diff --git a/aws-lambda/aws-lambda-quiz.md b/aws-lambda/aws-lambda-quiz.md index 9873fc35b7..b8319f1a19 100644 --- a/aws-lambda/aws-lambda-quiz.md +++ b/aws-lambda/aws-lambda-quiz.md @@ -625,3 +625,21 @@ **Explanation** - Amazon RDS (Relational Database Service) cannot directly trigger a Lambda function. RDS is a managed database service and does not have built-in functionality to trigger Lambda directly. However, other services like S3, DynamoDB Streams, and API Gateway can trigger Lambda functions when specific events occur (e.g., file uploads, data changes, API calls). + +#### Q79. You work for a company that has an AWS cloud deployment utilizing Lambda functions for various tasks. You need to select the appropriate resource types and sizes for these tasks. How should you optimize the amount of memory configured for Lambda functions on your AWS cloud? +- [ ] Use CloudTrail to track all API calls made on the system. +- [x] Use CloudWatch to monitor memory-bound functions. +- [ ] Utilize CloudFront for caching data for end users. +- [ ] Create a new VPC with an AWS Batch computing environment in it. + +**Explanation** +- `You would use CloudWatch to monitor memory-bound functions and create an alarm when memory consumption nears a preset limit. This will help you find out when memory consumption reaches close to the preset maximum value so that you can avoid processing bottlenecks by increasing the configured memory for the functions. AWS CloudWatch allows you to monitor the AWS system in real time by monitoring and tracking resource metrics.` + +#### Q80. You are running a photo-sharing website using various AWS services. You have an AWS Lambda function that performs image resizing and cropping whenever a user uploads a picture to an S3 bucket. You need to find a way to allow other AWS accounts and services to invoke this function when necessary. What would you do to implement this functionality? +- [ ] Use an identity-based policy to grant the needed permissions. +- [x] Use a resource-based policy to grant the needed permissions. +- [ ] Create an IAM user group to allow access to resources. +- [ ] Set the permissions for the S3 bucket to public. + +**Explanation** +- `You would use a resource-based policy to grant the needed permissions. A resource-based policy is attached to an AWS resource such as an Amazon Simple Storage Service (S3) bucket, a virtual private cloud (VPC) endpoint, AWS Key Management Service (KMS) encryption keys, and Amazon Simple Queueing Service (SQS) queues. Using a resource-based policy, you specify the principal who can access the resource and their permissible actions on the resource. A principal can be an account, user, role, or session principal. Session principals can be IAM federated users or role sessions. Policies are AWS objects that specify the permissions of an identity or a resource. You can choose an identity-based or resource-based policy when you create a permissions policy for restricted access to resources.`