AT
Knowledge CheckModule 11

Quiz: Module 11: Infrastructure as Code with CloudFormation, SAM, and CDK

Test your understanding of the concepts covered in this module.

9 questions

  1. 1

    Which of the following best describes why Infrastructure as Code (IaC) is preferred over manual provisioning for production environments?

  2. 2

    A CloudFormation template contains the following sections: `AWSTemplateFormatVersion`, `Description`, `Parameters`, `Mappings`, `Conditions`, `Resources`, and `Outputs`. Which of these sections is the only one that is required in every CloudFormation template?

  3. 3

    Match each CloudFormation intrinsic function to its purpose: | Function | Purpose | |----------|---------| | `!Ref` | _______ | | `!Sub` | _______ | | `!GetAtt` | _______ | | `!If` | _______ | Options:

  4. 5

    A team maintains a CloudFormation template that defines a VPC, subnets, and an EC2 instance. They need to add a new security group to the template and want to verify exactly which resources will be added, modified, or replaced before applying the change. Which CloudFormation feature should they use?

  5. 6

    Which of the following correctly describes the `Transform` declaration in a SAM template?

  6. 7

    A developer is writing a SAM template with three Lambda functions that all use the Python 3.12 runtime, a 30-second timeout, and the same `TABLE_NAME` environment variable. Which SAM template feature should the developer use to avoid repeating these settings in each function definition?

  7. 8

    Your team deploys a CloudFormation stack that creates a VPC, an RDS database, and several EC2 instances. Two weeks later, a developer modifies a security group rule directly through the AWS Management Console to unblock a testing issue. The team is now preparing a stack update with new template changes. What risk does this situation present, and what should the team do before applying the update?

  8. 9

    A startup is building a new project that includes a REST API backed by Lambda functions and a DynamoDB table, plus a shared VPC with public and private subnets used by multiple teams. The Lambda functions need scoped IAM permissions for DynamoDB access, and the team wants to test API endpoints locally before deploying. Which combination of IaC tools best fits these requirements?

  9. 10

    Which of the following statements correctly describes the relationship between AWS CDK constructs and CloudFormation?