A company needs to distribute firmware updates to its customers around the world.
Which service will allow easy and secure control of the access to the downloads at the lowest cost?

1. A. Use Amazon CloudFront with signed URLs for Amazon S3.
2. B. Create a dedicated Amazon CloudFront Distribution for each customer.
3. C. Use Amazon CloudFront with AWS Lambda@Edge.
4. D. Use Amazon API Gateway and AWS Lambda to control access to an S3 bucket.

Correct Answer: A
This solution allows easy and secure control of access to the downloads at the lowest cost because it uses a content delivery network (CDN) that can cache and distribute firmware updates to customers around the world, and uses a mechanism that can restrict access to specific files or versions. Amazon CloudFront is a CDN that can improve performance, availability, and security of web applications by delivering content from edge locations closer to customers. Amazon S3 is a storage service that can store firmware updates in buckets and objects. Signed URLs are URLs that include additional information, such as an expiration date and time, that give users temporary access to specific objects in S3 buckets. The developer can use CloudFront to serve firmware updates from S3 buckets and use signed URLs to control who can download them and for how long. Creating a dedicated CloudFront distribution for each customer will incur unnecessary costs and complexity. Using Amazon CloudFront with AWS Lambda@Edge will require additional programming overhead to implement custom logic at the edge locations. Using Amazon API Gateway and AWS Lambda to control access to an S3 bucket will also require additional programming overhead and may not provide optimal performance or availability.
Reference: [Serving Private Content through CloudFront], [Using CloudFront with Amazon
S3]

A developer is writing an AWS Lambda function. The developer wants to log key events that occur while the Lambda function runs. The developer wants to include a unique identifier to associate the events with a specific function invocation. The developer adds the following code to the Lambda function:

Which solution will meet this requirement?

1. A. Obtain the request identifier from the AWS request ID field in the context objec
2. B. Configure the application to write logs to standard output.
3. C. Obtain the request identifier from the AWS request ID field in the event objec
4. D. Configure the application to write logs to a file.
5. E. Obtain the request identifier from the AWS request ID field in the event objec
6. F. Configure the application to write logs to standard output.
7. G. Obtain the request identifier from the AWS request ID field in the context objec
8. H. Configure the application to write logs to a file.

Correct Answer: A
https://docs.aws.amazon.com/lambda/latest/dg/nodejs-context.html https://docs.aws.amazon.com/lambda/latest/dg/nodejs-logging.html
There is no explicit information for the runtime, the code is written in Node.js.
AWS Lambda is a service that lets developers run code without provisioning or managing servers. The developer can use the AWS request ID field in the context object to obtain a unique identifier for each function invocation. The developer can configure the application to write logs to standard output, which will be captured by Amazon CloudWatch Logs. This solution will meet the requirement of logging key events with a unique identifier.
References:
✑ [What Is AWS Lambda? - AWS Lambda]
✑ [AWS Lambda Function Handler in Node.js - AWS Lambda]
✑ [Using Amazon CloudWatch - AWS Lambda]

A developer is creating a new REST API by using Amazon API Gateway and AWS Lambda. The development team tests the API and validates responses for the known use cases before deploying the API to the production environment.
The developer wants to make the REST API available for testing by using API Gatewaylocally.
Which AWS Serverless Application Model Command Line Interface (AWS SAM CLI) subcommand will meet these requirements?

1. A. Sam local invoke
2. B. Sam local generate-event
3. C. Sam local start-lambda
4. D. Sam local start-api

Correct Answer: D
✑ The sam local start-api subcommand allows you to run your serverless application locally for quick development and testing1. It creates a local HTTP server that acts as a proxy for API Gateway and invokes your Lambda functions based on the AWS SAM template1. You can use the sam local start-api subcommand to test your REST API locally by sending HTTP requests to the local endpoint1.

A developer is deploying an AWS Lambda function The developer wants the ability to return to older versions of the function quickly and seamlessly.
How can the developer achieve this goal with the LEAST operational overhead?

1. A. Use AWS OpsWorks to perform blue/green deployments.
2. B. Use a function alias with different versions.
3. C. Maintain deployment packages for older versions in Amazon S3.
4. D. Use AWS CodePipeline for deployments and rollbacks.

Correct Answer: B
A function alias is a pointer to a specific Lambda function version. You can use aliases to create different environments for your function, such as development, testing, and production. You can also use aliases to perform blue/green deployments by shifting traffic between two versions of your function gradually. This way, you can easily roll back to a previous version if something goes wrong, without having to redeploy your code or change your configuration. Reference: AWS Lambda function aliases

A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company's main AWS account for further processing.
Which solution will meet these requirements?

1. A. Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main accoun
2. B. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle event
3. C. Add the SQS queue as a target of the rule.
4. D. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queu
5. E. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle event
6. F. Add the SQS queue in the main account as a target of the rule.
7. G. Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle change
8. H. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle chang
9. I. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.
10. J. Configure the permissions on the main account event bus to receive events from all account
11. K. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bu
12. L. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle event
13. M. Set the SQS queue as a target for the rule.

Correct Answer: D
Amazon EC2 instances can send the state-change notification events to Amazon EventBridge. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instance-state- changes.html Amazon EventBridge can send and receive events between event buses in AWS accounts. https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross- account.html