assigned during setup to access any
AWS resources it performs any action on. Policy on the role must grant access on any such
resources in order for Lambda to perform operations, for example S3 getobject, Dynamodb
GetItem etc.

https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-
model.html#lambda-intro- execution-role

Ask our Experts Rate this Question? ' (

Question 7 Incorrect

Domain : Other

Which of the following is not a potential use case for using AWS Lambda?

Periodically check the log !les for errors in CloudWatch or CloudTrail and send out
] A.
noti!cations through SNS.

Download S3 bucket objects of size varying between 500 MB-2 GB to a Lambda

] B. Ephemeral disk or temp location, read and analyze them for key words and add
the key words to the metadata of !le object for search purposes.
&

] C. Scheduled job to generate AWS resource usage reports based on certain tags.

A website with highly scalable backend layer which will persist data into RDS
] D.
%
$
or DynamoDB.

Explanation:

Answer: B

Option A is a potential use case for AWS Lambda. You can use Lambda as scheduled event
and read log !les from AWS CloudWatch or CloudTrail and report any errors through SNS
noti!cations.

Option C is a potential use case.

For more information on scheduling Lambda functions, refer documentation

here.
 https://docs.aws.amazon.com/lambda/latest/dg/with-scheduled-
events.html?shortFooter=true

Option D is a potential use case.

You can host the web frontend on S3, and accelerate content delivery with Cloudfront
caching. The web frontend can send requests to Lambda functions via API Gateway HTTPS
endpoints. Lambda can handle the application logic, and persist data to a fully managed
database service

(RDS for relational, or DynamoDB for non relational database). You can host your Lambda
functions and databases within a VPC to isolate them from other networks.

Here is the documentation for building a serverless website.

https://aws.amazon.com/getting-started/projects/build-serverless-web-
app-lambda-apigateway-s3-dynamodb-cognito/

Option B looks like a potential use case. But the scenario will fail due to the /tmp directory
space limitation.

Ask our Experts Rate this Question? ' (

Question 8 Correct
 Domain : Other

You have created a Lambda function for reading data from Kinesis stream of transactions. In
the code you were using context logger so that it can log to CloudWatch and you can
monitor them at later point of time. Lambda function started running along with Kinesis
stream, however, you do not see any log entries for the new Lambda function. What could
the reason?

Lambda functions with Kinesis stream as event source do not write logs to
] A.
CloudWatch.

Lambda execution role policy does not have access to create CloudWatch
] B.
&
$
logs.

] C. Lambda function execution logs will be written to CloudTrail, not to CloudWatch.

] D. Active tracing is not enabled on the Lambda function setup con!guration.

Explanation:

Answer: B

Option A is not a valid statement. Lambda function will write logs as long as the execution
role has access to create and write CloudWatch logs irrespective of source that triggered it.

Option B is correct.
Option C is not correct. AWS CloudTrail is used for logging API calls made to services such
as

AWS Lambda, AWS S3 etc.

AWS CloudWatch for Lambda is used for execution logging.

https://docs.aws.amazon.com/lambda/latest/dg/with-cloudtrail.html

Option D is not correct. AWS X-Ray traces requests made to your serverless applications
built using AWS Lambda. This will not be the reason for failing to write logs to CloudWatch.

https://docs.aws.amazon.com/lambda/latest/dg/lambda-x-ray.html

Ask our Experts Rate this Question?

' (

Question 9 Incorrect

Domain : Other

When con!guring AWS SQS as event source for AWS Lambda function, what is the
maximum batch size supported by AWS SQS for ReceiveMessage call?

] A. 20
%
$

] B. 40

] C. 10
&
] D. 100

Explanation:

Answer: C

Here are other parameters apart from batch size.

https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html

Ask our Experts Rate this Question? ' (

Question 10 Incorrect

Domain : Other

You are to planning to schedule a daily job with AWS CloudWatch scheduled event and
AWS Lambda function as trigger to the event which will perform daily health check on your
applications running on $eet of EC2 instances. For you to achieve this, you need to provide
the EC2 instances’ name tags to identify right resources. What is the correct way of passing
the inputs in this case?

] A. Con!gure “Variables” option on AWS CloudWatch scheduled event.

%
$

You can modify the “Matched Event” option while selecting AWS Lambda as trigger
] B.
for CloudWatch scheduled event.

You can set “Constant (JSON text)” option while selecting AWS Lambda as
] C.
trigger for CloudWatch scheduled event. &
“Details” object of “Matched Event” can be con!gured while creating AWS
] D.
CloudWatch scheduled event.

Explanation:

Answer: C

When using an AWS Cloudwatch rule to trigger a Lambda event, one of the multiple options
you have to pass data onto your Lamba function is “Constant (JSON Text)”. This handy
feature allows you to send static content to your function instead of the matched event.

https://aws.amazon.com/blogs/compute/simply-serverless-use-constant-
values-in-cloudwatch-event-triggered-lambda-functions/
 Ask our Experts Rate this Question?
' (

Question 11 Incorrect

Domain : Other

You have an existing AWS setup with DirectConnect. You have migrated certain on premise
backend applications to AWS EC2 instances which are having certain processes run based
on triggers from other applications. These processes are developed on JAVA programming
language. Your organization is looking to migrate these processes to Lambda and reduce
the cost incurred on EC2 instances. What would be your recommendation?

AWS Lambda cannot be invoked from a custom application. They can only be
] A.
triggered by AWS supported event sources.

Replicate the JAVA code easily onto AWS Lambda function with few
] B.
modi!cations and use Lambda Invoke API with input passed as custom event. &
Trigger Lambda from AWS CloudWatch scheduled event and invoke
] C.
%
$
CloudWatch API from your applications.

AWS Lambda is not designed to run backend applications. Better to use EC2 for that
] D.
purpose.

Explanation:

Answer: B

You can invoke a Lambda function using a custom event through AWS Lambda’s invoke API.
Only the function’s owner or another AWS account that the owner has granted permission
can invoke the function.
 https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html

https://docs.aws.amazon.com/lambda/latest/dg/with-userapp.html

Ask our Experts Rate this Question? ' (

Question 12 Correct

Domain : Other

Which of the following are AWS CloudFront events that can trigger AWS Lambda@edge
function? (choose 3 options)

$ A. Viewer Request
&
B. CloudFront Cache

C. Sender Request

$ D. Origin Request
&
$ E. Origin Response
&
Explanation:

Answer: A, D, E

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-
cloudfront-trigger-events.html

Ask our Experts Rate this Question?

' (

Question 13 Incorrect

Domain : Other

You created an AWS Lambda function to process !les uploaded to AWS S3 bucket. Lambda
function started receiving requests and working properly. You have changed the code and
uploaded new version of code to AWS Lambda function. What will happen to the requests
sent right after the AWS lambda function update?

Requests will queue until the changes are fully propagated. You might see a
] A.
%
$
slight latency during this period.

] B. Requests will be served by old version till you enable new version as latest.

When you have multiple versions of Lambda function, in the code you need to de!ne
] C.
which version of function to be used. Otherwise, requests would fail.

Requests might be served by old or new version for a brief period of less than
] D.
one minute. &

Explanation:

Answer: D

Option A is not a valid statement.

Option B is not correct. By default, whenever you update the code, it updates the LATEST

version.

Option C is not correct. There is no need to de!ne in code which version to be used.
However, you can de!ne which version to be used at the source which triggers Lambda
function by providing version quali!ed ARN if you have published version.
 Ask our Experts Rate this Question? ' (

Question 14 Incorrect

Domain : Other

Which of the following are poll based event sources for AWS Lambda function? (choose 3
options)

$ A. AWS SNS
%
$ B. AWS Kinesis
&
$ C. AWS SQS
&
D. AWS DynamoDB
&
E. AWS CodePipeline

Explanation:

Answer: B, C, D
 https://docs.aws.amazon.com/lambda/latest/dg/invocation-options.html?
shortFooter=true#streaming-event-source-mapping

Ask our Experts Rate this Question?

' (

Question 15 Correct

Domain : Other

You work for a team which has 10s of applications running on AWS EC2 instances. All these
applications would need a common backend processing job. You have created an AWS
Lambda function with name “app-backend-job”and published PROD version with version “1”
in order to make sure any changes to the function by anyone will not impact the PROD
execution code. You have shared the version quali!ed ARN to all the applications assuming
requests would be sent to the speci!c version. However, due to frequent changes in
requirements, you had to change the code of Lambda function many times and
keep publishing versions. This is causing a lot of overhead at the application level
to update the Lambda function ARN each time you publish a new version. How
can you overcome this situation?

Create an alias, point it to PROD version and share the ARN with applications.
] A.
&
$
When new version is published, change the alias to point to it.

Do not publish versions for every code change. Instead, update the published
] B.
version so that ARN to be invoked will not change.

Delete the old published version “1” before publishing new version. This way when
] C. you publish, you will get the version ID as “1” and the lambda version ARN will remain
unchanged.

Do not use versioning in this case. Always use $LATEST version and share its ARN
] D.
with applications.You can update the codes of $LATEST version any number of times.

Explanation:

Answer: A

By using aliases, you can access the Lambda function an alias is pointing to (for example, to

invoke the function) without the caller having to know the speci!c version the alias is
pointing to.
 https://docs.aws.amazon.com/lambda/latest/dg/aliases-intro.html?
shortFooter=true

Option B is not correct.

https://docs.aws.amazon.com/lambda/latest/dg/versioning-intro.html?
shortFooter=true

Option C is not correct.

Although Option D sounds correct, it is not a recommended approach since $LATEST
version can be changed by anyone who has access to it. Any code running in PRODUCTION
mode and using

$LATEST version, there are chances that the con!guration can be meddled and can cause
unwanted issues.

https://docs.aws.amazon.com/lambda/latest/dg/versioning-aliases.html?
shortFooter=true

Ask our Experts Rate this Question?

' (

Question 16 Incorrect

Domain : Other

Which of the following are correct ARNs for a Lambda function? (choose 3 options)

A. arn:aws:lambda:aws-region:acct-id:function:helloworld:$LATEST
&
$ B. arn:aws:lambda:aws-region:acct-id:function:helloworld
&
$ C. arn:aws:lambda:aws-region:acct-id:function:helloworld/$LATEST
%
D. arn:aws:lambda:aws-region:acct-id:function:helloworld:PROD
&
$ E. arn:aws:lambda:aws-region:acct-id:function:helloworld/1
%
Explanation:

Answer: A, B, D

Ask our Experts Rate this Question?

' (

Question 17 Incorrect

Domain : Other

Which of the following is a valid AWS Lambda con!guration?

] A. 64 MB memory and 212 seconds timeout.

] B. 1376 MB memory and 120 seconds timeout.

] C. 2112 MB memory and 10 seconds timeout.

&
 ] D. 3072 MB memory and 300 seconds timeout.
%
$

Explanation:

Answer: C

Option A is not correct. Minimum memory required is 128 MB.

Option B is not correct. 1376 MB memory is not in 64 MB increments. It can be

1344 MB or 1408MB.

Option D is not correct. Maximum memory that can be allocated is 3008 MB.
 Please refer to the below link to get further information:

https://docs.aws.amazon.com/lambda/latest/dg/limits.html

Ask our Experts Rate this Question?

' (

Question 18 Incorrect

Domain : Other

Your organization has two accounts, for DEV and TEST. You have certain user applications
running on TEST account would like to trigger AWS Lambda on DEV account. What is the
permission model which needs to be set in order to get this con!guration working?

Add permission for TEST account on DEV account’s lambda function

] A.
policy through AWS CLI. &
Add permission for TEST account on DEV account’s lambda execution
] B.
%
$
role policy through AWS Console.

Add permission for TEST account on DEV account’s lambda execution role
] C.
policy through AWS CLI.

Add permission for TEST account on DEV account’s lambda function policy
] D.
through AWS Console.

Explanation:

Answer: A
 https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-
based.html?shortFooter=true#access-control-resource-based-example-cross-
account-scenario

Options B, C are not correct. Permission need to be added on the Lambda function policy to
invoke the function, not on execution role policy.
Option D is not correct. Lambda function policy cannot be edited from AWS console.

For more information, please fere to the below mentioned AWS docs:

https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-
based.html

Ask our Experts Rate this Question?

' (

Question 19 Incorrect

Domain : Other

You have a requirement to create an AWS Lambda function inside a private VPC which will
be communicating with RDS instance inside the same private VPC. You have setup the
memory to be 1 GB for the Lambda function. You expect concurrent request during peak to
be 100 per sec and average Function execution tome is 1 sec.
What should be the minimum subnet range you must choose for creating a subnet to run
the Lambda function successfully without any issues?

] A. x.x.x.x/24

] B. x.x.x.x/25

] C. x.x.x.x/26
&
] D. x.x.x.x/27
%
$

Explanation:
Answer: C

https://docs.aws.amazon.com/lambda/latest/dg/vpc.html#vpc-setup-
guidelines

Peak concurrent executions = 100 * 1 = 100

ENI Capacity = 100 * (1GB / 3GB) = 33.33 i.e. = 33

Hence we need /26 CIDR

/24 CIDR range comes with 256 IP address with 251 available IP addresses

/25 CIDR range comes with 128 IP address with 123 available IP addresses.

/26 CIDR range comes with 64 IP addresses with 59 available IP addresses.

/27 CIDR range comes with 32 IP addresses with 27 available IP addresses.

Step-by-step guide to ensure your function is optimally con!gured for scalability:

1. Calculate your Peak Concurrent Executions with this formula:

Peak Concurrent Executions = Peak Requests per Second *
 Average Function Duration (in seconds)

2. Now calculate your Required ENI Capacity:

Required ENI Capacity = Projected peak concurrent executions *
(Function Memory Allocation in GB / 3GB)

3. If Peak Concurrent Executions > Account Level Concurrent

Execution Limit (default=1,000), then you will need to ask AWS to increase
this limit.

4. Con!gure your function to use all the subnets available inside the VPC that have
access to the resource that your function needs to connect to. This both
maximises Actual ENI Capacity and provides higher availability (assuming
subnets are spread across 2+ availability zones).

5. Calculate your Actual ENI Capacity using these steps.

6. If Required ENI Capacity > Actual ENI Capacity, then you will need to
do one or more of the following:

1. Decrease your function’s memory allocation to decrease

your Required ENI Capacity.

2. Refactor any time-consuming code which doesn’t require VPC access

into a separate Lambda function.

3. Implement throttle-handling logic in your app (e.g. by building retries

into client).

7. If Required ENI Capacity > your EC2 Network Interfaces per

region account limit then you will need to request that AWS increase this limit.

8. Consider con!guring a function-level concurrency limit to ensure your function

doesn’t hit the ENI Capacity limit and also if you wish to force throttling at a
certain limit due to downstream architectural limitations.

9. Monitor the concurrency levels of your functions in production using

CloudWatch metrics so you know if invocations are being throttled or erroring
out due to insu#cient ENI capacity.

10. If your Lambda function communicates with a connection-based backend

service such as RDS, ensure that the maximum number of connections
con!gured for your database is less than your Peak Concurrent Executions,
otherwise your functions will fail with connection errors. See here for more info
on managing RDS connections from Lambda. (kudos to Joe Keilty for mentioning
 this in the comments)

Ask our Experts Rate this Question?

' (

Question 20 Incorrect

Domain : Other

Which of the following services does the DLQ con!gured under lambda gets populated on
error? (choose 2 options)

$ A. AWS SQS
&
$ B. AWS Kinesis
%
C. AWS SNS
&
D. AWS CloudWatch

E. AWS X-Ray

Explanation:

Answer: A, C
 https://docs.aws.amazon.com/lambda/latest/dg/dlq.html?shortFooter=true

Ask our Experts Rate this Question?

' (

Question 21 Correct

Domain : Other

You are setting up AWS Lambda function to receive messages from SQS queue, process the
message body and insert one record in MySQL RDS instance. You have setup SQS event
trigger as AWS Lambda function. However, for connecting to RDS instance, you need MySQL
details such as hostname, username and password. Where would you con!gure them?

Use environment variables to pass con!guration. They are automatically encrypted

] A.
by AWS default KMS keys and decrypted when used in Lambda function.

Use environment variables to pass con!guration. Use encryption helpers to

] B. encrypt sensitive information by your own KMS key. Decrypt the variable using
&
$

decryption helper code provided in the console.

Use properties !le in AWS Lambda function for any such con!guration. Properties
] C.
!les are encrypted by AWS in transit and at rest.

Store such con!guration in AWS S3 bucket and enable encryption on S3 bucket.

] D.
Perform S3 get object to get the con!guration details in the Lambda function code.
Explanation:

Answer: B

https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html?
shortFooter=true

Option A is not correct. The statement is true, however the encryption only
happens after deployment of lambda function.

Option C is not a valid statement.

Option D looks correct. However, out of given options, Option B is more valid and
recommended.

Ask our Experts Rate this Question?

' (

Question 22 Correct

Domain : Other

Which of the following actions required by Lambda execution role in order to write the logs
into
AWS CloudWatch? (choose 3 options)

$ A. logs:CreateLogGroup
&
B. logs:GetLogEvents

$ C. logs:CreateLogStream
&
D. logs:DescribeLogStreams

$ E. logs:PutLogEvents
&

Explanation:

Answer: A, C, E
 https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-
model.html?shortFooter=true#lambda-intro-execution-role

Ask our Experts Rate this Question?

' (

Question 23 Incorrect

Domain : Other

Which of the following options is not AWS CloudWatch metric for AWS Lambda function?

] A. Memory
&
] B. Dead Letter Error
%
$

] C. Duration

] D. Invocations

Explanation:

Answer: A

The AWS/Lambda namespace includes the following metrics.

https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-
metrics.html
 Ask our Experts Rate this Question?
' (

Question 24 Unattempted

Domain : Other

You are creating a production mode Lambda function. Due to auditing compliance, your
organization stated that production grade code must not be modi!ed during its execution
unless the modi!cation goes through a change process. For that, you decided to publish
version for PROD, create an alias and use the alias ARN for invoking the Lambda function.
However, your organization stated the code should not run if the version is $LATEST. How
would you achieve this? (choose 2 options)

A. getFunctionVersion from Context object.

&
B. Get invokedLambdaARN from event object and !nd out version from it.

C. Use AWS_LAMBDA_FUNCTION_VERSION environment variable.

&
D. Use AWS_LAMBDA_FUNCTION_ALIAS environment variable.

Explanation:

Answer: A, C
For more information on environment variables available to Lambda functions, refer
documentation here.

https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html

https://docs.aws.amazon.com/lambda/latest/dg/tutorial-env_cli.html

Option B is not correct. There is no parameter in any event source containing ARN of the
invoked Lambda function.

Option D is not correct. This is no environment variable for ALIAS.

Ask our Experts Rate this Question? ' (

Question 25 Incorrect

Domain : Other

Which of the following statement is not true with respect to default retry behaviour of AWS
Lambda function?
 With synchronous invocation, the invoking application receives a 429
] A.
error and is responsible for retries. &
With asynchronous invocation, if AWS Lambda is unable to fully process the
] B. event and if you don't specify a Dead Letter Queue (DLQ), the event will be
discarded.

With Poll-based (or pull model) event sources that are stream-based, when
a Lambda function invocation fails, AWS Lambda attempts to process the
] C.
erring batch of records until the time the data expires, which can be up to
seven days.

With Poll-based event sources that are not stream-based, if the

invocation fails or times out, the message will be returned to the queue
] D.
%
$
and will be available for invocation once the Visibility Timeout period
expires.

Explanation:

Answer: A

Synchronous invocation – Lambda includes the FunctionError !eld in the response body,
with details about the error in the X-Amz-Function-Error header. The status code
is 200 for function errors

Event sources that aren't stream-based – Some of these event sources are set up
to invoke a Lambda function synchronously and others invoke it asynchronously.
Accordingly, exceptions are handled as follows:

Synchronous invocation – Lambda includes the FunctionError !eld in

the response body, with details about the error in the X-Amz-Function-
Error header. The status code is 200 for function errors. Lambda only
returns error status codes if there is an issue with the request, function, or
permissions that prevents the handler from processing the event.
See Invoke Errors for details.

AWS service triggers can retry depending on the service. If you invoke the
Lambda function directly from your application, you can choose whether to
retry or not.

Asynchronous invocation – Asynchronous events are queued before being

used to invoke the Lambda function. If AWS Lambda is unable to fully
process the event, it will automatically retry the invocation twice, with
delays between retries. If you have speci!ed a Dead Letter Queue for your
function, then the failed event is sent to the speci!ed Amazon SQS queue
 or Amazon SNS topic. If you don't specify a Dead Letter Queue (DLQ), which
is not required and is the default setting, then the event will be discarded.
For more information, see Dead Letter Queues.

https://docs.aws.amazon.com/lambda/latest/dg/retries-on-errors.html?
shortFooter=true

Ask our Experts Rate this Question?

' (

Finish Review

Certi!cation Company Follow us

Cloud Certi"cation Support

)*+
Java Certi"cation Discussions

PM Certi"cation Blog

Big Data Certi"cation Business

© Copyright 2019. Whizlabs Software Pvt. Ltd. All Right Reserved.