DECK 3 Flashcards
A company is running a Docker application on Amazon ECS. The application must scale based on user load in the last 15 seconds.
How should a Developer instrument the code so that the requirement can be met?
A. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
C. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 30 seconds
D. Create a standard-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
B. Create a high-resolution custom Amazon CloudWatch metric for user activity data, then publish data every 5 seconds
A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day. Messages must be delivered in real time for fraud detection and live operational dashboards.
Which approach will meet these requirements?
A. Send the messages to an Amazon SQS queue, then process the messages by using a fleet of Amazon EC2 instances
B. Use the Amazon S3 API to write messages to an S3 bucket, then process the messages by using Amazon Redshift
C. Use AWS Data Pipeline to automate the movement and transformation of data
D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages
D. Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages
A Developer accesses AWS CodeCommit over SSH. The SSH keys configured to access AWS CodeCommit are tied to a user with the following permissions:
The Developer needs to create/delete branches.
Which specific IAM permissions need to be added, based on the principle of least privilege?
A. codecommit:CreateBranch codecommit:DeleteBranch
B. codecommit:Put*
C. codecommit:Update*
D. codecommit:*
A. codecommit:CreateBranch codecommit:DeleteBranch
A Developer has been asked to create an AWS Lambda function that is triggered any time updates are made to items in an Amazon DynamoDB table. The function has been created, and appropriate permissions have been added to the Lambda execution role. Amazon DynamoDB streams have been enabled for the table, but the function is still not being triggered.
Which option would enable DynamoDB table updates to trigger the Lambda function?
A. Change the StreamViewType parameter value to NEW_AND_OLD_IMAGES for the DynamoDB table
B. Configure event source mapping for the Lambda function
C. Map an Amazon SNS topic to the DynamoDB streams
D. Increase the maximum execution time (timeout) setting of the Lambda function
B. Configure event source mapping for the Lambda function
An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?
A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
B. Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
C. Deploy an application in each audited account with its own role. Have Account A authenticate with the application
D. Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys
A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
A Developer is building a three-tier web application that should be able to handle a minimum of 5000 requests per minute. Requirements state that the web tier should be completely stateless while the application maintains session state for the users.
How can session data be externalized, keeping latency at the LOWEST possible value?
A. Create an Amazon RDS instance, then implement session handling at the application level to leverage a database inside the RDS database instance for session data storage
B. Implement a shared file system solution across the underlying Amazon EC2 instances, then implement session handling at the application level to leverage the shared file system for session data storage
C. Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for session data storage
D. Create an Amazon DynamoDB table, then implement session handling at the application level to leverage the table for session data storage
C. Create an Amazon ElastiCache Memcached cluster, then implement session handling at the application level to leverage the cluster for session data storage
An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Developer notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed.
Why is the table being throttled?
A. The GSI write capacity units are underprovisioned
B. There are not enough read capacity units on the primary table
C. Amazon DynamoDB Streams is not enabled on the table
D. A large write operation is being performed against another table
A. The GSI write capacity units are underprovisioned
A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor’s changes to be overwritten without a proper review process.
Which DynamoDB write option should be selected to prevent this overwriting?
A. Concurrent writes
B. Conditional writes
C. Atomic writes
D. Batch writes
B. Conditional writes
A company needs a version control system for collaborative software development. Features of the system must include the following:
✑ Support for batches of changes across multiple files
✑ Parallel branching
✑ Version tracking
Which AWS service will meet these requirements?
A. AWS CodePipeline
B. Amazon S3
C. AWS CodeBuild
D. AWS CodeCommit
D. AWS CodeCommit
A company is using continuous integration and continuous delivery systems. A Developer now needs to automate a software package deployment to both Amazon EC2 instances and virtual servers running on-premises.
Which AWS service should be used to accomplish this?
A. AWS CodePipeline
B. AWS CodeBuild
C. AWS Elastic Beanstalk
D. AWS CodeDeploy
D. AWS CodeDeploy
A Developer created a new AWS account and must create a scalable AWS Lambda function that meets the following requirements for concurrent execution:
✑ Average execution time of 100 seconds
✑ 50 requests per second
Which step must be taken prior to deployment to prevent errors?
A. Implement dead-letter queues to capture invocation errors
B. Add an event source from Amazon API Gateway to the Lambda function
C. Implement error handling within the application code
D. Contact AWS Support to increase the concurrent execution limits
D. Contact AWS Support to increase the concurrent execution limits
A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.
What should the Development team do to achieve this?
A. Add annotations to the segment document and the code
B. Add metadata to the segment document and the code
C. Configure the necessary X-Ray environment variables
D. Install required plugins for the appropriate AWS SDK
A. Add annotations to the segment document and the code
A team of Developers must migrate an application running inside an AWS Elastic Beanstalk environment from a Classic Load Balancer to an Application Load
Balancer.
Which steps should be taken to accomplish the task using the AWS Management Console?
A. 1. Update the application code in the existing deployment. 2. Select a new load balancer type before running the deployment. 3. Deploy the new version of the application code to the environment.
B. 1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
C. 1. Clone the existing environment, changing the associated load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
D. 1. Edit the environment definitions in the existing deployment. 2. Change the associated load balancer type according to the requirements. 3. Rebuild the environment with the new load balancer type.
B. 1. Create a new environment with the same configurations except for the load balancer type. 2. Deploy the same application version as used in the original environment. 3. Run the swap-environment-cnames action.
A Developer must encrypt a 100-GB object using AWS KMS.
What is the BEST approach?
A. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
B. Make an Encrypt API call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
C. Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
D. Make a GenerateDataKeyWithoutPlaintext API call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data
C. Make a GenerateDataKey API call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
A Development team would like to migrate their existing application code from a GitHub repository to AWS CodeCommit.
What needs to be created before they can migrate a cloned repository to CodeCommit over HTTPS?
A. A GitHub secure authentication token
B. A public and private SSH key file
C. A set of Git credentials generated from IAM
D. An Amazon EC2 IAM role with CodeCommit permissions
C. A set of Git credentials generated from IAM
A Developer is writing a REST service that will add items to a shopping list. The service is built on Amazon API Gateway with AWS Lambda integrations. The shopping list items are sent as query string parameters in the method request.
How should the Developer convert the query string parameters to arguments for the Lambda function?
A. Enable request validation
B. Include the Amazon Resource Name (ARN) of the Lambda function
C. Change the integration type
D. Create a mapping template
D. Create a mapping template
When developing an AWS Lambda function that processes Amazon Kinesis Data Streams, Administrators within the company must receive a notice that includes the processed data.
How should the Developer write the function to send processed data to the Administrators?
A. Separate the Lambda handler from the core logic
B. Use Amazon CloudWatch Events to send the processed data
C. Publish the processed data to an Amazon SNS topic
D. Push the processed data to Amazon SQS
C. Publish the processed data to an Amazon SNS topic
A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?
A. Encrypt the data before sending it to Amazon S3
B. Import a custom key into AWS KMS with annual rotation enabled
C. Use AWS KMS with automatic key rotation
D. Export a key from AWS KMS to encrypt the data
C. Use AWS KMS with automatic key rotation
A company is creating a REST service using an Amazon API Gateway with AWS Lambda integration. The service must run different versions for testing purposes.
What would be the BEST way to accomplish this?
A. Use an X-Version header to denote which version is being called and pass that header to the Lambda function(s)
B. Create an API Gateway Lambda authorizer to route API clients to the correct API version
C. Create an API Gateway resource policy to isolate versions and provide context to the Lambda function(s)
D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context
D. Deploy the API versions as unique stages with unique endpoints and use stage variables to provide further context
A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table.
What MUST the company do to implement this authentication in API Gateway?
A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
B. Create a model that requires the credentials, then grant API Gateway access to the authentication table
C. Modify the integration requests to require the credentials, then grant API Gateway access to the authentication table
D. Implement an Amazon Cognito authorizer that references the DynamoDB authentication table
A. Implement an AWS Lambda authorizer that references the DynamoDB authentication table
An Amazon RDS database instance is used by many applications to look up historical data. The query rate is relatively constant. When the historical data is updated each day, the resulting write traffic slows the read query performance and affects all application users.
What can be done to eliminate the performance impact on application users?
A. Make sure Amazon RDS is Multi-AZ so it can better absorb increased traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
C. Implement Amazon ElastiCache in front of Amazon RDS to buffer the write traffic.
D. Use Amazon DynamoDB instead of Amazon RDS to buffer the read traffic.
B. Create an RDS Read Replica and direct all read traffic to the replica.
A Developer is trying to make API calls using SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls.
Which method the Developer use to access the multi-factor authentication protected API?
A. GetFederationToken
B. GetCallerIdentity
C. GetSessionToken
D. DecodeAuthorizationMessage
C. GetSessionToken
An application is running on a cluster of Amazon EC2 instances. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error:
Which combination of steps should be taken to prevent this failure? (Choose two.)
A. Contact AWS Support to request an AWS KMS rate limit increase.
B. Perform error retries with exponential backoff in the application code.
C. Contact AWS Support to request a S3 rate limit increase.
D. Import a customer master key (CMK) with a larger key size.
E. Use more than one customer master key (CMK) to encrypt S3 data.
A. Contact AWS Support to request an AWS KMS rate limit increase.
B. Perform error retries with exponential backoff in the application code.
A Developer has an e-commerce API hosted on Amazon ECS. Variable and spiking demand on the application is causing order processing to take too long. The application processes Amazon SQS queues. The ApproximateNumberOfMessagesVisible metric spikes at very high values throughout the day, which causes Amazon CloudWatch alarm breaches. Other ECS metrics for the API containers are well within limits.
What can the Developer implement to improve performance while keeping costs low?
A. Target tracking scaling policy
B. Docker Swarm
C. Service scheduler
D. Step scaling policy
D. Step scaling policy
A Developer wants to build an application that will allow new users to register and create new user accounts. The application must also allow users with social media accounts to log in using their social media credentials.
Which AWS service or feature can be used to meet these requirements?
A. AWS IAM
B. Amazon Cognito identity pools
C. Amazon Cognito user pools
D. AWS Directory Service
C. Amazon Cognito user pools
A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every time an employee logs in. For security reasons, the pictures cannot be publicly accessible.
What is a viable long-term solution for this scenario?
A. Generate a presigned URL when a picture is uploaded. Save the URL in an Amazon DynamoDB table. Return the URL to the browser when the employee logs in.
B. Save the picture’s S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in.
C. Encode a picture using base64. Save the base64 string in an Amazon DB table. Allow the browser to retrieve the string and convert it to a picture.
D. Save the picture’s S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.
D. Save the picture’s S3 key in an Amazon DynamoDB table. Use a function to generate a presigned URL every time an employee logs in. Return the URL to the browser.
A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization.
Which approach will MINIMIZE the average runtime of the function?
A. Deploy the function into multiple AWS Regions.
B. Deploy the function into multiple Availability Zones.
C. Deploy the function using Lambda layers.
D. Deploy the function with its memory allocation set to the maximum amount.
D. Deploy the function with its memory allocation set to the maximum amount.
A company has a legacy application that was migrated to a fleet of Amazon EC2 instances. The application stores data in a MySQL database that is currently installed on a single EC2 instance. The company has decided to migrate the database from the EC2 instance to MySQL on Amazon RDS.
What should the Developer do to update the application to support data storage in Amazon RDS?
A. Update the database connection parameters in the application to point to the new RDS instance.
B. Add a script to the EC2 instance that implements an AWS SDK for requesting database credentials.
C. Create a new EC2 instance with an IAM role that allows access to the new RDS database.
D. Create an AWS Lambda function that will route traffic from the EC2 instance to the RDS database.
A. Update the database connection parameters in the application to point to the new RDS instance.
A Developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.
Which IAM permissions should the Developer request for the Lambda function to achieve this functionality?
A. dynamodb:DeleteItem dynamodb:GetItem dynamodb:PutItem
B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable
C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable
D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem
D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem
A Developer is storing sensitive data generated by an application in Amazon S3. The Developer wants to encrypt the data at rest. A company policy requires an audit trail of when the master key was used and by whom.
Which encryption option will meet these requirements?
A. Server-side encryption with Amazon S3 managed keys (SSE-S3)
B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
C. Server-side encryption with customer-provided keys (SSE-C)
D. Server-side encryption with self-managed keys
B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
A company’s website runs on an Amazon EC2 instance and uses Auto Scaling to scale the environment during peak times. Website users across the world are experiencing high latency due to static content on the EC2 instance, even during non-peak hours.
Which combination of steps will resolve the latency issue? (Choose two.)
A. Double the Auto Scaling group’s maximum number of servers.
B. Host the application code on AWS Lambda.
C. Scale vertically by resizing the EC2 instances.
D. Create an Amazon CloudFront distribution to cache the static content.
E. Store the application’s static content in Amazon S3.
D. Create an Amazon CloudFront distribution to cache the static content.
E. Store the application’s static content in Amazon S3.
A Developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the Developer’s account. The Developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.
Which logs can the Developer use to verify whether the traffic is reaching subnet B?
A. VPN logs
B. BGP logs
C. VPC Flow Logs
D. AWS CloudTrail logs
C. VPC Flow Logs
A Developer has created a new AWS IAM user that has s3:putObject permission to write to a specific Amazon S3 bucket. This S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. Using the access key and secret key of the IAM user, the application received an access denied error when calling the PutObject API.
How can this issue be resolved?
A. Update the policy of the IAM user to allow the s3:Encrypt action.
B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.
C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.
D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.
C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.
A company has a web application that uses an Amazon Cognito user pool for authentication. The company wants to create a login page with the company logo.
What should a Developer do to meet these requirements?
A. Create a hosted user interface in Amazon Cognito and customize it with the company logo.
B. Create a login page with the company logo and upload it to Amazon Cognito.
C. Create a login page in Amazon API Gateway with the logo and save the link in Amazon Cognito.
D. Upload the logo to the Amazon Cognito app settings and point to the logo on a custom login page.
A. Create a hosted user interface in Amazon Cognito and customize it with the company logo.
A Developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment.
How can the Developer achieve this with MINIMAL impact on users?
A. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version.
B. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version.
C. Do not make any changes to the application. Deploy the new version of the code. If too many errors are encountered, point the application back to the previous version using the version number in the Amazon Resource Name (ARN).
D. Create three aliases: new, existing, and router. Point the existing alias to the current version. Have the router alias direct 100% of users to the existing alias. Update the application to use the router alias. Deploy the new version of the code. Point the new alias to this version. Update the router alias to direct 10% of users to the new alias. If too many errors are encountered, send 100% of tra ffic to the existing alias.
B. Change the application to use an alias that points to the current version. Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version.
A company is developing an application that will be accessed through the Amazon API Gateway REST API. Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically.
How can a Developer meet these requirements?
A. Create an Amazon Cognito identity pool, con figure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool.
B. Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.
C. Create an Amazon Cognito user pool, con figure the Cognito Authorizer in API Gateway, and use the identity or access token.
D. Create an IAM user for each API user, attach an invoke permissions policy to the API, and use an IAM authorizer in API Gateway.
C. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.
A Developer is working on a serverless project based in Java. Initial testing shows a cold start takes about 8 seconds on average for AWS Lambda functions.
What should the Developer do to reduce the cold start time? (Choose two.)
A. Add the Spring Framework to the project and enable dependency injection.
B. Reduce the deployment package by including only needed modules from the AWS SDK for Java.
C. Increase the memory allocation setting for the Lambda function.
D. Increase the timeout setting for the Lambda function.
E. Change the Lambda invocation mode from synchronous to asynchronous.
B. Reduce the deployment package by including only needed modules from the AWS SDK for Java.
C. Increase the memory allocation setting for the Lambda function.
A company’s ecommerce website is experiencing massive traffi c spikes, which are causing performance problems in the company database. Users are reporting that accessing the website takes a long time.
A Developer wants to implement a caching layer using Amazon ElastiCache. The website is required to be responsive no matter which product a user views, and the updates to product information and prices must be strongly consistent.
Which cache writing policy will satisfy these requirements?
A. Write to the cache directly and sync the backend at a later time
B. Write to the backend first and wait for the cache to expire
C. Write to the cache and the backend at the same time
D. Write to the backend first and invalidate the cache
C. Write to the cache and the backend at the same time
An online retail company has deployed a serverless application with AWS Lambda, Amazon API Gateway, Amazon S3, and Amazon DynamoDB using AWS
CloudFormation. The company rolled out a new release with major upgrades to the Lambda function and deployed the release to production. Subsequently, the application stopped working.
Which solution should bring the application back up as quickly as possible?
A. Redeploy the application on Amazon EC2 so the Lambda function can resolve dependencies
B. Migrate DynamoDB to Amazon RDS and redeploy the Lambda function
C. Roll back the Lambda function to the previous version
D. Deploy the latest Lambda function in a different Region
C. Roll back the Lambda function to the previous version
A Developer is writing an application that will run on Amazon EC2 instances in an Auto Scaling group. The Developer wants to externalize session state to support the application.
Which services will meet these needs? (Choose two.)
A. Amazon DynamoDB
B. Amazon Cognito
C. Amazon ElastiCache
D. Amazon EBS
E. Amazon SQS
A. Amazon DynamoDB
C. Amazon ElastiCache
A Developer has a legacy application that is hosted on-premises. Other applications hosted on AWS depend on the on-premises application for proper functioning.
In case of any application errors, the Developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place.
How can the Developer accomplish this?
A. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.
B. Download the CloudWatch agent to the on-premises server. Con figure the agent to use IAM user credentials with permissions for CloudWatch.
C. Upload log fi les from the on-premises server to Amazon S3 and have CloudWatch read the files.
D. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch.
B. Download the CloudWatch agent to the on-premises server. Con figure the agent to use IAM user credentials with permissions for CloudWatch.
An application ingests a large number of small messages and stores them in a database. The application uses AWS Lambda. A Development team is making changes to the application’s processing logic. In testing, it is taking more than 15 minutes to process each message. The team is concerned the current backend may time out.
Which changes should be made to the backend system to ensure each message is processed in the MOST scalable way?
A. Add the messages to an Amazon SQS queue. Set up and Amazon EC2 instance to poll the queue and process messages as they arrive.
B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto Scaling group to poll the queue and process the messages as they arrive.
C. Create a support ticket to increase the Lambda timeout to 60 minutes to allow for increased processing time.
D. Change the application to directly insert the body of the message into an Amazon RDS database.
B. Add the messages to an Amazon SQS queue. Set up Amazon EC2 instances in an Auto Scaling group to poll the queue and process the messages as they arrive.
An advertising company has a dynamic website with heavy traffi c. The company wants to migrate the website infrastructure to AWS to handle everything except website development.
Which solution BEST meets these requirements?
A. Use AWS VM Import to migrate a web server image to AWS. Launch the image on a compute-optimized Amazon EC2 instance.
B. Launch multiple Amazon Lightsail instances behind a load balancer. Set up the website on those instances.
C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instances.
D. Use Amazon S3 to host the website. Use Amazon CloudFront to deliver the content at scale.
C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instances.
A Software Engineer developed an AWS Lambda function in Node.js to do some CPU-intensive data processing. With the default settings, the Lambda function takes about 5 minutes to complete.
Which approach should a Developer take to increase the speed of completion?
A. Instead of using Node.js, rewrite the Lambda function using Python.
B. Instead of packaging the libraries in the ZIP file with the function, move them to a Lambda layer and use the layer with the function.
C. Allocate the maximum available CPU units to the function.
D. Increase the available memory to the function.
D. Increase the available memory to the function.
A company has implemented AWS CodePipeline to automate its release pipelines. The Development team is writing an AWS Lambda function what will send noti fications for state changes of each of the actions in the stages.
Which steps must be taken to associate the Lambda function with the event source?
A. Create a trigger that invokes the Lambda function from the Lambda console by selecting CodePipeline as the event source.
B. Create an event trigger and specify the Lambda function from the CodePipeline console.
C. Create an Amazon CloudWatch alarm that monitors status changes in Code Pipeline and triggers the Lambda function.
D. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source.
D. Create an Amazon CloudWatch Events rule that uses CodePipeline as an event source.
A Developer has built an application running on AWS Lambda using AWS Serverless Application Model (AWS SAM).
What is the correct order of execution to successfully deploy the application?
A. 1. Build the SAM template in Amazon EC2. 2. Package the SAM template to Amazon EBS storage. 3. Deploy the SAM template from Amazon EBS.
B. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3.
C. 1. Build the SAM template locally. 2. Deploy the SAM template from Amazon S3. 3. Package the SAM template for use.
D. 1. Build the SAM template locally. 2. Package the SAM template from AWS CodeCommit. 3. Deploy the SAM template to CodeCommit.
B. 1. Build the SAM template locally. 2. Package the SAM template onto Amazon S3. 3. Deploy the SAM template from Amazon S3.
A company wants to migrate an imaging service to Amazon EC2 while following security best practices. The images are sourced and read from a non-public
Amazon S3 bucket.
What should a Developer do to meet these requirements?
A. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the Amazon EBS volume of the EC2 instance.
B. Create an IAM user with read-only permissions for the S3 bucket. Temporarily store the user credentials in the user data of the EC2 instance.
C. Create an EC2 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.
D. Create an S3 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.
C. Create an EC2 service role with read-only permissions for the S3 bucket. Attach the role to the EC2 instance.
A Development team wants to immediately build and deploy an application whenever there is a change to the source code. Which approaches could be used to trigger the deployment? (Choose two.)
A. Store the source code in an Amazon S3 bucket. Con figure AWS CodePipeline to start whenever a file in the bucket changes.
B. Store the source code in an encrypted Amazon EBS volume. Con figure AWS CodePipeline to start whenever a file in the volume changes.
C. Store the source code in an AWS CodeCommit repository. Con figure AWS CodePipeline to start whenever a change is committed to the repository.
D. Store the source code in an Amazon S3 bucket. Confi gure AWS CodePipeline to start every 15 minutes.
E. Store the source code in an Amazon EC2 instance’s ephemeral storage. Configure the instance to start AWS CodePipeline whenever there are changes to the source code.
A. Store the source code in an Amazon S3 bucket. Con figure AWS CodePipeline to start whenever a file in the bucket changes.
C. Store the source code in an AWS CodeCommit repository. Con figure AWS CodePipeline to start whenever a change is committed to the repository.
A company has implemented AWS CodeDeploy as part of its cloud native CI/CD stack. The company enables automatic rollbacks while deploying a new version of a popular web application from in-place to Amazon EC2.
What occurs if the deployment of the new version fails due to code regression?
A. The last known good deployment is automatically restored using the snapshot stored in Amazon S3.
B. CodeDeploy switches the Amazon Route 53 alias records back to the known good green deployment and terminates the failed blue deployment.
C. A new deployment of the last known version of the application is deployed with a new deployment ID.
D. AWS CodePipeline promotes the most recent deployment with a SUCCEEDED status to production.
C. A new deployment of the last known version of the application is deployed with a new deployment ID.
A software company needs to make sure user-uploaded documents are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3.
The company does not want to manage the security infrastructure in-house, but the company still needs extra protection to ensure it has control over its encryption keys due to industry regulations.
Which encryption strategy should a Developer use to meet these requirements?
A. Server-side encryption with Amazon S3 managed keys (SSE-S3)
B. Server-side encryption with customer-provided encryption keys (SSE-C)
C. Server-side encryption with AWS KMS managed keys (SSE-KMS)
D. Client-side encryption
B. Server-side encryption with customer-provided encryption keys (SSE-C)
A Developer uses Amazon S3 buckets for static website hosting. The Developer creates one S3 bucket for the code and another S3 bucket for the assets, such as image and video fi les. Access is denied when a user attempts to access the assets bucket from the code bucket, with the website application showing a 403 error.
How should the Developer solve this issue?
A. Create an IAM role and apply it to the assets bucket for the code bucket to be granted access.
B. Edit the bucket policy of the assets bucket to open access to all principals.
C. Edit the cross-origin resource sharing (CORS) con figuration of the assets bucket to allow any origin to access the assets.
D. Change the code bucket to use AWS Lambda functions instead of static website hosting.
C. Edit the cross-origin resource sharing (CORS) con figuration of the assets bucket to allow any origin to access the assets.
A Developer migrated a web application to AWS. As part of the migration, the Developer implemented an automated continuous integration/continuous improvement (CI/CD) process using a blue/green deployment. The deployment provisions new Amazon EC2 instances in an Auto Scaling group behind a new
Application Load Balancer.
After the migration was completed, the Developer began receiving complaints from users getting booted out of the system. The system also requires users to log in after every new deployment.
How can these issues be resolved?
A. Use rolling updates instead of a blue/green deployment
B. Externalize the user sessions to Amazon ElastiCache
C. Turn on sticky sessions in the Application Load Balancer
D. Use multicast to replicate session information
B. Externalize the user sessions to Amazon ElastiCache
A Developer wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket. Which set of steps would be necessary to achieve this?
A. Create an event with Amazon CloudWatch Events that will monitor the S3 bucket and then insert the records into DynamoDB.
B. Confi gure an S3 event to invoke a Lambda function that inserts records into DynamoDB.
C. Create a Lambda function that will poll the S3 bucket and then insert the records into DynamoDB.
D. Create a cron job that will run at a scheduled time and insert the records into DynamoDB.
B. Confi gure an S3 event to invoke a Lambda function that inserts records into DynamoDB.
A Developer is building an application that needs to store data in Amazon S3. Management requires that the data be encrypted before it is sent to Amazon S3 for storage. The encryption keys need to be managed by the Security team.
Which approach should the Developer take to meet these requirements?
A. Implement server-side encryption using customer-provided encryption keys (SSE-C).
B. Implement server-side encryption by using a client-side master key.
C. Implement client-side encryption using an AWS KMS managed customer master key (CMK).
D. Implement client-side encryption using Amazon S3 managed keys.
C. Implement client-side encryption using an AWS KMS managed customer master key (CMK).
A Developer has written an Amazon Kinesis Data Streams application. As usage grows and traffi c increases over time, the application is regularly receiving
ProvisionedThroughputExceededException error messages.
Which steps should the Developer take to resolve the error? (Choose two.)
A. Use Auto Scaling to scale the stream for better performance
B. Increase the delay between the GetRecords call and the PutRecords call
C. Increase the number of shards in the data stream
D. Specify a shard iterator using the ShardIterator parameter
E. Implement exponential backoff on the GetRecords call and the PutRecords call
C. Increase the number of shards in the data stream
E. Implement exponential backoff on the GetRecords call and the PutRecords call
A Developer is publishing critical log data to a log group in Amazon CloudWatch Logs, which was created 2 months ago. The Developer must encrypt the log data using an AWS KMS customer master key (CMK) so future data can be encrypted to comply with the company’s security policy.
How can the Developer meet this requirement?
A. Use the CloudWatch Logs console and enable the encrypt feature on the log group
B. Use the AWS CLI create-log-group command and specify the key Amazon Resource Name (ARN)
C. Use the KMS console and associate the CMK with the log group
D. Use the AWS CLI associate-kms-key command and specify the key Amazon Resource Name (ARN)
D. Use the AWS CLI associate-kms-key command and specify the key Amazon Resource Name (ARN)
A Developer has code running on Amazon EC2 instances that needs read-only access to an Amazon DynamoDB table. What is the MOST secure approach the Developer should take to accomplish this task?
A. Create a user access key for each EC2 instance with read-only access to DynamoDB. Place the keys in the code. Redeploy the code as keys rotate.
B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances.
C. Run all code with only AWS account root user access keys to ensure maximum access to services.
D. Use an IAM role with Administrator access applied to the EC2 instance.
B. Use an IAM role with an AmazonDynamoDBReadOnlyAccess policy applied to the EC2 instances.
A Developer decides to store highly secure data in Amazon S3 and wants to implement server-side encryption (SSE) with granular control of who can access the master key. Company policy requires that the master key be created, rotated, and disabled easily when needed, all for security reasons.
Which solution should be used to meet these requirements?
A. SSE with Amazon S3 managed keys (SSE-S3)
B. SSE with AWS KMS managed keys (SSE-KMS)
C. SSE with AWS Secrets Manager
D. SSE with customer-provided encryption keys
B. SSE with AWS KMS managed keys (SSE-KMS)
A Developer is migrating an on-premises application to AWS. The application currently takes user uploads and saves them to a local directory on the server. All uploads must be saved and made immediately available to all instances in an Auto Scaling group.
Which approach will meet these requirements?
A. Use Amazon EBS and con figure the application AMI to use a snapshot of the same EBS instance on boot.
B. Use Amazon S3 and re-architect the application so all uploads are placed in S3.
C. Use instance storage and share it between instances launched from the same Amazon Machine Image (AMI).
D. Use Amazon EBS and file synchronization software to achieve eventual consistency among the Auto Scaling group.
B. Use Amazon S3 and re-architect the application so all uploads are placed in S3.
A Developer implemented a static website hosted in Amazon S3 that makes web service requests hosted in Amazon API Gateway and AWS Lambda. The site is showing an error that reads:
No Access-Control-Allow-Origin header is present on the requested resource. Origin is therefore not allowed access.
What should the Developer do to resolve this issue?
A. Enable cross-origin resource sharing (CORS) on the S3 bucket.
B. Enable cross-origin resource sharing (CORS) for the method in API Gateway
C. Add the Access-Control-Request-Method header to the request
D. Add the Access-Control-Request-Headers header to the request
B. Enable cross-origin resource sharing (CORS) for the method in API Gateway
A Developer is writing an application in AWS Lambda. To simplify testing and deployments, the Developer needs the database connection string to be easily changed without modifying the Lambda code.
How can this requirement be met?
A. Store the connection string as a secret in AWS Secrets Manager.
B. Store the connection string in an IAM user account.
C. Store the connection string in AWS KMS.
D. Store the connection string as a Lambda layer.
A. Store the connection string as a secret in AWS Secrets Manager.
A company is launching an ecommerce website and will host the static data in Amazon S3. The company expects approximately 1,000 transactions per second
(TPS) for GET and PUT requests in total. Logging must be enabled to track all requests and must be retained for auditing purposes.
What is the MOST cost-effective solution?
A. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to move the data from the log bucket to Amazon S3 Glacier in 90 days.
B. Enable S3 server access logging and create a lifecycle policy to expire the data in 90 days.
C. Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days.
D. Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
D. Enable S3 server access logging and create a lifecycle policy to move the data to Amazon S3 Glacier in 90 days.
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be encrypted.
What should a Developer do to ensure the data is encrypted on disk without impacting performance?
A. Con figure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.
B. Add logic to write all data to an encrypted Amazon S3 bucket.
C. Add a custom encryption algorithm to the application that will encrypt and decrypt all data.
D. Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.
A. Con figure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.
A Developer has written an application that runs on Amazon EC2 instances and generates a value every minute. The Developer wants to monitor and graph the values generated over time without logging in to the instance each time.
Which approach should the Developer use to achieve this goal?
A. Use the Amazon CloudWatch metrics reported by default for all EC2 instances. View each value from the CloudWatch console.
B. Develop the application to store each value in a fi le on Amazon S3 every minute with the timestamp as the name.
C. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.
D. Store each value as a variable and add the variable to the list of EC2 metrics that should be reported to the Amazon CloudWatch console.
C. Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.
A Development team decides to adopt a continuous integration/continuous delivery (CI/CD) process using AWS CodePipeline and AWS CodeCommit for a new application. However, management wants a person to review and approve the code before it is deployed to production.
How can the Development team add a manual approver to the CI/CD pipeline?
A. Use AWS SES to send an email to approvers when their action is required. Develop a simple application that allows approvers to accept or reject a build. Invoke an AWS Lambda function to advance the pipeline when a build is accepted.
B. If approved, add an approved tag when pushing changes to the CodeCommit repository. CodePipeline will proceed to build and deploy approved commits without interruption.
C. Add an approval step to CodeCommit. Commits will not be saved until approved.
D. Add an approval action to the pipeline. Con figure the approval action to publish to an Amazon SNS topic when approval is required. The pipeline execution will stop and wait for an approval.
D. Add an approval action to the pipeline. Con figure the approval action to publish to an Amazon SNS topic when approval is required. The pipeline execution will stop and wait for an approval.
A Developer is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET method. What needs to be de fined to meet this requirement? (Choose two.)
A. A Lambda@Edge function
B. An Amazon API Gateway with a Lambda function
C. An exposed GET method in an Amazon API Gateway
D. An exposed GET method in the Lambda function
E. An exposed GET method in Amazon Route 53
B. An Amazon API Gateway with a Lambda function
C. An exposed GET method in an Amazon API Gateway
A Developer needs to create an application that supports Security Assertion Markup Language (SAML) and Facebook authentication. It must also allow access to
AWS services, such as Amazon DynamoDB.
Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?
A. AWS AppSync
B. Amazon Cognito identity pools
C. Amazon Cognito user pools
D. Amazon Lambda@Edge
B. Amazon Cognito identity pools
A Developer is trying to monitor an application’s status by running a cron job that returns 1 if the service is up and 0 if the service is down. The Developer created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However, the Developer is unable to create an alarm as the custom metrics do not appear in the CloudWatch console.
What is causing this issue?
A. Sending custom metrics using the CLI is not supported.
B. The Developer needs to use the put-metric-data command.
C. The Developer must use a uni ed CloudWatch agent to publish custom metrics.
D. The code is not running on an Amazon EC2 instance.
B. The Developer needs to use the put-metric-data command.
A Developer registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB.
Why is the Lambda function not being invoked?
A. A Lambda function cannot be registered as a target for an ALB.
B. A Lambda function can be registered with an ALB using AWS Management Console only.
C. The permissions to invoke the Lambda function are missing.
D. Cross-zone is not enabled on the ALB.
C. The permissions to invoke the Lambda function are missing.
A company provides APIs as a service and commits to a service level agreement (SLA) with all its users. To comply with each SLA, what should the company do?
A. Enable throttling limits for each method in Amazon API Gateway
B. Create a usage plan for each user and request API keys to access the APIs
C. Enable API rate limiting in Amazon Cognito for each user
D. Enable default throttling limits for each stage after deploying the APIs
B. Create a usage plan for each user and request API keys to access the APIs
A Developer is preparing a deployment package using AWS CloudFormation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is created from the infrastructure template.
How can the application stack refer to the VPC created from the infrastructure template?
A. Use the Ref function to import the VPC into the application stack from the infrastructure template.
B. Use the export flag in the infrastructure template, and then use the Fn::ImportValue function in the application template.
C. Use the DependsOn attribute to specify that the application instance depends on the VPC in the application template.
D. Use the Fn::GetAtt function to include the attribute of the VPC in the application template.
B. Use the export flag in the infrastructure template, and then use the Fn::ImportValue function in the application template.
A Developer must allow guest users without logins to access an Amazon Cognito-enabled site to view files stored within an Amazon S3 bucket.
How should the Developer meet these requirements?
A. Create a blank user ID in a user pool, add to the user group, and grant access to AWS resources.
B. Create a new identity pool, enable access to authenticated identities, and grant access to AWS resources.
C. Create a new user pool, enable access to authenticated identiti es, and grant access to AWS resources.
D. Create a new user pool, disable authentication access, and grant access to AWS resources.
B. Create a new identity pool, enable access to authenticated identities, and grant access to AWS resources.
A Developer has written code for an application and wants to share it with other Developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking.
Which AWS service should the Developer use?
A. AWS CodeBuild
B. Amazon S3
C. AWS CodeCommit
D. AWS Cloud9
C. AWS CodeCommit
A Developer has discovered that an application responsible for processing messages in an Amazon SQS queue is routinely falling behind. The application is capable of processing multiple messages in one execution, but is only receiving one message at a time.
What should the Developer do to increase the number of messages the application receives?
A. Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.
B. Call the AddPermission API to set MaxNumberOfMessages for the ReceiveMessage action to a value greater than the default of 1.
C. Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1.
D. Call the SetQueueAttributes API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.
C. Call the ReceiveMessage API to set MaxNumberOfMessages to a value greater than the default of 1.
A Developer is investigating an application’s performance issues. The application consists of hundreds of microservices, and a single API call can potentially have a deep call stack. The Developer must isolate the component that is causing the issue.
Which AWS service or feature should the Developer use to gather information about what is happening and isolate the fault?
A. AWS X-Ray
B. VPC Flow Logs
C. Amazon GuardDuty
D. Amazon Macie
A. AWS X-Ray
A Company runs continuous integration/continuous delivery (CI/CD) pipelines for its application on AWS CodePipeline. A Developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing.
How should the Developer incorporate unit tests as part of CI/CD pipelines?
A. Create a separate CodePipeline pipeline to run unit tests
B. Update the AWS CodeBuild specifi cation to include a phase for running unit tests
C. Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests
D. Create a testing branch in AWS CodeCommit to run unit tests
B. Update the AWS CodeBuild specification to include a phase for running unit tests
An application has the following requirements:
- > Performance effi ciency of seconds with up to a minute of latency.
- > The data storage size may grow up to thousands of terabytes.
- > Per-message sizes may vary between 100 KB and 100 MB.
- > Data can be stored as key/value stores supporting eventual consistency.
What is the MOST cost-effective AWS service to meet these requirements?
A. Amazon DynamoDB
B. Amazon S3
C. Amazon RDS (with a MySQL engine)
D. Amazon ElastiCache
A. Amazon DynamoDB
An application is experiencing performance issues based on increased demand. This increased demand is on read-only historical records pulled from an Amazon RDS-hosted database with custom views and queries.
A Developer must improve performance without changing the database structure.
Which approach will improve performance and MINIMIZE management overhead?
A. Deploy Amazon DynamoDB, move all the data, and point to DynamoDB.
B. Deploy Amazon ElastiCache for Redis and cache the data for the application.
C. Deploy Memcached on Amazon EC2 and cache the data for the application.
D. Deploy Amazon DynamoDB Accelerator (DAX) on Amazon RDS to improve cache performance.
B. Deploy Amazon ElastiCache for Redis and cache the data for the application.
A Developer has an Amazon DynamoDB table that must be in provisioned mode to comply with user requirements. The application needs to support the following:
- > Average item size: 10 KB
- > Item reads each second: 10 strongly consistent
- > Item writes each second: 2 transactional
Which read and write capacity cost-effectively meets these requirements?
A. Read 10; write 2
B. Read 30; write 40
C. Use on-demand scaling
D. Read 300; write 400
B. Read 30; write 40
A company wants to containerize an existing three-tier web application and deploy it to Amazon ECS Fargate. The application is using session data to keep track of user activities.
Which approach would provide the BEST user experience?
A. Provision a Redis cluster in Amazon ElastiCache and save the session data in the cluster.
B. Create a session table in Amazon Redshift and save the session data in the database table.
C. Enable session stickiness in the existing Network Load Balancer and manage the session data in the container.
D. Use an Amazon S3 bucket as data store and save the session data in the bucket.
A. Provision a Redis cluster in Amazon ElastiCache and save the session data in the cluster.
An application is using a single-node Amazon ElastiCache for Redis instance to improve read performance. Over time, demand for the application has increased exponentially, which has increased the load on the ElastiCache instance. It is critical that this cache layer handles the load and is resilient in case of node failures.
What can the Developer do to address the load and resiliency requirements?
A. Add a read replica instance.
B. Migrate to a Memcached cluster.
C. Migrate to an Amazon Elasticsearch Service cluster.
D. Vertically scale the ElastiCache instance.
A. Add a read replica instance.
A Developer is designing an AWS Lambda function that create temporary files that are less than 10 MB during execution. The temporary files will be accessed and modi fied multiple times during execution. The Developer has no need to save or retrieve these fi les in the future.
Where should the temporary file be stored?
A. the /tmp directory
B. Amazon EFS
C. Amazon EBS
D. Amazon S3
A. the /tmp directory
A Developer is writing an application that runs on Amazon EC2 instances in an Auto Scaling group. The application data is stored in an Amazon DynamoDB table and records are constantly updated by all instances. An instance sometimes retrieves old data. The Developer wants to correct this by making sure the reads are strongly consistent.
How can the Developer accomplish this?
A. Set ConsistentRead to true when calling GetItem.
B. Create a new DynamoDB Accelerator (DAX) table.
C. Set Consistency to strong when calling UpdateTable.
D. Use the GetShardIterator command.
A. Set ConsistentRead to true when calling GetItem.
A Developer has an application that must accept a large amount of incoming data streams and process the data before sending it to many downstream users.
Which serverless solution should the Developer use to meet these requirements?
A. Amazon RDS MySQL stored procedure with AWS Lambda
B. AWS Direct Connect with AWS Lambda
C. Amazon Kinesis Data Streams with AWS Lambda
D. Amazon EC2 bash script with AWS Lambda
C. Amazon Kinesis Data Streams with AWS Lambda
A company is using Amazon API Gateway to manage its public-facing API. The CISO requires that the APIs be used by test
account users only.
What is the MOST secure way to restrict API access to users of this particular AWS account?
A. Client-side SSL certi ficates for authentication
B. API Gateway resource policies
C. Cross-origin resource sharing (CORS)
D. Usage plans
B. API Gateway resource policies
A Developer is migrating existing applications to AWS. These applications use MongoDB as their primary data store, and they will be deployed to Amazon EC2 instances. Management requires that the Developer minimize changes to applications while using AWS services.
Which solution should the Developer use to host MongoDB in AWS?
A. Install MongoDB on the same instance where the application is running.
B. Deploy Amazon DocumentDB in MongoDB compatibility mode.
C. Use Amazon API Gateway to translate API calls from MongoDB to Amazon DynamoDB.
D. Replicate the existing MongoDB workload to Amazon DynamoDB.
B. Deploy Amazon DocumentDB in MongoDB compatibility mode.
A company requires that AWS Lambda functions written by Developers log errors so System Administrators can more effectively troubleshoot issues.
What should the Developers implement to meet this need?
A. Publish errors to a dedicated Amazon SQS queue.
B. Create an Amazon CloudWatch Events event trigger based on certain Lambda events.
C. Report errors through logging statements in Lambda function code.
D. Set up an Amazon SNS topic that sends logging statements upon failure.
C. Report errors through logging statements in Lambda function code.
A Developer needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container for the application to initialize.
How should the environment variables be passed to the container?
A. De fine an array that includes the environment variables under the environment parameter within the service de finition.
B. De fine an array that includes the environment variables under the environment parameter within the task de finition.
C. De fine an array that includes the environment variables under the entryPoint parameter within the task de finition.
D. De fine an array that includes the environment variables under the entryPoint parameter within the service de finition.
B. De fine an array that includes the environment variables under the environment parameter within the task de finition.
A company’s fleet of Amazon EC2 instances receives data from millions of users through an API. The servers batch the data, add an object for each user, and upload the objects to an S3 bucket to ensure high access rates. The object attributes are Customer ID, Server ID, TS-Server (TimeStamp and Server ID), the size of the object, and a timestamp. A Developer wants to find all the objects for a given user collected during a speci fied time range.
After creating an S3 object created event, how can the Developer achieve this requirement?
A. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.
B. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.
C. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.
D. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon Redshift record for every object with the Customer ID as the partition key and the Server ID as the sort key. Retrieve all the records using the Customer ID and Server ID attributes.
C. Execute an AWS Lambda function in response to the S3 object creation events that creates an Amazon DynamoDB record for every object with the Customer ID as the partition key and TS-Server as the sort key. Retrieve all the records using the Customer ID and TS-Server attributes.
A company is managing a NoSQL database on-premises to host a critical component of an application, which is starting to have scaling issues. The company wants to migrate the application to Amazon DynamoDB with the following considerations:
- > Optimize frequent queries
- > Reduce read latencies
- > Plan for frequent queries on certain key attributes of the table
Which solution would help achieve these objectives?
A. Create global secondary indexes on keys that are frequently queried. Add the necessary attributes into the indexes.
B. Create local secondary indexes on keys that are frequently queried. DynamoDB will fetch needed attributes from the table.
C. Create DynamoDB global tables to speed up query responses. Use a scan to fetch data from the table.
D. Create an AWS Auto Scaling policy for the DynamoDB table.
A. Create global secondary indexes on keys that are frequently queried. Add the necessary attributes into the indexes.
A developer is writing an application that will process data delivered into an Amazon S3 bucket. The data is delivered approximately 10 times a day, and the developer expects the data will be processed in less than 1 minute, on average.
How can the developer deploy and invoke the application with the lowest cost and lowest latency?
A. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch alarm triggered by an S3 object upload.
B. Deploy the application as an AWS Lambda function and invoke it with an S3 event noti fication.
C. Deploy the application as an AWS Lambda function and invoke it with an Amazon CloudWatch scheduled event.
D. Deploy the application onto an Amazon EC2 instance and have it poll the S3 bucket for new objects.
B. Deploy the application as an AWS Lambda function and invoke it with an S3 event noti fication.
A developer converted an existing program to an AWS Lambda function in the console. The program runs properly on a local laptop, but shows an Unable to import module error when tested in the Lambda console.
Which of the following can x the error?
A. Install the missing module and specify the current directory as the target. Create a ZIP fi le to include all files under the current directory, and upload the ZIP file.
B. Install the missing module in a lib directory. Create a ZIP file to include all files under the lib directory, and upload the ZIP file as dependency file.
C. In the Lambda code, invoke a Linux command to install the missing modules under the /usr/lib directory.
D. In the Lambda console, create a LB_LIBRARY_PATH environment and specify the value for the system library path.
A. Install the missing module and specify the current directory as the target. Create a ZIP fi le to include all files under the current directory, and upload the ZIP file.
A front-end web application is using Amazon Cognito user pools to handle the user authentication ow. A developer is integrating Amazon DynamoDB into the application using the AWS SDK for JavaScript.
How would the developer securely call the API without exposing the access or secret keys?
A. Con figure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials.
B. Run the web application in an Amazon EC2 instance with the instance pro file con figured.
C. Hardcore the credentials, use Amazon S3 to host the web application, and enable server-side encryption.
D. Use Amazon Cognito user pool JSON Web Tokens (JWITs) to access the DynamoDB APIs.
A. Con figure Amazon Cognito identity pools and exchange the JSON Web Token (JWT) for temporary credentials.
