QUESTION 1 UNATTEMPTED

Which of the following are valid integration sources for API Gateway?(choose 3 options)

A. Public facing HTTPS-based endpoints outside AWS network.

B. Lambda functions from another account.
C. Database connections on internet outside AWS network.
D. VPC Link
E. SFTP connection

Explanation :
Answer: A, B, D

Option A is correct. AWS API Gateway can integrate with any HTTPS-based endpointsavailable over internet.

Q: With what backends can Amazon API Gateway communicate?

Amazon API Gateway can execute AWS Lambda functions in your account, start AWS Step Functions state machines, or call HTTP endpoints hosted on AWS Elastic
Beanstalk, Amazon EC2, and also non-AWS hosted HTTP based operations that are accessible via the public Internet. API Gateway also allows you to specify a
mapping template to generate static content to be returned, helping you mock your APIs before the backend is ready. You can also integrate API Gateway with other AWS
services directly – for example, you could expose an API method in API Gateway that sends data directly to Amazon Kinesis.

Option B is correct. AWS can use Lambda function from another account as anintegration type.

Option C is incorrect. AWS API gateway can connect to AWS services which will makeproxy calls only to their respective AWS APIs. There is no integration t
ype for databaseconnections directly from API Gateway. You can use Lambda function to connect withdatabase and make Lambda as integration type for API
Gateway.

Option D is correct. AWS has introduced VPC Link, a way to connect to the resourceswithin a private VPC.
 Refer to the documentation here for more information on VPC Links.https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-
endpoints/

Ask our Experts

QUESTION 2 UNATTEMPTED

Company ABC is having few 100s of REST APIs exposed to internet fromtheir on-
premises network. They already have integrated with AWSthrough DirectConnect. They have approached you asking for a cost-
effective way of making these REST APIs available through AWS APIGateway because of the resiliency and cost reductions prov
ided by it.What solution would you provide?

A. API Gateway cannot integrate with on-premises backend APIs which are not over public internet. Rebuild all the backend APIs
using Lambda and integrate with API Gateway.
B. Use VPC Link to integrate on-premises backend solutions through DirectConnect and private VPC.
C. Build API Gateway using existing on-premises public facing REST APIs as HTTPS endpoints integration type.
D. Build API Gateway with integration type as AWS Service and select Direct Connect service.

Explanation :
Answer: B
 For more information on VPC Link, refer documentation here.
https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/

Ask our Experts

QUESTION 3 UNATTEMPTED

You have built a REST API using API gateway and distributed to yourcustomers. However, your API is receiving large number of
requests andoverloading your backend system causing performance bottlenecks andeventually causing delays and failures in servi
ng the requests for yourimportant customers. How would you improve the API performance?(Choose 2 options)

A. Enable throttling and control the number of requests per second.

B. Create a resource policy to allow access for specific customers during specific time period.
C. Enable API caching to serve frequently requested data from API cache.
D. Enable load balancer on your backend systems.

Explanation :
Answer: A, C

Option A is correct. To prevent your API from being overwhelmed by too many requests,Amazon API Gateway throttles requests to your API. Specifically, AP
I Gateway sets alimit on a steady-state rate and a burst of request submissions against all APIs in youraccount.
For more information on throttling, refer documentation here.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html

Option B is not correct. This is not a viable solution. Resource policies cannot have atime range based condition.
Following documentation shows the conditions supported for API Gateway resourcepolicies.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-aws-condition-keys.html
Option C is correct. You can enable API caching in Amazon API Gateway to cache yourendpoint’s responses. With caching, you can reduce the number of call
s made to yourendpoint and also improve the latency of requests to your API. When you enablecaching for a stage, API Gateway caches responses from your e
ndpoint for a specifiedtime-to-
live (TTL) period, in seconds. API Gateway then responds to the request bylooking up the endpoint response from the cache instead of making a request to you
rendpoint. The default TTL value for API caching is 300 seconds. The maximum TTLvalue is 3600 seconds. TTL=0 means caching is disabled.
For details on enabling caching, refer documentation here.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html#enable-api-gateway-caching
Option D is not correct. We can improve performance by increasing the capacity ofbackend systems if above settings does not help. Simply adding a load balancer does
not improve any performance.

Ask our Experts

QUESTION 4 UNATTEMPTED

You have created a public facing REST API using AWS API Gateway withdefault throttle setting of 10000 requests per second an
d burst of 5000requests. You are getting 8000 requests in one millisecond. Which of thefollowing statements is true?

A. All 8000 requests would succeed as the default throttle limit is 8000 per second.
B. All 8000 requests would fail as it is higher than the burst limit of 5000.
C. 5000 requests would succeed and rest 3000 would fail.
D. 5000 requests would succeed and throttles the rest 3000 in one-second period.

Explanation :
Answer: D
 To prevent your API from being overwhelmed by too many requests, Amazon APIGateway throttles requests to your API using the token bucket algorithm, wh
ere a tokencounts for a request. Specifically, API Gateway sets a limit on a steady-
state rate and aburst of request submissions against all APIs in your account. In the token bucketalgorithm, the burst is the maximum bucket size.
When request submissions exceed the steady-state request rate and burst limits, APIGateway fails the limit-
exceeding requests and returns 429 Too Many Requests errorresponses to the client. Upon catching such exceptions, the client can resubmit thefailed
requests in a rate- limiting fashion, while complying with the API Gateway throttlinglimits.
By default, API Gateway limits the steady-
state request rate to 10,000 requests persecond (rps). It limits the burst (that is, the maximum bucket size) to 5,000 requestsacross all APIs within an
AWS account. In API Gateway, the burst limit corresponds to themaximum number of concurrent request submissions that API Gateway can fulfill at
anymoment without returning
429 Too Many Requests error responses.

For more information on API Gateway throttling, refer documentation here.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html#apig-request-throttling-account-level-limits

Ask our Experts

QUESTION 5 UNATTEMPTED

Your organization had created a REST API using AWS API Gateway andexposed it over internet.
They have noticed a consistent high number of requests per second onGET /users method, approximately 9000 out of which 5000
requests aresent in 1st millisecond. This is putting more overload on backend systems.They have changed stage’s number of requ
ests per second to
6000 and burst to 3000 requests. Now the total number of requestssent per second is reduced to 6000, however, 5000 requests bei
ng sentin 1st millisecond. What could be causing this behaviour?

A. Stage’s GET /users method throttling settings might have overwritten stage throttling settings with burst as 5000 requests.
B. Account level throttle settings are 10000 requests per second and burst 5000 requests. You cannot overwrite account level
settings.
C. Any changes made to Stage might take upto 2 hours to propagate.
D. Requests per second are set to 6000. API can serve upto 6000 requests irrespective of how many requests sent in one
millisecond.

Explanation :
Answer: A
You can override stage settings on an individual method within a stage.
 https://aws.amazon.com/about-aws/whats-new/2018/07/api-gateway-usage-plans-support- method-level-throttling/

Ask our Experts

QUESTION 6 UNATTEMPTED

Which of the following are not access control mechanisms for AWS APIGateway? (Choose 2 options)

A. Resource policies
 B. Lambda authorizers
C. Server-side certificates
D. VPC RouteTables
E. Usage Plans

Explanation :
Answer: C, D
Following are different ways of controlling access to your AWS API Gateway.

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access- to-api.html

Option C is not access control mechanism. API Gateway accepts the client-sidecertificates of your backend system.
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side- ssl-authentication.html
Option D is not access control mechanism. RouteTables in VPCs are to control networktraffic flow within a VPC.

For more information on VPC route tables, refer documentation here.

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html

Ask our Experts

QUESTION 7 UNATTEMPTED

Your organization would need to expose certain services to its customer. You have created and deployed REST API for your
organization using AWS API Gateway over public internet. However, you noticed requests from hosts other than your customer.
How would you control access in this scenario?
(choose 2 options)

A. Establish DirectConnect to each of your customer’s network and enable API Gateway’s VPC Link through a private VPC.
B. Enable CORS and add required host names under Access-Control-Allow-Origin.
C. Configure your customer’s IP address ranges in resource policy.
D. Create IAM users for your customers and enable
E. Generate and distribute Client Certificate to customer. Ask them to use the certificate while sending requests.
Explanation :
Answer: B, C
Following are different ways of controlling access to your AWS API Gateway.

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access- to-api.html

Option A is not a viable solution.

Option B is correct. You can allow a domain other than the API gateway’s domain name to access the APIS using Cross Origin Resource Sharing.
For more information on CORS, refer documentation here.
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

Option C is correct.
 Option D in incorrect. Create IAM users for your customers and enable user authentication.
Option E is incorrect. Just by creating an IAM Users and assigning to the Customers will not resolve the issue. Rather we need to create roles and policies.

The client certificate is between API Gateway and the backend systems, not between API Gateway and the clients who make the requests.

For more information on client certificates for API gateway, refer documentation here. ???
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html

Ask our Experts

QUESTION 8 UNATTEMPTED

In AWS API Gateway, which of the following security measure is provideddefault by AWS to protect the backend systems?

A. Default Cross Origin Resource Sharing (CORS) onfiguration.

B. Default Resource Policy.
C. Protection from distributed denial-of-service (DDoS) attacks.
D. Security of backend systems falls under customer responsibility. AWS provides different mechanisms to protect backend
systems which are not configured by default.

Explanation :
Answer: C
Following are the control mechanisms provided by AWS to control access. However,they are not configued by default by AWS. As a customer of A
WS, you need to configurethem.
 Options A and B are part of above list and do not have any default configurations.Option C is correct.

Option D statement is not correct. Above screenshot shows AWS automaticallyprovides protection from DdoS attacks.

Ask our Experts

QUESTION 9 UNATTEMPTED
DEFINE PERFORMANT ARCHITECTURES

When enabling API caching for API Gateway through console, which of the following is not an action?

A. Cache capacity
B. Encrypt cache data
C. Refresh cache
D. Flush entire cache

Explanation :
Answer: C
Following are the settings and actions when enabling/disabling API caching for API Gateway.
 Options A, B, D are highlighted in above screen shots. There is no action to refresh cache on API Gateway.

For more information on API caching, refer documentation here.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

Ask our Experts

QUESTION 10 MARKED AS REVIEW UNATTEMPTED

You have created a REST API using AWS API Gateway and deployed toproduction. Your organization requested the details on w
ho is accessingthe API for auditing purpose. How would you get the required informationon who accessed your API?

A. Enable CloudWatch Logs.

B. Enable Access Logging
C. CloudTrail contains the requester information for your API.
D. Enable logging in your backend system to log the requests.

Explanation :
Answer: B
To help debug issues related to request execution or client access to your API, you canenable
Amazon CloudWatch Logs to trace API calls.
Option A is not correct. Default CloudWatch logging enables API request logging whichdoes not contain who access the API and how did they access.

Option B is correct.
For more information on API gateway logging, refer documentation here.
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html
Option C is not correct. CloudTrail logs the request information on AWS APIs, not theAPIs generated through API gateway.
You can use AWS CloudTrail to capture API Gateway REST API calls in your AWS accountand deliver the log files to an Amazon S3 bucket you specify. Exa
mples of these API callsinclude creating a new API, resource, or method in API Gateway.
For more information on what information is captured in CloudTrail, referdocumentation here.
https://docs.aws.amazon.com/apigateway/latest/developerguide/cloudtrail.html
Option D is not correct. It is not effective of logging access logs as we have an optionprovided by AWS.