AWS Certification: CloudFront Questions

AWS CloudFront

Overview
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services.
1. A CloudFront distribution is being used to distribute content from an S3 bucket. It is required that only a particular set of users get access to certain content. How can this be accomplished?

A. Create IAM Users for each user and then provide access to the S3 bucket content.

B. Create IAM Groups for each set of users and then provide access to the S3 bucketcontent.

C. Create CloudFront signed URLs and then distribute these URLs to the users.

D. Use IAM Polices for the underlying S3 buckets to restrict content.

Answer
C. Create CloudFront signed URLs and then distribute these URLs to the users.

2. A company has an application that delivers objects from S3 to users. Of late, some users spread across the globe have been complaining of slow response times. Which of the following additional steps would help in building a cost-effective solution and also help ensure that the users get an optimal response to objects from S3?

A. UseS3 Replication to replicate the objects to regions closest to the users.

B. EnsureS3 Transfer Acceleration is enabled to ensure all users get the desiredresponse times.

C. Placean ELB in front of S3 to distribute the load across S3.

D. Place the S3 bucket behind a CloudFront distribution.

Answer
D. Place the S3 bucket behind a CloudFront distribution.

3. A company has an application that uses the S3 bucket as its data layer. As per the monitoring on the S3 bucket, it can be seen that the number of GET requests is 400 requests per second. The IT Operations team receives service requests about users getting HTTP 500 or 503 errors while accessing the application. What can be done to resolve these errors? Choose 2 answers from the options given below.

A. Add a CloudFront distribution in front of the bucket.

B. Add random ness to the key names.

C. Add an ELB in front of the S3 bucket.

D. Enable Versioning for the S3 bucket.

Answer
A. & B.

4. A website runs on EC2 Instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling Group across multiple Availability Zones and deliver several large files that are stored on a shared Amazon EFS file system. The company needs to avoid serving the files from EC2 Instances every time a user requests these digital assets.

What should the company do to improve the user experience of the web site?


A. Move the digital assets to Amazon Glacier.

B. Cache static content using CloudFront.

C. Resize the images so that they are smaller.

D. Use reserved EC2 Instances.

Answer
B. Cache static content using CloudFront.

5. An organization hosts a multi-language website on AWS, which is served using CloudFront. Language is specified in the HTTP request as shown below:

http://d11111f8.cloudfront.net/main.html?language=de

http://d11111f8.cloudfront.net/main.html?language=en

http://d11111f8.cloudfront.net/main.html?language=es

How should AWS CloudFront be configured to delivered cache data in the correct language?


A. Forward cookies to the origin

B. Based on query string parameters

C. Cache objects at the origin

D. Serve dynamic content

Answer
B. Based on query string parameters

6. You are building a large-scale confidential documentation web server on AWS and all of its documentation will be stored on S3. One of the requirements is that it should not be publicly accessible from S3 directly, and CloudFront would be needed to accomplish this. Which of the methods listed below would satisfy the outlined requirements? Choose an answer from the options below.

A. Create an Identity and Access Management (IAM) user for CloudFront and grant access tothe objects in your S3 bucket to that IAM User.

B. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objectsin your S3 bucket to that OAI.

C. Create individual policies for each bucket the documents are stored in, and grant access only to CloudFront in these policies.

D. Create an S3 bucket policy that lists the CloudFront distribution ID as the Principaland the target bucket as the Amazon Resource Name (ARN).

Answer
B. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objectsin your S3 bucket to that OAI.

7. You are hosting a web server on an EC2 Instance. With the number of requests consuming a large part of the CPU, the response performance for the application is getting degraded. Which of the following would help alleviate the problem and provide a better response time?

A. Place the EC2 Instance behind a Classic Load Balancer.

B. Place the EC2 Instance behind an Application Load Balancer.

C. Place the EC2 Instance in an Auto Scaling Group with the max size as 1.

D. Place a CloudFront distribution in front of the EC2 Instance.

Answer
D. Place a CloudFront distribution in front of the EC2 Instance.

8. You have a web application hosted on an EC2 Instance in AWS which is being accessed by users across the globe. The Operations team has been receiving support requests about extreme slowness from users in some regions. What can be done to the architecture to improve the response time for these users?

A. Add more EC2 Instances to support the load.

B. Change the Instance type to a higher instance type.

C. Add Route 53 health checks to improve the performance.

D. Place the EC2 Instance behind CloudFront.

Answer
D. Place the EC2 Instance behind CloudFront.

9. Your company currently has a web distribution hosted using the AWS CloudFront service. The IT Security department has confirmed that the application using this web distribution now falls under the scope of PCI compliance. Which of the following steps need to be carried out to ensure that the compliance objectives are met? Choose two answers from the choices below.

A. Enable CloudFront access logs.

B. Enable Cache in CloudFront.

C. Capture requests that are sent to the CloudFront API.

D. Enable VPC Flow Logs

Answer
A. & C.

10. Your company is utilising CloudFront to distribute its media content to multiple regions. The content is frequently accessed by users. As a cloud architect, which of the following options would help you improve the performance of the system?

A. Change the origin location from an S3 bucket to an ELB.

B. Use a faster Internet connection.

C. Increase the cache expiration time.

D. Create an “invalidation” for all your objects, and recache them.

Answer
C. Increase the cache expiration time.