Cloud Deployment and Operations Online Practice Questions

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Maximizing the time to live (TTL) of the cache in Amazon CloudFront reduces the frequency of requests to the origin server by serving content from edge locations for a longer period, lowering latency and costs. The WGU Cloud Deployment and Operations Study Guide (Section 4.4, CloudFront Caching) states, "A higher TTL in CloudFront caching minimizes origin requests by keeping objects in edge caches longer, reducing load on the origin server and optimizing performance and cost." Facilitating high request volumes, improving disaster recovery, and enhancing security are not primary benefits of maximizing TTL.

Explanation:
The `GetSessionToken` API call is needed to perform MFA before accessing a resource, as it generates temporary security credentials for an IAM user after MFA validation. This ensures secure access to AWS resources. The WGU Cloud Deployment and Operations Study Guide (Section 6.2, IAM and MFA) states, "The `GetSessionToken` API is used with MFA to obtain temporary credentials, requiring a valid MFA code to authenticate the user before resource access is granted." GetCallerIdentity, GetFederationToken, and DecodeAuthorizationMessage serve different purposes and do not handle MFA authentication.

Explanation:
To receive emails when a Lambda function returns an error, the administrator should use Amazon CloudWatch to monitor the function’s logs and metrics (e.g., errors) and Amazon Simple Notification Service (SNS) to send email notifications based on CloudWatch alarms. The WGU Cloud Deployment and Operations Study Guide (Section 4.3, CloudWatch and SNS) states, "CloudWatch can detect Lambda errors via logs and trigger an alarm, which integrates with SNS to send email notifications to subscribed endpoints, ensuring timely error alerts." SQS and CloudTrail are not designed for this notification workflow.

Explanation:
Amazon Inspector can publish its findings when detecting anomalies to Amazon SNS for real-time notifications and to CloudWatch for metric and event logging, enabling monitoring and response. The WGU Cloud Deployment and Operations Study Guide (Section 6.2, Amazon Inspector) states, "Inspector findings are published to SNS for immediate alerts and to CloudWatch for detailed logging, allowing integration with other AWS services for anomaly response." CloudTrail logs API calls, and SQS is a messaging queue, neither of which are primary destinations for Inspector findings.

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
To protect critical data on EBS volumes with a maximum tolerable data loss of one hour, the company should schedule automated volume snapshots using CloudWatch Events. Snapshots capture the state of the volume at a point in time, and regular scheduling (e.g., every hour) ensures data loss is limited to the snapshot interval. The WGU Cloud Deployment and Operations Study Guide (Section 7.3, EBS and Snapshots) states, "Automated EBS snapshots can be scheduled using CloudWatch Events rules to create backups at defined intervals, ensuring an RPO of one hour by capturing volume data regularly." Local storage, Cloud Control backups, and Block Express are not viable solutions for this automated snapshot requirement.